47607 matches found
DEBIAN-CVE-2026-33155
DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...
GHSA-P224-6X5R-FJPM Ory Oathkeeper has a path traversal authorization bypass
Description Ory Oathkeeper is vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences e.g. /public/../admin/secrets that resolves to a protected path after normalization, but is matched against a permissive rule because the ra...
Ory Oathkeeper has a path traversal authorization bypass
Description Ory Oathkeeper is vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences e.g. /public/../admin/secrets that resolves to a protected path after normalization, but is matched against a permissive rule because the ra...
CVE-2026-33164 NULL Pointer Dereference in libde265
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...
CVE-2026-33164 NULL Pointer Dereference in libde265
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...
CVE-2026-33150
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...
CVE-2026-33140 PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing...
CVE-2026-32317 Cryptomator for Android: Tampered vault configuration allows MITM attack on Hub API
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism...
CVE-2026-32317
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism...
CVE-2026-32317 Cryptomator for Android: Tampered vault configuration allows MITM attack on Hub API
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism...
CVE-2026-32317
CVE-2026-32317 affects Cryptomator for Android prior to version 1.12.3. An integrity-check vulnerability allowed an attacker to tamper with the vault configuration file, causing a MITM in the Hub key loading mechanism by mixing endpoints and bypassing host authenticity checks. Impacted users unlo...
CVE-2026-32317 Cryptomator for Android: Tampered vault configuration allows MITM attack on Hub API
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism...
CVE-2026-32318 Cryptomator for IOS: Tampered vault configuration allows MITM attack on Hub API
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...
CVE-2026-32318 Cryptomator for IOS: Tampered vault configuration allows MITM attack on Hub API
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...
CVE-2026-32318 Cryptomator for IOS: Tampered vault configuration allows MITM attack on Hub API
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...
CVE-2026-32310
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...
CVE-2026-32303
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...
CVE-2026-32303
Cryptomator CVE-2026-32303 affects the client prior to v1.19.1. The issue is an integrity-check vulnerability that lets an attacker tamper with the vault configuration file, triggering a MITM in the Hub key loading mechanism. Before the fix, the client could trust endpoints from vault.config with...
CVE-2026-32303 Cryptomator: Tampered vault configuration allows MITM attack on Hub API
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...
CVE-2026-32303 Cryptomator: Tampered vault configuration allows MITM attack on Hub API
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...