4763 matches found
Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit
Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant can create EnvoyExtensionPolicy baseline - Attacker hosts a gzip-bomb at a reachable URL - sha256 unset optional field; check is post-decompression anyway - No operator...
SUSE CVE-2025-3879
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
CVE-2026-15736
Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...
CVE-2026-15736 Multiple SQL/DDL Injection and Arbitrary File Read Vulnerabilities in snowflake-sqlalchemy
Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...
SUSE-SU-2026:2984-1 Security update for python3-dulwich
This update for python3-dulwich fixes the following issues: - CVE-2026-47734: Do not honour receive.maxInputSize to bound received packs bsc1268138...
CVE-2026-10665 Heap buffer overflow on WireGuard receive path via unbounded incoming packet length
In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...
cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: cxf: Unauthorized access due to logic error in OAuthRequestFilter
A flaw was found in the OAuthRequestFilter component of cxf. A logic error in this filter inadvertently creates an inverse security check when enabled. This issue causes legitimate requests from a bound IP address to be rejected, while requests from any other IP address are blindly allowed. This...
CVE-2026-57257
During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes...
CVE-2026-55079 Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...
Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service
Summary NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a DataUpload message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the FileSize value itself was unconstrained Impact An authenticated user able to...
SUSE-SU-2026:22564-1 Security update for apache2
This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...
SUSE-SU-2026:2759-1 Security update for apache2
This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...
PT-2026-56069
Name of the Vulnerable Software and Affected Versions coder versions prior to 2.34.2 coder versions prior to 2.33.8 coder versions prior to 2.32.7 coder versions prior to 2.29.17 Description An authenticated user can trigger a denial of service by sending a small message with an excessively large...
Chromium: CVE-2026-13921 Insufficient validation of untrusted input in DeviceBoundSessionCredentials
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Fedora 45 : rust-fern / rust-ifcfg-devname / rust-routinator / rust-rpki / etc (2026-188f731254)
The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-188f731254 advisory. Update routinator to the latest, pulling in updated dependencies rpki and syslog, and switch fern to using syslog 7 instead of 6 for this update, an...
Security update for apache2
This update for apache2 fixes the following issues CVE-2026-29167: modldap per-dir use-after-free bsc1267976. CVE-2026-29170: modproxyftp XSS bsc1267977. CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow...
EUVD-2026-41259
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...
GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerabilities
Summary Multiple exploitable out-of-bounds read vulnerabilities exist in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to trigger these vulnerabilities...
CVE-2026-13921
Insufficient validation of untrusted input in DeviceBoundSessionCredentials in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
PT-2026-54198
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DeviceBoundSessionCredentials allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a...