116 matches found
CVE-2026-5366
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...
CVE-2026-40908
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...
CVE-2026-47318
Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035...
CVE-2026-49510
CVE-2026-49510 is a vulnerability in Samsung Open Source rlottie caused by an integer overflow/wraparound . Affected: rlottie before 21292665023e5074b38254432716866d00f1985f. Root cause: integer overflow in the Open Source rlottie code. Impact per CVSS: confidentiality NONE, integrity LOW, availa...
kas checks out SHA-like git branches as valid commits
Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...
CVE-2024-40646 Vertex Vulnerable to Path Traversal
Vertex is a management tool for PT Private Tracker users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal. Users should upgrade to a version containing commit fbde301b97986d5913fc4bc95f5445750d282e11 to...
CVE-2026-45613
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...
Astra Linux - уязвимость в linux-5.10, linux
There is a speculative pointer dereferencing issue in the Linux kernel, specifically with the doprlimit function. The value of the resource argument is controlled and is used in pointer arithmetic for the ‘rlim’ variable. This can lead to the leakage of its contents. We recommend upgrading to a...
Astra Linux - уязвимость в linux, linux-5.10
There is a use-after-free vulnerability in the ALSA PCM package within the Linux kernel. The SNDRVCTLIOCTLELEMREAD|WRITE32 function lacks locks that could be exploited in a use-after-free situation, leading to an escalation of privileges to gain ring0 access from the system user. We recommend...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb: server: Fixed a leak in activenumconn when there is a failure in transport allocation. The commit 77ffbcac4e56 “smb: server: fixed the leak of activenumconn in ksmbdtcpnewconnection” addresses the failure path in kthreadrun...
CVE-2026-41243
OpenLearn's OpenLearn project has a vulnerability CVE-2026-41243 where, prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, enabling safeMode does not prevent public access to unapproved posts via direct post UUID. The post-read path still returns full content to anyone who has the UUID, ev...
CVE-2026-40908
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...
CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...
EUVD-2026-24286
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...
CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...
PT-2026-34062
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description The file 'git.json.php' located at the web root executes the git log -1 command and returns the full output as JSON to unauthenticated users. This leads to the exposure of the deployed commit...
GHSA-52HF-63Q4-R926 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php Exposes Developer Emails and Deployed Version
Summary The file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs, developer names and email addresses PII, and commit messages which may...
CVE-2026-40447
Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...
CVE-2026-25209
Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...
CVE-2026-25206
Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...