9 matches found
PYSEC-2026-773 Remote code execution in Apache Airflow Docker's Provider
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above...
PT-2026-55955
Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 3.0.0-M4 Description Untrusted Java deserialization occurs in the SvmDoccatModel.deserializeInputStream function. The function uses java.io.ObjectInputStream to read an attacker-controlled stream and calls...
DEBIAN-CVE-2026-56130
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...
CVE-2026-56130
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...
EUVD-2026-36728
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads...
CVE-2026-5079
The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...
Linux Distros Unpatched Vulnerability : CVE-2015-10005
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The...
PT-2024-36311 · Evernote · Evernote Sync
Name of the Vulnerable Software and Affected Versions: Evernote Sync versions prior to 3.0.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows reflected XSS. Recommendations: For versions prior to...
PT-2024-40198 · Sp1 · Sp1
Name of the Vulnerable Software and Affected Versions: SP1 versions prior to 3.0.0 Description: The issue arises during proof generation, where the prover must observe all values sent to the verifier to generate valid Fiat-Shamir challenges. In versions prior to 3.0.0, the cumulative sum of the...