4 matches found
CVE-2026-37531
AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability CWE-22 combined with a TOCTOU race condition CWE-367 in the widget installation flow. The isvalidfilename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal...
CVE-2026-32605
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...
PT-2026-26148
Name of the Vulnerable Software and Affected Versions Sliver versions 1.7.3 and below Description Sliver is a command and control framework that utilizes a custom Wireguard network stack. Versions 1.7.3 and below contain a Remote Out-of-Memory OOM issue in the mTLS and WireGuard C2 transport laye...
Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL
Summary Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or aud claim value that gets interpolated into the JWKS fetch URL before the...