417623 matches found
EUVD-2026-36598
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwtsecretkey...
EUVD-2026-36600
Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context...
EUVD-2026-36599
Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing...
EUVD-2026-39492
pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...
EUVD-2026-39495
pnpm binds unscoped user-level npm auth credentials to a repository-selected registry...
EUVD-2026-39494
pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement...
EUVD-2026-39490
pnpm: Git Fetch Argument Injection via Lockfile resolution.commit...
EUVD-2026-39488
pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field...
EUVD-2026-39489
pnpm: Unsafe default behavior breaks integrity check...
EUVD-2026-38083
Authelia has an Edge Case Access Control Rule Mismatch...
EUVD-2026-38069
YARD static cache reads raw traversal paths before router sanitization...
EUVD-2026-38061
@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter...
EUVD-2026-38060
js-toml vulnerable to CPU exhaustion via On^2 BigInt construction on radix-prefixed integer literals...
EUVD-2026-38057
Statamic CMS's unsafe method invocation via collection sorting allows data destruction...
EUVD-2026-38059
Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources...
EUVD-2026-38054
PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option...
EUVD-2026-38036
PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles...
EUVD-2026-38053
PhpWeasyPrint vulnerable to PHAR deserialization via output filename CVE-2023-28115 case-insensitive bypass...
EUVD-2026-31691
Hackney vulnerable to atom-table exhaustion via unrecognized URL schemes...
EUVD-2026-31694
Hackney has unbounded buffer accumulation in WebSocket...
EUVD-2026-31690
Hackney has CRLF / header injection in WebSocket upgrade request...
EUVD-2026-31687
Hackney has CR/LF injection in query parameter...
EUVD-2026-32861
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM...
EUVD-2026-31692
Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body...
EUVD-2026-31689
Hackney has SSRF allowlist bypass in hackneyurl:normalize/2 via percent-encoded host...
EUVD-2026-31683
Hackney has CRLF / header injection via unvalidated domain and path options...
EUVD-2026-31685
Hackney: ssl:connect/2 post-handshake upgrade has no timeout...
EUVD-2026-31686
Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry...
EUVD-2026-38016
Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication...
EUVD-2026-39497
pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile...
EUVD-2026-31658
Cargo crates in third party registries can override the cached source of other crates...
EUVD-2026-31654
Cargo can be coerced to share credentials between registries...
EUVD-2026-38048
php-weasyprint: shell command injection via configurable WeasyPrint binary path due to inverted isexecutable guard mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc...
EUVD-2026-37951
mcp-pinot: Unauthenticated tool invocation via default oauthenabled=False + host 0.0.0.0 bind...
EUVD-2026-37950
Relyra SAML SignatureValue not cryptographically verified - authentication bypass...
EUVD-2026-38058
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call...
EUVD-2026-37943
deepstream is vulnerable to prototype pollution...
EUVD-2026-37807
CakePHP: View::element is missing a path containment check...
EUVD-2026-37805
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization...
EUVD-2026-39922
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath.endsWith"/configs" to whitelist the public configuration endpoint from Basic Auth. Because the check is a suffix match rather than an exact path match...
EUVD-2026-39921
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard onl...
EUVD-2026-37798
PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling...
EUVD-2026-39920
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...
EUVD-2026-39919
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...
EUVD-2026-39918
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint GET /api/v1/tenant/executions/executionId/file/preview contains an access control bypass that allows any authenticated user to read output files from any other executio...
EUVD-2026-39917
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...
EUVD-2026-39916
Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the interna...
EUVD-2026-39915
Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...
EUVD-2026-39914
Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...
EUVD-2026-39913
Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...