36 matches found
PT-2026-44497
Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspf char data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...
CVE-2026-26193
Open WebUI (self-hosted, offline) is affected prior to v0.6.44. The vulnerability arises from allowing manual modification of chat history to set the embeds property on a response message, which is loaded into an iframe with an aggressive sandbox (allow-scripts and allow-same-origin) that bypasse...
PT-2026-20918
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.44 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Manually modifying chat history allows setting the embeds property on a response message. The...
CVE-2025-68131
A flaw was found in cbor2. When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory. This allows an attacker-controlled message to read sensitive data from previously decoded messages if the decoder is reused across trust...
CBORDecoder reuse can leak shareable values across decode calls
Summary When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag 29. This allows an attacker-controlled message to read data from previously decoded...
EUVD-2025-205866
CBORDecoder reuse can leak shareable values across decode calls...
GHSA-WCJ4-JW5J-44WH CBORDecoder reuse can leak shareable values across decode calls
Summary When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag 29. This allows an attacker-controlled message to read data from previously decoded...
CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
DEBIAN-CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
AZL-73325 CVE-2025-68131 affecting package python-cbor2 5.6.5-2
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
UBUNTU-CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131
CVE-2025-68131 (cbor2) affects the cbor2 library’s CBORDecoder when reusing a decoder across trust boundaries. Versions 3.0.0–before 5.8.0 may retain shareable-tag (28) values in memory, allowing an attacker-controlled message to read data from earlier decoded messages via the sharedref tag (29)....
CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-62722
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...
PT-2025-45057
Name of the Vulnerable Software and Affected Versions LinkAce versions 2.3.1 and below Description LinkAce is a self-hosted archive to collect website links. The social media sharing functionality contains a Stored Cross-Site Scripting XSS issue that allows an authenticated user to inject arbitra...
EUVD-2010-1471
Malware in sbrugna...