368577 matches found
CVE-2026-49284
CVE-2026-49284 (placeholder entry) relates to SimpleSAMLphp where the SP ACS path does not enforce the IdP used for an SP-initiated login. If a saved state expects IdP A but a response from IdP B arrives, the system may continue processing instead of rejecting, potentially allowing an authenticat...
CVE-2026-52792
The CVE entry relates to Algernon (Go-based web server). On Windows NTFS, file handling uses filepath.Ext() to choose how to serve a script, but NTFS-equivalent filenames like x.lua::$DATA, x.lua., or x.lua are not treated as .lua. This allows an unauthenticated user to request a server-side scri...
CVE-2026-52834
On 32-bit platforms, the vulnerability is in the jxl-grid implementation where an integer overflow during length calculation can cause out-of-bounds writes when decoding a crafted JPEG XL image. The GHSA advisory and OSV-RUSTSEC entry describe a scenario where large frames or canvas/ROI shapes ov...
CVE-2026-52830
The CVE describes a path-traversal in fast-mcp-telegram prior to 0.19.1 where HTTP Bearer tokens are joined into a session-file path. The verifier rejects only the exact reserved token, not path separators or normalized paths, enabling a remote client to authenticate as the default legacy session...
CVE-2026-49289
Technical details for CVE-2026-49289 are not publicly available in the provided documents. Monitor for updates as information may be released by the reserving party.
CVE-2026-52829
Technical details for CVE-2026-52829 are not publicly available in the provided documents; the entry is reserved. Monitor for updates.
CVE-2026-49283
Technical details for CVE-2026-49283 are not publicly available in the provided documents. Monitor for updates as information remains reserved/no detail.
CVE-2026-52817
Technical details for CVE-2026-52817 are not publicly available in the provided documents; no affected products, impact, or remediation are described. Monitor for future updates.
CVE-2026-52746
Technical details for CVE-2026-52746 are not publicly available in the provided documents; the entry is reserved. Monitor for updates.
CVE-2026-52734
Technical details for CVE-2026-52734 are not publicly available in the provided documents. No affected products, root cause, or remediation are disclosed. Monitor for updates from the issuing party.
CVE-2026-52733
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-58460
CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...
CVE-2026-58467
Cockpit CMS prior to release 364 is affected by a path traversal and local file inclusion vulnerability. Unauthenticated attackers can craft a request (via the URL’s PATH_INFO in REQUEST_URI) to reach arbitrary files; if the resolved path ends with .php, it may be passed to include(), enabling lo...
CVE-2026-58466
AutoBangumi prior to version 3.2.8 contains a hard-coded default-credentials vulnerability. When the users table is empty, a default administrator account is seeded at startup via add_default_user() in the database user module, allowing unauthenticated attackers to authenticate as admin by submit...
CVE-2026-52739
Technical details are not publicly available in the provided documents. This CVE entry is reserved; monitor for updates.
CVE-2026-58381
CVE-2026-58381 affects GIMP's PSP file format parser. A double-free in read_layer_block() when processing a specially crafted PSP file can cause memory corruption, potentially leading to denial of service or arbitrary code execution. The provided data includes a CVSSv3.1 vector (AV:L/AC:L/PR:L/UI...
CVE-2026-52738
Technical details are not publicly available in the provided documents. Monitor for updates to CVE-2026-52738 for potential disclosure, affected products, impact, or remedies.
CVE-2026-52737
Technical details for CVE-2026-52737 are not publicly available in the provided documents. No affected products, vectors, or remediation are stated. Monitor for updates as new information is published.
CVE-2026-59102
CVE-2026-59102 affects Forgejo prior to 15.0.3, with a stored XSS in the Actions run page when DEFAULT_SHOW_FULL_NAME is enabled. The description shows that an authenticated attacker can inject an HTML payload into the full name, which is interpolated into an HTML string via a translation functio...
CVE-2026-59101
AutoBangumi