80 matches found
CVE-2026-39972
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...
CVE-2026-35253
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...
CVE-2026-35253
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...
CVE-2026-35253
CVE-2026-35253 concerns the Oracle Macoron Tool in Oracle Open Source Projects, affected in v0.22.0. The vulnerability is exploitable over HTTP with network access and unauthenticated, potentially causing the tool to fail host address validation. The connected records provide the same description...
CVE-2026-35253
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...
EUVD-2026-27532
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...
CVE-2026-35253
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...
PT-2026-37347
Name of the Vulnerable Software and Affected Versions Oracle Macaron Tool version 0.22.0 Description An unauthenticated attacker with network access via HTTP can compromise the Oracle Macaron Tool. This issue allows the attacker to bypass host address validation, which is the process of verifying...
Astra Linux - уязвимость в opensc
Heap buffer overflow issues were identified in Opensc before version 0.22.0 in the pkcs15-oberthur.c file, which could potentially cause programs using the library to crash...
Amazon tough 路径遍历漏洞
Amazon Tough is a Rust client library from Amazon, a subsidiary of The Update Framework TUF. Versions prior to tough-v0.22.0 contained a path traversal vulnerability. This vulnerability stemmed from incomplete path traversal fixes, which could allow remote authenticated users to write to files...
CVE-2026-39972
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...
EUVD-2026-20967
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...
CVE-2026-39972 Mercure has a Topic Selector Cache Key Collision
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...
CVE-2026-39972
CVE-2026-39972 affects Mercure prior to 0.22.0. A cache key collision in TopicSelectorStore arises from concatenating topicSelector and topic with an underscore, which can produce identical keys for different pairs because both fields may contain underscores. An attacker who can subscribe or publ...
mercure has Topic Selector Cache Key Collision
Impact A cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones. The cache key was constructed by concatenating the topic...
PT-2026-31661
Impact A cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones. The cache key was constructed by concatenating the topic...
CVE-2026-33055 affecting package trident for versions less than 0.22.0-1
CVE-2026-33055 affecting package trident for versions less than 0.22.0-1. A patched version of the package is available...
CVE-2026-5342
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikonloadpaddedpackedraw of the file src/decoders/decoderslibraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument loadflags/rawwidth can lead to out-of-bounds read. It is possible to launch the...
CVE-2026-5342
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikonloadpaddedpackedraw of the file src/decoders/decoderslibraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument loadflags/rawwidth can lead to out-of-bounds read. It is possible to launch the...
PT-2026-29677
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits causes out-of-bounds write. It is possible to initiate the attack remotely. T...