2756 matches found
CVE-2026-54265
A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...
CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...
CVE-2026-55223
c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...
CVE-2026-55223
CVE-2026-55223 affects the c3p0 JDBC connection pooling library. Before 0.14.0, c3p0 can enable a deserialization gadget “sink” when combined with other libraries: DataSource.getConnection() and ConnectionPoolDataSource.getPooledConnection() are treated as safe JavaBean properties, but invoking p...
CVE-2026-55223 c3p0 exposes a deserialization "sink" via JDBC DataSource bean properties
c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...
CVE-2026-54515
A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...
CVE-2026-10513
CVE-2026-10513 affects the WordPress Webmention plugin (versions up to and including 5.8.0). The root cause is insufficient input sanitization and output escaping for MF2 author properties (avatar/url) processed by the unauthenticated webmention REST endpoint and rendered into HTML value attribut...
CVE-2026-10513 Webmention <= 5.8.0 - Unauthenticated Stored Cross-Site Scripting via MF2 'photo'/'url' Author Properties
The Webmention plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.8.0 via parser-derived 'avatar' and 'url' author metadata. This is due to insufficient input sanitization and output escaping on user-supplied MF2 author properties processed by the...
CVE-2026-57451
Vim CVE-2026-57451 affects Vim up to version 9.2.0670. The issue in get_text_props() (src/textprop.c) reads a uint16 property count inline after a line’s text and treats it as the number of 32-byte textprop_T entries that follow. The only boundary check is a floor for a single entry, and the coun...
CVE-2026-57451 Vim: Out-of-bounds Read in Text Property Count
Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...
CVE-2026-57451
Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...
CVE-2026-57454 Vim: Out-of-bounds Read with Text Properties
Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...
PT-2026-52476
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...
DEBIAN-CVE-2026-54518
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...
Incorrect Authorization
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incorrect Authorization in the...
jackson-databind has @JsonView bypass for setterless creator properties
Summary In BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInViewactiveView check. A change making SetterlessProperty.isMerging return true routed setterless...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the BeanDeserializer.deserializeUsingPropertyBased method, whose property-buffering branch omits the prop.visibleInViewactiveView check that the creator-property branch performs. An attacker can populate...
GHSA-5JMJ-H7XM-6Q6V jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties
Summary In BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a contextual deserializer whose BeanPropertyMap has the ignored properties removed. The subsequent per-property case-insensitivity block triggered by...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the BeanDeserializerBase.createContextual method, which applies the per-property exclusions through handleByNameInclusion and then rebuilds the property m...