Lucene search
K

303781 matches found

Github Security Blog
Github Security Blog
added yesterday5 views

ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)

Summary RaTeX’s recursive-descent parser recurses one or more native stack frame per nesting level at , \left, \sqrt, ^, etc, with no maximum depth limit. A short, 10 KB input of nested groups overflows the 8 MB main-thread stack and aborts the process. With panic = "abort" Cargo.toml:48, and...

6AI score
Exploits0References2Affected Software1
NVD
NVD
added yesterday2 views

CVE-2026-36162

An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS
Exploits0References4
NVD
NVD
added yesterday3 views

CVE-2026-55592

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy...

3.9CVSS
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-53729

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-59706

CVE-2026-59706 (mem0) is a vulnerability where unauthenticated config API endpoints expose LLM API keys in plaintext and enable server-side request forgery. The issue arises from an attacker-controllable ollama_base_url parameter, allowing SSRF to internal addresses (e.g., cloud IMDS) via PUT /ap...

9.3CVSS6AI score
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-42106

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score
Exploits0References4
Cvelist
Cvelist
added yesterday5 views

CVE-2026-59706 mem0 - Server-Side Request Forgery and Plaintext API Key Exposure via Unauthenticated Config Endpoints

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday3 views

@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...

6AI score0.00029EPSS
Exploits0References3Affected Software2
OSV
OSV
added yesterday2 views

GHSA-7W99-5WM4-3G79 @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...

8.1CVSS6AI score0.00029EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday3 views

Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth at a version below the patched release. - Their application enables oidcProvider from better-auth/plugins/oidc-provider or mcp from better-auth/plugins/mcp the mcp plugin delegates to...

6.1AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-9H47-PQCX-HJR4 Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth at a version below the patched release. - Their application enables oidcProvider from better-auth/plugins/oidc-provider or mcp from better-auth/plugins/mcp the mcp plugin delegates to...

8.7CVSS6.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday3 views

@better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators

Am I affected? Users are affected if all of the following hold: - Their application depends on @better-auth/oauth-provider on any stable 1.6.x release the stable line is not patched or on a pre-release before 1.7.0-beta.4. - Their application either configures validAudiences with more than one...

6AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-P2FR-6HMX-4528 @better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators

Am I affected? Users are affected if all of the following hold: - Their application depends on @better-auth/oauth-provider on any stable 1.6.x release the stable line is not patched or on a pre-release before 1.7.0-beta.4. - Their application either configures validAudiences with more than one...

6.4CVSS6AI score
Exploits0References3
CVE
CVE
added yesterday24 views

CVE-2026-55592

Dashy prior to version 4.3.7 is affected by an XSS related to the workspace URL parameter in the iframe src, where the URL is used without scheme validation. A crafted workspace link with a javascript: URL can execute code in the Dashy origin, allowing access to same-origin data, interaction with...

3.9CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-55592

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy...

3.9CVSS6AI score
Exploits0References4Affected Software1
EUVD
EUVD
added yesterday2 views

EUVD-2026-42103

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy...

3.9CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday7 views

CVE-2026-55592 Dashy: XSS in workspace url parameter

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy...

3.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-53729

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS5.9AI score
Exploits0References4Affected Software1
Rows per page
Query Builder