CVE-2026-40861

CVE-2026-40861 affects Apache Airflow, specifically the FileTaskHandler used for task logs. A Dag author can cause log path resolution to escape the configured base_log_folder via two patterns: (a) creating a symlink in the task log directory to an arbitrary file readable by the API server (read-...

CVE-2026-48147

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

CVE-2026-48147

Budibase (open-source low-code platform) prior to 3.35.4 contains a vulnerability in buildMatcherRegex()/matches() within packages/backend-core/src/middleware/matchers.ts where route patterns are compiled into unanchored regexes and tested against ctx.request.url (including the full query string)...

PT-2026-44058

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.4 Description The buildMatcherRegex and matches functions in packages/backend-core/src/middleware/matchers.ts compile route patterns into unanchored regular expressions and test them against ctx.request.url, whi...

Astra Linux - уязвимость в chromium

Before version 103.0.5060.134, using the "after free" method in the Service Worker API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

Memory access beyond the allowed boundaries in the Service Worker API in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Memory access beyond the allowed boundaries in the Service Worker API in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

CVE-2026-6607

CVE-2026-6607 affects lm-sys FastChat up to version 0.2.36, specifically the Worker API Endpoint function api_generate. The issue allows remote manipulation leading to resource consumption; CVE details indicate a publicly disclosed exploit and a patch is available (patch id c9e84b89c91d45191dc244...

PT-2026-33713

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api generate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

JLSEC-2026-100 Deno is vulnerable to race condition via interactive permission prompt spoofing

Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...

Remote Code Execution (RCE)

Apache Airflow Providers Edge3 is vulnerable to Remote Code Execution RCE. The vulnerability is due to exposure of a non-public Worker RPC API enabled when the Edge3 provider was installed on Airflow 2, where development-only APIs intended for internal testing allowed DAG authors to execute...

EUVD-2022-15476

Malicious code in bioql PyPI...

EUVD-2023-33654

Malicious code in bioql PyPI...

EUVD-2023-33653

Malicious code in bioql PyPI...

CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

SUSE CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

The vulnerability of the Service Worker API in the Google Chrome web browser allows a hacker to execute arbitrary code.

The vulnerability of the Service Worker API in the Google Chrome web browser relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created HTML page...

Denial Of Services (DoS)

Google Chrome is vulnerable to Denial Of Services DoS. The vulnerability exists due to the out of bounds memory access in Service Worker API, which allows an attacker to potentially exploit heap corruption via a crafted HTML page...

Denial Of Services (DoS)

Google Chrome is vulnerable to Denial Of Services DoS. The vulnerability exists due to the out of bounds memory access in Service Worker API, which allows an attacker to potentially exploit heap corruption via a crafted HTML page...