GHSA-XP7R-J8R6-J9H3 parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names

Summary parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with proto, or contains .proto. mid-path, causes the parser to traverse onto Object.prototype and assign properties...

CVE-2026-44549

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...

GHSA-36M8-W8QF-G76P SGLang: Unauthenticated RCE via --enable-custom-logit-processor

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

Important: Red Hat Security Advisory: jq security update

An update for jq is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

SUSE-SU-2026:1946-1 Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard agains...

Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

SUSE-SU-2026:1943-1 Security update for postgresql17

This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

Security update for postgresql16

This update for postgresql16 fixes the following issues Update to version 16.13. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

acrobat-reader-escape

Adobe Reader JS Sandbox Escape — POC Proof-of-concept for thr...

PT-2026-41696

Name of the Vulnerable Software and Affected Versions form-data-objectizer versions prior to 1.0.1 Description The software fails to filter proto , constructor, or prototype when converting FormData to objects using bracket-notation form keys. An attacker can submit a single HTTP form field with ...

Not What You Asked For: Typographic Attacks in Household Robot Manipulation

Open-vocabulary embodied AI agents increasingly rely on vision-language models such as CLIP for object perception and task grounding. However, the shared embedding space that enables this flexibility introduces a structural vulnerability to typographic attacks, where printed text in a physical...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jtidy (UTSA-2026-021487)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021487 advisory. An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

CVE-2026-8769

CVE-2026-8769 affects vercel ai up to 3.0.97, specifically the provider-utils file response-handler.ts (functions createJsonResponseHandler and createJsonErrorResponseHandler). The issue enables resource consumption that can be triggered remotely; exploit publicly disclosed. Details on affected v...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by...

CVE-2026-8657

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch and jsondiffpatch/formatters/jsonpatch.patch APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property...

CVE-2026-8657

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch and jsondiffpatch/formatters/jsonpatch.patch APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property...

EUVD-2026-30670

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch and jsondiffpatch/formatters/jsonpatch.patch APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property...

CVE-2026-8657

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch and jsondiffpatch/formatters/jsonpatch.patch APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property...

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...