CVE-2026-31049

CVE-2026-31049 affects Hostbill versions 2025-11-24 and 2025-12-01. The issue allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field. Root cause is a vulnerability in how CSV registration data is processed, enabling code execution and privilege e...

BIT-MINIO-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

BIT-GITLAB-2026-2104 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...

Linux Distros Unpatched Vulnerability : CVE-2026-1403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-1403 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable...

PT-2026-32435

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

PT-2026-32414

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...

FreeBSD : Gitlab -- vulnerabilities (099d4998-33cc-11f1-a7d1-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 099d4998-33cc-11f1-a7d1-2cf05da270f3 advisory. Gitlab reports: Exposed Method issue in websocket connections impacts GitLab CE/EE Denial of...

MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

Impact What kind of vulnerability is it? Who is impacted? MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function calls bufio.Reader.ReadBytes'\n' with no size limit, buffering the...

UBUNTU-CVE-2026-2104

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...

CVE-2026-2104

GitLab CE/EE is affected in all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3. An authenticated user could access confidential issues assigned to other users via CSV export due to insufficient authorization checks. The CVSSv3.1 base score is 4.3 (Medium) with atta...

CVE-2026-2104

Removed by vendor...

CVE-2026-2104 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...

CVE-2026-39414

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the nextSplit function in the S3 Select CSV parsing process. An attacker can cause the server to exhaust available memory and crash by uploading a specially crafted CSV file with...

CVE-2026-39414

CVE-2026-39414 affects MinIO’s S3 Select CSV parsing. The CSV reader’s nextSplit() calls ReadBytes('\n') without a size limit, causing unbounded buffering and memory exhaustion (OOM) when processing long lines; a file with no newline can trigger a single large allocation. This can be exploited by...

CVE-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

H4C-WEB

H4C-WEB !/bin/bash =======================================...

Gitlab -- vulnerabilities

Gitlab reports: Exposed Method issue in websocket connections impacts GitLab CE/EE Denial of Service issue in Terraform state lock API impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in CSV import impacts GitLab CE/EE Denial of Service issu...

PT-2026-31438

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2018-08-18T03-49-57Z through RELEASE.2025-12-20T04-58-37Z Description MinIO's S3 Select feature is susceptible to memory exhaustion when handling CSV files with lines exceeding available memory. The nextSplit function...

CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...