505 matches found
PT-2026-43166
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. read tar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...
CVE-2026-30117
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2026-30118
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...
Astra Linux - уязвимость в golang-1.19, golang-1.23
Due to the use of a variable time instruction in the assembly implementation of an internal function, a small number of bits from secret scalars are leaked on the ppc64le architecture. Given the way this function is used, we believe that this leakage is not sufficient to allow recovery of the...
Astra Linux - уязвимость в mbedtls
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021538)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021538 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre...
CVE-2026-30118
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...
CVE-2026-30117
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...
PT-2026-41941
Name of the Vulnerable Software and Affected Versions scalar/astro version 0.1.13 Description A Server-Side Request Forgery SSRF exists in the Scalar Proxy endpoint. Unauthenticated attackers can use the scalar url query parameter to force the backend server to send HTTP requests to URLs under...
EUVD-2026-30944
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2026-30118
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...
CVE-2026-30118
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...
Scalar 安全漏洞
Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from the scalarurl query parameter on the Scalar Proxy endpoint, which involves server-side request forgeing. This could...
EUVD-2026-30948
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...
CVE-2026-30117
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2026-30117
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...
PT-2026-41940
Name of the Vulnerable Software and Affected Versions scalar/astro version 0.1.13 Description An arbitrary file upload issue exists in the Scalar Proxy endpoint via the scalar url query parameter. This allows attackers to execute arbitrary code by uploading a specially crafted SVG file Scalable...
CVE-2026-30118
CVE-2026-30118 affects scalar/astro v0.1.13. The vulnerability is a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. Unauthenticated attackers can coerce the backend to perform HTTP requests to attacker-controlled URLs, leading to exposure of auth...
CVE-2026-30117
The CVE-2026-30117 entry affects scalar/astro v0.1.13, exposing an arbitrary file-upload vulnerability in the Scalar Proxy endpoint via the scalar_url parameter. This leads to remote code execution by uploading a crafted SVG file, as described across multiple sources. The CVSSv3.1 score is 9.8 (C...
CVE-2026-30118
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...