367610 matches found
CVE-2026-9739
CVE-2026-9739 describes a DNS rebinding vulnerability due to a hardcoded Access-Control-Allow-Origin: * in the SSE initialization handler, despite earlier attempts to align with MCP security guidelines using allowed-origins and allowed-hosts. The issue specifically affects users connecting via To...
CVE-2026-45309
CVE-2026-45309 is a reserved entry with no public technical details in the Initial document, but connected documents describe a concrete vulnerability in AsyncSSH. Affected: AsyncSSH (Python package, pip ecosystem), version 2.22.0. Root cause: the OpenSSH-compatible AuthorizedKeysFile token %u is...
CVE-2026-45322
CVE-2026-45322 affects Microsoft UFO (open-source framework for intelligent automation) up to v3.0.0. The issue is an OS command injection in the shell action replay path: ShellReceiver.run_shell() takes a command string from action parameters and passes it to subprocess.Popen() with shell=True a...
CVE-2026-45152
CVE-2026-45152 affects uniget prior to 0.27.1, where a command injection is possible via the check field loaded from untrusted JSON metadata. The implementation runs /bin/bash -c on tool.Check, allowing an attacker-controlled value to execute arbitrary shell commands during common operations (des...
CVE-2026-44720
OpenLearnX (pre-2.0.4) has a critical authentication vulnerability where JWT signature verification is disabled, enabling an attacker to bypass authentication and take over user accounts. Impact is unauthorized access under specific conditions; the issue is fixed in 2.0.4. Remediation: upgrade to...
CVE-2026-45083
Goobi viewer (4.8.0–26.04.0/1) exposed a vulnerable REST endpoint POST /api/v1/index/stream that accepted arbitrary Solr streaming expressions from unauthenticated clients and forwarded them to the backend Solr server without restriction. This allowed reading the complete Solr index and, in defau...
CVE-2026-9208
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-44247
CVE-2026-44247 : Volcano’s webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the ...
CVE-2026-45137
Summary: CVE-2026-45137 affects Anchor (Solana programs) where Program validation fails due to using Pubkey::default() as a sentinel, causing System and () to be treated equivalently and allowing any executable program in place of the system program. Impact: potential arbitrary CPI or payment byp...
CVE-2026-45136
Claude Code cache proxy claude-code-cache-fix is vulnerable to local code execution due to a Python triple-quote injection in tools/quota-statusline.sh. From v3.5.0–v3.5.1, user-controlled payloads can embed a ''' sequence which closes the Python literal and executes subsequent bytes in the user’...
CVE-2026-44660
Summary of CVE-2026-44660 : UltraJSON’s ujson.dump() to a file-like object can leak memory if the underlying write() raises an exception. The root cause is that the temporary JSON string created during objToJSONFile() is not decremented on early return, causing memory growth proportional to the p...
CVE-2026-44712
pam_usb on Linux is vulnerable prior to 0.8.7 due to two issues: (1) a crafted filesystem UUID or config UUID can trigger root RCE when pamusb-conf --reset-pads is run, and (2) userName from the XML config is passed to os.system(), invoking a shell via pamusb-agent. Some USB controllers may permi...
CVE-2026-44709
CVE-2026-44709 affects pam_usb: prior to version 0.8.7, the pamusb-pinentry component reads the PINENTRY_FALLBACK_APP environment variable and executes it directly without validation. Any process that can set environment variables before pamusb-pinentry runs can point PINENTRY_FALLBACK_APP to an ...
CVE-2026-44710
pam_usb for Linux is affected by a NULL pointer dereference in src/device.c prior to 0.8.7, where return values from udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() were passed directly to strcmp() without NULL checks. The GIO/UDisks API can return NULL for thes...
CVE-2026-44711
The CVE concerns the pam_usb project for Linux. Affected: pam_usb versions prior to 0.8.7. Root cause: symlink attacks on the pad directory and pad files. Impact: authentication bypass and potential root file corruption. The issue is fixed in version 0.8.7. There is no explicit exploitation statu...
CVE-2026-21785
CVE-2026-21785 relates to a misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions ≤ 10.1.0.0442). The CSP failures occur because directives are defined without fallbacks, enabling attackers to bypass intended security restrictions and load unauthorized re...
CVE-2026-44713
Pam_usb vulnerability: in versions prior to 0.8.7, src/tmux.c reads the TMUX environment variable, splits on commas, and interpolates the socket-path directly into a shell command passed to popen(), placing the value inside double quotes without sanitisation. This allows an attacker-controlled va...
CVE-2026-47269
CVE-2026-47269 affects pam_usb on Linux. The deny_remote feature checks utmpx ut_addr_v6[0] to identify remote sessions, but IPv4-mapped IPv6 addresses cause the check to fail (ut_addr_v6[0] == 0, while the IPv4 address is in ut_addr_v6[3]), so remote SSH connections can be treated as local. As a...
CVE-2026-47270
CVE-2026-47270 affects the pam_usb PAM module used for Linux hardware authentication. The denial logic (deny_remote) uses non-reentrant strtok(), with three functions sharing a global token pointer; in multi-threaded authentication (e.g., long-lived display managers like GDM), two concurrent auth...
CVE-2026-47271
The CVE affects pam_usb prior to version 0.9.0, where out-of-memory guards in src/mem.c (xmalloc/xrealloc/xstrdup) were removed when NDEBUG is defined. With no NULL checks after allocation, NULL pointer dereferences occur, causing a crash in the PAM module loaded by sudo or login and leading to l...
CVE-2026-47272
pam_usb for Linux allows local authentication bypass before version 0.9.0 due to pusb_pad_compare() only checking the user-side pad (~/.pamusb/device.pad) and not requiring the system-side pad on the USB device to be present. A local user can delete or obscure their own device.pad to bypass the U...
CVE-2026-47273
CVE-2026-47273 affects pam_usb on Linux prior to 0.9.0. The vulnerability arises when pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and device-supplied identifiers (USB serial, model, vendor) to query /etc/pamusb.conf without validating XPath metacha...
CVE-2026-47274
CVE-2026-47274 affects pam_usb on Linux prior to 0.9.0. The issue stems from several pam_usb helper tools resolving external binaries via PATH instead of absolute paths, enabling a local attacker to substitute malicious binaries when they can influence the process environment during PAM authentic...
CVE-2026-48064
Summary: pam_usb prior to 0.9.1 allowed a remote XDMCP session to bypass USB authentication when deny_remote=false, because the PAM_RHOST check was gated inside the deny_remote branch. Technical details (supported): pam_usb provides hardware authentication for Linux via removable media. In affect...
CVE-2026-48065
The CVE-2026-48065 issue affects pam_usb for Linux prior to version 0.9.1. In src/conf.c, heap memory is allocated as size proportional to n_devices (derived from libxml2 XPath on the config file) without an upper bound. On 32-bit targets (armv7l, i686 listed in the Makefile), n_devices * sizeof(...
CVE-2026-44982
The CVE entry CVE-2026-44982 is reserved with no public details in the Initial document; however, connected documentation provides concrete details about a CrowdSec AppSec issue. The advisory GHSA-RW47-HM26-6WR7 states that CrowdSec AppSec fails to read the HTTP request body for requests where Co...
CVE-2026-48066
pam_usb fixes a thread-unsafe behavior: before 0.9.1, src/log.c used a process-wide static pointer written on every PAM invocation to a stack-local address, creating a data race when PAM is invoked concurrently by multiple threads. The issue is resolved in version 0.9.1. Affected component: pam_u...
CVE-2026-44981
CVE-2026-44981 / GHSA-273H-GVWR-C3QJ (CrowdSec LAPI) : The vulnerability arises from using gin-contrib/gzip with GlobalDecompressHandle that decompresses request bodies without a maximum decompressed size. Attackers can send small gzip-compressed JSON payloads that decompress into hundreds of MB,...
CVE-2026-48792
The connected sources confirm a vulnerability in pam_usb for Linux prior to 0.9.1: evdev.c silently ignores EACCES when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to incorrectly report no virtual devices even if opens fail due to insufficient permissions. As a result...
CVE-2026-8359
The CVE concerns Gladinet Triofox on processing requests for /status or /sysinfo, where WOSHttpStatusModule.dll should load to handle the path. The root cause is that WOSHttpStatusModule.dll is not present in the installation, causing the WOSBin_LoadHttpModule export to be NULL and a call to addr...
CVE-2026-8360
CVE-2026-8360 affects the Triofox server components using WOSCommonUtil.dll, specifically the function WOSSysInfoGetDeviceInterface() called by DLLs such as WOSProfileMgrModule.dll and WOSWebDavModule.dll . The vulnerability arises when these calls can return a NULL pointer (e.g., when no user is...
CVE-2026-8361
Summary (CVE-2026-8361): A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path that starts with /woshome. The CVSS 3.1 base score is 7.5 (High) with network attack vector, no user interaction, and no privileges required; confidentiality impact is High, other...
CVE-2026-8362
CVE-2026-8362 describes a stack-based buffer overflow in WOSDefaultHttpModule.dll when processing long URL paths starting with /woshome. Affected software/component: WOSDefaultHttpModule.dll. Root cause: unbounded processing of long URL path leading to overflow. Impact is described as high confid...
CVE-2026-8363
CVE-2026-8363: A stack-based buffer overflow in WOSDeviceDropFolder.dll occurs when processing a long URL path starting with /resources. Documented under Gladinet Triofox; affected component is WOSDeviceDropFolder.dll. CVSS v3.1 shows a critical base score of 9.8 (Network, No user interaction, pr...
CVE-2026-8364
Affected software: Gladinet Triofox Cloud Server Agent (GladServerAgentService.exe). Vulnerability behavior: listens on TCP port 7878 and processes remote HTTP messages with URL paths /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache. Impact: CVSS 3.1 base score 9.8; con...
CVE-2026-45134
LangSmith CVE-2026-45134 affects LangSmith Client SDKs with prompt-pull methods that fetch/deserialize prompt manifests from LangSmith Hub. The issue allows manifest content to be influenced by external parties when pulling a public prompt (owner/name), because prior SDKs did not distinguish such...
CVE-2026-44724
CVE-2026-44724 affects the node.js library systeminformation (Linux) from versions 4.17.0 through 5.31.5. The issue is a command-injection flaw in networkInterfaces() caused by unsanitized NetworkManager connection profile names being interpolated into shell commands executed via execSync(), afte...
CVE-2026-44590
The CVE-2026-44590 entry concerns the Sherlock project’s GitHub Actions workflow validate_modified_targets.yml. Before version 0.16.1, a command-injection vulnerability in the pull_request_target flow allowed any GitHub user to execute arbitrary commands on the CI runner and exfiltrate the workfl...
CVE-2026-44681
CVE-2026-44681 affects Authlib’s OpenID implementation (OpenIDImplicitGrant and OpenIDHybridGrant). An unauthenticated open redirect can occur when a request omits the openid scope, causing the server to redirect with a 302 to an attacker-controlled URL. The root cause is that the scope check hap...
CVE-2026-44886
Pi.Alert’s web interface is vulnerable to unauthenticated blind SQL injection in the /pialert/php/server/devices.php endpoint when action=getDevicesTotals is used and the scansource parameter is injected. From 2024-06-29 until 2026-05-07, unauthenticated users could trigger the vulnerability; the...
CVE-2026-44887
CVE-2026-44887 affects Pi.Alert, a WIFI/LAN intruder detector with a web service. The vulnerability arises from the web-based configuration editor allowing arbitrary Python code to be injected into pialert.conf; the background scan daemon loads this file with Python’s exec(), causing the injected...
CVE-2026-44888
Pi.Alert vulnerability CVE-2026-44888: unauthenticated RCE via SaveConfigFile() config injection. Prior to 2026-05-07, numeric config values (e.g., SMTP_PORT) were written into pialert.conf without validation; pialert.conf is loaded with Python exec() every 3–5 minutes by a background cron, allow...
CVE-2026-45108
Himmelblau (interoperability suite for Microsoft Azure Entra ID and Intune) contains an authentication bypass in the Device Authorization Grant (DAG) flow for versions 2.0.0–3.1.4 and 2.3.0–2.3.10. The root cause is in token_validate, which verified domain aliases but did not ensure the authentic...
CVE-2026-45102
CVE-2026-45102 concerns OneUptime, an open-source monitoring platform. Prior to version 10.0.98, OneUptime used Node.js vm module as an isolation primitive, which is not intended for security boundaries and can be escaped via error objects and infinite recursion, potentially enabling remote code ...
CVE-2026-45104
MapServer CVE-2026-45104 describes a NULL pointer dereference in SLD parsing of rules when exposed via WMS SLD_BODY. From 6.4.0 through before 8.6.3, msSLDParseUserStyle calls _SLDApplyRuleValues(psRule, psLayer, 1) for any with , assuming one class was added. If the rule has no symbolizer (sti...
CVE-2026-42877
CVE-2026-42877 describes a stored XSS in FacturaScripts where the product variant field referencia is injected into an onclick attribute in SalesModalHTML.php and PurchasesModalHTML.php without proper escaping. The vulnerability allows an authenticated user with warehouse access to create a malic...
CVE-2026-9759
CVE-2026-9759 describes a NULL pointer dereference in the ROHC protocol dissector of Wireshark, affecting Wireshark versions 4.6.0–4.6.5 and 4.4.0–4.4.15, which can lead to a denial of service. The provided documents identify the affected components and the impact but do not specify a patch versi...
CVE-2026-47161
RELATE is affected by CVE-2026-47161 due to Celery workers configured to deserialize untrusted pickle data prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb. An attacker who can reach the message broker can execute arbitrary commands on the host, and due to insufficient network isolation i...
CVE-2026-42197
CVE-2026-42197 affects RELATE, a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 are vulnerable to a stored XSS via an unprivileged user profile. The vulnerability arises in the get_user() method of ParticipationAdmin, which renders user-controlled ...
CVE-2026-42879
CVE-2026-42879 affects FacturaScripts