801 matches found
PT-2026-43114
A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks...
MINI-CJ2C-Q547-3M6V
Bulletin has no description...
Astra Linux – Vulnerability in Thunderbird
If a MIME-encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only certain parts of the message are protected. This vulnerability affects Thunderbird versions earlier than 78.10.2...
Astra Linux – Vulnerability in nss
A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...
crypto/x509: Incorrect enforcement of email constraints in crypto/x509
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...
CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
Siemens Solid Edge 安全漏洞
Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for parts design, assembly design, sheet metal design, welding design, and other industries. Versions of Siemens Solid Edge prior to SE2026 V226.0 Update 5 contained security vulnerabilities...
MINI-2M5X-5V24-C96Q
Bulletin has no description...
Unity Linux 20.1060e / 20.1070e Security Update: nss (UTSA-2026-017618)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017618 advisory. A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. Thi...
MINI-29HM-C26V-3RXP
Bulletin has no description...
MINI-2X4C-P5CR-7823
Bulletin has no description...
MINI-8V5R-F66R-M8GH
Bulletin has no description...
CRLF Injection
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to CRLF Injection through the FormDataPart multipart header construction in the form-data streaming helper. An attacker can inject arbitrary multipart header...
PT-2026-35047
Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.0 Description The FormDataPart constructor in lib/helpers/formDataToStream.js interpolates the value.type property directly into the Content-Type header of each multipart part without sanitizing CRLF carriage...
CVE-2026-41145
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...
GHSA-VMJJ-QR7V-PXM6 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing
Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...
MINI-56V4-3JV3-GV27
Bulletin has no description...
Improper Authentication
Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Improper Authentication via the PutObjectHandler and PutObjectPartHandler function. An attacker can gain unauthorized write access to...
MINI-QRC6-P95F-VCCQ
Bulletin has no description...