175077 matches found
CVE-2026-54911
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...
CVE-2026-44311
Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a...
CVE-2026-48509
MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for...
CVE-2026-48509
CVE-2026-48509 affects MessagePack for C# (ASP.NET Core MVC context). The issue is that, prior to versions 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() uses default serializer options that resolve to Standard with MessagePackSecurity.TrustedData, which can cross HTTP trust bou...
CVE-2026-48510
MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...
CVE-2026-54911
CVE-2026-54911 (UltraJSON) : The vulnerability affects UltraJSON (C core with Python bindings) where ujson.dumps()/dump()/encode() with reject_bytes=False may accept malformed or truncated UTF-8, silently rewriting to other Unicode characters instead of rejecting. This enables input validation by...
CVE-2026-56405
A flaw was found in libexpat. An integer overflow vulnerability exists within the getAttributeId function. This flaw could allow an attacker to potentially disclose sensitive information or execute arbitrary code, leading to a compromise of the system's integrity and confidentiality. Mitigation T...
CVE-2026-54298 Astro: XSS via Unescaped Attribute Names in Spread Props
Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...
EUVD-2026-38332
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
CVE-2026-50269 AIOHTTP: CRLF injection in multipart headers
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...
CVE-2026-50269
CVE-2026-50269 affects the AIOHTTP library (asyncio-based HTTP client/server). The issue is a CRLF/header injection vulnerability in multipart handling: attacker-controlled input passed to MultipartWriter.append(headers=...) or Payload.headers could allow modifying the outgoing request (injection...
CVE-2026-54267
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...
CVE-2026-11942
CVE-2026-11942 affects Akaunting 3.1.21. The vulnerability is an authenticated stored cross-site scripting flaw in the reusable delete confirmation flow: a user with permission to create or modify records (e.g., Items) can store HTML/JavaScript in a record name, which could be reflected to other ...
libexpat: denial of service via crafted XML input
A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...
CVE-2023-33854
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...
CVE-2023-33854
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...
EUVD-2023-60595
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...
CVE-2026-10601
The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...