Apache Thrift: Node.js skip() recursion

...

BIT-THRIFT-2026-41604 Apache Thrift: Swift Range crash in skip()

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the skip function. An attacker can cause a stack overflow and potentially crash the application by sending specially crafted input that triggers deep recursion. Remediation Upgrade...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the skip function. An attacker can cause a crash or read unintended memory by providing specially crafted input that triggers an out-of-bounds access. Remediation Upgrade thrift to version 0.23.0 or higher...

CVE-2026-41636

CVE-2026-41636 describes an Uncontrolled Recursion vulnerability in the Apache Thrift Node.js bindings. Affected software is Apache Thrift versions prior to 0.23.0. The issue is mitigated by upgrading to Thrift 0.23.0, which fixes the problem. The available documents do not specify exact affected...

CVE-2026-41636 Apache Thrift: Node.js skip() recursion

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41604 Apache Thrift: Swift Range crash in skip()

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41059

A flaw was found in OAuth2 Proxy. An unauthenticated attacker can exploit a configuration-dependent authentication bypass by sending a crafted request containing a number sign in the path. This allows the OAuth2 Proxy to incorrectly match a public allowlist rule, leading to the exposure of...

Improper Certificate Validation

Overview org.apache.storm:storm-metrics-prometheus is a Distributed and fault-tolerant realtime computation Affected versions of this package are vulnerable to Improper Certificate Validation in the INSECURECONNECTIONFACTORY calls. An attacker can intercept sensitive data and credentials by...

JLSEC-2026-194

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this...

CVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

BIT-OAUTH2-PROXY-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

BIT-OAUTH2-PROXY-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

CVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

EUVD-2026-24576

free5GC AMF: Missing default case in Content-Type switch in HTTPUEContextTransfer...

nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

Impact SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. If an attacker can get a SkipBlockProof verified where MultiSignature.signers contains out-of-range indices spaced by 65536, these...

GHSA-6973-8887-87FF nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

Impact SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. If an attacker can get a SkipBlockProof verified where MultiSignature.signers contains out-of-range indices spaced by 65536, these...

CVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

CVE-2026-33471

CVE-2026-33471 affects nim i q/core-rs-albatross (Rust Nimiq PoS) prior to v1.3.0. The vulnerability arises in SkipBlockProof::verify, which checks quorum using BitSet.len() and then casts each index (slot as u16) for lookup. Attackers can craft a SkipBlockProof where out-of-range indices spaced ...