CVE-2026-45087 Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

CVE-2026-45087 Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

CVE-2026-44316 free5GC: PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the...

SUSE CVE-2022-39307

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

GHSA-HPGJ-JH3H-GJMR vulnerabilities

Vulnerabilities for packages: chromium...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A null pointer check was added in modhdcphdcp1createsession. The function modhdcphdcp1createsession calls the function getfirstactivedisplay, but does not check its return value. If the display list is empty, the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: nuvoton: A error check in npcmvideoeceinit has been fixed. When the functionoffinddevicebynode fails, it returns NULL instead of an error code. Therefore, the corresponding error check logic should be modified to check...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in niusb. If the USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection. This issue w...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: Handling failures in registering sensors with a thermal zone correctly. If an attempt is made to register a sensor with a thermal zone and it fails, the call to devmthermalzoneofsensorregister may return -ENODEV. This c...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A null pointer check should be added for getfirstactivedisplay. The function modhdcphdcp1enableencryption calls the function getfirstactivedisplay, but does not check its return value. If the display list is empt...

@antv/f-charts (=0.0.0), @antv/f-lottie (>=0.0.1 <=1.10.0) +14 more potentially affected by unknown CVE via @antv/f-engine (>=1.0.10 <=1.10.0)

@antv/f-engine NPM version =1.0.10, =0.0.1, =0.0.1, =1.0.1, =0.0.1, =1.0.1, =5.0.27, =5.0.0-alpha.1, =5.0.0-alpha.1, =5.0.1, =0.0.1, =0.0.1-alpha.1, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3882...

CVE-2026-8723

creationtimestamp| type| source ---|---|--- 2026-05-16 23:21:41+00:00| published-proof-of-concept| https://github.com/ljharb/qs/security/advisories/GHSA-q8mj-m7cp-5q26 2026-05-17 00:32:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlz4e2r27x2h...

CVE-2026-42207 Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`

GHSA: Unauthenticated Remote Code Execution via found-action in Dalfox Server Mode Summary When dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options —...

GHSA-V25V-M36W-JP4H Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`

GHSA: Unauthenticated Remote Code Execution via found-action in Dalfox Server Mode Summary When dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options —...

PT-2026-40424

Name of the Vulnerable Software and Affected Versions dalfox versions prior to 2.12.0 Description When running in REST API server mode dalfox server, the software binds to 0.0.0.0:6664 by default without requiring authentication. An unauthenticated attacker can send a request to the '/scan'...

GHSA-8P4X-WR7X-3788 python-liquid: Absolute paths escape filesystem loader search path

Impact The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the % include % and % render % tags. Targeted files...

GHSA-JQFC-GWJ5-3W63 free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does not exist in UESubsCollection. The processor checks value, ok :=...

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

GHSA-WR8J-6CHW-GM6P free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

Summary free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the consumer wrapper returns err != nil together with a nil response struct. The...