3678 matches found
Flowise 1.4.3 - Arbitrary File Read
Flowise 1.4.3 contains a path traversal caused by lack of sanitization of 'fileName' parameter in /api/v1/openai-assistants-file endpoint in index.ts, letting attackers read arbitrary files, exploit requires attacker to send crafted request. id: CVE-2024-36420 info: name: Flowise 1.4.3 - Arbitrar...
CVE-2026-15143
A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...
CVE-2026-15143
CVE-2026-15143 affects guardrails-detectors' file_type content detector. An attacker can supply an arbitrary XML Schema (XSD) string, processed without proper restrictions, enabling server-side requests to arbitrary URLs or local file reads and risking disclosure of sensitive information.
CVE-2026-15143 Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:)
A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...
EUVD-2026-42927
A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...
EUVD-2026-42919
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
CVE-2026-46388 osquery: Unprivileged users can temporarily read file carve contents
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...
CVE-2026-55874
SeaweedFS's S3 API gateway is affected prior to version 4.34 by a path traversal issue in the X-Amz-Copy-Source header (dot-dot segments) that can enable an authenticated user scoped to one bucket to read objects from other buckets via server-side copy. The issue is documented across CVE-2026-558...
CVE-2026-57258
The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...
EUVD-2026-42190
The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...
EUVD-2026-42159
The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...
Important: gstreamer-plugins-bad-free
Issue Overview: A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker...
PYSEC-2026-1516 Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet...
CVE-2026-24013
CVE-2026-24013 affects Apache IoTDB (1.3.3–before 2.0.8). The issue is authentication bypass via forged sessionId in Thrift RPC handlers that do not validate sessionId, enabling unauthorized reading of time-series data without openSession authentication. A fix is available in IoTDB 2.0.8; upgrade...
CVE-2026-24013 Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC
Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...
OESA-2026-2833 python-zeroconf security update
Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...
SUSE CVE-2026-53360
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...
CVE-2026-58426
The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...
SUSE-SU-2026:2740-1 Security update for golang-github-docker-libnetwork
This update for golang-github-docker-libnetwork fixes the following issue - CVE-2026-2808: github.com/hashicorp/consul: unvalidated user-supplied file paths can lead to arbitrary file reads through the Vault Kubernetes authentication provider bsc1259566...
SUSE CVE-2026-56361
ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations...