CVE-2026-4983

CVE-2026-4983 affects the Open VSX Registry where SVG icons uploaded as extensions are not sanitized before storage and are served as image/svg+xml without security headers. This enables stored cross-site scripting (XSS) when users navigate to the icon URL. The impact differs by deployment: on lo...

Security Bulletin: gRPC HTTP/2 HPACK Desynchronization Vulnerability Allowing Header Leakage and Privilege Escalation, affects watsonx.data

Summary When gRPC encountered an exceeded header size error, it stopped parsing the remainder of the HPACK frame. This also prevented HPACK dynamic table updates from being processed, causing the sender and receiver HPACK tables to fall out of sync. In environments using an HTTP 2 proxy in front ...

PT-2022-13961 · Unknown +1 · Krakend-Ce +2

Name of the Vulnerable Software and Affected Versions: Lura versions prior to 2.0.2 KrakenD-CE versions prior to 2.0.2 KrakenD-EE versions prior to 2.0.0 Description: The issue arises from incorrect sanitization of URL parameters, allowing malicious users to alter the backend URL defined for a pi...