175 matches found
CVE-2026-62230 Grav < 2.0.4 File Access Bypass via Case Variation
Grav before 2.0.4 ships a default .htaccess and reference webserver-configs/htaccess.txt whose rules blocking access to sensitive file types .yaml, .php, .json, etc. lack the NC flag, making extension matching case-sensitive. On case-insensitive filesystems Windows/NTFS, macOS/HFS+, or Docker...
CVE-2026-62230
Grav
CVE-2026-50722
Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...
CVE-2026-50721
Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...
The Surface You Test Is Not the Surface That Breaks
Tool-augmented LLM agents are vulnerable to prompt injection: a third party who controls part of the agent's context can plant instructions that the agent then executes as if they came from the user. Current evaluations report a single attack success rate per model on one channel, the tool output...
Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.17.0 shipped with IBM Cloud Pak for Business Automation iFixes for April 2026
Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation April 2026 security fixes update this dependency beyond 4.17.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2022-23990 DESCRIPTION: Expat aka...
Acceptance of Extraneous Untrusted Data With Trusted Data
Overview next is a react framework. Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data through the improper handling of the x-nextjs-data header in middleware or proxy redirect responses. An attacker can disrupt access to redirect paths b...
WordPress XT Variation Swatches for WooCommerce plugin <= 1.9.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Variation Swatches for WooCommerce versions = 1.9.4...
DETOUR: A Practical Backdoor Attack against Object Detection
Object detection OD is critical to real-world vision systems, yet existing backdoor attacks on detection transformers DETRs for OD tasks rely on patch-wise triggers optimized at fixed locations with minimal perturbations. Such attacks overlook that backdoor triggers in the real world may appear a...
Security Bulletin: Improper Unicode Handling in validator isLength() Leads to Input Length Bypass (Pre-13.15.22) affects watsonx.data
Summary Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string...
A New Approach to Code Smoothing Bounds
To analyze the security of code-based cryptosystems, the smoothing parameter, which is closely related to the total variation distance of codes, has been investigated. While previous studies have bounded this distance using the Fourier transform on locally compact abelian groups, we take an...
OESA-2026-1577 freetype security update
FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output glyph images of most vector and bitmap font formats Security Fixes: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in...
OESA-2026-1575 freetype security update
FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output glyph images of most vector and bitmap font formats Security Fixes: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in...
OESA-2026-1574 freetype security update
FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output glyph images of most vector and bitmap font formats Security Fixes: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in...
CVE-2026-22199
Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...
CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...
CVE-2026-23865
An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...
CVE-1999-0257
Nestea variation of teardrop IP fragmentation denial of service...
PT-2026-1940
Name of the Vulnerable Software and Affected Versions pnpm versions 10.26.2 and below Description pnpm, a package manager, stores HTTP tarball dependencies and git-hosted tarballs in the lockfile without integrity hashes in versions 10.26.2 and below. This allows a remote server to deliver...
PT-2026-22623
Name of the Vulnerable Software and Affected Versions Freetype versions 2.13.2 and 2.13.3 Description An integer overflow in the tt var load item variation store function may allow for an out-of-bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. Recommendations...