1289 matches found
JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)
Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...
GHSA-M68R-V472-JGQ9 JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)
Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...
CVE-2025-66369
An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service...
PT-2026-37244
Name of the Vulnerable Software and Affected Versions JupyterHub versions 4.1.0 through 5.4.4 Description XSRF protection inappropriately treated requests containing the Sec-Fetch-Mode: no-cors header as same-origin requests, allowing the bypass of XSRF checks. This affects HTTP form endpoints,...
PT-2026-37270
Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.12 Fiber versions prior to 3.1.0 Description A Cross-Site Scripting issue exists in the Go Fiber web framework. A remote attacker can inject arbitrary HTML or JavaScript by providing an Accept: text/html header in ...
CVE-2025-66369
An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service...
CVE-2025-66369
An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service...
CVE-2026-7768 @fastify/accepts-serializer vulnerable to Denial of Service via Unbounded Accept Header Cache Growth
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...
CVE-2026-7768 @fastify/accepts-serializer vulnerable to Denial of Service via Unbounded Accept Header Cache Growth
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...
CVE-2026-7768
The CVE affects @fastify/accepts-serializer where serializer-selection results are cached by the request Accept header without bounds or eviction, allowing an unauthenticated remote client to cause unbounded cache growth and Node.js heap exhaustion leading to a crash. Affected versions are
@fastify/accepts-serializer 安全漏洞
@fastify/accepts-serializer is a plugin developed by Fastify, which automatically selects a serialization method based on the Accept header. Versions of @fastify/accepts-serializer up to 6.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size limits or evicti...
PT-2026-36915
Name of the Vulnerable Software and Affected Versions @fastify/accepts-serializer versions prior to 6.0.4 Description An issue exists where serializer-selection results are cached using the request Accept header as a key without a size limit or eviction policy. A remote unauthenticated client can...
CentOS 9 : krb5-1.21.1-10.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the krb5-1.21.1-10.el9 build changelog. - In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls...
SUSE CVE-2026-40356
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...
Linux Distros Unpatched Vulnerability : CVE-2026-40356
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system...
CVE-2026-40355
A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service DoS...
DEBIAN-CVE-2026-40356
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...
CVE-2026-40355
In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...
MIT Kerberos 数字错误漏洞
MIT Kerberos is a software used by the Massachusetts Institute of Technology MIT for authentication in network clusters. As a network authentication protocol, its design goal is to provide robust authentication services for client/server applications through a key system. Prior to version 5.1.2.3...
CVE-2026-40356
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...