790 matches found
EUVD-2026-45324
cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...
Microsoft and Adobe Patch Tuesday, July 2026 Security Update Review
Microsoft's July 2026 Patch Tuesday delivers security updates for a broad range of products and services, including several vulnerabilities that pose significant risks to enterprise environments. As attackers continue to target unpatched systems, the timely deployment of these updates remains one...
ROOT-OS-UBUNTU-2204-CVE-2026-23085 CVE-2026-23085 in rootio-linux - Patched by Root
Root has patched CVE-2026-23085 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
CVE-2026-15522
The CVE-2026-15522 entry concerns the tugcantopaloglu godot-mcp package, version 2.0.0. Affected is the function validatePath in build/index.js (component run_project); manipulating the argument projectPath enables path traversal. Exploitation requires local access, and a public exploit has been ...
CVE-2026-51541
OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...
SUSE CVE-2026-59927
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...
EUVD-2026-42721
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...
CVE-2026-15192 mettle sendportal APIv1 Webhooks mailjet missing authentication
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...
CLEANSTART-2026-OV19069 Security fixes for CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-27145, CVE-2026-32280, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, ghsa-p77j-4mvh-x3m3 applied in versions: 2.3.0-r1
Multiple security vulnerabilities affect the mountpoint-s3-csi-driver package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-59928
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...
BIT-PILLOW-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
Linux Distros Unpatched Vulnerability : CVE-2026-54059
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly ...
EUVD-2026-41902
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
CVE-2026-55379
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
Malicious code in bytekit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbaea22b635a4a8425964572b733b806f45714a9090492d1c39d545088fe336 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
EUVD-2026-41302
Subscriber Broken Access Control in Booked = 3.0.0 versions...
CVE-2026-58399
The CVE affects @acastellon/auth (authentication control for microservices). Versions
CVE-2025-12530
IBM watsonx.data intelligence CVE-2025-12530 affects 5.2.2, 5.3.0, 5.3.1, and 5.3.1 through patch-1, where data is transmitted in clear text, enabling potential MITM access to sensitive information. The connected sources provide the affected versions and the clear-text transmission root cause; no...
CVE-2025-36321 Vulnerabilities found in Watson Data Intelligence
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
EUVD-2025-210379
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...