160585 matches found
EUVD-2026-36132
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...
CVE-2026-50131 Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...
CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...
CVE-2026-10143
CVE-2026-10143 affects kafka-python prior to 2.3.2. The denial‑of‑service arises from ScramClient.process_server_first_message() passing the broker‑provided SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation in scram.py. This can freeze the client event loop, blocking prod...
CVE-2026-50638
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...
CVE-2026-50638
CVE-2026-50638 affects Metrics::Any::Adapter::DogStatsd for Perl, specifically versions before 0.04. The vulnerability arises because metrics can be injected via newline-separated payloads and the _tags function does not validate newlines or StatsD control characters, enabling metric injections. ...
EUVD-2026-36105
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...
CVE-2026-50637
Summary: Metrics::Any::Adapter::Statsd (Perl) versions before 0.04 are vulnerable to metric injections because the send path does not validate metric names/values containing newlines and statsd control characters (colon, pipe). Version 0.04 fixes this by blocking characters below ASCII 32 (includ...
CVE-2026-50569
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeU...
CVE-2026-50545
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...
CVE-2026-49823
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by...
CVE-2026-20255
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...
CVE-2026-20257
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrate...
CVE-2026-11701
An insufficient validation of untrusted input flaw was found in the Guest View component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516413817...
CVE-2026-11697
An insufficient validation of untrusted input flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518105731...
CVE-2026-11691
An insufficient validation of untrusted input flaw was found in the New Tab Page component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517585486...
CVE-2026-11686
An insufficient validation of untrusted input flaw was found in the Dawn component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517247333...
CVE-2026-11685
An insufficient data validation flaw was found in the MediaCapture component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517183713...
CVE-2026-11682
An insufficient validation of untrusted input flaw was found in the Views component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517103584...
CVE-2026-11675
An insufficient validation of untrusted input flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516915337...