CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

CVE-2026-9739

CVE-2026-9739 describes a DNS rebinding vulnerability due to a hardcoded Access-Control-Allow-Origin: * in the SSE initialization handler, despite earlier attempts to align with MCP security guidelines using allowed-origins and allowed-hosts. The issue specifically affects users connecting via To...

Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

GHSA-J8GJ-9RM5-4XHX Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

GHSA-VQC8-7275-Q272 Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names

Description Symfony\Component\Mime\Header\ParameterizedHeader and the related parameter handling reachable from Symfony\Component\Mime\Header\Headers is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g...

Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names

Description Symfony\Component\Mime\Header\ParameterizedHeader and the related parameter handling reachable from Symfony\Component\Mime\Header\Headers is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g...

[SECURITY] [DSA 6302-1] starlette security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6302-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...

GHSA-QPMX-3RFJ-7RHV Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

UBUNTU-CVE-2026-9759

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-9759

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

EUVD-2026-32629

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

CVE-2026-42879 FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

CVE-2026-42553

Cinny (Matrix client) before version 4.10.3 is affected by a token-disclosure vulnerability in two parts: (1) EmojiBoard fallback uses an untrusted pack.meta.avatar as a MXC URL, enabling an attacker-controlled HTTP(S) URL in a malicious emote pack; (2) the service worker attaches the user’s Auth...