206662 matches found
CVE-2026-14685
A flaw was found in HdrHistogram. A local attacker could exploit this vulnerability by manipulating the 'Count' argument within the recordValueWithCount function. This manipulation leads to a state issue, which could impact the integrity of data processing within the affected component. Mitigatio...
CVE-2026-15714
An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soupmultipartinputstreamreadheaders function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When...
CVE-2026-15713
A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window exhaustion or explicit stream resets. A remote, unauthenticated...
CVE-2026-15711
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames e.g., PING, PONG, CLOSE contain a payload of 125 bytes or less. A remote, unauthenticated attacker...
CVE-2026-15709
A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...
CVE-2026-15712
A heap buffer over-read vulnerability was discovered in libsoup's versions: libsoup 3.0 to 3.7.0 HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminate...
CVE-2026-62641
A flaw was found in Roundcube Webmail. The TNEF Transport Neutral Encapsulation Format decoder, which handles winmail.dat files, is vulnerable to a denial of service. A remote attacker could send a specially crafted compressed-RTF Rich Text Format file, causing the decoder to consume excessive...
CVE-2026-54432
A flaw was found in Roundcube Webmail. This Stored Cross-Site Scripting XSS vulnerability arises from improper escaping of the attachment MIME type on the attachment-validation warning page. A remote attacker could exploit this by sending a specially crafted attachment, potentially leading to the...
CVE-2026-62642
A flaw was found in Roundcube Webmail. A remote attacker could exploit an infinite loop vulnerability in the TNEF Transport Neutral Encapsulation Format decoder by sending a specially crafted email with a TNEF attachment. This could lead to a denial of service, making the webmail service...
CVE-2026-62644
A flaw was found in the password plugin of Roundcube Webmail. A remote attacker with low privileges could exploit a username spoofing vulnerability by manipulating session data. This could lead to an account takeover, allowing the attacker to gain unauthorized access to a user's webmail account...
CVE-2026-62643
A flaw was found in Roundcube Webmail. Insufficient sanitization of Cascading Style Sheets CSS within HTML email messages allows a remote attacker to perform Server-Side Request Forgery SSRF or disclose sensitive information. This vulnerability occurs when stylesheet links point to local network...
CVE-2026-54433
A flaw was found in Roundcube Webmail. A remote attacker could exploit a Stored Cross-Site Scripting XSS vulnerability by sending a specially crafted plain-text email message. When the victim opens or previews this message, attacker-controlled JavaScript executes within their authenticated sessio...
CVE-2026-49478
A flaw was found in Fulcio's OpenID Connect OIDC Discovery client. This vulnerability allows a remote attacker to perform Server-Side Request Forgery SSRF by redirecting discovery requests to internal systems. Additionally, an attacker can manipulate the JSON Web Key Set JWKS Uniform Resource...
CVE-2026-48815
A flaw was found in sigstore. The certificateOIDs option, intended to restrict which certificates can sign artifacts, is accepted by the public application programming interface API but is not used during the verification process. This allows unauthorized certificates to be accepted, bypassing...
CVE-2026-50149
A flaw was found in Contour. When an HTTPProxy is configured with both a fallback certificate and JWT JSON Web Token providers, Contour does not properly enforce JWT verification. This allows remote attackers to bypass security checks by sending requests without a valid token, specifically when...
CVE-2026-48038
A flaw was found in joi, a JavaScript data validation library. When validating deeply nested input against recursive link schemas, an uncaught RangeError is thrown due to excessive stack depth. If the application does not wrap validate calls in a try/catch block, this unhandled exception crashes...
CVE-2026-49835
A flaw was found in Sigstore Timestamp Authority. An unauthenticated remote attacker can exploit this vulnerability by sending requests with arbitrary HTTP paths and methods. This leads to the creation of an excessive number of unique metric labels, causing unbounded memory growth and a denial of...
CVE-2026-48816
A flaw was found in sigstore-js. The software derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a transparency log tlog entry can be inclusion-proof-only, meaning the inclusion...
CVE-2026-50151
A flaw was found in oras-go. During the monolithic blob upload process, oras-go reuses the Authorization header for subsequent requests, even if a malicious registry provides a cross-host Location header. This vulnerability allows an attacker-controlled endpoint to receive the caller's credential...
CVE-2026-48758
A flaw was found in the @sigstore/core component. The preAuthEncoding function incorrectly uses Node.js 'ascii' encoding when converting Pre-Authentication Encoding PAE strings to bytes. This encoding truncates Unicode characters to their low byte, allowing an attacker to substitute characters in...
CVE-2026-47701
A flaw was found in OpenTelemetry Operator for Kubernetes. A tenant with permissions to create or update a ServiceMonitor resource can configure the bearerTokenFile field to point to the Collector's service account token path. This causes the Collector to send its mounted service account JSON Web...
CVE-2026-48068
A flaw was found in @grpc/grpc-js, a pure JavaScript gRPC client and server library. An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This vulnerability affects all servers created using @grpc/grpc-js, and no workaround is available. An unauthenticated remote...
CVE-2026-48069
A flaw was found in @grpc/grpc-js, a pure JavaScript gRPC client and server library. An invalid incoming compressed message can cause a client or server process to crash. This vulnerability affects all clients and servers that use @grpc/grpc-js, and no workaround is available. An unauthenticated...
CVE-2026-50163
A flaw was found in oras-go, a Go library used for managing OCI Open Container Initiative artifacts. An attacker can exploit this vulnerability by providing a specially crafted tarball containing a malicious hardlink. When this tarball is extracted, the hardlink can be manipulated to point to fil...
CVE-2026-42771
A flaw was found in OpenSSL. When an application uses the X509VERIFYPARAMset1email function to validate a specially crafted S/MIME Secure/Multipurpose Internet Mail Extensions email address, an out-of-bounds read can occur. A remote attacker could exploit this vulnerability by sending a malicious...
CVE-2026-15605
A flaw was found in wandb. A remote attacker could exploit the use of a weak hash algorithm during artifact integrity validation in the ArtifactManifestEntry.download function. This could potentially lead to a low impact on confidentiality, allowing for limited information disclosure...
CVE-2026-58472
A flaw was found in GNU Wget. A remote attacker can exploit a heap buffer overflow vulnerability in the htmlquotestring function by providing a specially crafted HTML attribute. This can lead to memory corruption and potentially result in arbitrary code execution or a denial of service. Mitigatio...
CVE-2026-59674
A flaw was found in suricata. This vulnerability, related to improper handling of symbolic links, allows a local suricata user to escalate their privileges to root. By exploiting this, an attacker could gain full control over the affected system. Mitigation No mitigation is necessary for Red Hat'...
CVE-2026-12482
A flaw was found in Keras. An attacker can exploit a vulnerability in the tar archive processing to bypass security validations. This allows for the creation of symbolic links symlinks outside of the intended directory, which could lead to unauthorized access to or modification of files on the...
CVE-2026-58470
An integer overflow in GNU Wget's parsecontentrange function allows malicious servers to send crafted Content-Range headers. This triggers undefined behavior and download desynchronization, potentially causing a denial of service or data integrity issues for the client. Mitigation To mitigate thi...
CVE-2026-53364
A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI connection handling. The hcilebigterminate function, which is responsible for terminating Bluetooth connections, allocates memory but fails to free it under specific conditions when certain flags are not set. This memo...
CVE-2026-53365
A flaw was found in the Linux kernel's vsock/virtio component. This vulnerability occurs during zerocopy completion for large messages fragmented into multiple socket kernel buffers skbs. An issue in how user arguments uargs are handled for these buffers can lead to pinned user pages not being...
CVE-2026-39246
A flaw was found in the decompress package for Node.js. The package creates symlinks from archive entries during extraction without validating the link target against the output directory, because the existing containment check only applies to regular file entries. An attacker who can supply a...
CVE-2026-48978
A flaw was found in oras-go. The auth.Client in oras-go does not properly validate the scheme or host of the realm URL provided in a registry's WWW-Authenticate: Bearer challenge. A remote attacker, operating a malicious registry or performing a man-in-the-middle attack, could exploit this to...
CVE-2026-53539
A flaw was found in Python-Multipart, a streaming multipart parser. A remote attacker can exploit this vulnerability by submitting a specially crafted application/x-www-form-urlencoded body. This can cause the QuerystringParser to perform inefficient processing, leading to excessive CPU...
CVE-2026-15416
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...
CVE-2026-12413
A flaw was found in Libreswan's IKEv2 fragment reassembly mechanism. When a VPN gateway processes incoming split network packets fragments containing unexpected data, an off-by-one boundary validation error triggers an internal program safety check assertion failure. A remote, unauthenticated...
CVE-2026-51537
A flaw was found in OpENer. An out-of-bounds read vulnerability exists in the Connection Manager when processing malformed ForwardOpen requests. A remote attacker can send a specially crafted Ethernet/IP ENIP frame with an insufficient Common Industrial Protocol CIP ForwardOpen/LargeForwardOpen...
CVE-2026-50722
A flaw was found in Libreswan's implementation of IKEv2 authentication when processing signatures utilizing the RSASSA-PKCS1-v15 scheme. The RSAauthenticatehashsignaturepkcs115rsa function does not correctly validate the DER encoding of the ASN.1 digest. A remote, unauthenticated attacker could...
CVE-2026-59869
A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...
CVE-2026-50721
A flaw was found in Libreswan's implementation of IKEv1 authentication via raw RSA signatures. When processing an IKEv1 packet using PKCS 1 v1.5 RSA encryption, the RSAauthenticatehashsignaturerawrsa function fails to properly validate the length of the authentication hash. A remote,...
CVE-2026-60103
A flaw was found in Blender. A remote attacker could exploit an out-of-bounds read vulnerability by providing a specially crafted .blend file. This vulnerability occurs when the application processes a malicious memberindex value without proper validation, leading to an attempt to access memory...
CVE-2026-50162
A flaw was found in oras-go. The file content store, intended to confine writes to a specified working directory, does not properly account for symbolic link symlink traversal. A remote attacker, by providing a specially crafted blob title, could exploit this vulnerability to create files outside...
CVE-2026-39245
A flaw was found in the decompress component. An improper path containment check allows a local attacker to perform directory traversal. This vulnerability, when combined with unvalidated symlink creation, enables an attacker to write arbitrary files to directories outside the intended extraction...
CVE-2026-48702
A flaw was found in Rekor. The Package.Unmarshal function, which processes Alpine Package Keep APK files, decompresses gzip streams without limiting the total decompressed size. A remote attacker can exploit this by crafting a malicious APK file with a high compression ratio, causing the server t...
CVE-2026-44024
A flaw was found in Fluentd, a data collector. This vulnerability allows a remote attacker to achieve arbitrary file write and potentially remote code execution by sending untrusted tags containing path traversal characters. The issue arises from insufficient validation of the $tag placeholder in...
CVE-2026-54911
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...
CVE-2026-52846
A flaw was found in Caddy, an extensible server platform. The stripHTML template function, intended to remove HTML tags from input, fails to reliably process certain malformed HTML. This oversight allows dangerous content to remain in the output, which, if subsequently rendered as HTML, can lead ...
CVE-2026-50168
A flaw was found in the @angular/platform-server package of Angular. This vulnerability allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL...
CVE-2026-15538
A flaw was found in PrimeFaces PrimeReact. A remote attacker can exploit a weakness in the ObjectUtils.mutateFieldData function within the component API. This allows for the improper modification of object prototype attributes, potentially leading to unexpected behavior or further attacks. This...