19435 matches found
DEBIAN-CVE-2026-42530
NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...
CVE-2026-42530
NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...
CVE-2026-42530
Summary : NGINX Open Source’s ngx_http_v3_module vulnerability (CVE-2026-42530) occurs when HTTP/3 QUIC is enabled. A remote unauthenticated attacker can craft an HTTP/3 session to reopen a QPACK encoder stream, causing a Use-after-Free in the NGINX worker process and potentially triggering a res...
CVE-2026-48142
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
CVE-2026-42530
NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...
K000161614: Out-of-band Security Notification (June 17, 2026)
Security Advisory Description On June 17, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs Medi...
K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530
Security Advisory Description NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen ...
ThinkPHP < 3.2.4 - Remote Code Execution
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via the s parameter in index.php through the invokefunction functionality. id: CVE-2019-9082 info: name: ThinkPHP 3.2.4 - Remote Code Execution author: 0xanis severity: high description: |...
Malicious code in cryptodao-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5323b2fc30e7603b402729f45345a9c3eb4af8361acaca5d035cc51f9e660cea package.json declares postinstall: node recon.js, which fires automatically on npm install. recon.js enumerates installer-side secrets —...
PT-2026-50439
Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.31.0 through 1.31.1 Description A Use-after-Free issue exists in the ngx http v3 module module when configured to use the HTTP/3 QUIC module. A remote unauthenticated attacker can use a specially crafted HTTP/3...
EUVD-2026-32912
pypdf: Manipulated XMP metadata streams can exhaust RAM...
Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities (CVE-2026-23193, CVE-2026-23231, CVE-2026-3497)
Summary IBM MQ Appliance has addressed multiple open source vulnerabilities. Vulnerability Details CVEID:CVE-2026-3497 DESCRIPTION: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions...
Node.JS System Information Library <5.3.1 - Remote Command Injection
Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...
Android 17 Security Release NotesStay organized with collectionsSave and categorize content based on your preferences.
This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 17. Android 17 devices with a security patch level of 2026-07-01 or later are protected against these issues Android 17, as released on AOSP, will have...
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one...
CVE-2026-49294 Valhalla has reflected XSS via unsanitized JSONP callback parameter
Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...
Exploit for CVE-2026-42945
CVE-2026-42945 — NGINX Rift Critical heap buffer overflow in...
ROS-20260615-73-0031
The vulnerability of the updatereadcachebitmaporder function in the RDP client FreeRDP is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failure...
[SECURITY] Fedora 43 Update: chromium-149.0.7827.102-1.fc43
Chromium is an open-source web browser, powered by WebKit Blink...
EUVD-2026-36565
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...