CVE-2026-54651

A flaw was found in pypdf. An attacker can craft a malicious PDF file that, when merged with threads or articles into a writer, can lead to an an infinite loop. This vulnerability can result in a Denial of Service DoS condition, making the affected system unresponsive. Mitigation If PDF processin...

CVE-2026-52806

Gogs is affected by CVE-2026-52806: an authenticated user can trigger remote code execution during the Rebase before merging workflow by crafting a pull request with a malicious base branch name that injects the --exec flag into git rebase. Root cause: the Merge() path in internal/database/pull.g...

CVE-2026-52806 Gogs: RCE via git rebase --exec argument injection in pull request merge

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

EUVD-2026-38737

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge

Gogs: RCE via git rebase --exec Argument Injection in PR Merge Summary Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase...

GHSA-QF6P-P7WW-CWR9 Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge

Gogs: RCE via git rebase --exec Argument Injection in PR Merge Summary Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase...

CVE-2026-54311

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions o...

CVE-2026-54311 n8n: Merge Node SQL Mode Prototype Pollution

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions o...

EUVD-2026-38471

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions o...

CVE-2026-54311

CVE-2026-54311 affects n8n, specifically multi-user instances where multiple users can create and run workflows containing the Merge node in SQL Query mode. The vulnerability arises because the sandbox context for the Merge node is cached and reused across all workflow executions on an instance, ...

Linux Distros Unpatched Vulnerability : CVE-2026-53550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing b...

DEBIAN-CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

DEBIAN-CVE-2026-54651

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

CVE-2026-54651

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

UBUNTU-CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

CVE-2026-54651

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

CVE-2026-54531

CVE-2026-54531 affects the pypdf library. Vulnerability: when merging a file containing outlines/bookmarks into a writer, an attacker can craft a PDF that leads to an infinite loop. Affected product: pypdf (Python library for PDF manipulation); vulnerable condition occurs prior to version 6.13.0....

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

DEBIAN-CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block...