37019 matches found
CVE-2026-49855
Tornado (Python) prior to 6.5.6 allows a malicious server accessed via SimpleAsyncHTTPClient or an HTTPServer with decompress_request=True to accumulate decompressed data without an overall size limit, potentially causing memory exhaustion. Affected is gzip decompression routines that previously ...
CVE-2026-49854
Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...
CVE-2026-50651
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network...
CVE-2026-50650
Improper control of generation of code 'code injection' in .NET Framework allows an unauthorized attacker to elevate privileges locally...
CVE-2026-50648
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network...
CVE-2026-50646
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally...
CVE-2026-50646 .NET Framework Remote Code Execution Vulnerability
...
CVE-2026-50527
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network...
CVE-2026-50525
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network...
CVE-2026-50524
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network...
CVE-2026-48747
Summary: CVE-2026-48747 affects Symfony’s Mailomat webhook parser. The MailomatRequestParser::validateSignature() method reads the X-MOM-Webhook-Signature header and passes the wire-provided algorithm directly to hash_hmac(), enabling a signature algorithm downgrade instead of enforcing SHA-256 a...
CVE-2026-45305
Summary of CVE-2026-45305 (Symfony YAML Parser ReDoS) Symfony’s YAML handling (Symfony\Component\Yaml\Parser::cleanup) can hang parsing crafted input due to the use of overlapping quantifiers in regular expressions for YAML directive, comment, and document marker cleanup. This is a client-side pa...
CVE-2026-45069
Symfony’s CVE-2026-45069 concerns OidcTokenHandler::verifyClaims() in the Symfony PHP framework where audience (aud), issuer (iss), and expiry (exp) checks were not passed to the ClaimCheckerManager, allowing a validly signed JWT missing those claims to pass verification. Affects Symfony versions...
CVE-2026-45753
In Symfony HTML sanitizer, the UrlAttributeSanitizer ignored certain URL-valued attributes (action, formaction, poster, cite) because getSupportedAttributes() omitted them. Configurations with permissive element/attribute allowances could let javascript: URIs bypass sanitization, enabling XSS whe...
CVE-2026-57108
Access of resource using incompatible type 'type confusion' in .NET Core allows an unauthorized attacker to deny service over a network...
May 12, 2026-KB5087065 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016
None None...
May 12, 2026-KB5087077 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 (build 28000) and later
None None...
May 26, 2026-KB5092430 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2
None None...
May 12, 2026-Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 (KB5087048)
None None...
May 12, 2026-Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 (KB5087049)
None None...