61538 matches found
CVE-2026-46455
CVE-2026-46455 affects Apache Camel with the camel-keycloak component. The security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) that only enforces subject and issuer, but omits the default IS_ACTIVE check. Consequently, the verifie...
golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority CA. A remote attacker could potentially exploit this by presenting a revoked key, leading t...
golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
pnpm 11.3.x < 11.5.3 Stage Download Path Traversal (CVE-2026-55700)
The version of pnpm installed on the remote host is 11.3.x prior to 11.5.3. It is, therefore, affected by a path traversal vulnerability: - From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could...
PT-2026-55963
Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description The FontFile.compile function in the PIL/FontFile.py module fails to call Image. decompression bomb check when assembling per-glyph images into a combined bitmap using Image.new"1", xsize, ysize. Thi...
PT-2026-56068
Name of the Vulnerable Software and Affected Versions Coder versions 2.17.0 through 2.29.6 Coder versions 2.32.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The POST /api/v2/files endpoint converts zip uploads to tar in memory using the...
CVE-2026-10657
Zephyr Project's DNS resolver contains an out-of-bounds read in the mDNS suffix check (dns_resolve_name_internal), using memcmp(strrchr(query, '.'), ".local", 7). If the final label is shorter than 7 bytes (or there is a trailing dot), the comparison may read past the NUL and fault on tight buffe...
CVE-2026-14714
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verifyserver of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmptoken causes missing authentication. The attack may be initiated...
EUVD-2026-41708
A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...
CVE-2026-14686
Technical details about this CVE are not publicly available in the provided documents. Monitor for updates.
CVE-2026-14686 HdrHistogram Range Check DoubleHistogram.java org.HdrHistogram.DoubleHistogram.recordValue comparison
A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...
CVE-2026-14686
A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...
CVE-2026-14634
Summary (CVE-2026-14634) The vulnerability exists in kirilkirkov’s Ecommerce-CodeIgniter-Bootstrap (up to commit 213babdbaa949e94557246414db0130e01394517) and affects the function checkForPostRequests in the file application/core/MY_Controller.php for the Subscribed Emails Admin Page. Manipulatio...
CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
CVE-2026-12252
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
CVE-2026-58299
Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...
CVE-2026-26247
Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...
EUVD-2026-41572
Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...