6335 matches found
PT-2026-49586
Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...
UBUNTU-CVE-2026-45673
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...
CVE-2026-45673
A flaw was found in Netty's DNS resolver component. This vulnerability arises from the use of a predictable pseudo-random number generator PRNG for DNS transaction IDs and a static User Datagram Protocol UDP source port. This combination significantly reduces the randomness of DNS queries, making...
CVE-2026-45673
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...
CVE-2026-41843
A flaw was found in Spring Framework. Specifically, Spring MVC and WebFlux applications are vulnerable to a Path Traversal attack. This vulnerability allows a remote attacker to access sensitive files or directories on the server by manipulating requests for static resources. The successful...
CVE-2026-45673 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...
CVE-2026-45673
Technical details are not publicly provided in the supplied connected documents. Monitor for updates on the Netty DNS-related vulnerability (CVE-2026-45673) and any published remediation.
FreeBSD : h2o -- stack overflow serving static files on musl libc (644d5e6c-1bd9-4904-8440-16c04100a2e1)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 644d5e6c-1bd9-4904-8440-16c04100a2e1 advisory. h2o project reports: When serving static files, h2o can allocate a file path on the stack using alloca...
GHSA-RCVQ-M9J9-6F4G @hapi/inert has a static-file confinement bypass via sibling-prefix path
Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...
@hapi/inert has a static-file confinement bypass via sibling-prefix path
Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Incorrect Authorization and Middleware Bypass due to Node.js module @hono/node-server ( CVE-2026-29087 & CVE-2026-39406 )
Summary IBM App Connect Enterprise runtime is vulnerable to Incorrect Authorization and Middleware Bypass due to Node.js module @hono/node-server. Vulnerability Details CVEID:CVE-2026-29087 DESCRIPTION: @hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, wh...
CLEANSTART-2026-KN74022 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU
Security vulnerability affects the local-static-provisioner-fips package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
PT-2026-48806
Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...
openSUSE 16 Security Update : NetworkManager (openSUSE-SU-2026:20911-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20911-1 advisory. Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static...
Directory Traversal
Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Directory Traversal
Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...
CVE-2024-58350 Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...
CVE-2024-58350
Ghidra prior to 11.2 contains a use-after-free in the Sleigh backend caused by undefined static initialization order of SleighArchitecture::translators and XmlArchitectureCapability singletons. This can enable an attacker to trigger an infinite loop or denial of service during shutdown due to uns...
CVE-2024-58350 Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...