2573 matches found
CVE-2026-31985
When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...
EUVD-2026-42535
When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...
CVE-2026-46354
Summary: A PKCS#7 signature bypass in Coder (Coder v2 before patches) allows unauthenticated token theft via Azure instance identity. The issue stems from azureidentity.Validate() validating only the signer certificate chain, not the signature itself, enabling forged PKCS#7 envelopes containing a...
Langflow AI <= 1.6.9 - CORS Misconfiguration
Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that allows any origin to make credentialed requests. Combined with SameSite=None cookies, this enables cross-origin token theft and subsequent remote code execution via the /api/v1/validate/code endpoint. id:...
CVE-2026-34198
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...
EUVD-2026-41984
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...
CVE-2026-34198
CVE-2026-34198 concerns Coolify prior to 4.0.0-beta.471. The vulnerability stems from TrustProxies trusting all proxies and accepting X-Forwarded-Host from any source, combined with a circular dependency in TrustHosts that prevents host validation. As a result, when a password reset is requested,...
CVE-2026-13323
A flaw was found in Open VSX Registry. The /vscode/unpkg/ endpoint serves user-supplied HTML files with a Content-Type of text/html without Content-Security-Policy or Content-Disposition: attachment response headers. An attacker with a registered publisher account can upload a VSIX containing a...
CVE-2026-13323
In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...
Sensitive Cookie Without "HttpOnly" Flag
Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...
CVE-2026-47775
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...
CVE-2026-47775
Envoy OAuth2 filter vulnerability (CVE-2026-47775): prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the encrypt()/decrypt() path uses AES-256-CBC without an authentication tag (no HMAC/AEAD), enabling a padding oracle via the /callback endpoint. An attacker with the encrypted CodeVerifier ...
CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...
GO-2026-5737 Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri in github.com/authorizerdev/authorizer
Authorizer: Password reset token theft and full auth token redirect via unvalidated redirecturi in github.com/authorizerdev/authorizer...
GO-2026-5196 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder
Coder: PKCS7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...
CVE-2026-54030
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata RFC 9728 matches the configured MCP server URL, allowing a malicious MCP server to...
CVE-2026-55412
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...
CVE-2026-55412
ToolJet (open-source platform) Vulnerability: SSRF in the RestAPI data source component allows authenticated users to induce server-side HTTP requests that bypass its private IP filter via DNS trickery (169.254.169.254.nip.io), potentially stealing Azure managed identity tokens for the AKS produc...
CVE-2026-54030
CVE-2026-54030 affects LibreChat (MCP OAuth flow). Before v0.8.5, the OAuth Protected Resource metadata’s resource parameter is not validated against the MCP server URL, enabling a malicious MCP server to steal access tokens intended for a legitimate server. Affected version range includes pre-0....