CVE-2026-48110

CVE-2026-48110 affects Russh, a Rust SSH client/server library. From 0.34.0 up to before 0.61.0, several client/server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could send o...

CVE-2026-48108

Russh (Rust SSH client/server library) prior to 0.61.0 allowed non-canonical client identification and did not bound pre-banner input on the server side, enabling malformed pre-auth identification to potentially exhaust connection resources. The issue affects versions 0.34.0-beta.1 through before...

CVE-2026-48107

Russh (Rust SSH client/server) is affected in versions 0.37.0–0.60.x where the client’s keyboard-interactive auth path accepts an attacker-controlled prompt count via USERAUTH_INFO_REQUEST. The code uses the raw count directly in Vec::with_capacity(...) before verifying sufficient prompt data, en...

CVE-2026-10143

CVE-2026-10143 affects kafka-python prior to 2.3.2. The denial‑of‑service arises from ScramClient.process_server_first_message() passing the broker‑provided SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation in scram.py. This can freeze the client event loop, blocking prod...

CVE-2026-42462

CVE-2026-42462 describes an LD-Signature bypass in Fedify caused by JSON-LD named-graph restructuring. The issue allows an attacker to reorganize a signed JSON-LD payload (via features like @graph, @reverse, @included) in a way that changes how the signed ActivityPub activity is interpreted witho...

CVE-2026-46705

The vulnerability CVE-2026-46705 affects russh (Rust SSH client/server) versions 0.34.0-beta.1 through before 0.61.0. The server’s authentication path retained russh-owned state (e.g., remaining methods, partial_success, and in-progress state) across SSH_MSG_USERAUTH_REQUEST messages when the use...

CVE-2026-46702

Russh contains a post-decompression packet size bound vulnerability: when SSH compression is enabled, compressed payloads could inflate to oversized decompressed data, bypassing on-wire packet checks. This allowed remote DoS by sending small compressed packets that decompress beyond limits. Affec...

CVE-2026-46673

Summary of the vulnerability (CVE-2026-46673) : In Russh (Rust SSH client/server), CryptoVec allocations and growth were unchecked in vulnerable releases. Prior to 0.60.3, local agent inputs could feed attacker-controlled frame lengths into buffer growth before validation; in historical releases ...

CVE-2026-10142

CVE-2026-10142 affects kafka-python prior to 2.3.2. The vulnerability resides in the protocol parser, where an attacker can send a crafted 4-byte frame length via receive_bytes() without bounds validation. This can cause a multi-gigabyte memory allocation or an uncaught ValueError, leaving the co...

CVE-2026-46668

The CVE-2026-46668 issue affects SpiceDB releases earlier than v1.52.0, where caveat structures containing nested lists could cause improper cache reuse. Affected versions range from v1.15.0 up to, but not including, v1.52.0. The root cause centers on how nested caveat data is cached, enabling po...

CVE-2026-46669

OpenVM-pairing vulnerability CVE-2026-46669: the openvm-pairing guest library’s try_honest_pairing_check previously did not verify that the scaling factor s lies in a proper subfield of Fp12, allowing incorrect pairing results. The issue has been patched in version 1.6.0; users should upgrade to ...

CVE-2022-48575

The CVE-2022-48575 issue affects macOS Monterey due to a consistency/state-handling defect that may allow a person with physical access to bypass the Login Window. The Apple security content notes this as fixed in macOS Monterey 12.4. Affected component: Login Window handling; root cause: improve...

CVE-2022-26758

CVE-2022-26758: macOS Monterey before 12.4 is affected by a memory corruption issue that may allow a malicious application to cause unexpected changes in memory shared between processes. The vulnerability is addressed in macOS Monterey 12.4 with improved state management. The CVE entry notes a lo...

CVE-2026-48011

Summary of CVE-2026-48011 (Shopware) : A timing-attack in the admin authentication flow enables an attacker to enumerate administrator usernames. The issue is in the OAuth user lookup path (UserRepository::getUserEntityByUserCredentials). If a username is not found, the code returns quickly; if f...

CVE-2026-46654

The CVE-2026-46654 issue affects Plonky3’s MultiField32Challenger in the prover transcript handling, where transcript malleability allows an attacker controlling prover-side observations to craft transcripts that yield identical challenges, breaking Fiat-Shamir binding. Root cause: a mismatch bet...

CVE-2026-44692

CVE-2026-44692 affects the Sharp CMS package for Laravel. Prior to version 9.22.0, the generic download endpoint authorizes access only to the selected Sharp entity but then reads the target disk and path from request parameters, allowing an authenticated user who can view one valid record to dow...

CVE-2026-53634

The CVE concerns Sharp (Laravel package) where the Quick Creation Command endpoints (create and store) from version 9.0.0 up to just before 9.22.3 failed to enforce authorization checks. An authenticated Sharp user lacking create permission on a target entity could access the creation form or sub...

CVE-2026-45380

The CVE-2026-45380 issue affects bit7z (a cross-platform C++ static library for archive handling). A one-byte off-by-one bug in SafeOutPathBuilder::restoreSymlink() (prior to 4.0.12) enables crafting a .7z archive that, when extracted on non-Windows, creates a symlink escaping the extraction dire...

CVE-2026-45384

Summary of CVE-2026-45384 (bit7z) Affected: bit7z library (cross-platform C++ library used for archive compression/extraction). Vulnerability: Prior to v4.0.12, an arbitrary file overwrite vulnerability exists via a symlink attack on predictable temporary files during an archive update. This stem...

CVE-2026-45106

Weblate (web-based localization tool) is affected by a stored HTML injection/XSS in the live search preview prior to version 2026.5, where unit source and context are rendered without escaping, allowing HTML/CSS that runs in authenticated editors of other users performing a matching search. The i...

CVE-2026-50127

CVE-2026-50127 affects Weblate (versions 5.15 up to, but not including, 2026.6). The VCS_RESTRICT_PRIVATE check did not properly account for certain transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, allowing some addresses to bypass private-range restrictions. The i...

CVE-2026-46683

Snappy (KnpLabsKnappy) is a PHP library for generating thumbnails, screenshots, or PDFs from URLs or HTML. A vulnerability exists prior to v1.7.0 allowing SSRF and local file reads via the xsl-style-sheet option. The issue is resolved in version 1.7.0. Impact is described as SSRF and potential lo...

CVE-2026-46643

CVE-2026-46643 affects KnLplabs Snappy (knplabs/knp-snappy) on POSIX, where escapeshellarg('/usr/bin/wkhtmltopdf') may still leave $command unescaped due to a faulty is_executable check. This allows command execution when the binary path is influenced by user input or environment data, as the saf...

CVE-2026-6893

CVE-2026-6893 affects the dracut project, specifically the legacy DHCP path. A remote attacker on an adjacent network can trigger root code execution in the initramfs by sending specially crafted DHCP options (for example, a malicious hostname). The options are improperly handled and written into...

CVE-2026-46529

Technical details such as affected versions, impact, and remediation are not provided in the supplied documents; monitor for updates from official advisories.

CVE-2026-1220

Summary: CVE-2026-1220 is a race in V8 in Google Chrome prior to 144.0.7559.99 that could allow a remote attacker to trigger type confusion via a crafted HTML page. The vulnerability affects Chromium-based Chrome and stems from the V8 engine; exploitation could lead to arbitrary code execution or...

CVE-2026-47751

Technical details for CVE-2026-47751 are not publicly available in the provided documents. Monitor for updates from authoritative sources; the connected advisory describes a different vulnerability without confirming this CVE mapping.

CVE-2026-48063

The connected GHSA advisory documents a vulnerability in Baileys prior to certain versions where a malicious placeholderResendMessage payload can trigger a fake messages.upsert event (with a fake key and payload), spoofing messages and corrupting the app state sync, including history sync spoofin...

CVE-2026-48061

CVE-2026-48061 / GHSA-3QMC-CJ7Q-62HV (Litestar) : The AllowedHostsMiddleware trusts the X-Forwarded-Host header when Host is absent, allowing a client-controlled value to bypass host validation. This enables host header injection and can lead to password reset poisoning, cache poisoning, and rout...

CVE-2026-48060

TL;DR: The CVE-2026-48060 entry is enriched by the GHSA advisory: Litestar templates used with CSRF protection can suffer HTML injection that bypasses escaping in the template when CSRF tokens are inlined. This can lead to arbitrary HTML/JS being rendered in victims’ browsers, enabling a Cross-Si...

CVE-2026-48058

Nebula Mesh up to v0.3.1 is affected by a vulnerability where session and OIDC state cookies are created without the Secure attribute, allowing plaintext cookie exposure over a single HTTP request to a non-TLS origin. The issue resides in internal/web/session.go and internal/web/oidc.go (Login, S...

CVE-2026-11626

CVE-2026-11626 concerns the CleanWipe Removal Tool on macOS, affected prior to version 16.0.0.65. The vulnerability is described as a Local Privilege Escalation, allowing an attacker with limited privileges to raise privileges to administrative level. The available details indicate a local attack...

CVE-2026-48025

CVE-2026-48025 is reserved, but connected advisory GHSA-8H84-FHQQ-Q58V documents a concrete issue in nebula-mesh: decrypted CA private keys persist in process heap after signing due to CAManager not wiping, exposing memory contents. Affected: all released versions up to v0.3.6. Root cause: plaint...

CVE-2026-50639

Metric injection vulnerability in Metrics::Any::Adapter::SignalFx for Perl: versions before 0.04 do not protect against metric injections. The issue spans the StatsD protocol and its extensions (dogstatsd); per-packet metrics can include multiple metrics separated by newlines. The _labels functio...

CVE-2026-50638

CVE-2026-50638 affects Metrics::Any::Adapter::DogStatsd (Perl) versions before 0.04. The issue arises because the DogStatsd adapter does not validate newline or statsd control characters in tags, enabling potential metric injections when multiple metrics are sent per UDP/TCP packet. The vulnerabi...

CVE-2026-50637

The CVE concerns Metrics::Any::Adapter::Statsd (Perl) prior to v0.04, where the send path did not validate metric names/values, allowing metric injections when names contain newlines and statsd control characters (colon, pipe). This vulnerability affects Metrics::Any::Adapter::Statsd and related ...

CVE-2026-10740

CVE-2026-10740 affects s2n-quic prior to version 1.8.2, where an unbounded memory allocation in the CRYPTO frame reassembler can allow an unauthenticated remote actor to trigger a denial of service (degraded availability) by sending crafted QUIC Initial packets. The vulnerability is triggered dur...

CVE-2026-46642

CVE-2026-46642 affects draw.io prior to 29.7.12. A crafted .drawio file can execute arbitrary JavaScript in the editor’s origin when opened. The root cause is a feature-detection routine in the Text Format panel that reads the raw cell label and assigns it to a detached element’s innerHTML withou...

CVE-2026-11417

OS command injection in the NodejsFunction local bundling pipeline of aws-cdk-lib (pre-2.245.0; 2.246.0 on Windows) allows a threat actor who controls bundling properties (externalModules, define, loader, inject, esbuildArgs) to execute arbitrary commands on the host running the CDK toolchain via...

CVE-2026-45062

CVE-2026-45062 affects FrankenPHP (versions 1.11.2–1.12.2). The vulnerability arises in the CGI path splitting logic (splitPos in cgi.go), where fallback matching uses golang.org/x/text/search with ignore-case, and engages when the request path contains non-ASCII bytes. Two flaws enable an attack...

CVE-2026-50570

Fission prior to v1.25.0 allowed tenant-created Function/Environment CRDs to request securityContext.capabilities.add: ["SYS_TIME"] despite a fixed denylist (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The validation/merge-layer sanitization did not block CAP_SYS...

CVE-2026-50569

The CVE concerns Fission (Kubernetes-native serverless framework). Before version 1.25.0, HTTPTriggerSpec.Validate() checked Methods, FunctionReference, Host, IngressConfig, and CorsConfig but silently skipped RelativeURL and Prefix; these fields were only validated at the CLI. As a result, an HT...

CVE-2026-50568

Fission (Kubernetes-native serverless framework) has a lexical path check vulnerability in SanitizeFilePath (pkg/utils/utils.go) that used strings.HasPrefix(path, safedir) instead of a directory-boundary check. This allowed a sibling directory escape (e.g., /packages-extra/evil under /packages) t...

CVE-2026-50567

CVE-2026-50567 affects Fission prior to 1.25.0. The vulnerability resides in Unarchive (pkg/utils/zip.go) where archive entry paths are joined with the destination path without validating that the final path stays under the destination. An attacker who can control a Package.Spec.Source.URL or Dep...

CVE-2026-50566

Fission prior to v1.24.0 is affected: a tenant with environments.fission.io create/update RBAC could run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor’s high-privilege service account. This enable...

CVE-2026-50565

CVE-2026-50565 affects Fission (Kubernetes-native serverless framework). Before v1.24.0, builder pods were created with ServiceAccountName: fission-builder and AutomountServiceAccountToken was not disabled, causing the kubelet to auto-mount the service-account token into every container in the po...

CVE-2026-50564

CVE-2026-50564 concerns Fission’s Environment CRD prior to version 1.24.0, where spec.runtime.podSpec and spec.builder.podSpec were merged into runtime/builder pod specs without filtering. This allowed propagation of hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from...

CVE-2026-50563

Fission before v1.24.0 allows a tenant to supply Function.spec.podspec, which is merged into the executor-built podspec and used to create a Deployment for the user’s container image. This directly explains the root cause of the listed vulnerability and aligns with the patched state in v1.24.0. T...

CVE-2026-50545

Fission (Kubernetes-native serverless) prior to version 1.24.0 allowed Environment.spec.runtime.podSpec and spec.builder.podSpec passthrough without validation, and MergePodSpec could propagate dangerous fields into generated pods. This CVE—CVE-2026-50545—describes a PodSpec injection with potent...

CVE-2026-49824

Fission (Kubernetes-native serverless framework) prior to v1.24.0 allowed a cross-namespace environment reference via the Function admission webhook because spec.environment.namespace was not validated, unlike spec.secrets[].namespace and spec.configmaps[].namespace. The issue affects the Functio...