923 matches found
CVE-2026-45753
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes omits URL-valued attributes including action, formaction, poster, and cite, so configurations that adm...
CVE-2026-49876
CVE-2026-49876 describes an authenticated SSRF in the Gravitino JobManager. The issue allows server-side HTTP requests to internal networks and cloud metadata endpoints via unvalidated job template URIs. Affected software: Apache Gravitino 1.0.0 through 1.2.1. Impact is tied to the ability to rea...
FreeBSD : Apache HttpClient -- misinterpret malformed authority component (fa0c03dd-7c3a-11f1-8dc2-dca632daf43b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fa0c03dd-7c3a-11f1-8dc2-dca632daf43b advisory. Apache Software Foundation reports: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can...
CVE-2026-33592
The CVE-2026-33592 issue affects open62541 (versions 1.4.0–1.4.16, 1.5.0–1.5.4, and master). An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service because the FindServersRequest serverUris field is not validated for length/array size. An adversary can ...
CVE-2026-58127
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 (PacsgearMediaServerEngine.dll) with ObjectURIs RemoteObj and UIRemoteObj and no authentication. An unauthenticated attacker can exploit MarshalByRefObject unmarshalling and implement .NET WebClient methods to read/write ...
CVE-2026-58127
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...
CVE-2026-7828
UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the winlog function allocates list nodes via mallocsizeofstruct LIST + strlenline, where line is derived from HTTP request URIs. If strlenline is sufficiently large,...
io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...
PT-2026-52978
Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.43 Kestra versions prior to 1.3.19 Description An authenticated user can perform a path traversal attack to read arbitrary files on the host filesystem that the process has access to, such as /etc/passwd or mounted...
[SECURITY] Fedora 44 Update: xdg-desktop-portal-1.22.1-1.fc44
xdg-desktop-portal works by exposing a series of D-Bus interfaces known as portals under a well-known name org.freedesktop.portal.Desktop and object path /org/freedesktop/portal/desktop. The portal interfaces include APIs for file access, opening URIs, printing and others...
External Control of File Name or Path
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2026-53606
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...
EUVD-2026-36574
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...
OESA-2026-2633 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
CVE-2026-46496
HAX CMS is affected by a stored XSS in the component. Versions prior to 26.0.0 fail to sanitize input in the source/source-data attributes, allowing javascript: URIs that execute attacker-controlled JavaScript in victims’ browsers. This can lead to token exposure (e.g., JWTs) and other sensitive...
GHSA-Q29V-XC37-WH5M Docling: Unsafe URI and Path Handling in HTML Backend
Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...
CVE-2026-45505
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...
CVE-2026-45575
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...
PT-2026-44729
Name of the Vulnerable Software and Affected Versions compliance-trestle version 4.0.2 Description The profile import mechanism in the compliance-trestle library fails to perform boundary checks when resolving trestle:// URIs and relative file paths. By joining these paths with trestle root and...
CVE-2026-45575
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...