6577 matches found
mail/mailpit -- multiple vulnerabilities
Mailpit author reports: Ensure SMTP TO & FROM addresses are RFC 5322 compliant and prevent header injection GHSA-54wq-72mp-cq7c Prevent Server-Side Request Forgery SSRF via HTML Check API GHSA-6jxm-fv7w-rw5j...
python -- several security vulnerabilities
The Python project announces a new release with several security fixes: CVE-2026-1299: gh-144125: BytesGenerator will now refuse to serialize write headers that are unsafely folded or delimited; see verifygeneratedheaders. Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650. gh-143935:...
oauth2-proxy -- multiple vulnerabilities
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
traefik -- ACME TLS-ALPN fast path potential DoS
The traefik project reports: There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled.A malicious client ca...
Mozilla -- multiple vulnerabilities
Memory safety bugs present in firefox-esr 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. Clickjacking issue and information disclosure in the PDF Viewer component. Use-after-free in the JavaScript: GC component...
Mozilla -- multiple vulnerabilities
Incorrect boundary conditions in the Graphics component. Use-after-free in the IPC component. Sandbox escape due to integer overflow in the Graphics component. Sandbox escape due to incorrect boundary conditions in the Graphics component. Mitigation bypass in the DOM: Security component...
Mozilla -- multiple vulnerabilities
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Denial-of-service in the DOM: Service Workers component. Information...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 10 security fixes: 458914193 High CVE-2026-0899: Out of bounds memory access in V8. Reported by @p1nky4745 on 2025-11-08 465730465 High CVE-2026-0900: Inappropriate implementation in V8. Reported by Google on 2025-12-03 40057499 High CVE-2026-0901:...
mail/mailpit -- Cross-Site WebSocket Hijacking
Mailpit author reports: The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailp...
virtualenv -- CWE-59: Improper Link Resolution Before File Access ('Link Following')
https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 reports: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attac...
libtasn1 -- Stack-based buffer overflow
oss-security@ list reports: Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring...
Gitlab -- vulnerabilities
Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE Cross-site Scripting issue in Web IDE impacts GitLab CE/EE Missing Authorization issue in Duo Workflows API impacts GitLab EE Missing Authorization issue in AI GraphQL mutation impacts...
curl -- Multiple vulnerabilities
The curl project reports: Multiple vulnerabilities...
mail/mailpit -- Server-Side Request Forgery
Mailpit author reports: A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix: 463155954 High CVE-2026-0628: Insufficient policy enforcement in WebView tag. Reported by Gal Weizman on 2025-11-23...
security/libsodium -- crypto_core_ed25519_is_valid_point mishandles checks for whether an elliptic curve point is valid
Libsodium maintainer reports: The function cryptocoreed25519isvalidpoint, a low-level function used to check if a given elliptic curve point is valid, was supposed to reject points that aren't in the main cryptographic group, but some points were slipping through...
phpmyfaq -- multiple vulnerabilities
phpMyFAQ team reports: Stored cross-site scripting XSS and unauthenticated config backup download vulnerability...
gstreamer1-plugins-bad -- Out-of-bounds reads in MIDI parser
The GStreamer Security Center reports: Multiple out-of-bounds reads in the MIDI parser that can cause crashes for certain input files...
Forgejo -- Symbolic Link (Symlink) Following
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports: Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template...
net-mgmt/net-snmp -- Remote Code Execution (snmptrapd)
net-snmp development team reports: A specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash...
fluidsynth -- Use after free when using DLS files
The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the unloaded...
smb4k -- Critical vulnerabilities in Mount Helper
vulndb reports: A vulnerability, which was classified as critical, was found in smb4k up to 4.0.4. Affected is some unknown functionality of the component Mount Helper. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-284. The...
MongoDB -- Improper Handling of Length Parameter Inconsistency
https://jira.mongodb.org/browse/SERVER-115508 reports: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client...
Firefox -- Use-after-free
https://bugzilla.mozilla.org/showbug.cgi?id=2000597 reports: Use-after-free in the Disability Access APIs component...
Firefox -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=1996570%2C1999700 reports: Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
FreeBSD -- Remote code execution via ND6 Router Advertisements
Problem Description: The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 448294721 High CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous on 2025-09-30 466786677 High CVE-2025-14766: Out of bounds read and write in V8. Reported by Shaheen Fazim on 2025-12-08...
FreeBSD -- ipfw denial of service
Problem Description: In some cases, the tcp-setmss handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Impact: Maliciously crafted packe...
Roundcube -- Multiple vulnerabilities
The Roundcube project reports: Cross-Site-Scripting vulnerability via SVG’s animate tag Information Disclosure vulnerability in the HTML style sanitizer...
github-release-monitor -- multiple vulnerabilities
https://nextjs.org/blog/security-update-2025-12-11 reports: Description Medium Source Code Exposure: CVE-2025-55183 A specifically crafted HTTP request can cause a Server Function to return the compiled source code of other Server Functions in your application. This could reveal business logic...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 466192044 High: Under coordination. 460599518 Medium CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang @Krace of VRI on 2025-11-14 461532432 Medium CVE-2025-14373: Inappropriate implementation in Toolbar...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-3630 / CVE-2025-67635 Denial of service vulnerability in HTTP-based CLI Medium SECURITY-1809 / CVE-2025-67636 Missing permission check on password fields Medium SECURITY-783 / CVE-2025-67637 storage, CVE-2025-67638 masking Build authorization...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in vulnerability reports impacts GitLab CE/EE Cross-site scripting issue in Swagger UI impacts GitLab CE/EE Denial of service issue in GraphQL endpoints impacts GitLab CE/EE Authentication bypass issue for...
MongoDB Server -- Improper Locking
https://jira.mongodb.org/browse/SERVER-106075 reports: A post-authenticationflaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short...
Mozilla -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=1963153%2C1985058%2C1995637%2C1997118 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- Use-after-free
https://bugzilla.mozilla.org/showbug.cgi?id=1840666 reports: Use-after-free in the Audio/Video: GMP component...
Mozilla -- Sandbox escape
https://bugzilla.mozilla.org/showbug.cgi?id=1996473 reports: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component...
Mozilla -- Privilege escalation
https://bugzilla.mozilla.org/showbug.cgi?id=1996761 reports: Privilege escalation in the Netmonitor component...
Mozilla -- JIT miscompilation in the JavaScript Engine: JIT component
https://bugzilla.mozilla.org/showbug.cgi?id=1997503 reports: JIT miscompilation in the JavaScript Engine: JIT component...
Mozilla -- Use-after-free
https://bugzilla.mozilla.org/showbug.cgi?id=1992760 reports: Use-after-free in the WebRTC: Signaling component...
Mozilla -- JIT miscompilation
https://bugzilla.mozilla.org/showbug.cgi?id=1998050 reports: JIT miscompilation in the JavaScript Engine: JIT component...
Mozilla -- Privilege escalation
https://bugzilla.mozilla.org/showbug.cgi?id=1996555 reports: Privilege escalation in the DOM: Notifications component...
Mozilla -- Spoofing issue
https://bugzilla.mozilla.org/showbug.cgi?id=1970743 reports: Spoofing issue in the Downloads Panel component...
Mozilla -- Privilege escalation
https://bugzilla.mozilla.org/showbug.cgi?id=1997018 reports: Privilege escalation in the Netmonitor component...
Mozilla -- Same-origin policy bypass
https://bugzilla.mozilla.org/showbug.cgi?id=2000218 reports: Same-origin policy bypass in the Request Handling component...
Mozilla -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=1966501%2C1997639 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
traefik -- Bypassing security controls via special characters
The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted...
powerdns-recursor -- Denial of Service
PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial of service in Recursor 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor 2026-01: Crafted zones can lead to increased resource usage in Recursor...
c-ares -- Use After Free
https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 reports: c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed i...
traefik -- Inverted TLS Verification Logic in Kubernetes NGINX Provider
The traefik project reports: There is a potential vulnerability in Traefik NGINX provider managing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. The provider inverts the semantics of the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intendi...