7983 matches found
CVE-2026-44019
Docling Core (docling-core) versions 2.5.0 through before 2.74.1 allow local file:// image references and inline data: content without a decoded-size limit when processing untrusted image references. This could enable access to local files readable by the process or cause excessive memory usage f...
CVE-2026-59867
CVE-2026-59867 affects Kiota, an OpenAPI-based HTTP client code generator. Before 1.32.5, Kiota’s OpenAPI $ref resolution could fetch remote http(s) URLs or read local absolute/out-of-tree file paths, enabling build‑time SSRF, remote file inclusion, and local file inclusion when generating client...
CVE-2026-59259
CVE-2026-59259 affects n8n released until versions 1.123.61, 2.27.4, and 2.28.1. The vulnerability is a permission bypass in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user who can create or update credent...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2026-57768
creationtimestamp| type| source ---|---|--- 2026-07-13 10:58:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjjwtdbq32z 2026-07-13 11:32:44+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjlsx6hqk2a 2026-07-16 07:57:31+00:00| seen|...
CVE-2026-61447
creationtimestamp| type| source ---|---|--- 2026-07-11 14:28:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqeup5otvv2b 2026-07-11 14:36:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqev5jlzua2c 2026-07-11 15:00:53+00:00| seen|...
CVE-2026-7492
A flaw was found in GitLab. Under certain conditions, an unauthenticated user could determine the existence of a private project. This information disclosure is possible due to improper authorization controls on cross-project reference pages. This vulnerability allows an attacker to gain sensitiv...
CVE-2026-59819
A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. A privileged caller, such as a proxy administrator, with permissions to test model connections, could exploit the /health/testconnection endpoint. By supplying specific environment or OIDC OpenID Connect file reference...
Linux Distros Unpatched Vulnerability : CVE-2026-7492
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain...
GitLab 9.1 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-7492)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an...
External Control of File Name or Path
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....
CVE-2026-7492
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...
CVE-2026-7492 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...
EUVD-2026-42406
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...
CVE-2026-7492
GitLab CE/EE vulnerable in all versions before patch levels: 18.11.7 for 9.1–18.11.x, 19.0.4 for 19.0.x, and 19.1.2 for 19.1.x. The issue allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross‑project reference pages. Impact...
CVE-2026-58501
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...
UBUNTU-CVE-2026-58501
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...
CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...
CVE-2026-59819
LiteLLM (proxy for LLM APIs) prior to 1.83.10-stable has a local file read risk via the /health/test_connection endpoint. A privileged caller (e.g., proxy administrator) could supply environment/oidc/file references in litellm_params to read arbitrary local files, exposing sensitive contents. The...
CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...