1177 matches found
GHSA-FWQX-8365-9983 Algernon: Single-file mode unconditionally enables debug mode
Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...
PT-2026-41970
Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...
CVE-2026-43302
A flaw was found in the Linux kernel's V3D graphics driver. When the Direct Memory Access DMA Application Programming Interface API debug option is enabled, the kernel may report a segment size mismatch. This occurs because the 'maxsegsize' parameter is not correctly configured, leading to warnin...
EUVD-2026-20777
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...
CVE-2026-40035
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...
CVE-2026-40035
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...
CVE-2026-40035 Unfurl - Werkzeug Debugger Exposure via String Config Parsing
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...
CVE-2026-40035
CVE-2026-40035 affects the Unfurl package (dfir-unfurl) used in Unfurl through 2025.08. The flaw is an improper input validation in config parsing that reads the debug value as a string and passes it to app.run(), causing any non-empty value to evaluate to true and exposing the Werkzeug debugger....
CVE-2026-40035 Unfurl - Werkzeug Debugger Exposure via String Config Parsing
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...
Unfurl 安全漏洞
Unfurl is a URL data extraction and visualization analysis tool developed by Ryan Benson. Versions of Unfurl prior to 2025.08 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation in configuration parsing. By default, Flask debug mode was enabled, which...
PT-2026-31470
Name of the Vulnerable Software and Affected Versions Unfurl versions through 2025.08 Description Unfurl through 2025.08 has an improper input validation issue in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to...
CVE-2026-29110
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every...
CVE-2026-29110
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every...
CVE-2026-29110 Cryptomator: Leaking of cleartext paths into log file in non-debug mode
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every...
CVE-2026-29110
Cryptomator is affected prior to version 1.19.0, where in non-debug mode it may log cleartext file paths when a filesystem request fails, potentially revealing meta information about files in a vault even though the vault is closed. The issue is resolved in version 1.19.0. The CVSS score is Low (...
CVE-2026-29110 Cryptomator: Leaking of cleartext paths into log file in non-debug mode
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every...
CVE-2026-29110 Cryptomator: Leaking of cleartext paths into log file in non-debug mode
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every...
PT-2026-23736
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every...
neqo-qpack has iInteger overflow in qpack dynamic table indexing
Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...
CVE-2025-11725
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings,...