9 matches found
CVE-2026-50009
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...
Exploit for CVE-2026-3844
CVE-2026-3844 — Breeze Cache Unauthenticated Arbitrary File Up...
CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure
Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...
CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery
MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...
EUVD-2026-9980
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files project logos without validating the file type or content. It trusts the extension provided by the user...
CVE-2026-24773
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...
GHSA-XXJR-MMJV-4GPG Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their...
CVE-2026-22611 AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value
AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This...
PT-2025-48353
Name of the Vulnerable Software and Affected Versions fontTools versions 4.33.0 through 4.60.1 Description fontTools is a Python library used for manipulating fonts. A flaw exists in the fontTools.varLib script, specifically within the main code path, which can lead to arbitrary file write and...