241 matches found
GHSA-HWPP-H97W-2H3J repomix: attach_packed_output can bypass file-read secret scanning for supported local files
attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...
Linux Distros Unpatched Vulnerability : CVE-2026-56371
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated...
CVE-2026-56371 ImageMagick - Memory Leak in TXT File Processing via Texture Attribute
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...
EUVD-2026-38439
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...
CVE-2026-56371 ImageMagick - Memory Leak in TXT File Processing via Texture Attribute
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...
CVE-2026-56371
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...
PT-2026-51512
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A memory leak exists in coders/txt.c during the processing of TXT files containing texture attributes. The issue occurs because the texture object...
PT-2026-49073
Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A time-of-check time-of-use TOCTOU race condition exists in the SetElement method of the abrt-dbus D-Bus service. A TOCTOU race condition occurs when a program checks a condition such as a...
CVE-2026-35487
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...
CVE-2026-30691
Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...
CVE-2026-30691
CVE-2026-30691 affects @cyntler/react-doc-viewer v1.17.1. TXTRenderer improperly sanitizes .txt content and casts raw data as a ReactNode, enabling Cross-Site Scripting (XSS) via crafted files. Impact: remote attacker can execute arbitrary JavaScript. No remediation details provided in the docume...
MAL-2026-3214 Malicious code in renderkitcore (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a66bf58bff553ec613604164eb60adcb89fcde468491b746838a6e2c18b0e3a0 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...
Malicious code in funkratov-renderkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 78b5f3b4a8756df49b4a5eb41647e9dd20328da005f95869f81447355e2f7880 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...
[SECURITY] Fedora 44 Update: qt6-qtpositioning-6.10.3-1.fc44
The Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the /api/resources endpoint, bypassing the intended download permission...
EUVD-2026-19780
File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check...
CVE-2026-35606
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...
CVE-2026-35606 File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...
CVE-2026-35606 File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...
CVE-2026-35487
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...