CVE-2026-48596

Summary: CVE-2026-48596 affects the Elixir Tesla library (tesla) in its multipart handling. The vulnerability is in Tesla.Multipart.add_content_type_param/2, which appends caller-supplied strings to content_type_params without validating CR (\r) or LF (\n). Tesla.Multipart.headers/1 then joins th...

osTicket 跨站请求伪造漏洞

osTicket is a widely used and trusted open-source support ticket system by the osTicket company. Versions of osTicket prior to 1.18.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the handling of the method parameter in the Dispatcher component’s file...

AZL-47436 CVE-2024-7383 affecting package libnbd for versions less than 1.18.3-3

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic...

AZL-10532 CVE-2022-30580 affecting package golang for versions less than 1.18.5-1

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

AZL-9547 CVE-2022-28327 affecting package golang for versions less than 1.18.3-1

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input...

CVE-2016-1586

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3...