417654 matches found
EUVD-2026-31694
Hackney has unbounded buffer accumulation in WebSocket...
EUVD-2026-31690
Hackney has CRLF / header injection in WebSocket upgrade request...
EUVD-2026-31687
Hackney has CR/LF injection in query parameter...
EUVD-2026-32861
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM...
EUVD-2026-31692
Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body...
EUVD-2026-31689
Hackney has SSRF allowlist bypass in hackneyurl:normalize/2 via percent-encoded host...
EUVD-2026-31683
Hackney has CRLF / header injection via unvalidated domain and path options...
EUVD-2026-31685
Hackney: ssl:connect/2 post-handshake upgrade has no timeout...
EUVD-2026-31686
Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry...
EUVD-2026-38016
Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication...
EUVD-2026-39497
pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile...
EUVD-2026-31658
Cargo crates in third party registries can override the cached source of other crates...
EUVD-2026-31654
Cargo can be coerced to share credentials between registries...
EUVD-2026-38048
php-weasyprint: shell command injection via configurable WeasyPrint binary path due to inverted isexecutable guard mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc...
EUVD-2026-37951
mcp-pinot: Unauthenticated tool invocation via default oauthenabled=False + host 0.0.0.0 bind...
EUVD-2026-37950
Relyra SAML SignatureValue not cryptographically verified - authentication bypass...
EUVD-2026-38058
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call...
EUVD-2026-37943
deepstream is vulnerable to prototype pollution...
EUVD-2026-37807
CakePHP: View::element is missing a path containment check...
EUVD-2026-37805
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization...
EUVD-2026-39922
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath.endsWith"/configs" to whitelist the public configuration endpoint from Basic Auth. Because the check is a suffix match rather than an exact path match...
EUVD-2026-39921
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard onl...
EUVD-2026-37798
PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling...
EUVD-2026-39920
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...
EUVD-2026-39919
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...
EUVD-2026-39918
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint GET /api/v1/tenant/executions/executionId/file/preview contains an access control bypass that allows any authenticated user to read output files from any other executio...
EUVD-2026-39917
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...
EUVD-2026-39916
Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the interna...
EUVD-2026-39915
Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...
EUVD-2026-39914
Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...
EUVD-2026-39913
Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...
EUVD-2024-55645
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application...
EUVD-2026-39912
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...
EUVD-2026-39911
Budibase is an open-source low-code platform. Prior to 3.39.0, GET /api/chat-links/:instance/:token/handoff is a public endpoint no auth required that performs a permanent, state-changing operation: it binds an external chat identity Slack/Discord/MS Teams to an authenticated Budibase user accoun...
EUVD-2026-37516
Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication...
EUVD-2026-39910
Budibase is an open-source low-code platform. Prior to 3.39.9, POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, open...
EUVD-2026-39909
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...
EUVD-2026-39908
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...
EUVD-2026-39907
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...
EUVD-2026-39906
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...
EUVD-2026-39905
Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the...
EUVD-2026-39904
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...
EUVD-2026-39903
Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory does NOT canonicalize the path before checking. It uses a prefix-based check PathIsPrefix or equivalent that matches paths starting with trusted directory strings. A path traversal using ....\ after a truste...
EUVD-2026-39866
RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist...
EUVD-2026-39865
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...
EUVD-2026-39864
RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without ever calling the IAM authorization function that the FTP write/list handlers and t...
EUVD-2026-39863
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...
EUVD-2026-39862
Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface...
EUVD-2026-39861
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements. A password validation flaw in the change password behavior allows attackers to chan...
EUVD-2026-39860
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...