1226 matches found
Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation
Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticate...
EUVD-2026-30559
Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...
PT-2026-41394
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.34.8 Description An authenticated user can trigger server-side requests to internal network addresses. This occurs because the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses...
SUSE-SU-2026:21640-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues Security issues: - CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect bsc1258251. - CVE-2026-4890: DoS vulnerability in the DNSSEC validation bsc1265001. - CVE-2026-4891: heap-based out-of-bounds re...
SUSE-SU-2026:21788-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues Security issues: - CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect bsc1258251. - CVE-2026-4890: DoS vulnerability in the DNSSEC validation bsc1265001. - CVE-2026-4891: heap-based out-of-bounds re...
CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...
CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...
CVE-2026-44223
vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...
vLLM 安全漏洞
vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.20.0 contained a security vulnerability. This vulnerability stemmed from the extracthiddenstates speculative decoding proposal, which returned tensor...
EUVD-2026-29156
A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...
EUVD-2026-29091
dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...
ALPINE-CVE-2026-5172
A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...
CVE-2026-5172
A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...
CVE-2026-5172
A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...
CVE-2026-5172 CVE-2026-5172
A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...
CVE-2026-5172
dnsmasq has a CVE-2026-5172 vulnerability: a buffer overflow in extract_addresses() can cause a heap out-of-bounds read and crash when processing a malformed DNS response. Exploitation is network-based (no user interaction). Remediation in the public advisories includes upgrading dnsmasq to a fix...
CVE-2026-5172 CVE-2026-5172
A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...
CVE-2026-2291
dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...
CVE-2026-2291
dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...
CVE-2026-2291 CVE-2026-2291
dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...