693 matches found
CVE-2026-46592
A flaw was found in the Apache Camel CXF SOAP component. A remote attacker can exploit this vulnerability by manipulating the operationName header in an unauthenticated HTTP request. This improper input validation allows the attacker to force the CxfProducer to invoke unintended SOAP operations o...
OPENSUSE-SU-2026:21230-1 Security update for keybase-client
This update for keybase-client fixes the following issues: Changes in keybase-client: - CVE-2026-46604: TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset bsc1269600 - Update to version 6.6.3 Various bug fixes...
DEBIAN-CVE-2026-13984
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13984
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-46604
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...
CVE-2026-46604
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...
CVE-2026-46604
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...
CVE-2026-46604 Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...
CVE-2026-46604
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...
CVE-2026-46604
The CVE-2026-46604 entry concerns a panic in the Go TIFF decoder (golang.org/x/image/tiff) when decoding a malformed image containing an out-of-bounds strip offset. Affected component: TIFF decoding path in golang.org/x/image/x/image/tiff. Root cause: decoding invalid TIFF data triggers a panic d...
GO-2026-5066 Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...
PT-2026-52971
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The TIFF decoder can panic when processing an invalid image that contains an out-of-bounds strip offset. A panic is a critical error that causes a program to cra...
GO-2026-5752 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik...
CVE-2025-61020
A flaw was found in openlink virtuoso-opensource. Attackers can exploit this vulnerability by sending specially crafted SQL statements to the sqlostripinjoin component. This can lead to a Denial of Service DoS, making the service unavailable to legitimate users...
CVE-2026-48020 Traefik StripPrefix Route-Level Auth Bypass via Path Normalization
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...
CVE-2026-52846
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...
CVE-2026-52846 Caddy: stripHTML template function bypass
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...
CVE-2025-61020
An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
UBUNTU-CVE-2025-61020
An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61020
An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...