888008 matches found
BELL-CVE-2026-52909
Bulletin has no description...
BELL-CVE-2026-52908
Bulletin has no description...
BELL-CVE-2026-52910
Bulletin has no description...
MGASA-2026-0227 Updated sslh packages fix security vulnerabilities
CVE-2025-46806, A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures CVE-2025-46807, A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny...
MGASA-2026-0228 Updated mumble packages fix security vulnerability
Mumble is prone to an out-of-bounds array access, which may result in denial of service client crash...
RLSA-2026:28037 Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite...
DEBIAN-CVE-2026-53539
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead...
DEBIAN-CVE-2026-53537
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...
DEBIAN-CVE-2026-53540
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...
MINI-93FC-9JJ2-8FM6
Bulletin has no description...
MINI-W9FW-CJHJ-5WFC
Bulletin has no description...
MINI-Q75H-VVMG-9CX9
Bulletin has no description...
MINI-954P-M2PG-M79J
Bulletin has no description...
MINI-VHP2-2WM5-8J8W
Bulletin has no description...
MINI-QXVF-RXXG-5H2Q
Bulletin has no description...
MINI-VWFM-8X37-FJ5X
Bulletin has no description...
MINI-2P3C-J45Q-WMRJ
Bulletin has no description...
MINI-C9VQ-MJ7P-QX33
Bulletin has no description...
MINI-WFQG-57C8-9JXC
Bulletin has no description...
MINI-CVHJ-F35Q-XMW6
Bulletin has no description...
MINI-RCRQ-6P2P-MJP9
Bulletin has no description...
MINI-354X-MGR3-8WGJ
Bulletin has no description...
MINI-FVV9-G7F9-QVQM
Bulletin has no description...
MINI-PHVC-3MJF-C77R
Bulletin has no description...
MINI-4HMG-C93H-GJ43
Bulletin has no description...
MINI-8437-3GQX-H2J6
Bulletin has no description...
MINI-239H-7378-RH63
Bulletin has no description...
MINI-8XW5-R8RJ-6MV8
Bulletin has no description...
MAL-2026-6275 Malicious code in @ts-apis/ts-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eccf08a9ba188be941f42f0b088d51fc5b1e84802fe9bd1d1218a6b71a6e2c11 The published tarball's dist/index.js contains an obfuscated payload that runs at require time inside a setTimeout-wrapped IIFE, completely unrelated...
ECHO-145E-CEA4-F440
Bulletin has no description...
GHSA-WV27-2VQP-J7G5 Gogs has the ability to import local repositories via Mirror Settings
Summary The Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. Details Here is the function implementation o...
GHSA-PWX3-QCGW-VH7H Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
Summary In Gogs 0.14.1, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owner is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be added to the Owners team. As a result, the...
GHSA-P9F5-H3RX-J5QW Gogs Missing Authorization in Attachment Download
Summary In Gogs 0.14.1, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we confirmed that an unauthenticated user ca...
GHSA-JQ8V-RMF6-65JW Gogs has Stored XSS in `.ipynb` Preview
Summary Although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this process, links containing schemes such as javascript: can ...
GHSA-4J89-2C4F-44C6 Gogs has DoS in rendering issue index pattern
Summary Special template of issue index pattern may cause panic. Details in internal/markup/markup.go go link = fmt.Sprintf%s, com.Expandmetas"format", metas, m Issue index pattern is rendered to link with com.Expand. However, com.Expand is not safe. go i = strings.Indextemplate, "" if s, ok :=...
GHSA-XQJM-27PC-RVWM @actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
Summary exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix neutralization. Strings that begin with =, +, -, @, tab, or...
GHSA-GFQ7-5X4G-3XHF @budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation
Summary Authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connection later performs a separate DNS lookup through...
GHSA-W7MQ-R738-X278 Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload
Summary POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, opens it, and streams the bytes into MinIO. The resulting...
GHSA-RGVG-3WPC-H44P Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
Summary The webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the internal appId property by including it in the webhook POST...
GHSA-CQ9C-6W48-QMFG @actual-app/sync-server: Disabled OpenID users keep access through existing session tokens
Summary In OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity. Existing Actual session tokens for the disabled user remain valid, so the user can continue calling authenticated server endpoints after an administrator has disabled the account. Details The...
GHSA-35C4-RVC8-FRHM Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
Summary The Budibase server route POST /api/attachments/:datasourceId/url packages/server/src/api/routes/static.ts is registered with only the recaptcha middleware. There is no authorized... middleware in the chain. The controller...
USN-8462-1 linux-oracle-5.15 vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...
GHSA-JJ36-R9W3-3PFH Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builde...
GHSA-V7J5-VC4M-723W Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
Title Chat Identity Link Hijacking — Attacker Can Silently Map Their Slack/Discord Identity to Any Authenticated Budibase User's Account Severity High — CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N = 7.3 Affected Product - Product: Budibase - Version: 3.37.2 introduced in this version - Componen...
GHSA-QC2X-6F54-M6H9 zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Impact readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self.datalen. Python's slice silently returns fewer bytes when the end index runs past the...
GHSA-HVQH-JW65-WCPQ devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs
Summary The default formatGroup and formatResult functions in devbridge-autocomplete concatenate values into HTML without escaping, allowing XSS when an attacker controls or can taint the suggestion data source. Details 1. formatGroup — category is interpolated raw. src/format.ts: ts function...
GHSA-9M6G-WC8R-Q59C scimPatch vulnerable to prototype pollution via unfiltered keys in patch
Summary scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like "proto.someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process. Any service that calls scimPatch on...
GHSA-GHMH-JHMJ-WCMF nebula-mesh's stores enrollment tokens unhashed in SQLite
internal/store/sqlite.go:1177,1192,1221,1245 — the enrollmenttokens.token column holds the raw UUID token. ConsumeToken does WHERE token = ? against the raw string. Compare with operatorapikeys.keyhash, which is SHA-256 hex constructed in internal/api/middleware.go:51-53. Affected All released...
USN-8461-1 linux-azure vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
DEBIAN-CVE-2026-54277
Bulletin has no description...