CVE-2026-55443

CVE-2026-55443 describes a path traversal / sandbox-escape flaw in LangChain prior to 1.3.9. The vulnerability arises when components that resolve filesystem paths or expand search patterns fail to confine results to a trusted root, allowing untrusted inputs (paths, globs, symlinks, or LLM-influe...

GHSA-FJJ5-V948-WHJJ Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)

Summary Mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode. This means an attacker ca...

Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)

Summary Mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode. This means an attacker ca...

Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers

Summary When ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can reach the Gogs service can for...

GHSA-W6J9-VW59-27WV Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers

Summary When ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can reach the Gogs service can for...

Gogs has a Denial of Service in repository/wiki file listing web pages

Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. Details The issue is...

GHSA-3QQ3-668M-V9MJ Gogs has a Denial of Service in repository/wiki file listing web pages

Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. Details The issue is...

EUVD-2025-26130

Paymenter vulnerable to Remote Code Execution via public file uploads...

GHSA-5PM9-R2M8-RCMJ Paymenter vulnerable to Remote Code Execution via public file uploads

Impact The ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. With the ability to execute arbitrary code, this vulnerability can be exploited in numerous ways, including but not limited to: - Extracting sensitive data from the database...

Paymenter vulnerable to Remote Code Execution via public file uploads

Impact The ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. With the ability to execute arbitrary code, this vulnerability can be exploited in numerous ways, including but not limited to: - Extracting sensitive data from the database...

EUVD-2024-36468

OpenCTI May Bypass Introspection Restriction...

GHSA-4MVW-J8R9-XCGC OpenCTI May Bypass Introspection Restriction

Summary The regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query. Details GraphQL Queries in OpenCTI can be validated using the secureIntrospectionPlugin. Impact Bypassing this restriction...

OpenCTI May Bypass Introspection Restriction

Summary The regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query. Details GraphQL Queries in OpenCTI can be validated using the secureIntrospectionPlugin. Impact Bypassing this restriction...

CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

CVE-2026-54273 AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

CVE-2026-54273 AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

EUVD-2026-38317

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

CVE-2026-54273

CVE-2026-54273 (AIOHTTP) affects the AIOHTTP project (async HTTP client/server for asyncio and Python). Prior to version 3.14.1, there was no limit on the number of pipelined HTTP/1 requests that could be queued, enabling potential memory exhaustion and DoS. The issue is fixed in 3.14.1. The prov...

CVE-2026-54280

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

CVE-2026-54280 AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...