189 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...
EUVD-2026-30803
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval Injection...
Missing Release of File Descriptor or Handle after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...
Session Fixation
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Session Fixation via /proxy reverse proxy requests. A malicious HF Space can hijack user sessions and gain unauthorized access to other users'...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade...
LDAP Injection
Overview apache-airflow-providers-fab is a Provider package apache-airflow-providers-fab for Apache Airflow Affected versions of this package are vulnerable to LDAP Injection through the ldapbindindirect and nested group search code in override.py. An attacker can manipulate the LDAP username or...
EUVD-2026-31659
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...
CVE-2026-48207
CVE-2026-48207 affects Apache Fory: PyFory ReduceSerializer deserializes attacker-controlled data and could bypass DeserializationPolicy validation during reduce-state restoration and global-name resolution. Impact is high (CVSS 3.1: 9.8, CRITICAL, NETWORK/LOW/ NONE user interactions). The issue ...
Out-of-bounds Write
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Uncontrolled Recursion
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Microsoft Power Automate for Desktop < 2.68.237.26118 Information Disclosure (May 2026)
The version of Microsoft Power Automate for desktop installed on the remote Windows host is prior to 2.68.237.26118. It is, therefore, affected by an information disclosure vulnerability: - Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker ...
CVE-2026-41018
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-40610 via bentoml (>=1.0.0a7 <=1.4.3)
bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-40610 Source advisory: SNYK:PYTHON-BENTOML-16479115...
Improper Verification of Cryptographic Signature
Overview axonflow is an AxonFlow Python SDK - Enterprise AI Governance in 3 Lines of Code Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents...
[SECURITY] [DLA 4564-1] pyjwt security update
Debian LTS Advisory DLA-4564-1 [email protected] https://www.debian.org/lts/security/ Jochen Sprickerhof May 05, 2026 https://wiki.debian.org/LTS Package : pyjwt Version : 1.7.1-2+deb11u1 CVE ID : CVE-2026-32597 It was discovered that PyJWT, a Python implementation of JSON Web Token did...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...
Astra Linux - уязвимость в ruby-rack
Rack is a modular Ruby web server interface. Before versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST would read the entire request body into memory when the Content-Type was application/x-www-form-urlencoded. This action did not enforce any length or capacity limits on the input. As a result...
CVE-2026-7461
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...
CVE-2026-41134
Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...