CVE-2026-35549

Disclaimer: This data contains information about vulnerable...

CVE-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

CVE-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

CVE-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

CVE-2026-35544

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...

wisp has Allocation of Resources Without Limits or Throttling

Summary A multipart form parsing bug allows any unauthenticated user to bypass configured request size limits and trigger a denial of service by exhausting server memory or disk. Details The issue is in the multipart parsing logic, specifically in multipartbody and multipartheaders. When parsing...

OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders

Summary Telegram audio preflight transcription enables resource consumption by unauthorized senders Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still lets unauthorized Telegram group senders trigger audio preflight before allowlist enforcement...

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

PT-2026-30276

Summary The VideoMediaIO.load base64 method at vllm/multimodal/media/video.py:51-62 splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num frames parameter default: 32, which is enforced by the load bytes code path at line 47-48, ...

PT-2026-29983

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...

PT-2026-29985

Name of the Vulnerable Software and Affected Versions MariaDB Server versions prior to 11.4.10 MariaDB Server versions 11.5.0 through 11.8.5 MariaDB Server versions prior to 12.2.2 Description MariaDB Server is susceptible to a crash when using the caching sha2 password authentication plugin with...

PT-2026-30019

Name of the Vulnerable Software and Affected Versions Kedro versions prior to 1.3.0 Description Kedro is susceptible to a critical Remote Code Execution RCE issue stemming from the unsafe utilization of logging.config.dictConfig with user-controlled input. The software permits setting the logging...

CVE-2026-34455

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads

Summary Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size...

Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters

Summary Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An unauthenticat...

CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

Denial of Service (DoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2026-35414

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

UBUNTU-CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

CVE-2026-35414

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...