18 matches found
CVE-2026-33734 FOSSBilling has improper SQL neutralization in `Massmailer` recipient filters
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vulnerability in the Massmailer module filter functionality. An authenticated administrator can supply crafted filter values when updating a mass email message, causing...
CVE-2026-42341
FOSSBilling versions 0.6.0–0.7.2 contain an unauthenticated payment bypass in the IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the client account without a real payment by sending a crafted HTTP request. Version 0.8....
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the findTempDir and copyAgent processes. An attacker can overwrite arbitrary files on the host system by controlling the TMPDIR environment variable in a Java process and leveraging symlink manipulation. This is only...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the findTempDir and copyAgent processes. An attacker can overwrite arbitrary files on the host system by controlling the TMPDIR environment variable in a Java process and leveraging symlink manipulation. This is only...
CVE-2026-4295
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...
CVE-2026-4295
CVE-2026-4295 affects Kiro IDE prior to 0.8.0. Improper trust boundary enforcement may allow a remote unauthenticated actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. Affected software: K...
GHSA-HJ7X-879W-VRP7 Pingora has HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
Impact Pingora versions prior to 0.8.0 improperly allowed HTTP/1.0 request bodies to be close-delimited and incorrectly handled multiple Transfer-Encoding values. This allows an attacker to desync Pingora's request framing from backend servers and smuggle requests to the backend. This vulnerabili...
GHSA-262P-VJX5-45XH Duplicate Advisory: HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hj7x-879w-vrp7. This link is maintained to preserve external references. Original Description An HTTP Request Smuggling vulnerability CWE-444 has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding...
CVE-2026-2836
A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical factors such as the host header authority...
RUSTSEC-2026-0035 Cache poisoning via insecure-by-default cache key
Pingora versions prior to 0.8.0 generated cache keys using only the URI path, excluding critical factors such as the host header. This allows an attacker to poison the cache and serve cross-origin responses to users. This vulnerability affects users of Pingora's alpha proxy caching feature who...
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...
Deserialization of Untrusted Data
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MooncakePipe class, which relies on pickle for serialization and deserialization in recvtensor. An attacker...
Openh264 Decoding Functions Heap Overflow Vulnerability
OpenH264 recently reported a heap overflow that was fixed in upstream 63db555 and integrated into our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0. In other words: - if you rely on our source...
PYSEC-2023-240
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 .Apache Submarine uses JAXRS to define REST endpoints. In order tohandle YAML requests using application/yaml content-type, it defines...
PT-2023-10259 · Nrel · Api-Umbrella-Web
Name of the Vulnerable Software and Affected Versions: NREL api-umbrella-web version 0.7.1 Description: A vulnerability was found in the Admin Data Table Handler component, which can lead to cross-site scripting. The attack can be initiated remotely. Recommendations: For NREL api-umbrella-web...
PT-2023-10251 · Nrel · Api-Umbrella-Web
Name of the Vulnerable Software and Affected Versions: NREL api-umbrella-web version 0.7.1 Description: A problematic issue was found in the Flash Message Handler component, leading to cross site scripting. The attack can be initiated remotely. Recommendations: For NREL api-umbrella-web version...
PT-2022-14950 · Inventree · Inventree
Name of the Vulnerable Software and Affected Versions: inventree versions prior to 0.8.0 Description: The issue concerns the allocation of resources without limits or throttling, leading to a Denial of Service. This can cause the system to become unresponsive or crash. Recommendations: For versio...
HTTP Request Smuggling
Overview tinyhttp is a Low level HTTP server library Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing. It is possible conduct HTTP request smuggling...