367020 matches found
CVE-2026-8362
CVE-2026-8362 describes a stack-based buffer overflow in WOSDefaultHttpModule.dll when processing long URL paths starting with /woshome. Affected software/component: WOSDefaultHttpModule.dll. Root cause: unbounded processing of long URL path leading to overflow. Impact is described as high confid...
CVE-2026-8363
CVE-2026-8363: A stack-based buffer overflow in WOSDeviceDropFolder.dll occurs when processing a long URL path starting with /resources. Documented under Gladinet Triofox; affected component is WOSDeviceDropFolder.dll. CVSS v3.1 shows a critical base score of 9.8 (Network, No user interaction, pr...
CVE-2026-8364
Affected software: Gladinet Triofox Cloud Server Agent (GladServerAgentService.exe). Vulnerability behavior: listens on TCP port 7878 and processes remote HTTP messages with URL paths /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache. Impact: CVSS 3.1 base score 9.8; con...
CVE-2026-45134
LangSmith CVE-2026-45134 affects LangSmith Client SDKs with prompt-pull methods that fetch/deserialize prompt manifests from LangSmith Hub. The issue allows manifest content to be influenced by external parties when pulling a public prompt (owner/name), because prior SDKs did not distinguish such...
CVE-2026-44724
CVE-2026-44724 affects the node.js library systeminformation (Linux) from versions 4.17.0 through 5.31.5. The issue is a command-injection flaw in networkInterfaces() caused by unsanitized NetworkManager connection profile names being interpolated into shell commands executed via execSync(), afte...
CVE-2026-44590
The CVE-2026-44590 entry concerns the Sherlock project’s GitHub Actions workflow validate_modified_targets.yml. Before version 0.16.1, a command-injection vulnerability in the pull_request_target flow allowed any GitHub user to execute arbitrary commands on the CI runner and exfiltrate the workfl...
CVE-2026-44681
CVE-2026-44681 affects Authlib’s OpenID implementation (OpenIDImplicitGrant and OpenIDHybridGrant). An unauthenticated open redirect can occur when a request omits the openid scope, causing the server to redirect with a 302 to an attacker-controlled URL. The root cause is that the scope check hap...
CVE-2026-44886
Pi.Alert’s web interface is vulnerable to unauthenticated blind SQL injection in the /pialert/php/server/devices.php endpoint when action=getDevicesTotals is used and the scansource parameter is injected. From 2024-06-29 until 2026-05-07, unauthenticated users could trigger the vulnerability; the...
CVE-2026-44887
CVE-2026-44887 affects Pi.Alert, a WIFI/LAN intruder detector with a web service. The vulnerability arises from the web-based configuration editor allowing arbitrary Python code to be injected into pialert.conf; the background scan daemon loads this file with Python’s exec(), causing the injected...
CVE-2026-44888
Pi.Alert vulnerability CVE-2026-44888: unauthenticated RCE via SaveConfigFile() config injection. Prior to 2026-05-07, numeric config values (e.g., SMTP_PORT) were written into pialert.conf without validation; pialert.conf is loaded with Python exec() every 3–5 minutes by a background cron, allow...
CVE-2026-45108
Himmelblau (interoperability suite for Microsoft Azure Entra ID and Intune) contains an authentication bypass in the Device Authorization Grant (DAG) flow for versions 2.0.0–3.1.4 and 2.3.0–2.3.10. The root cause is in token_validate, which verified domain aliases but did not ensure the authentic...
CVE-2026-45102
CVE-2026-45102 concerns OneUptime, an open-source monitoring platform. Prior to version 10.0.98, OneUptime used Node.js vm module as an isolation primitive, which is not intended for security boundaries and can be escaped via error objects and infinite recursion, potentially enabling remote code ...
CVE-2026-45104
MapServer CVE-2026-45104 describes a NULL pointer dereference in SLD parsing of rules when exposed via WMS SLD_BODY. From 6.4.0 through before 8.6.3, msSLDParseUserStyle calls _SLDApplyRuleValues(psRule, psLayer, 1) for any with , assuming one class was added. If the rule has no symbolizer (sti...
CVE-2026-42877
CVE-2026-42877 describes a stored XSS in FacturaScripts where the product variant field referencia is injected into an onclick attribute in SalesModalHTML.php and PurchasesModalHTML.php without proper escaping. The vulnerability allows an authenticated user with warehouse access to create a malic...
CVE-2026-9759
CVE-2026-9759 describes a NULL pointer dereference in the ROHC protocol dissector of Wireshark, affecting Wireshark versions 4.6.0–4.6.5 and 4.4.0–4.4.15, which can lead to a denial of service. The provided documents identify the affected components and the impact but do not specify a patch versi...
CVE-2026-47161
RELATE is affected by CVE-2026-47161 due to Celery workers configured to deserialize untrusted pickle data prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb. An attacker who can reach the message broker can execute arbitrary commands on the host, and due to insufficient network isolation i...
CVE-2026-42197
CVE-2026-42197 affects RELATE, a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 are vulnerable to a stored XSS via an unprivileged user profile. The vulnerability arises in the get_user() method of ParticipationAdmin, which renders user-controlled ...
CVE-2026-42879
CVE-2026-42879 affects FacturaScripts
CVE-2026-42878
FacturaScripts prior to v2026 is affected by an unauthenticated information-disclosure vulnerability in the Installer controller: sending a GET with ?phpinfo=TRUE triggers phpinfo() on a fresh deployment, exposing PHP config, environment vars (including possible DB credentials and API keys), file...
CVE-2026-45046
Gryph Agents vulnerability CVE-2026-45046 affects Gryph’s local logging layer prior to version 0.7.0. The project’s security notes and CVE records indicate that the default standard logging level could include sensitive file content (ContentPreview, OldString, NewString) in payloads stored to a l...
CVE-2026-45618
CVE-2026-45618 : The connected advisory shows a Remote Code Execution in LiquidJS via crafted templates. An attacker can cause arbitrary code execution by abusing template evaluation (notably using valueOf and manipulations of context/scopes) to reach the Function constructor through the parser/f...
CVE-2026-44635
Kysely CVE-2026-44635 affects versions 0.26.0 through 0.28.16. The vulnerability resides in the JSON path builder: DefaultQueryCompiler.visitJSONPathLeg and related code do not escape JSON-path metacharacters (., [, ], *, **, ?). Attacker-controlled input used in eb.ref(col, '->$').key(input) ...
CVE-2026-1402
GitLab CVE-2026-1402 affects GitLab CE/EE, before versions 18.10.7 (17.1–pre 18.10.7), 18.11 before 18.11.4, and 19.0 before 19.0.1. The issue allowed an authenticated user to trigger a denial of service due to insufficient validation. The vulnerability has been remediated in the provided patch r...
CVE-2026-2601
CVE-2026-2601 concerns an authorization issue in GitLab EE. An authenticated user with developer-role permissions could access sensitive deployment data on projects due to improper authorization checks. Affected versions: all GitLab EE 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19...
CVE-2026-4868
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1. Under certain conditions, an authenticated user could have caused specific Duo AI workflows to run under another user’s identity due to improper user identity...
CVE-2026-5296
CVE-2026-5296 affects GitLab Enterprise Edition (GitLab EE) with remediation released for multiple branches: all versions prior to 18.10.7 (from 18.7), 18.11 prior to 18.11.4, and 19.0 prior to 19.0.1. The issue could allow an authenticated user with developer-role permissions, when foundational ...
CVE-2026-6713
GitLab CVE-2026-6713 affects GitLab CE/EE versions: 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1. The issue stems from incorrect authorization checks that could allow an unauthorized user to enumerate private projects. Remediations have been released: GitLab 18.10.7, 18.11.4,...
CVE-2026-8716
CVE-2026-8716 affects GitLab CE/EE with versions 12.7–before 18.10.7, 18.11–before 18.11.4, and 19.0–before 19.0.1. An authenticated user could have accessed CI data from a different ref type than intended under certain conditions. The issue has been remediated via patch releases: GitLab 18.10.7,...
CVE-2026-45368
Kirby CMS is affected by a cross-site scripting (XSS) vulnerability in specific frontend-rendered links: the (link: …) KirbyTag, the link parameter of the (image: …) KirbyTag, the image block link, and the HTML importer for blocks. The root cause is insufficient filtering of dangerous URL schemes...
CVE-2026-45088
CVE-2026-45088 affects Dalfox when run in REST API server mode prior to version 2.13.0. The custom-payload-file field in model.Options is JSON-tagged and deserialized from the attacker’s request body, then propagated into the scan engine and passed to voltFile.ReadLinesOrLiteral. Each line of the...
CVE-2026-45087
Dalfox (server mode) prior to v2.13.0 is vulnerable to unauthenticated remote code execution. When running dalfox server with default 0.0.0.0:6664 and no API key, POST /scan deserializes attacker-controlled options (FoundAction and FoundActionShell) into scan config, then shell commands are execu...
CVE-2026-45089
Dalfox AOSS (CVE-2026-45089) allows unauthenticated arbitrary file creation/append when running in REST server mode. Before v2.13.0, the API accepts attacker-controlled OutputFile, OutputAll, and Debug in model.Options; the logger writes to the attacker-specified path via os.OpenFile with O_APPEN...
CVE-2026-45090
Dalfox (CVE-2026-45090) suffers a channel lifecycle bug in ParameterAnalysis.go: two sequential worker stages share a single results channel, which is closed after the first stage and then reused by the second stage for POST-body parameters. When a parameter is reflected, the second-stage writer ...
CVE-2026-42553
Cinny (Matrix client) before version 4.10.3 is affected by a token-disclosure vulnerability in two parts: (1) EmojiBoard fallback uses an untrusted pack.meta.avatar as a MXC URL, enabling an attacker-controlled HTTP(S) URL in a malicious emote pack; (2) the service worker attaches the user’s Auth...
CVE-2026-5509
The CVE-2026-5509 entry describes an authenticated command-injection flaw in TP-Link Archer BE450 v1 and BE7200 v1 routers. After logging into the admin web interface, an attacker can inject crafted input via the browser’s developer console that is passed to backend system commands without suffic...
CVE-2026-44345
CVE-2026-44345 affects BentoML. A multi-line value supplied to docker.base_image in bento.yaml is interpolated into the Dockerfile without escaping or validation, allowing an attacker-controlled Dockerfile fragment to inject arbitrary RUN directives. When bentoml containerize runs docker build, t...
CVE-2026-45334
CVE-2026-45334 corresponds to a Kirby CMS vulnerability (GHSA-39VQ-49QM-R2MC) involving the Panel content-locking feature. When a user’s role has restricted visibility (users.access or users.list set to false), the lock information (including the editing user’s email and internal ID) could be ret...
CVE-2026-44346
CVE-2026-44346 affects BentoML. A malicious bentofile.yaml with a newline-injected value in envs[*].name yields unquoted RUN directives in the BentoML-generated Dockerfile, causing those RUN commands to run on the host during docker build when running bentoml containerize. The issue stems from un...
CVE-2026-45081
Frappe HRMS (HRMS) has a permission bypass in the Leave Details API. Before version 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks; the issue is fixed in 16.5.0.
CVE-2026-45260
CVE-2026-45260 (Pimcore WebDAV MOVE issue) : Pimcore 2026.1.0 WebDAV asset MOVE endpoint (/asset/webdav{path}) can perform asset mutation and deletion without enforcing authentication or permissions during Tree::move(). The MOVE path deletes the source asset before validating the current user, al...
CVE-2026-44521
elFinder contains an authenticated SQL injection in the MySQL volume driver (elFinderVolumeMySQL). A logged-in user, including those with read-only access, can inject SQL via a crafted target file hash, potentially leading to unauthorized data disclosure and denial of service. Affected installati...
CVE-2026-48147
Budibase (open-source low-code platform) prior to 3.35.4 contains a vulnerability in buildMatcherRegex()/matches() within packages/backend-core/src/middleware/matchers.ts where route patterns are compiled into unanchored regexes and tested against ctx.request.url (including the full query string)...
CVE-2026-48148
Budibase prior to 3.35.3 exposes an unvalidated VectorDB host parameter in its configuration endpoint. An authenticated builder-level user can supply a host like 169.254.169.254 or localhost, allowing the server to initiate outbound TCP connections to internal network addresses or cloud metadata ...
CVE-2026-45548
The CVE-2026-45548 entries describe a Server-Side Request Forgery (SSRF) in Budibase where processUrlFile (AI Extract File step) calls fetch(fileUrl) without the IP blacklist, bypassing protections used by other automation steps. This allowed an authenticated builder to trigger server-side reques...
CVE-2026-45715
Budibase (open-source low-code platform) is affected by CVE-2026-45715 via the REST datasource integration. The vulnerable component is the REST datasource code at packages/server/src/integrations/rest.ts, where redirects are followed without re-checking the IP blacklist, allowing an authenticate...
CVE-2026-45716
Budibase vulnerability CVE-2026-45716 affects the onboardUsers endpoint: when SMTP is not configured, POST /api/global/users/onboard allows a builder to create new global admin accounts by injecting attacker-controlled roles, returning the generated password in the response and enabling full priv...
CVE-2026-45717
Budibase (prior to 3.38.1) exposed PUT /api/datasources/:datasourceId under TABLE/READ authorization, allowing any authenticated user with BASIC or higher to overwrite a datasource’s config (host, port, database, URL, credentials). The update merges attacker-controlled fields without builder-leve...
CVE-2026-45718
Budibase (open-source low-code platform) fixed in 3.38.1 a vulnerability in the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger). Before 3.38.1, the endpoint did not validate that the provided rowId was within the view’s filters, allowing a user with access to a ...
CVE-2026-45719
Budibase is vulnerable to CouchDB reduce injection via the V1 Views API (POST /api/views) where the calculation parameter is interpolated into a CouchDB reduce function without validation. A Builder-permission user can inject arbitrary JavaScript into the reduce function, which CouchDB executes w...
CVE-2026-46425
Budibase contains a SCIM authorization flaw prior to version 3.38.2: the SCIM router (packages/worker/src/api/routes/global/scim.ts) attaches only requireSCIM and doInScimContext middlewares, with no role check. This allows any authenticated user (including BASIC role) who reaches the worker to p...