30 matches found
UBUNTU-CVE-2026-58012
A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...
CVE-2026-58012
CVE-2026-58012 affects GLib. A buffer over-read can occur in g_regex_replace when used with the G_REGEX_RAW flag and case-change replacement escapes because string_append processes matched substrings with UTF-8 functions that expect valid UTF-8 input, even when treated as raw bytes. Impact: minor...
CVE-2026-58012 Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...
CVE-2026-58012 Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...
Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation
Summary A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. Vulnerable Code In internal/database/repocollaboration.go, line 129: go func r Repository ChangeCollaborationAccessModeuserI...
EUVD-2026-35072
Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...
CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM
Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...
PT-2026-47300
Name of the Vulnerable Software and Affected Versions gun versions 2.0.0 through 2.3.x Description An issue in the gun http module allows a malicious HTTP server to force a client into raw protocol mode by sending an unsolicited 101 Switching Protocols response. In the handle inform/8 function, t...
CVE-2026-26993
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...
CVE-2026-26993
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...
CVE-2026-26993
CVE-2026-26993 affects the Flare file sharing platform (Next.js-based) up to version 1.7.0. An attacker can embed malicious JavaScript in an SVG (or HTML/XML) and trigger script execution in the app’s origin when a file is viewed in “raw” mode, enabling stored XSS and potential user data exfiltra...
PT-2026-20993
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...
EUVD-2023-24038
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-4207
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starti...
Linux Distros Unpatched Vulnerability : CVE-2020-25864
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14...
Directus 日志信息泄露漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. Directus suffers from a log information disclosure vulnerability that stems from access tokens being output unprocessed to logs when LOGSTYLE is set to raw...
UBUNTU-CVE-2024-4207
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under...
CVE-2024-4201 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HT...
PT-2024-29687 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 5.1 through 16.10.7 GitLab versions 16.11 through 16.11.4 GitLab versions 17.0 through 17.0.2 Description: A cross-site scripting issue has been discovered in GitLab. When viewing an XML file in a repository in raw mode, it ca...
PT-2024-5591 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 5.1 through 17.0.6 GitLab versions 17.1 through 17.1.4 GitLab versions 17.2 through 17.2.2 Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This can be exploited by a...