11094 matches found
ai-plays-jackbox (>=0.0.1 <=0.3.2), air-link (>=0.0.0 <=0.5.0) +74 more potentially affected by CVE-2026-45553 via nicegui (>=0.9.11 <=3.10.0)
nicegui PYPI version =0.9.11, =0.0.1, =0.0.0, =0.1.0, =1.1.3, =1.9.5, =0.3.0, =0.0.1, =0.6.7, =1.0.0, =1.2.0, =1.23.0 and more Source cves: CVE-2026-45553 Source advisory: OSV:GHSA-JFRM-RX66-G536...
CVE-2026-42544
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...
NPM: ws: Uninitialized memory disclosure
NPM: ws: Uninitialized memory disclosure vulnerability discovered by ? in WordPress Npm ws versions = 8.0.0, 8.20.1...
Improper Validation of Array Index
Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
CVE-2026-8843
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2026-8843
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
UBUNTU-CVE-2026-8843
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport
Summary dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host...
GHSA-JXXR-4GWJ-5JF2 brace-expansion: Large numeric range defeats documented `max` DoS protection
The max option was being applied too late: When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still...
Allocation of Resources Without Limits or Throttling
Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the max option being applied after generating all elements in a large numeric range. An attacker can exhaust system...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the max option being applied after generating all elements in a large numeric range. An attacker can exhaust...
EUVD-2026-30777
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2026-8843
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2026-8843 Calling createIndex with certain index types can crash mongod
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2026-8843 Calling createIndex with certain index types can crash mongod
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2026-8843
Technical details are not publicly available in the provided documents. Monitor for updates.
Calling createIndex with certain index types can crash mongod
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CLEANSTART-2026-CB77162 Security fixes for CVE-2026-2391, CVE-2026-26960, CVE-2026-29786, CVE-2026-31802, CVE-2026-4867, ghsa-34x7-hfp2-rc4v, ghsa-37ch-88jc-xwx2, ghsa-5359-pvf2-pw78, ghsa-73rr-hh4g-fpgx, ghsa-8qq5-rm4j-mr97, ghsa-r4q5-vmmm-2653, ghsa-r6q2-hw4h-h46w applied in versions: 4.2.1.1-r1, 4.2.1.1-r2, 4.3.0.1-r0, 4.3.1-r0
Multiple security vulnerabilities affect the thingsboard-tb-web-ui package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-BT04364 Security fixes for CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, ghsa-f6x5-jh6r-wrfv, ghsa-fw7p-63qq-7hpr, ghsa-j5w8-q4qc-rx2x applied in versions: 0.18.0-r0, 0.18.0-r1, 0.18.0-r2, 0.18.0-r3
Multiple security vulnerabilities affect the prom-mysqld-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-UZ56639 Security fixes for CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708 applied in versions: 9.0.58-r0, 9.0.63-r0, 9.0.64-r0, 9.0.68-r0, 9.0.70-r0, 9.0.71-r0, 9.0.73-r0, 9.0.80-r0
Multiple security vulnerabilities affect the tomcat9 package. These issues are resolved in later releases. See references for individual vulnerability details...