6013 matches found
CVE-2026-55780 NanaZip: Uncaught exception / unbounded allocation in NanaZip .NET single-file Extract() via unvalidated entry Size
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...
CVE-2026-40008
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...
CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
CVE-2026-55615
Langroid CVE-2026-55615 affects the Neo4jChatAgent path, where LLM-generated Cypher queries are sent unvalidated to the Neo4j driver prior to version 0.65.5. Connected docs describe a prompt-injection risk enabling read/write/destroy of graph data and, with APOC or dbms.security, potential OS com...
CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
EUVD-2026-33938
mint has potential CRLF injection in its HTTP request line via unvalidated method/target...
CVE-2026-39245
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
CVE-2026-59216
Open WebUI prior to 0.10.0 is vulnerable to cross-user code execution via unvalidated Socket.IO event-caller session_id. The get_event_call path delivers execute:python and execute:tool events to a client-supplied session_id after only confirming the session is connected, enabling an attacker who...
CVE-2026-59216 Open WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event-caller session_id
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, geteventcall delivered execute:python and execute:tool Socket.IO events to a client-supplied sessionid after checking only that the session was connected, allowing authenticated users who learne...
net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input
A flaw was found in Net::IMAP before 0.4.24, 0.5.14, and 0.6.4. Several commands accept raw string arguments sent to the server without validation or escaping; if derived from user-controlled input, CRLF sequences allow injection of arbitrary IMAP commands...
PT-2026-56968
Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.2 Description An issue exists during archive extraction where arbitrary hardlink creation is possible. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly ...
EUVD-2026-42298
repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...
CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack
repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...
CVE-2026-59702
Summary: CVE-2026-59702 affects repomix. A server-side request forgery exists in POST /api/pack, where unauthenticated attackers can cause the server to fetch arbitrary URLs without proper validation. The endpoint accepts http://, https://, and file:// URLs and passes them to git clone, enabling ...
CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack
repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...
CVE-2026-57255
The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...
EUVD-2026-42198
The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...
CVE-2026-55431 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...
PT-2026-56354
Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description The application crashes when opening a PDF containing an abnormal color space. This occurs because the attributes reference a valid but semantically malformed function whose...
CVE-2026-58371
A flaw was found in SeaweedFS. This vulnerability allows a remote attacker to disclose sensitive information by exploiting an unvalidated JSONP JavaScript Object Notation with Padding callback parameter. The system reflects the callback parameter directly into responses without proper validation ...