3187 matches found
CVE-2026-54560
Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...
EUVD-2026-44689
Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...
EUVD-2026-44687
Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...
CVE-2026-54562
Cloudreve CVE-2026-54562 affects the self-hosted file management system. Prior to version 4.16.1, the remote download workflow at POST /api/v4/workflow/download passes user-supplied URLs to the downloader without blocking loopback/localhost/IPv6 localhost or redirect-to-loopback targets. This all...
CVE-2026-58475 Sustainable Irrigation Platform 5.2.16 Stored XSS via Program Name
Sustainable Irrigation Platform SIP through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the...
CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk
Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...
Security update for agama (important)
openSUSE security update: security update for agama ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21292-1 Rating: important References: bsc1270526 bsc1270602 bsc1270678 bsc1270784 bsc1270850 bsc1270891 bsc1270992 Cross-References: CVE-2026-41677...
CVE-2026-58503
Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the resetpassword endpoint. This issue is fixed in versions 16.16.0 and 15.106.0...
CVE-2026-42219 Frappe: Path Traversal via /backups Route
Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via downloadbackups was possible due to lack of hardening. This issue is fixed in versions 16.19.0 and 15.109.0...
CVE-2026-49394 Frappe: Auth. bypass via update_page
Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the updatepage endpoint in Workspace because public workspaces did not receive the required Workspace Manager edit check. This issue is fixed in version 16.19.0...
CVE-2026-49394
Frappe CVE-2026-49394: Before version 16.19.0, authorization bypass was possible via the update_page endpoint in Workspace because the Workspace Manager edit check was not enforced for public workspaces. The issue is fixed in 16.19.0. The CVSS metrics indicate a NETWORK attack vector, LOW access ...
PT-2026-57334
Name of the Vulnerable Software and Affected Versions Frappe versions prior to 16.16.0 Frappe versions prior to 15.106.0 Description User enumeration is possible through the 'reset password' endpoint. User enumeration is a technique used to verify if a specific user exists within a system by...
EUVD-2026-42569
A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit...
CVE-2026-59691
GStreamer rfbsrc plugin is affected by a heap buffer overflow when a client connects to a 16bpp RFB/VNC server using Hextile-encoded updates. The Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit pixels, causing an out-of-bounds heap write that can cause p...
CVE-2026-49866
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronousl...
CVE-2026-15171
SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...
CVE-2026-15163
CVE-2026-15163 affects Wireshark up to 4.6.6 and 4.4.16, where multiple protocol dissectors can enter infinite loops due to an unreachable exit condition, causing denial of service (application unresponsiveness). Severity varies by source: NVD lists CVSSv3.1 impact as High (AV:N/AC:L/PR:N/UI:N/S:...
CVE-2026-15164
CVE-2026-15164 relates to Wireshark’s ciscodump component and is described as a heap-based buffer overflow that causes a crash, resulting in a DoS. Affected versions per the CVE entry include 4.6.0–4.6.6 and 4.4.0–4.4.16. The vulnerability is triggered by processing input under the specified comp...
CVE-2026-49866
CVE-2026-49866 affects the JavaScript libp2p implementation, specifically the @libp2p/gossipsub component. The root cause is defaultDecodeRpcLimits allowing maxIhaveMessageIDs and maxIwantMessageIDs to be Infinity prior to v16.0.0, enabling oversized IHAVE/IWANT control message arrays in message/...
CVE-2026-58252
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...