365036 matches found
CVE-2026-11833
CVE-2026-11833 affects FAST/TOOLS (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04 and CI Server (all packages) from R1.01 to R1.04. The web server may return a response containing CI Server setting information, which could be exploited by an attacker for other attacks. The CVSS4 scor...
CVE-2026-52801
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
CVE-2026-52800
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
CVE-2026-52799
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
CVE-2026-10658
CVE-2026-10658 affects Zephyr’s Bluetooth Host ISO RX path, specifically bt_iso_recv() in subsys/bluetooth/host/iso.c. The vulnerability arises from missing minimum length checks for SDU headers when processing PB=START/SINGLE, allowing a malformed HCI ISO payload to bypass the inner header lengt...
CVE-2026-52796
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
CVE-2026-10651
The CVE-2026-10651 affects Zephyr’s Bluetooth Classic SDP parser (subsys/bluetooth/host/classic/sdp.c) where bt_sdp_parse_attribute() reads a 3-byte attribute (1-byte type, 2-byte id) but then unconditionally pulls an extra value type byte without verifying remaining length. A truncated 3-byte at...
CVE-2026-50179
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
CVE-2026-10645
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-10645; no additional specifics on affected products or fixes are provided here.
CVE-2026-54353
The CVE entry CVE-2026-54353 is tied to a GitHub advisory for Budibase backend-core describing a TOCTOU DNS rebinding-based SSRF: outbound fetch validation resolves hostnames for a blacklist, but the real socket connection performs another DNS lookup, allowing an attacker-controlled hostname to r...
CVE-2026-54352
The connected GitHub advisory describes a file-read vulnerability in Budibase server (Budibase/budibase <= 3.39.0) via the workspace-builder permission. A POST /api/pwa/process-zip endpoint accepts a zip; it unpacks with [email protected] to a temp dir, then validates icons.json entries by pat...
CVE-2026-54351
The CVE entry is tied to Budibase: a mass-assignment vulnerability in the webhook trigger allows an attacker to overwrite the internal appId in the request body, causing the async workflow to run in the victim workspace context. The public webhook endpoint passes the full HTTP body into automatio...
CVE-2026-49229
The connected GHSA advisory for @actual-app/sync-server discloses a flaw where disabling a user does not invalidate existing sessions. In OpenID multi-user mode, login-time checks enforce enabled=1, but the session validation path (validateSession) accepts any non-expired token without rechecking...
CVE-2026-50137
The connected GitHub advisory describes a security hole in Budibase: an unauthenticated POST to /api/attachments/:datasourceId/url can mint AWS S3 pre-signed PUT URLs using the datasource’s IAM credentials, enabling anonymous users to write to buckets those credentials can access. The route lacks...
CVE-2026-50136
Budibase exposes an unauthenticated endpoint that generates S3 PutObject signed URLs using credentials stored in a workspace datasource. The POST /api/attachments/:datasourceId/url route is only protected by recaptcha and does not require authentication or datasource/builder access. The server si...
CVE-2026-50132
Budibase has an account-linking CSRF/ACL vulnerability exposed via public GET endpoint GET /api/chat-links/:instance/:token/handoff. An attacker can generate a chat identity link session (token contains attacker’s externalUserId) and, when a victim visits the URL while authenticated, upserts a ch...
CVE-2026-48170
The connected advisory GHSA-9M6G-WC8R-Q59C describes a prototype pollution vulnerability in the scim-patch library. Affected versions are
CVE-2026-47267
Technical details for CVE-2026-47267 are not publicly available in the provided documents. Monitor for updates as more information may be released.
CVE-2026-47155
CVE-2026-47155 affects vLLM prior to 0.22.0. Description: revision pinning controls do not consistently apply to all artifacts loaded for a model, enabling loading of dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/d...
CVE-2026-41523
vLLM prior to 0.22.0 is affected by an assert-based security check in the activation function loading that can permit arbitrary code execution when a malicious HuggingFace model is loaded and vLLM runs in Python optimized mode. The attacker-controlled inputs are the activation function names from...
CVE-2026-54232
vLLM prior to 0.22.1 is affected by a dependency confusion flaw in its Dockerfile. The vulnerability arises from installing flashinfer-jit-cache from a private index (flashinfer.ai/whl/) via --extra-index-url while the package name was not registered on PyPI and UV_INDEX_STRATEGY is set to unsafe...
CVE-2026-54233
Affected software: vLLM (inference/serving engine). Vulnerability: decoding an audio file on the /v1/audio/transcriptions endpoint can cause extreme memory growth. A 25 MB OPUS upload decodes to about 14.9 GB of float32 PCM, because the audio decoder concatenates all frames in memory before retur...
CVE-2026-54236
CVE-2026-54236 affects vLLM versions before 0.23.1rc0. Five code paths bypass the sanitize_message global exception handler, leaking heap addresses via exception messages: (1) Anthropic API router POST /v1/messages and POST /v1/messages/count_tokens (vllm/entrypoints/anthropic/api_router.py), (2)...
CVE-2026-54235
Summary: CVE-2026-54235 affects vLLM prior to 0.23.1rc0, where temperature validation gates using can silently mis-handle NaN and positive Infinity due to Python IEEE 754 behavior. This allows non-finite temperatures to bypass guards and propagate to GPU sampling kernels, causing undefined behav...
CVE-2026-48746
vLLM OpenAI auth bypass (CVE-2026-48746) affects vLLM versions 0.3.0 through 0.21.0. Root cause: ASGI servers and Starlette trust the Host header from the request scope, enabling manipulation of the reconstructed URL path and bypassing the OpenAI API AuthenticationMiddleware for routes beginning ...
CVE-2026-53923
CVE-2026-53923 affects vLLM GGUF dequantize kernels. Root cause: integer truncation due to using int for the element count parameter, causing m*n (potentially > INT_MAX) to be truncated when passing to CUDA kernels, leading to unfilled output tensor memory that may retain data from previous in...
CVE-2026-55409
Filament (Laravel) v3 contains a vulnerability where a disabled RichEditor field renders its raw HTML state without sanitization. If the form state data isn’t sanitized when populated, an attacker could inject malicious HTML/JavaScript, causing XSS to execute for users viewing the form. Affected ...
CVE-2026-48067
CVE-2026-48067 affects Filament components where the recordSelectOptionsQuery() used to scope options in AttachAction and AssociateAction Select fields did not apply the same scope in validation. From filament/actions 4.0.0–4.11.4 and 5.6.4, and filament/tables 3.0.0–3.3.51, an attacker could tri...
CVE-2026-48167
CVE-2026-48167 (Filament) affects the ImageColumn and ImageEntry components of Filament (Laravel ecosystem). From versions 4.0.0 through 4.11.5 and 5.6.5, these components render raw database values without HTML escaping, enabling stored XSS if unvalidated data is passed. The vulnerability impact...
CVE-2026-46700
CVE-2026-46700: In @actual-app/sync-server, GET /secret/:name does not enforce an admin authorization check (unlike POST /secret/), allowing authenticated non-admin OpenID users to enumerate admin-managed secrets (e.g., gocardless_secretId, gocardless_secretKey, simplefin_token, simplefin_accessK...
CVE-2026-46672
The connected advisory confirms a concrete vulnerability in @actual-app/cli related to CSV export. The vulnerable code is in packages/cli/src/output.ts (escapeCsv), which only escapes commas, quotes, and newlines, leaving strings that start with formula triggers (e.g., =, +, -, @, tab) unneutrali...
CVE-2026-48500
Summary: Filament (Laravel components) had an unauthenticated temporary file upload issue on some auth-related schemas. Affected versions: 3.0.0–3.3.52, 4.11.5, and 5.6.5. Root cause: The Livewire component embeddings could apply WithFileUploads to forms that don’t require uploads, allowing unaut...
CVE-2026-48166
CVE-2026-48166 — Filament timing-based user enumeration on login page . Affects Filament login page in versions 4.0.0–4.11.5 and 5.6.5 of Filament (Laravel component library). An observable timing discrepancy on login allows unauthenticated attackers to determine whether a given email is register...
CVE-2026-48505
Filament’s MFA recovery-code handling (versions 4.0.0–4.11.5 and 5.6.5) allows the same recovery code to be reused under concurrent submissions. When recovery codes are enabled, an attacker with the user’s password and codes can establish multiple authenticated sessions per code, extending access...
CVE-2026-44889
WebOb (HTTP request/response utilities) is affected prior to version 1.8.10 by an open redirect in Location header normalization during redirects. The vulnerability arises from how WebOb uses urljoin/urlsplit to combine the redirect target with the request URL; since Python 3.10, urlsplit strips ...
CVE-2026-48109
CVE-2026-48109 affects MessagePack-CSharp in the optional LZ4 decompression path (Lz4Block, Lz4BlockArray). The vulnerability stems from a deprecated fast-decompression algorithm that does not enforce a source-length bound, enabling a remote attacker to craft payloads with manipulated LZ4 token/l...
CVE-2026-48502
MessagePack-CSharp contains a Denial of Service vulnerability in MessagePackReader.ReadDateTime() where a stack allocation is driven by attacker-controlled extension length. In the slow path, tokenSize includes the extension body length and is used in a stackalloc before the extension length is v...
CVE-2026-48506
The CVE-2026-48506 entry concerns MessagePack-CSharp: MessagePackReader.TrySkip() can recurse without incrementing depth checks, bypassing MaximumObjectGraphDepth and risking unbounded recursion leading to StackOverflow. Affected: MessagePack-CSharp (reader Skip usage in nested arrays/maps). Root...
CVE-2026-48509
The CVE affects MessagePack-CSharp (ASP.NET Core) where the default parameterless MessagePackInputFormatter() uses MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData, exposing ASP.NET Core MVC request bodies to DoS likely via UntrustedData protections. Affected versions: M...
CVE-2026-48510
CVE-2026-48510 affects MessagePack-CSharp. Prior to versions 2.5.301 and 3.1.7, during Lz4Block/Lz4BlockArray decompression the library reads declared uncompressed lengths from the wire and allocates output buffers before validating payload integrity or expansion reasonableness. This can allow a ...
CVE-2026-48511
The CVE affects MessagePack for C# (MessagePack-CSharp) prior to versions 2.5.301 and 3.1.7. The issue lies in ExpandoObjectFormatter.Deserialize, which populates System.Dynamic.ExpandoObject by repeatedly calling IDictionary.Add for each map entry. ExpandoObject stores member names in array-like...
CVE-2026-48512
CVE-2026-48512 affects MessagePack-CSharp’s JSON conversion helpers. Before versions 2.5.301 and 3.1.7, ConvertFromJsonCore and related paths can recurse without enforcing a consistent depth limit, and TinyJsonReader can parse tokens with unbounded recursion. The typeless ext-100 path also recurs...
CVE-2026-48513
CVE-2026-48513 — MessagePack-CSharp : Vulnerability in runtime-generated union deserializers by DynamicUnionResolver allows depth enforcement gaps. Prior to versions 2.5.301 and 3.1.7, deserializers did not call MessagePackSecurity.DepthStep(ref reader) or properly adjust reader.Depth during recu...
CVE-2026-48514
MessagePack-CSharp vulnerability CVE-2026-48514 affects Unity UnsafeBlitFormatterBase.Deserialize, where an attacker-controlled byteLength inside an extension payload can cause allocation of a very large T[] before validating header/remaining payload bounds. This unbounded allocation is possible ...
CVE-2026-48515
MessagePack-CSharp (MessagePack for C#) contains a vulnerability in its multi-dimensional array formatters that allocate a T[,], T[,,], or T[,,,] before validating the encoded element count. Prior to versions 2.5.301 and 3.1.7, the formatter reads dimension lengths from the payload and allocates ...
CVE-2026-46495
OpenDJ suffers a pre-auth RCE via Java deserialization in the JMX RMI connector (CWE-502). Affected: OpenDJ Community Edition up to 5.1.0 with JMX enabled. Exploitation requires only TCP reachability and does not require prior authentication. Patch: upgrade to OpenDJ 5.1.1 (latest release). Recom...
CVE-2026-48516
MessagePack-CSharp vulnerable in the InterfaceLookupFormatter before versions 2.5.301 and 3.1.7 , which constructs an internal Dictionary with the default equality comparer rather than the security-aware comparer from options.Security.GetEqualityComparer(). This omission enables a hash-collision ...
CVE-2026-56697
Nuxt security note: Nuxt versions 4.0.0–4.4.6 and 3.x before 3.21.7 are affected by an open redirect in the reloadNuxtApp function. Protocol-relative paths like //evil.com pass the script-protocol check but resolve to a cross-origin URL against the current page protocol, enabling attackers to red...
CVE-2026-56698
Nuxt CVE-2026-56698 affects Nuxt 4.0.0–4.4.6 and 3.x up to 3.21.6 (versions before the fixed releases). The navigateTo open option fails to validate script-capable URLs, allowing attacker-controlled javascript: URLs to execute arbitrary scripts in the application's origin when user input is passe...
CVE-2026-56357
n8n’s GitHub Webhook Trigger node is affected in versions before 1.123.15 and 2.5.0 due to missing HMAC-SHA256 signature verification. This allows an attacker who knows the webhook URL to send unsigned POST requests, potentially triggering workflows with arbitrary data and spoofing GitHub webhook...