74667 matches found
CVE-2026-44332
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username...
CVE-2026-59820
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whos...
CVE-2026-53624
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...
CVE-2026-44512
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...
CVE-2026-55575
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...
CVE-2026-58501
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...
CVE-2026-55760
Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template nam...
CVE-2026-45045
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add instead of Header.Set when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream serve...
CVE-2026-59821
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...
CVE-2026-14373
HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on...
CVE-2026-59937
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0...
CVE-2026-59938
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...
CVE-2026-14362
HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...
CVE-2026-49946
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-49945
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-49944
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-59731
Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI operation and can resolve the request to a...
CVE-2026-60102
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
CVE-2026-59927
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...
CVE-2026-59928
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...
CVE-2026-59924
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...
CVE-2026-59929
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safeurl filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:...
CVE-2025-3110
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...
CVE-2026-59925
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...
CVE-2026-59926
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...
CVE-2026-29009
U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...
CVE-2026-29008
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...
CVE-2026-59923
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safeurl does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version...
CVE-2026-59930
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...
CVE-2026-59922
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from ea...
CVE-2026-29007
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
CVE-2026-59895
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...
CVE-2026-59896
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...
CVE-2026-59897
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...
CVE-2026-59892
OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...
CVE-2026-59890
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
CVE-2026-59261
OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...
CVE-2026-59887
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...
CVE-2026-59883
Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain applied ordinary suffix matching to domains such as 192.168.0.1, ::1, or 1, allowing...
CVE-2026-59882
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...
CVE-2026-59879
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...
CVE-2026-42505
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
CVE-2026-39822
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...
CVE-2026-59880
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...
CVE-2026-59262
AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...
CVE-2026-59725
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...
CVE-2026-59724
Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...
CVE-2026-59876
protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...
CVE-2026-59877
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...
CVE-2026-53951
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...