76397 matches found
CVE-2026-56171
Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network...
CVE-2026-57980
Authentication bypass using an alternate path or channel in Microsoft Edge Chromium-based allows an unauthorized attacker to perform tampering over a network...
CVE-2026-56740
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables in TelnetIO.java:1127-1180...
CVE-2026-56741
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS in TelnetIO.java:856-879 reads client-supplied...
CVE-2026-48049
@hapi/inert provides static file and directory handlers for hapi.js. From 4.0.0 to 7.1.0, @hapi/inert serves static files from a directory configured with path in the directory or file handlers or relativeTo for h.file, with confinement enforced by the confine option, but the confinement check...
CVE-2026-48022
@hapi/wreck is an HTTP client utility. Prior to 18.1.2, Wreck strips credential headers including Authorization, Cookie, and Proxy-Authorization before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port, so credentials are forwarded intact...
CVE-2026-44979
@hapi/wreck is an HTTP client utility. Prior to 18.1.1, when @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped, and the standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing...
CVE-2026-49485
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.9 and 6.9.4.2, all implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation, and the FHIRPath functions matches,...
CVE-2026-54335
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In 5.0.44 and earlier, the .mergetarget, source utility exported by @feathersjs/commons recursively merges source into target by iterating Object.keyssource. When source was produced by...
CVE-2026-54490
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, if this library is used with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size because the limit is checked...
CVE-2026-54466
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, the frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite...
CVE-2026-55518
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run t...
CVE-2026-54498
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Basearoundrender can return HTML-unsafe strings that bypass the escaping behavior applied to normal call return values. This creates an XSS risk...
CVE-2026-54497
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Base instances retain render-scoped objects across calls to renderin; if the same component, collection, or spacer component instance is reused...
CVE-2026-13445
IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. In append mode, the attacker's workflow reads victim file contents,...
CVE-2026-13446
IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...
CVE-2026-50271
Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES limits on the extract path. A remote, unauthenticated...
CVE-2026-50274
Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monitoring. Prior to 2.8.1, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or...
CVE-2026-54159
PrestaShop psfacetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the psfacetedsearch module rebuilds selected search filters from the request URL, and the value of a slider filter, price or weight, is taken from the URL without sufficient validation and stored ...
CVE-2026-45785
OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. In 3.1.3 and earlier, the BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling...
CVE-2026-48062
CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the extin upload validation rule in system/Validation/StrictRules/FileRules.php checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing...
CVE-2026-53727
cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...
CVE-2026-50272
dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing/propagation/textmap.js parsed incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on...
CVE-2026-45784
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.50 until 0.10.80, CipherCtxRef::cipherupdateinplace in openssl/src/cipherctx.rs incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8...
CVE-2026-54243
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula...
CVE-2026-54242
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly...
CVE-2026-54244
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A...
CVE-2026-49977
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.33.0, tarteaucitron.cookie.purge is called on any element with the purgeBtn class and does not check whether the element is a legitimate tarteaucitron button or whether the cookie corresponds to a service handled by...
CVE-2026-54163
secureheaders manages application of security headers with many safe defaults. Prior to 7.3.0, secureheaders builds the Content-Security-Policy value by stitching directives with ; separators, and buildsandboxlistdirective, buildmediatypelistdirective, and buildreporttodirective interpolate...
CVE-2026-44891
Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...
CVE-2026-16074
A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function updateplugin/updateallplugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument downloadurl/downloadurls/proxy results in server-side...
CVE-2026-48504
OpenTelemetry Rust is the Rust OpenTelemetry implementation. In 0.32.0 and earlier, BaggagePropagator::extractwithcontext in opentelemetrysdk did not enforce W3C Baggage size limits before parsing an inbound baggage header, so a large attacker-controlled header could cause unnecessary CPU work an...
CVE-2026-44974
@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...
CVE-2026-54171
Excon is usable, fast, simple HTTP 1.1 for Ruby. Prior to 1.5.0, Excon's RedirectFollower middleware failed to strip additional sensitive headers when following redirects and did not provide a custom list of headers to strip. This could cause inadvertent leakage of sensitive data when the initial...
CVE-2026-54465
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server or to complement a WebSocket client, a peer can make a single connection consume an unbounded...
CVE-2026-54463
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an...
CVE-2026-54464
Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...
CVE-2026-13448
IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...
CVE-2026-13473
IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server ...
CVE-2026-14499
IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...
CVE-2026-14501
IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 could allow an attacker to execute arbitrary code or obtain sensitive information due to the use of dangerous functions without sufficient restrictions...
CVE-2026-55254
NCalc is a fast, lightweight expression evaluator for .NET. Prior to 6.1.1, the factorial operator implementation in src/NCalc.Core/Helpers/MathHelper.cs permits specially crafted expressions with extremely large factorial operands, causing excessive CPU consumption or a non-terminating loop due ...
CVE-2026-46420
setup-php is a GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and tools. From 2.25.0 prior to 2.37.1, shivammathur/setup-php resolves the PHP version from repository-controlled files such as .php-version, composer.lock through platform-overrides.php, and...
CVE-2026-14971
IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and 2.3.02.3.0.12.3.12.3.2 IBM NovaLink APIs misconfiguration may increase attack surface and enable unintended or unauthorized operations under non-default conditions...
CVE-2026-45799
Wire provides gRPC and protocol buffers for Android, Kotlin, Swift, and Java. Prior to 6.3.0 and 7.0.0-alpha03, ByteArrayProtoReader32.skipGroup and ProtoReader.skipGroup in wire-runtime do not validate that a LENGTHDELIMITED field length is non-negative before skip, allowing a crafted protobuf...
CVE-2026-14979
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion...
CVE-2026-48819
Hey API is an ecosystem for turning API specifications into production-ready code. Prior to 0.97.3, dist/clients/core/params.ts ships a runtime template copied into generated SDKs as params.gen.ts, and buildClientParams writes unknown slot-prefixed keys such as $body, $headers, $path, and $query...
CVE-2026-16118
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...
CVE-2026-50289
systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive because lib/network.js checkLinuxDCHPInterfaces reads /etc/network/interfaces, extracts a...
CVE-2026-50151
oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-controlled Location header during monolithic blob upload and reuses the Authorization header from the initial POST request for the...