1999 matches found
CVE-2026-49291 mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call
mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...
CVE-2026-11941
Cloudflare Quiche contains two use-after-free flaws in the FFI path for connection IDs. The issues affect the quiche_connection_id_iter_next and quiche_conn_retired_scid_next functions, where a owned ConnectionId is returned to the application via an argument but is dropped at the end of the func...
PT-2026-50897
Name of the Vulnerable Software and Affected Versions Line Desktop MCP versions prior to 1.1.2 Description Line Desktop MCP allows users to operate the LINE Desktop application on Windows or Mac via Model Context Protocol MCP. When using the --http-mode Streamable HTTP transport, the server binds...
CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...
GHSA-FJV8-J4P5-CR9M Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
Summary A sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volu...
CVE-2025-32392
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it t...
CVE-2026-44646
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new...
CVE-2026-48990 joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...
CVE-2026-48979
The CVE concerns PHP PSL versions 6.1.0, 6.1.1, and 6.2.0 where Psl\H2\ServerConnection fails to validate that the DATA frame length matches the content-length declared in the HEADERS frame, enabling HTTP request smuggling. This affects clients using Psl\H2\ServerConnection directly to process un...
SUSE CVE-2026-44893
Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...
SUSE CVE-2026-45673
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...
SUSE CVE-2026-46340
Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...
PT-2026-50121
Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWT SECRET, and the auth middleware trusted every claim in that JWT without re-resolving the user from...
PT-2026-50177
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can pollute the sandbox used by the Merge node's SQL Query mode. Since the sandbox context is cached and...
EUVD-2026-36468
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted...
CVE-2026-47261 Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...
EUVD-2026-36735
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...
CVE-2026-44786 Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...
CVE-2026-50026 Frappe: Lack of permissions checks in 'relink' and 'set_email_password' endpoints
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...
CVE-2026-44207 Frappe: Insecure Direct Object Reference for email accounts
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0...