58903 matches found
CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
UBUNTU-CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
CVE-2026-33511
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2026-33511
CVE-2026-33511 affects pyLoad/pyload-ng: the local_check decorator in the ClickNLoad feature can be bypassed via HTTP Host header spoofing, allowing unauthenticated remote access to localhost-restricted endpoints and enabling injection of downloads, writing to storage, and JavaScript execution. A...
EUVD-2026-15001
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2026-33511 pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2026-29772
Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...
CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...
CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
CVE-2026-23919
CVE-2026-23919 affects Zabbix Server/Proxy where JavaScript (Duktape) contexts are reused for performance, potentially causing confidentiality leakage by non-super administrators who can access hosts they shouldn’t. The issue stems from shared execution contexts used by script items, JavaScript r...
CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
GHSA-GMFG-3V4Q-9QR4 Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting
Impact Official Weighted Severity Rating: Low This exploit is very unlikely to be the case for most users as it requires configuration of the Content Security Policy template value. Below represents a safe value, any other value other than unconfigured should be very carefully evaluated regardles...
CVE-2026-29091
A flaw was found in Locutus, a project that brings standard libraries of other programming languages to JavaScript. A remote attacker could exploit an insecure implementation of the calluserfuncarray function, which fails to properly validate all components of a callback array before passing them...
Malicious code in dotenv-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87c063897212774df4e13b1d7bf70cc74a98ac1ca824d2bb1f1e8c60d0662b5e Package impersonates the popular dotenv package: package.json points its repository field to git://github.com/motdotla/dotenv.git and homepage to...
EUVD-2026-14861
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox 149...
EUVD-2026-14821
JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox 149 and Firefox ESR 140.9...
EUVD-2026-14819
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox 149 and Firefox ESR 140.9...
EUVD-2026-14813
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 149, Firefox ESR 115.34, and Firefox ESR 140.9...