191478 matches found
EUVD-2026-44795
MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal...
CGA-5R9W-M4GR-GXC3
Bulletin has no description...
CVE-2026-46336
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded files with path traversal sequences because app/models/modelfile.rb uses the user-controlled...
EUVD-2026-44968
rz-libdemangle is a Rizin library for demangling symbols. Prior to 6bf56d3, the Rust demangler in src/rust/rustv0.c can perform an out-of-bounds read when the demangler structure is not yet initialized. This issue is fixed in commit 6bf56d3...
CVE-2026-45612
rz-libdemangle is a Rizin library for demangling symbols. Prior to 6bf56d3, the Rust demangler in src/rust/rustv0.c can perform an out-of-bounds read when the demangler structure is not yet initialized. This issue is fixed in commit 6bf56d3...
EUVD-2026-44967
Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library. Image::EPEG includes Epeg 0.9.0 that was last updated in 2004. Epeg is a fast JPEG thumbnail library that was once part of the Englightenment Project...
CGA-M44M-PGC7-Q48C
Bulletin has no description...
ROOT-OS-DEBIAN-11-CVE-2026-35177 CVE-2026-35177 in rootio-vim - Patched by Root
Root has patched CVE-2026-35177 in the rootio-vim package for Root:Debian:11. Multiple fixed versions available...
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...
github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability
A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability...
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
ROOT-OS-DEBIAN-12-CVE-2026-33412 CVE-2026-33412 in rootio-vim - Patched by Root
Root has patched CVE-2026-33412 in the rootio-vim package for Root:Debian:12. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-40046 CVE-2026-40046 in io.root.org.apache.activemq:activemq-all - Patched by Root
Root has patched CVE-2026-40046 in the io.root.org.apache.activemq:activemq-all package for Root:Maven. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44002 CVE-2026-44002 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-44002 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-AIKIDO-2026-10843 AIKIDO-2026-10843 in @rootio/vm2 - Patched by Root
Root has patched AIKIDO-2026-10843 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-43997 CVE-2026-43997 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-43997 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-AIKIDO-2026-10839 AIKIDO-2026-10839 in @rootio/vm2 - Patched by Root
Root has patched AIKIDO-2026-10839 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44004 CVE-2026-44004 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-44004 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...