CVE-2026-47692

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in th...

CVE-2026-33646

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

CVE-2026-47204

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

Atom CMS v2.0 - SQL Injection

AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. id: CVE-2022-24223 info: name: Atom CMS v2.0 - SQL Injection author: theamanrawat severity: critical description: | AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php...

Sonatype Nexus Repository Manager 3 - Local File Inclusion

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...

OpenCMS - Cross-Site Scripting

OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. id: CVE-2023-42343 info: name: OpenCMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. impact: | Unauthenticated attackers...

LearnPress <= 4.2.5.7 - SQL Injection

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

QNAP QTS and QuTS Hero - OS Command Injection

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later...

QNAP Music Station < 5.4.0 - Authentication Bypass

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later id:...

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

Symfony HttpFoundation - Access Control Bypass via PATH_INFO

Symfony HttpFoundation component = 2.0.0 and prior to versions 5.4.50, 6.4.29, and 7.3.7 contains an access control bypass vulnerability. The Request class improperly interprets some PATHINFO values, producing URL paths without a leading /. This allows bypassing access control rules that are buil...

XWiki DeleteApplication - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack...

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...

CVE-2026-47692

Envoy vulnerability CVE-2026-47692: PROXY Protocol v2 header generator can emit TLVs beyond the maximum 65535-byte length, causing a mismatch between bytes written and the length field and potentially smuggling bytes upstream. Affected versions: 1.34.0 through 1.35.13, 1.36.9, 1.37.5, and 1.38.3....

CVE-2026-47207 Envoy crashes if multiple unexpected ext_proc responses are packed into one gRPC message

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...

CVE-2026-45405

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

CVE-2026-55441

CVE-2026-55441 affects the Mise toolchain. The root cause is that, prior to 2026.6.4, task-include files loaded from directories without config files bypass trust checks and render task fields with a Terraform-like template engine that registers an exec() function. If a directory contains a task-...

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

CVE-2026-55448 mise: Local credential_command executes untrusted config

mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...