29715 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the fullPath function in the builtinbackupengine.go file. An attacker can write files to arbitrary locations on the file system by manipulating backup manifest files if they have read/write access to the backup...
CVE-2026-27598
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
DEBIAN-CVE-2026-27904
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic...
CVE-2026-27961
Agenta (open-source LLMOps platform) has a Server-Side Template Injection (SSTI) vulnerability in API server evaluator templates for versions prior to 0.86.8. The vulnerable code runs server-side within the API process (SDK code executed server-side) and does not affect standalone SDK usage; impa...
CVE-2026-27904
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic...
CVE-2026-27904
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic...
PT-2026-22172
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in Kibana Workflows related to improper neutralization of special elements used in a template engine CWE-1336. This could allow an authenticated attacker with the...
PT-2026-22165
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in the AI Inference Anonymization Engine within Kibana that can result in a denial of service. This is due to inefficient regular expression complexity, specifically a regular...
Linux Distros Unpatched Vulnerability : CVE-2026-2763
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and...
Linux Distros Unpatched Vulnerability : CVE-2026-2783
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8,...
RHEL 9 : firefox (RHSA-2026:3339)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3339 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap...
AlmaLinux 9 : firefox (ALSA-2026:3339)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3339 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs...
@arsloptima/password-strength (=0.0.1), @asafmalin/ngrid (>=5.0.0 <=5.0.1) +41 more potentially affected by CVE-2026-27739 via @nguniversal/express-engine (>=10.0.2 <=16.2.0)
@nguniversal/express-engine NPM version =10.0.2, =5.0.0, =1.0.1, =0.0.42, =7.0.0, =6.1.1, =4.0.0, =1.0.0, =0.1.1, =2.0.0, =3.0.0, =4.3.8 and more Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
firefox: thunderbird: Invalid pointer in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript Engine component...
firefox: thunderbird: Use-after-free in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine: JIT component...
firefox: thunderbird: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component...
firefox: thunderbird: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component...