2327 matches found
EUVD-2026-43116
OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...
CVE-2026-59161
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...
CVE-2026-55782
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against...
CVE-2026-54063
Excelize CVE-2026-54063: The library vulnerable due to checkSheet() using attacker-controlled row attribute to allocate memory for xlsxRow slices without enforcing the Excel row limit. This can cause (A) out-of-memory leading to process kill and (B) runtime panic from out-of-bounds indexing when ...
CVE-2026-55590
CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the...
Malicious code in express-router-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49091d8e8923e3e709cebd14f01ee1617267bf3f9b6be99052603715b7cf9f70 The sole shipped file index.js is a heavily obfuscated RC4 + base64 string-array, 337-entry rotated array, control-flow flattening IIFE that executes...
Malicious code in polymarket-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd77c8861490c0b5607b4029f8f9e51f12efb83a6696fc51b953b0a3cde1356b The package impersonates the Polymarket brand name polymarket-apis, author polymarket but contains no Polymarket API integration. Its exported...
CVE-2026-55206
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...
CVE-2026-55404
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...
CVE-2026-59927 Mistune directives/include: mutual `.. include::` recursion crashes the renderer with `RecursionError`, denial of service via two attacker-controlled markdown files
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...
Malicious code in babel-eslint-parser-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85a6f04cbf0697b6ae409fb9e5ad0e25812dac6a2f43bd95722f1903ee2f71f7 Package name babel-eslint-parser-legacy is a one-suffix confusion against the legitimate babel-eslint-parser. The package's own main is an empty stub...
CVE-2026-53951
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...
CVE-2026-59930 Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...
CVE-2026-14966
BBOT’s unarchive module is affected by a symlink guard bypass when handling certain archives. Specifically, zip and 7z archives with a DOS-attribute prefix in their listing (as produced by legacy p7zip) can bypass the extraction guard, allowing an attacker-controlled symlink to be written into th...
CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
EUVD-2026-42137
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
CVE-2026-58473 Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings
Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...
CVE-2026-33264
A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...