651 matches found
CVE-2026-48747
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature parsed X-MOM-Webhook-Signature as algo=signature and passed the request-selected algorithm to hashhmac, allowing a signature...
PT-2026-60096
Name of the Vulnerable Software and Affected Versions nebula-mesh affected versions not specified Description Operator session tokens are stored in plaintext within the token column of the operator sessions table. These tokens are 32-byte random hex values sent via cookies and remain valid for 24...
UBUNTU-CVE-2026-15041
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...
CVE-2026-54291
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...
UBUNTU-CVE-2026-12252
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
Ollama - Remote Code Execution
Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring. id: CVE-2024-37032 info: name: Ollama ...
ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication
A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...
CVE-2026-56124
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the comple...
CVE-2026-56124
CVE-2026-56124 affects phpUploader prior to 2.0.2. An unauthenticated information-disclosure flaw exists where the index model runs an unbounded SELECT and embeds the full JSON-encoded result set in an inline script, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA...
CVE-2026-13534
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...
CVE-2026-13534 CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...
CVE-2026-13534
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...
CVE-2026-13534
CherryHQ cherry-studio (up to v1.9.7) contains a memory-access issue in the CherryIN Preload API component: MemoryService.ts sha256 function. According to the CVE entry, manipulating the argument state can bypass authorization, and the attack can be initiated remotely with high complexity; exploi...
PT-2026-53284
Name of the Vulnerable Software and Affected Versions phpUploader versions prior to 2.0.2 Description An unauthenticated information disclosure exists where remote attackers can access the full contents of the uploaded-files database table by visiting any page of the application. The index model...
CVE-2026-6291
Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...
CVE-2026-6291
Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...
CURL-CVE-2026-12064 proto-default skips SSH verification
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
UBUNTU-CVE-2026-12681
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...
CVE-2026-55653
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...
GHSA-GHMH-JHMJ-WCMF nebula-mesh's stores enrollment tokens unhashed in SQLite
internal/store/sqlite.go:1177,1192,1221,1245 — the enrollmenttokens.token column holds the raw UUID token. ConsumeToken does WHERE token = ? against the raw string. Compare with operatorapikeys.keyhash, which is SHA-256 hex constructed in internal/api/middleware.go:51-53. Affected All released...