161065 matches found
CVE-2026-49260
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...
CVE-2026-41568
A flaw was found in the Moby container framework. A race condition during the docker cp mount setup allows a malicious container to create empty files or directories at arbitrary locations on the host filesystem. This vulnerability can lead to a denial of service by filling up disk space or...
GHSA-VMHF-C436-HXJ4 JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol
A malicious PyPI package can place a javascript: URL in its project.urls metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origi...
GHSA-2H46-9X5W-4WF7 Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind
Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...
GHSA-VM85-HXW5-5432 guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization
Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...
EUVD-2026-37758
undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching...
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...
Chromium: CVE-2026-12464 Use after free in Browser
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
ROOT-OS-DEBIAN-11-CVE-2023-34152 CVE-2023-34152 in rootio-imagemagick - Patched by Root
Root has patched CVE-2023-34152 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The referenced commit moved the idr initialization too early in flchange, which allows concurrent users to access the filter that is still being initialized and is in an inconsiste...
Astra Linux – Vulnerability in Git
Git is an open-source distributed revision control system. In affected versions of Git, a specially crafted repository containing symbolic links and files processed by clean/smudge filters like Git LFS may cause a just-checked-out script to be executed when cloning to a case-insensitive file syst...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: sched: Disallow replacing of child qdisc from one parent to another. Lion Ackermann was able to create a Use-after-Allocation UAF that can be exploited for privilege escalation using the following scripts: Step 1: Create ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fixed handling of PTE markers in hugetlbchangeprotection The patch series “mm/hugetlb: uffd-wp fixes for hugetlbchangeprotection”. While testing virtio-mem and background snapshots using uffd-wp on hugetlb in QEMU, I...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Audit: Added fchmodat2 to the “change attributes” class. fchmodat2, introduced in version 6.6, is currently not included in the “change attributes” class of audit. Calling fchmodat2 to change a file’s attributes in the same way a...
Astra Linux – Vulnerability in jqueryui
jQuery UI is a collection of user interface interactions, effects, widgets, and themes built upon jQuery. Versions prior to 1.13.2 may be vulnerable to cross-site scripting attacks. Initializing a checkboxradio widget within an input enclosed within a label can cause the content of that parent...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Networks: Ethernet; mtkethsoc: fixed the issue of PPE hanging. A patch to resolve this issue was found in MediaTek’s GPL-licensed SDK. In the mtkppestop function, the PPE scan mode is not disabled before disabling the PPE. This...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that rely on FreeRDP before version 3.5.1 are vulnerable to out-of-bounds read attacks if nWidth == 0 and nHeight == 0. Version 3.5.1 includes a patch for this issue. There are no known workarounds available...
Astra Linux – Vulnerability in Ruby 2.5
REXML is an XML toolkit for Ruby. The REXML gem before version 3.2.6 has a denial-of-service vulnerability when it parses an XML document with many tags in an attribute value. Users who need to parse untrusted XMLs may be affected by this vulnerability. The REXML gem version 3.2.7 or later includ...
Astra Linux – Vulnerability in Ruby 2.5
REXML is an XML toolkit for Ruby. The REXML gem version 3.3.2 has a DoS vulnerability when it parses an XML document that contains many entity expansions using SAX2 or the pull parser API. The REXML gem versions 3.3.3 and later include a patch to fix this vulnerability...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, deleting offscreen bitmaps caused gdi-drawing to point to freed memory, leading to UAF when related update packets arrived. A malicious server could trigger client-side use after the objects were freed,...