curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from a server or to a server. Curl has a security vulnerability that stems from an error in proxy credential transmission, which may lead to the incorrect transmission of credentials from one proxy to another...

ALSA-2026:16692 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

RHEL 9 : freerdp (RHSA-2026:16485)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16485 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

PT-2026-40689

In the Linux kernel, the following vulnerability has been resolved: sched ext: Disable preemption between scx claim exit and kicking helper work scx claim exit atomically sets exit kind, which prevents scx error from triggering further error handling. After claiming exit, the caller must kick the...

freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...

Moderate: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Cross-site Scripting (XSS)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Cross-site Scripting XSS in the corsProxy file. An attacker can execute arbitrary JavaScript in the victim's browser and in the victim's context by injecting malicious content into the url...

GHSA-XC4X-2452-5GC9 SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. Overview - Vulnerability Type: XSS - Affected Location: src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response Root Cause When fetchurl throws, the...

SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. Overview - Vulnerability Type: XSS - Affected Location: src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response Root Cause When fetchurl throws, the...

CVE-2026-44222

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

PYSEC-2026-145

vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...

CVE-2026-44223

vLLM contains a vulnerability (CVE-2026-44223) where the extract_hidden_states speculative decoding pathway can crash the EngineCore process if any request uses penalty parameters (repetition_penalty, frequency_penalty, or presence_penalty). The issue arises from an incorrect tensor shape after t...

CVE-2026-44222

CVE-2026-44222 (vLLM) affects vLLM versions 0.6.1 through 0.19.x where a token-injection vulnerability in multimodal processing allows unauthenticated text prompts containing special tokens to be interpreted as control. When image/video placeholder sequences are provided without corresponding dat...

CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

CVE-2026-44215

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

CVE-2026-8278

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback --- Description The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internal...

Update 26.12 for Microsoft Dynamics 365 Business Central 2025 Release Wave 1 (Application Build 26.12.48244, Platform Build 26.0.48120)

None None...