20621 matches found
PT-2026-45092
A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be...
PT-2026-45082
A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is an unknown functionality in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. The manipulation results in denial of service. It is possible to launch the attack remotely. The exploit ha...
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...
GHSA-5CXW-77WG-JRF3 PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...
GHSA-55RJ-X2VC-4WHQ Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification
Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...
CVE-2026-44422
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...
DEBIAN-CVE-2026-44422
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...
CVE-2026-44422
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...
CVE-2026-44422
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...
CVE-2026-44422
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...
apache-airflow-providers-amazon (>=9.7.0 <=9.8.0rc1), arrow-pd-parser (>=1.0.0 <=1.0.4) +43 more potentially affected by CVE-2026-8838 via redshift-connector (>=2.0.888 <=2.1.13)
redshift-connector PYPI version =2.0.888, =9.7.0, =1.0.0, =0.1.1, =2.0.0, =0.1.7, =0.31.6, =0.1.17, =2.3.0.dev3, =1.0.0a2, =0.4.0, =0.0.1, =0.3.64, =6.1.2, =0.5.2, =1.5.0, =1.9.1 and more Source cves: CVE-2026-8838 Source advisory: OSV:GHSA-29H4-R29X-HCHV...
CVE-2026-49383
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...
CVE-2026-45613
CVE-2026-45613 affects Rizin; a heap-buffer-overflow is reported in the OMF parser (librz/bin/format/omf/omf.c). The vulnerability is mitigated by the commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47. CVSSv3.1 vector from the entry: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N with base score 3.3 (LOW). Th...
CVE-2026-45613
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...
CVE-2026-45613 Rizin: Heap-buffer-overflow in OMF parser
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...
CVE-2026-49383
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...
CVE-2026-49383
JetBrains IntelliJ IDEA prior to 2026.1 has a low-severity issue in the UI Designer form parser (xXE) that is locally exploitable with user interaction required. The CVSS 3.1 vector indicates Local access, Low complexity, no privileges, with Confidentiality impact Low and no impact on Integrity/A...
CVE-2026-49383
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...
EUVD-2026-33391
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...
CVE-2026-49383
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...