2449 matches found
CVE-2026-16118 Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...
CVE-2026-16118
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...
CVE-2026-50151 oras-go: credential forwarding via unvalidated Location header in blob upload
oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-controlled Location header during monolithic blob upload and reuses the Authorization header from the initial POST request for the...
CVE-2026-49210
Summary: CVE-2026-49210 affects Symfony UX LiveComponent’s ChildComponentPartialRenderer::createHtml(), where client-controlled children[id].tag is interpolated into HTML as a tag name without validation/escaping, enabling an attacker to inject arbitrary HTML (including [removed] tags) during a L...
CVE-2026-62290
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. From 1.18.0 until 1.19.6 and 1.20.3, Challenge resources under acme.cert-manager.io can be created directly by namespace...
CVE-2026-45576
Summary: CVE-2026-45576 affects the zrok tool. From versions 0.4.23 through 2.0.3, the zrok2 copy command stores attacker-controlled WebDAV or zrok drive paths (e.g., /../outside.txt) in the source inventory and passes them to FilesystemTarget.WriteStream, enabling writing files outside the selec...
CVE-2026-45576 zrok copy writes attacker-controlled WebDAV paths outside the destination root
zrok is software for sharing web services, files, and network resources. From 0.4.23 until 2.0.3, zrok2 copy stores attacker-controlled WebDAV or zrok drive paths such as /../outside.txt in the source inventory and passes them to FilesystemTarget.WriteStream, allowing the sync pipeline to write...
EUVD-2026-44845
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulti...
MAL-2026-10763 Malicious code in @edgecommons/streamlog-node (npm)
The @edgecommons/streamlog-node package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name uses an '@edgecommons' scope that mimics the internal/private package naming convention of a...
Linux Distros Unpatched Vulnerability : CVE-2026-47767
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the...
Malicious code in syft-acp-uikit (npm)
The syft-acp-uikit package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the 'syft-acp' internal/private package naming convention an ACP component library of a target...
Malicious code in @edgecommons/streamlog-node (npm)
The @edgecommons/streamlog-node package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name uses an '@edgecommons' scope that mimics the internal/private package naming convention of a...
Malicious code in @edgecommons/edgecommons (npm)
The @edgecommons/edgecommons package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name uses an '@edgecommons' scope that mimics the internal/private package naming convention of a...
GHSA-7GCF-G7XR-8HXJ serde_with: KeyValueMap serialization panics on empty sequence or map entries
Summary The public KeyValueMap serializer assumes that each mapped element has at least one field or item to use as the map key, but it subtracts 1 from the caller-visible length before validating that assumption. An application that serializes attacker-controlled data through serdeasas =...
Prototype Pollution
@feathersjs/commons is vulnerable to Prototype Pollution. The vulnerability is due to unsafe recursive merging of attacker-controlled objects containing proto, constructor, or prototype properties, which allows an attacker to pollute the global object prototype when untrusted JSON input is passed...
CVE-2026-52890 Wekan: Arbitrary file read and server DoS via attachment versions.original.path
Wekan is open source kanban built with Meteor. Prior to 9.31, Wekan allows a logged-in board member to insert an attachment document through the /attachments/insert DDP method with attacker-controlled versions.original.path and versions.original.storage fields. The server/permissions/attachments....
CVE-2026-55576 MaaAssistantArknights: PR-title expression injection in release-preparation.yml
MaaAssistantArknights is a one-click tool for daily Arknights tasks. In the current dev-v2 workflow, .github/workflows/release-preparation.yml inlined attacker-controlled github.event.pullrequest.title into a run: shell command during the pullrequest opened, reopened, and readyforreview events, s...
CVE-2026-56678 9Router: Kiro region injection allows authenticated SSRF with Authorization header forwarding
9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443 and cause 9Router to...
CVE-2026-45535
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as $var and SqlparserUtils.handleVariableDefaultValue inserts them with String.replace without escaping or parameterizatio...
CVE-2026-45534 DataEase: RCE Vulnerability
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty"java.io.tmpdir", setting...