533 matches found
CVE-2026-41132
CVE-2026-41132 affects CKAN prior to versions 2.10.10 and 2.11.5, where the SMTP connection lacks certificate validation. This allows a MITM attacker to spoof the SMTP server and potentially access credentials and email contents. The issue is mitigated by upgrading CKAN to 2.10.10 or 2.11.5 (or n...
CVE-2026-42587
Netty CVE-2026-42587 affects HttpContentDecompressor and DelegatingDecompressorFrameListener. Before 4.2.13.Final and 4.1.133.Final, maxAllocation is enforced for gzip/deflate but ignored for br, zstd, or snappy, allowing an attacker to bypass the decompression limit via Content-Encoding: br and ...
CVE-2026-45109
Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...
CVE-2026-44580 Next.js: Cross-site scripting in beforeInteractive scripts with untrusted input
Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escap...
CVE-2026-44574 Next.js: Middleware / Proxy bypass through dynamic route parameter injection
Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the...
UBUNTU-CVE-2026-7474
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...
PT-2026-40316
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...
EUVD-2026-29286
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...
CVE-2026-28873
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...
CVE-2026-28993
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...
CVE-2026-42050
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerabilit...
PYSEC-2026-147
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...
CVE-2026-42258
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...
CVE-2026-42277 Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-7541
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...
CVE-2026-40309
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...
CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
CVE-2026-40332
Masa CMS is affected by an Open Redirect vulnerability caused by improper handling of scheme-relative URLs. The system misinterprets paths beginning with // as internal and processes them without validating that the redirect target stays on the local site. An attacker can craft a link on the trus...
CVE-2026-29080
CVE-2026-29080 describes an SQL injection in Rucio’s FilterEngine for Oracle JSON Path via the DID search API. In Oracle deployments using the default json_meta plugin, create_sqla_query() interpolates attacker-controlled key and value directly into sqlalchemy.text() via Python .format(), bypassi...