6853 matches found
Astro SSR - Open Redirect
Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...
Astro SSR - Server-Side Request Forgery
Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...
[SECURITY] Fedora 43 Update: perl-Imager-1.033-1.fc43
Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more...
CVE-2026-48801
A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...
CVE-2026-61873 Grav before 9.1.8 Arbitrary File Write via Twig-Processed Filename
Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that a...
CVE-2026-15736
Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...
CVE-2026-15548
A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow. The attack is possible to be carried out remotely...
CVE-2026-15548
CVE-2026-15548 affects Shibby Tomato up to version 1.28.0000. The flaw resides in the DNS List Rendering component, specifically the function sub_407220 in /usr/sbin/httpd, where a stack-based buffer overflow can be triggered remotely. The vulnerability is described across multiple sources as ena...
CVE-2026-15548 Shibby Tomato DNS List Rendering httpd sub_407220 stack-based overflow
A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow. The attack is possible to be carried out remotely...
CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets
This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...
CVE-2026-15551 Samsung rlottie: Numeric truncation in gray_hline() leads to heap-based buffer overflow when rendering a crafted Lottie animation at native canvas size
Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...
Fedora 44 : webkitgtk (2026-3bc4b3ccb3)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3bc4b3ccb3 advisory. Fire scrollend event for instant programmatic scrolls. Increase network idle connection timeout to 115 seconds. Fix several crashes and rendering...
linkify-it: linkify-it: Denial of Service via algorithmic complexity vulnerability
A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...
EUVD-2026-39126
SiYuan: Stored XSS in Bazaar marketplace via package README event handlers...
CVE-2026-59791
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...
CVE-2026-59791
The CVE-2026-59791 affects JetBrains YouTrack prior to version 2026.2.17012, where CSS injection was possible through Mermaid diagram rendering. According to the available sources, the vulnerability is tied to the Mermaid diagram rendering component and could impact user interface rendering, with...
CVE-2026-59791
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...
CVE-2026-54267
A flaw was found in the Angular framework's client-side hydration feature for Server-Side Rendered SSR applications. This vulnerability, known as DOM Clobbering, allows a remote attacker to inject malicious data into the application's internal data cache. By exploiting a predictable identifier us...
Linux Distros Unpatched Vulnerability : CVE-2026-59926
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the...
CVE-2026-5922
The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...