7058 matches found
CVE-2026-30975
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...
CVE-2026-32255
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
CVE-2026-33285
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...
CVE-2026-33285
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...
CVE-2026-33285
CVE-2026-33285 concerns LiquidJS (template engine for Shopify/GitHub Pages). Vulnerability: memoryLimit protection can be bypassed by reverse range expressions (e.g., (100000000..1)), allowing unbounded memory allocation. When combined with string flattening operations (e.g., replace filter), thi...
CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...
liquidjs 资源管理错误漏洞
LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.1 contained a resource management vulnerability. This vulnerability stemmed from the memoryLimit security mechanism being bypassed by reverse range...
CVE-2026-30975
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...
CVE-2026-30975
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...
EUVD-2026-15990
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...
CVE-2026-30975 Sonarr Authentication Bypass vulnerability
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...
CVE-2026-30975 Sonarr Authentication Bypass vulnerability
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...
CVE-2026-30975
CVE-2026-30975 (Sonarr) affects Sonarr releases prior to 4.0.16.2942. The issue is an authentication bypass for users who had enabled Authentication Required as “Disabled for Local Addresses” when no reverse proxy was in front or the proxy does not pass the relevant header. Patches are available ...
CVE-2026-30975 Sonarr Authentication Bypass vulnerability
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...
Allocation of Resources Without Limits or Throttling
Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through improper validation of range values in the use function. An attacker can...
GHSA-9R5M-9576-7F6X LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash
Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...
LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash
Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...
Sensitive Cookie in HTTPS Session Without "Secure" Attribute
Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute in the session process. An attacker can intercept session...
PT-2026-28129
Name of the Vulnerable Software and Affected Versions Sonarr versions prior to 4.0.16.2942 Description Sonarr is a PVR for Usenet and BitTorrent users. A flaw exists where authentication could be bypassed in versions with authentication disabled for local addresses Authentication Required set to:...
PT-2026-28162
Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS’s memoryLimit security feature can be bypassed using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. When combined with a string flattenin...