CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop')

ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handletrailers function where rejected trailer headers forbidden or undeclared cause an infinite loop. When handletrailers encounters such a trailer, three code paths lines 520, 523, 526 recurse with the original buffer...

ch.admin.bit.jeap.jme:jme-spring-boot-integration-test-it (>=1.0.0 <=1.0.1), ch.admin.bit.jeap:jeap-archrepo-instance (>=4.17.0 <=4.22.0) +1065 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=3.5.0 <=3.5.11)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =3.5.0, =1.0.0, =4.17.0, =4.17.0, =4.17.0, =3.14.0, =3.14.0, =3.14.0, =0.0.1, =0.0.13, =0.0.1, =0.0.1, =2.43.0, =4.14.0, =4.14.0, =4.14.0, =4.18.0 and more Source cves: CVE-2026-22733 Source advisory: OSV:GHSA-MGVC-8Q2H-5PGC...

libfuse 资源管理错误漏洞

libfuse is an open-source user-space file system development library developed by libfuse. Versions of libfuse 3.18.0 to 3.18.2 contained a resource management vulnerability. This vulnerability stemmed from issues with the iouring subsystem, where objects were reclaimed and then reused, potential...

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. There are security vulnerabilities in the versions of fast-xml-parser from 4.0.0-beta.3 to 5.5.5...

Micronaut Framework 安全漏洞

Micronaut Framework is a modern full-stack Java framework based on the JVM, developed by the Micronaut Foundation. Versions 4.7.0 to 4.10.16 of the Micronaut Framework contain security vulnerabilities. These vulnerabilities stem from the use of the DefaultHtmlErrorResponseBodyProvider class, whic...

Uptime Kuma 安全漏洞

Uptime Kuma is an easy-to-use, self-hosted monitoring tool developed by Louis Lam. Versions of Uptime Kuma from 1.23.0 to 2.2.0 contain security vulnerabilities. These vulnerabilities stem from incomplete protection against server-side template injections, which could allow unauthorized access to...

CVE-2025-46597

Bitcoin Core 0.13.0 through 29.x has an integer overflow...

42towels (>=0.1.1001 <=0.1.1011), aait (>=0.0.4.80 <=2.3.14) +288 more potentially affected by CVE-2026-3029 via pymupdf (>=1.16.14 <=1.26.6)

pymupdf PYPI version =1.16.14, =0.1.1001, =0.0.4.80, =0.1.3, =0.7.0, =0.0.1, =0.1.31, =0.0.5, =0.0.3.20, =0.0.1, =0.1.0, =1.5.0, =1.2.3, =1.4.11 - arcoocr =1.0.1 and more Source cves: CVE-2026-3029 Source advisory: SNYK:PYTHON-PYMUPDF-15702040...

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +206 more potentially affected by CVE-2026-33332 via nicegui (>=3.0.4 <=3.8.0)

nicegui PYPI version =3.0.4, =0.2.0, =1.0.0, =0.4.0, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.1.0, =0.4.4, =0.4.9 and more Source cves: CVE-2026-33332 Source advisory: SNYK:PYTHON-NICEGUI-15701842...

CVE-2025-71259

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

CVE-2025-71259

BMC FootPrints ITSM versions 20.20.02–20.24.01.001 expose a Server-Side Request Forgery (SSRF) in the /footprints/servicedesk/externalfeed/RSS endpoint via the feedUrl parameter. The flaw allows unauthenticated attackers to induce the server to make outbound requests to arbitrary URLs, potentiall...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33231 via nltk (>=2.0.4 <=3.9.3)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33231 Source advisory: OSV:GHSA-JM6W-M3J8-898G...

CVE-2026-25312

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.8.3...

affo-deeplink (=1.0.1), ai-ebash (>=0.2.17 <=0.2.25) +78 more potentially affected by CVE-2026-33154 via dynaconf (>=0.5.4 <=3.2.12)

dynaconf PYPI version =0.5.4, =0.2.17, =7.0.4, =0.1.0, =0.7.0, =4.1.0, =0.1.0, =0.4.2, =1.8.1, =0.4.2, =0.1.3, =0.1.1, =0.1.83, =0.1.90 and more Source cves: CVE-2026-33154 Source advisory: OSV:GHSA-PXRR-HQ57-Q35P...

EUVD-2026-12854

In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchkscrubcreatesubord Fix this function to return NULL instead of a mangled ENOMEM, then fix the callers to actually check for a null pointer and return ENOMEM. Most of the corrections here are for code...

@abysslabs/cli (=0.0.2), @eventodaigreja/ei-components (>=0.1.25 <=0.1.38) +21 more potentially affected by CVE-2026-33131 via h3 (>=2.0.0 <=2.0.1-rc.14)

h3 NPM version =2.0.0, =0.1.25, =3.23.1-20260131-121433-34f631e, =1.154.7, =1.154.7, =1.154.7, =1.154.7, =1.154.7, =1.154.7, =1.154.7, =1.154.7, =0.1.7, =0.3.1-beta.5, =0.0.1-beta.1, =0.0.1-beta.7 and more Source cves: CVE-2026-33131 Source advisory: OSV:GHSA-3VJ8-JMXQ-CGJ5...

UltraJSON has a Memory Leak parsing large integers allows DoS

Summary ujson 5.4.0 to 5.11.0 inclusive contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. Exploitability Any service that calls ujson.load/ujson.loads/ujson.decode on untrusted inputs is affected and vulnerable to denial of service attacks...

CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

PT-2026-26061

Name of the Vulnerable Software and Affected Versions BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 Description BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery issue in the searchWeb API component. Authenticated attackers can...

CVE-2026-1267 IBM Planning Analytics Information Disclosure

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls...