CVE-2026-33672

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...

CVE-2026-23795

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...

CVE-2026-23795

CVE-2026-23795 describes an XML External Entity (XXE) vulnerability in the Apache Syncope Console. An administrator with sufficient entitlements to create or edit Keymaster parameters can craft malicious XML text to trigger XXE, potentially leaking sensitive data. Affected versions: Apache Syncop...

GHSA-36XR-4X2F-CFJ9 Deserialization of Untrusted Data in Apache Camel SQL

Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component. This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users...

PT-2023-22009 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 2.5.0 through 3.5.7 Mastodon versions 3.5.8 is not affected, but versions prior to 3.5.8 are affected, however 4.0.3 and prior to 4.0.4 and 4.1.1 and prior to 4.1.2 are also affected. Mastodon versions 2.5.0 through 4.1.1...