38444 matches found
CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...
CVE-2026-33400
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...
CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...
CVE-2026-33407
Wallos
CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior
Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...
SUSE-SU-2026:20900-1 Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed bsc1257669. ...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924)
Summary A vulnerability in Apache Commons Lang that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Microsegmentation and Zero Trust: Control the Blast Radius by Design
...
EUVD-2026-14700
NULL Pointer Dereference vulnerability in taurusxin ncmdump src/utils modules. This vulnerability is associated with program files cJSON.Cpp. This issue affects ncmdump: before 1.4.0...
EUVD-2026-14704
Use After Free vulnerability in No-Chicken Echo-Mate SDK/rv1106-sdk/sysdrv/source/kernel/mm modules. This vulnerability is associated with program files rmap.C. This issue affects Echo-Mate: before V250329...
CVE-2026-4751
CVE-2026-4751 : Affected software is tmate before version 2.4.0. The vulnerability is a NULL pointer dereference in the tmate-io tmate component. The available documents do not provide explicit impact, exploit details, or remediation steps. If present, further specifics (impact scope, CVSS) would...
CVE-2026-4732
Out-of-bounds Read vulnerability in tildearrow furnace extern/libsndfile-modified/src modules. This vulnerability is associated with program files flac.C. This issue affects furnace: before 0.7...
CVE-2026-4738 GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C. This issue affects gdal: before 3.11.0...
CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...
CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
UBUNTU-CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
EUVD-2025-208954
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...
CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
CVE-2026-33306
CVE-2026-33306 affects bcrypt-ruby (JRuby Java BCrypt implementation) where a signed 32-bit integer overflow at cost=31 causes the key-strengthening loop to run zero iterations, collapsing bcrypt from 2^31 rounds to effectively constant time. This leads to weaker hashes that may be exploitable. T...
CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...