270 matches found
CVE-2026-56264 Crawl4AI - Arbitrary JavaScript Execution via /execute_js Endpoint
Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /executejs endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary...
SUSE SLES12: apache2 / apache2-devel / apache2-doc / apache2-example-pages / etc (SUSE-SU-2026:2641-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2641-1 advisory. This update for apache2 fixes the following issues Update to 2.4.66 jscPED-16334: Security issues: - CVE-2026-23918: http2: double free and...
EUVD-2026-39345
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-56338
Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...
CVE-2026-56338 Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint
Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...
CVE-2026-56338
Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...
SUSE CVE-2026-23517
Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...
CVE-2026-9803
CVE-2026-9803 describes a denial-of-service flaw in Keycloak’s ClientRegistrationAuth component. A remote, unauthenticated attacker can trigger an ArrayIndexOutOfBoundsException by sending a specially crafted POST request with a malformed Authorization: Bearer header to any client registration en...
Out-of-bounds Read
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Out-of-bounds Read via the authorization header parsing in the ClientRegistrationAuth component. An attacker...
CVE-2026-42459 free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from null pointer dereferencing in the PCF’s app-sessions handler under certain conditions, which could lead to a 500...
CVE-2026-44425
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...
CVE-2026-42552 Flight: Sensitive information disclosure via default error handler in flightphp/core
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through improper handling of missing user identifiers in the RemoveAmfSubscriptionsInfoProcedure process. An attacker can cause the application to panic and return a 500 Internal Serv...
CVE-2026-44284 FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution
FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...
PT-2026-39252
Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC contains a nil-pointer dereference issue within the PatchIndividualApplicationPFDManagement function. This occurs when a PATCH request is sent to the...
GHSA-585V-HCGF-JHFR Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information
Summary The free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500...
EUVD-2026-24725
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33257
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256
CVE-2026-33256 affects PowerDNS Recursor: an attacker can send a network web request that triggers unbounded memory allocation in the internal web server, causing a denial of service. The internal web server is disabled by default, mitigating some exposure. Public sources (NVD, Red Hat, Debian, E...