Buffer overflow in the ngx_http_rewrite_module

Buffer overflow in the ngxhttprewritemodule Severity: medium CVE-2026-9256 Not vulnerable: 1.31.1+, 1.30.2+ Vulnerable: 0.1.17-1.31.0...

nautobot-ai-ops (>=1.0.0 <=1.0.4), nautobot-bgp-models (>=0.7.0 <=1.0.0) +31 more potentially affected by CVE-2026-44796 via nautobot (>=1.0.3 <=2.4.22)

nautobot PYPI version =1.0.3, =1.0.0, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-44796 Source advisory: OSV:GHSA-QRPW-GJVH-X5GM...

agent-builder (>=0.0.2 <=0.1.7), agent-zero-lite (>=1.0.6 <=1.0.16) +69 more potentially affected by CVE-2026-41488 via langchain-openai (>=1.0.0 <=1.1.12)

langchain-openai PYPI version =1.0.0, =0.0.2, =1.0.6, =1.0.0, =0.1.0, =0.0.4, =3.0.3, =0.0.1, =0.0.48, =0.0.54, =0.1.2, =0.0.6, =0.1.0, =0.1.4 and more Source cves: CVE-2026-41488 Source advisory: SNYK:PYTHON-LANGCHAINOPENAI-16097112...

@unhead/angular (>=3.0.0 <=3.0.0-rc.4), @unhead/react (>=3.0.0 <=3.0.0-rc.4) +4 more potentially affected by unknown CVE via unhead (>=3.0.0-beta.5 <=3.0.0)

unhead NPM version =3.0.0-beta.5, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0-rc.4 Source cves: unknown CVE Source advisory: OSV:GHSA-X7MM-9VVV-64W8...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-39321 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-39321 Source advisory: OSV:GHSA-MMPQ-5HCV-HF2V...

OCSP result bypass in stream

OCSP result bypass in stream Severity: medium CVE-2026-28755 Not vulnerable: 1.29.7+, 1.28.3+ Vulnerable: 1.27.2-1.29.6...

org.webjars.npm:actions__core (>=1.10.0 <=1.11.1), org.webjars.npm:actions__http-client (>=2.2.1 <=2.2.3) +14 more potentially affected by CVE-2026-1527 via org.webjars.npm:undici (>=4.12.2 <=5.29.0)

org.webjars.npm:undici MAVEN version =4.12.2, =1.10.0, =2.2.1, =0.1.16, =0.1.28 - org.webjars.npm:elasticelasticsearch =8.6.0 - org.webjars.npm:elastictransport =8.3.1 - org.webjars.npm:firebase =10.13.0 - org.webjars.npm:firebaseauth =1.7.7 - org.webjars.npm:firebaseauth-compat =0.5.12 -...

OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)

Summary OpenClaw tools.exec.safeBins had a stdin-only policy bypass for grep. If pattern input was supplied through -e / --regexp, the validator consumed the pattern as a flag value and still allowed one positional operand. That positional could be a bare filename like .env. Affected Packages /...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-32003 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-32003 Source advisory: OSV:GHSA-2FGQ-7J6H-9RM4...

Ghost has a SQL injection in Content API

Impact A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. Vulnerable Versions This vulnerability is present in Ghost v3.24.0 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Note: as this...

@cenk1cenk2/renovate-config (>=2.0.0 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +9 more potentially affected by unknown CVE via renovate (>=31.97.3 <=40.21.2)

renovate NPM version =31.97.3, =2.0.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =1.1.130, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-3F44-XW83-3PMG...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +43 more potentially affected by CVE-2025-58757 via monai (>=1.0.0 <=1.5.0)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =1.0.12, =0.0.5, =0.0.6 - emphysemaseg =0.1.0 and more Source cves: CVE-2025-58757 Source advisory: SNYK:PYTHON-MONAI-12670797...

llm-toys (=0.1.1), tcbench (>=0.0.20 <=0.0.22) +1 more potentially affected by CVE-2024-6483 via aim (>=3.17.4 <=3.19.3)

aim PYPI version =3.17.4, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2024-6483 Source advisory: OSV:GHSA-P6X3-V6G3-7557...

discogrify (>=0.0.10 <=0.0.11), djtools (>=2.6.0 <=2.7.13rc13) +33 more potentially affected by CVE-2025-27154 via spotipy (>=2.10.0 <=2.25.0)

spotipy PYPI version =2.10.0, =0.0.10, =2.6.0, =0.0.3, =0.0.1, =0.2.0, =0.1.1, =0.1.0, =0.0.2.dev4, =0.2.0, =1.0.0, =1.4.0 and more Source cves: CVE-2025-27154 Source advisory: SNYK:PYTHON-SPOTIPY-8757395...

ai.edgestore:engine (=1.0.1-alpha03), androidx.health:health-connect-client (>=1.0.0-alpha01 <=1.0.0-alpha02) +317 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-javalite (>=3.10.0-rc-1 <=3.25.4)

com.google.protobuf:protobuf-javalite MAVEN version =3.10.0-rc-1, =1.0.0-alpha01, =1.0.0, =1.0.0-alpha01, =1.0.0-alpha01, =1.0.0-alpha01, =1.0.0-alpha01, =1.5.0, =2.0.1, =1.14.0, =0.0.0-230221, =0.1.10 and more Source cves: CVE-2024-7254 Source advisory: OSV:GHSA-735F-PC8J-V9W8...

com.elega9t:fitnesse-params (=0.0.1), com.github.andreptb:fitnesse-maven-runner-plugin (>=0.2.0 <=0.2.1) +69 more potentially affected by CVE-2024-28125 via org.fitnesse:fitnesse (>=20050731 <=20240707)

org.fitnesse:fitnesse MAVEN version =20050731, =0.2.0, =0.1.0, =2.0.2-BETA-1, =1.0.6, =1.0.0, =1.0.0, =1.2.1, =1.0.1, =1.1.0, =1.0.0, =1.0.0, =1.6.0, =1.6.5 and more Source cves: CVE-2024-28125 Source advisory: OSV:GHSA-X9R9-48RM-4XM6...

azkm (>=0.1.0 <=0.2.71), azure-knowledgemining-cli (=0.1.0) +3 more potentially affected by CVE-2022-39327 via azure-cli (>=2.0.76 <=2.29.2)

azure-cli PYPI version =2.0.76, =0.1.0, =0.3.1, =0.1.10, =1.0.19 Source cves: CVE-2022-39327 Source advisory: OSV:GHSA-47XC-9RR2-Q7P4...

@apsis/cli (=0.5.0), @asmallstudio/utilities (>=0.2.2 <=0.3.3) +121 more potentially affected by CVE-2022-24376 via git-promise (>=0.2.0 <=1.0.0)

git-promise NPM version =0.2.0, =0.2.2, =1.1.8, =1.0.0, =2.0.0-beta.10, =1.0.13, =1.0.0, =0.0.8, =1.1.1 - @efox/eslint-config-react-prittier-ts =1.0.19 - @efox/pay =1.0.8 - @efox/plugin-babel-react =1.0.1 - @emfc/emfc-cli =1.1.0 and more Source cves: CVE-2022-24376 Source advisory:...

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +116 more potentially affected by CVE-2021-38540 via apache-airflow (>=2.0.0 <=2.1.2)

apache-airflow PYPI version =2.0.0, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2021-38540 Source advisory: OSV:GHSA-H88F-R7CW-8FV3...

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.4) +1233 more potentially affected by CVE-2017-1000362 via org.jenkins-ci.main:jenkins-core (>=1.498 <=2.32.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.498, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =1.3, =1.0.5.0, =1.0.5.0, =1.0.5.0, =1.7, =1.8 and more Source cves: CVE-2017-1000362 Source advisory: OSV:GHSA-92MR-4W2Q-4578...