360 matches found
libpng: libpng: Arbitrary code execution due to use-after-free vulnerability
A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...
libpng: libpng: Arbitrary code execution due to use-after-free vulnerability
A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...
libpng: libpng: Arbitrary code execution due to use-after-free vulnerability
A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...
CVE-2026-34723
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...
CVE-2026-35516
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
CVE-2026-34723
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...
CVE-2026-34723 Zammad has incorrect access control in getting_started_controller
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...
CVE-2026-34723 Zammad has incorrect access control in getting_started_controller
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...
CVE-2026-34723
CVE-2026-34723 affects Zammad (web-based helpdesk). Root cause: incorrect access control in the getting_started_controller allowed unauthenticated remote attackers (before patch versions) to access the getting started endpoint and view sensitive internal entity data. Affected versions: prior to 7...
CVE-2026-2377
A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as...
WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)
Summary The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and...
PT-2026-31420
Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description Zammad, a web-based open-source helpdesk system, allowed unauthenticated remote attackers to access sensitive internal entity data through the getting started endpoint, even after...
Zammad 访问控制错误漏洞
Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 and 6.5.4 contained an access control vulnerability. This vulnerability stemmed from unverified attackers being able to access the “getting started” endpoint, potentially leading to...
CVE-2026-35516
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...
LinkAce 代码问题漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.4 had code vulnerabilities. These vulnerabilities stemmed from insufficient checks on private IP addresses, allowing authenticated users to read...
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Summary | Field | Value | |-------|-------| | Title | SSRF via REST Connector with Empty Default Blacklist Leading to Full Internal Data Exfiltration | | Product | Budibase | | Version | 3.30.6 latest stable as of 2026-02-25 | | Component | REST Datasource Integration + Backend-Core Blacklist...
GHSA-7R9J-R86Q-7G45 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Summary | Field | Value | |-------|-------| | Title | SSRF via REST Connector with Empty Default Blacklist Leading to Full Internal Data Exfiltration | | Product | Budibase | | Version | 3.30.6 latest stable as of 2026-02-25 | | Component | REST Datasource Integration + Backend-Core Blacklist...
Out-of-bounds Read
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Out-of-bounds Read in the from field of JSON-patch operations. An attacker can access internal Node.js functions and prototype state by crafting a payload that targe...
PT-2026-29804
Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...
CVE-2026-2286 CVE-2026-2286
CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...