107415 matches found
EUVD-2026-36288
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...
CVE-2026-47170 Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...
CVE-2026-47170
Garlic-Hub is affected by a CVE-2026-47170 SSRF in the uploadFromUrl endpoint. Prior to version 1.1 , authenticated users could cause the server to issue arbitrary HTTP requests to internal services, enabling internal port scanning, service fingerprinting, and retrieval of internal HTTP responses...
CVE-2026-12031
creationtimestamp| type| source ---|---|--- 2026-06-11 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260612 2026-06-12 04:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2u4ktdqu2y 2026-06-12 05:14:42+00:00|...
CVE-2026-12028
creationtimestamp| type| source ---|---|--- 2026-06-11 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260612 2026-06-12 03:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2qrduutc2y 2026-06-12 05:41:40+00:00|...
CVE-2026-50629
creationtimestamp| type| source ---|---|--- 2026-06-11 17:41:27+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzrjdlhjm25...
CVE-2026-50630
creationtimestamp| type| source ---|---|--- 2026-06-11 17:38:07+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzrdeb7n62w...
CVE-2026-52750
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click...
CVE-2026-48998
creationtimestamp| type| source ---|---|--- 2026-06-11 14:32:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnzgxuuio72w...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...
Malicious code in optional-cpu-features (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...
CVE-2026-3553
creationtimestamp| type| source ---|---|--- 2026-06-11 12:45:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaxmissr2y 2026-06-11 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260612...
CVE-2026-10733
creationtimestamp| type| source ---|---|--- 2026-06-11 12:45:12+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaxmissr2y 2026-06-11 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260612...
CVE-2026-9751
creationtimestamp| type| source ---|---|--- 2026-06-11 12:45:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaxhchwy25...