CVE-2026-29190 Karapace: Path Traversal in Backup Reader

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

EUVD-2026-10147

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

CVE-2026-29190

Karapace (open-source Kafka REST/Schema Registry) prior to v6.0.0 contains a Path Traversal in the backup reader (backup/backends/v3/backend.py). An attacker could read arbitrary files on the host where Karapace runs by supplying a malicious backup file, with impact depending on the process’s fil...

CVE-2026-29190 Karapace: Path Traversal in Backup Reader

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

PT-2026-23862

Name of the Vulnerable Software and Affected Versions Karapace versions prior to 6.0.0 Description Karapace is an implementation of Kafka REST and Schema Registry. A path traversal flaw exists in the backup reader backup/backends/v3/backend.py in versions before 6.0.0. An attacker providing a...

karapace 路径遍历漏洞

Karapace is an open-source message queue tool developed by Aiven Open. Versions of Karapace prior to 6.0.0 contained a path traversal vulnerability. This vulnerability stemmed from issues with the backup reader, allowing for arbitrary file access...

CVE-2026-29073

Technical details about CVE-2026-29073 are not provided in the connected documents. The SUSE/OSV entries reference the CVE within a broader vulndb update but do not describe affected products, versions, or exploit specifics. Monitor for updates.

CVE-2026-29073 SiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database access

SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0...

CVE-2026-29073 SiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database access

SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0...

CVE-2026-0847

A flaw was found in NLTK Natural Language Toolkit. This vulnerability allows a remote attacker to read arbitrary files on the server due to improper sanitization of file paths in several CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. By...

SUSE CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

SUSE CVE-2026-28435

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...

Buffer overflow vulnerability in Zlib::GzipReader

A buffer overflow vulnerability exists in Zlib::GzipReader. This vulnerability has been assigned the CVE identifier CVE-2026-27820. We recommend upgrading the zlib gem. Details The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but fails to guarant...

PT-2026-23418

Name of the Vulnerable Software and Affected Versions Zlib versions prior to the patched version. Description A buffer overflow issue exists in the Zlib::GzipReader component. The vulnerability could potentially allow for unexpected behavior. Recommendations Update to the patched version to resol...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the ContentReader process when handling requests with Content-Encoding: gzip. An attacker can cause excessive resource consumption by sending a small compressed payload...

CVE-2025-68467 Dark Reader gives users the ability to request style sheets from local web servers

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

CVE-2025-68467

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

CVE-2025-68467

Dark Reader CVE-2025-68467 describes a vulnerability where pre-4.9.117 builds could be used to request a style sheet from a local web server (e.g., http://localhost:8080/style.css) via cross-origin requests. The issue involved cross-origin CSS files being parsed or stored in Session Storage, enab...

CVE-2025-68467 Dark Reader gives users the ability to request style sheets from local web servers

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

CVE-2025-68467 Dark Reader gives users the ability to request style sheets from local web servers

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...