2423 matches found
CVE-2026-33875
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
[SECURITY] [DSA 6182-1] libxml-parser-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6182-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2026 https://www.debian.org/security/faq -...
SUSE CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33875
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33875
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33875
Gematik Authenticator (software component for digital health login) is affected. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing an attacker to authenticate as a victim who clicks a malicious deep link. Root cause is not explicitly detailed beyond th...
EUVD-2026-16817
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +24 more potentially affected by CVE-2025-15381 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)
mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =3.0.0, =3.11.0rc0 and more Source cves: CVE-2025-15381 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15870197...
CLSA-2026-1774604404 openexr: Fix of CVE-2026-27622
CVE-2026-27622: fix integer overflow in CompositeDeepScanLine leading to heap buffer overflow...
PT-2026-28546
Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions prior to 4.16.0 Description Gematik Authenticator is used to securely authenticate users for login to digital health applications. Versions prior to 4.16.0 are susceptible to authentication flow hijacking. An...
CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
DEBIAN-CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
UBUNTU-CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-32878
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that...