434 matches found
CVE-2026-59871 node-tar: Process crash via PAX numeric path type confusion
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...
New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs
Summary The default SSRF protection configuration did not apply IP filtering to hostnames. With ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure...
PYSEC-2026-772 OS Command Injection in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...
CVE-2026-42147
Coolify vulnerability CVE-2026-42147 affects prior to 4.0.0-beta.474: testConnection() validates only URL format for the S3 storage endpoint, allowing an authenticated user with storage management permissions to trigger server-side requests to internal or metadata-service URLs. This can enable SS...
CVE-2026-34047 Coolify: WebSocket Endpoint Access Control Flaw Leading to Remote Code Execution
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...
CVE-2026-34167 Coolify: Cross-tenant activity log disclosure via unlocked Livewire property in ActivityMonitor
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...
CVE-2026-42148
Vulnerability summary (CVE-2026-42148) Coolify pre-4.0.0-beta.474 has a command injection flaw in the buildHelperImage path (app/Livewire/Settings/Index.php) where Docker build commands are constructed using the dev_helper_version field without shell escaping. In a development environment, an att...
CVE-2026-34153
CVE-2026-34153 affects Coolify before 4.0.0-beta.471, where LocalFileVolume::saveStorageOnServer builds shell commands from unescaped fs_path and parent_dir values prior to validation, and submitFileStorage does not validate the user-controlled file-mount path before creating a volume. An authent...
CVE-2026-54059
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...
EUVD-2026-41858
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...
PT-2026-56025
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description The buildHelperImage function in app/Livewire/Settings/Index.php constructs a Docker build command using the dev helper version field without proper shell escaping. This allows an attacker w...
CVE-2026-27657
CVE-2026-27657 affects Gitea prior to 1.25.5. The issue arises in the email settings workflow where a user can alter another user’s primary email address, described as an Authorization Bypass Through User-Controlled Key. Affected evidence in connected sources indicates the root cause is insuffici...
CVE-2026-58038
The CVE-2026-58038 issue affects the Wikimedia Foundation Timeline component and is caused by improper neutralization of input during web page generation, enabling cross-site scripting via Timeline.Php and scripts/EasyTimeline.Pl. Reported impacts include information disclosure, session hijacking...
EUVD-2025-210386
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
CVE-2026-13819
Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...
PT-2026-51787
Name of the Vulnerable Software and Affected Versions Mailerup versions prior to 1.0.0 Description An open redirect issue exists in the safe redirect function of the click-tracking endpoint '/c//'. Remote unauthenticated attackers can redirect users to arbitrary external sites to perform phishing...
CVE-2026-49356
Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is...
PT-2026-50691
Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description Files matching the pattern .prompts/.prompttemplate in a workspace are automatically loaded, allowing them to override or extend the AI agent's system prompts. This enables indirect prompt...
CVE-2026-12454
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
Limatek LimRAD NAC 代码问题漏洞
Limatek LimRAD NAC is a network access control system developed by the Turkish company Limatek. Versions of Limatek LimRAD NAC prior to 5.5.7.3.9 contained code vulnerabilities. These vulnerabilities stemmed from an unlimited upload of dangerous types of files, which could lead to remote code...