Advisories

Feb 2026

Wagtail has improper permission handling on admin preview endpoints

Due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data of the user's choosing. The existing data of the object itself is not exposed, but depending on the nature …

RustFS Logs Sensitive Credentials in Plaintext

RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This vulnerability is classified as an information disclosure issue (CWE-532).

Qwik SSR XSS via Unsafe Virtual Node Serialization

Description A Cross-site Scripting (CWE-79) vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a victim's browser in the context of the affected origin. This affects qwik-city before version 1.19.0. This has been patched in qwik-city version 1.19.0.

Qwik City Open Redirect via fixTrailingSlash

Description An Open Redirect (CWE-601) vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convincing phishing links that appear to originate from the trusted domain but redirect the victim to an attacker-controlled site. This affects qwik-city before version 1.19.0. This has been patched in qwik-city version 1.19.0.

Prototype Pollution via FormData Processing in Qwik City

A Prototype Pollution vulnerability exists in the formToObj() function within @builder.io/qwik-city middleware. The function processes form field names with dot notation (e.g., user.name) to create nested objects, but fails to sanitize dangerous property names like proto, constructor, and prototype. This allows unauthenticated attackers to pollute Object.prototype by sending crafted HTTP POST requests, potentially leading to privilege escalation, authentication bypass, or denial of service.

Moodle vulnerable to Cross-site Scripting

A flaw was found in Moodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.

Moodle vulnerable to Cross-site Scripting

A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.

Moodle Open Redirect vulnerability

A flaw was found in Moodle. An Open Redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.

Moodle has an authorization logic flaw

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

Moodle formula injection vulnerability

A flaw was found in Moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

Moodle Cross-site Scripting (XSS) vulnerability

A flaw was found in Moodle. This Cross-site Scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.

Moodle authentication bypass vulnerability

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

jsonwebtoken has Type Confusion that leads to potential authorization bypass

It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an incorrect JSON type (Like a String instead of a Number), the library’s internal parsing mechanism marks the claim as “FailedToParse”. Crucially, the validation logic treats this “FailedToParse” state identically to “NotPresent”. This means that if a check is …

jsonwebtoken has Type Confusion that leads to potential authorization bypass

It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an incorrect JSON type (Like a String instead of a Number), the library’s internal parsing mechanism marks the claim as “FailedToParse”. Crucially, the validation logic treats this “FailedToParse” state identically to “NotPresent”. This means that if a check is …

JinJava Bypass through ForTag leads to Arbitrary Java Execution

Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: Organizations using HubSpot's Jinjava template rendering engine for user-provided template content Any system that renders untrusted Jinja templates using HubSpot's Jinjava implementation Users with the ability to create or edit custom code templates Severity: Critical - allows arbitrary Java class instantiation and file access bypassing built-in sandbox restrictions Root Cause: Multiple security bypass vulnerabilities in Jinjava's sandbox …

HtmlSanitizer has a bypass via template tag

If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: it is still possible to forcibly render the contents of a <template> tag through mutation XSS. The DOM parsers in browsers such as …

HtmlSanitizer has a bypass via template tag

If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: it is still possible to forcibly render the contents of a <template> tag through mutation XSS. The DOM parsers in browsers such as …

FacturaScripts has SQL Injection in Autocomplete Actions

FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in the CodeModel::all() method where user-supplied parameters are directly concatenated into SQL queries without sanitization or parameterized binding.

FacturaScripts has SQL Injection in API ORDER BY Clause

FacturaScripts contains a critical SQL Injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy() method where user-supplied sorting parameters are directly concatenated into the SQL ORDER BY clause without validation or sanitization. This affects all API endpoints that support sorting functionality.

Django has Observable Timing Discrepancy

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

Django has Inefficient Algorithmic Complexity

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars() and Truncator.words() methods (with html=True) and the truncatechars_html and truncatewords_html template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like …

Django has Inefficient Algorithmic Complexity

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Jiyong Yang for reporting this issue.

Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet methods annotate(), aggregate(), extra(), values(), values_list(), and alias(). Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like …

Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.order_by() is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this …

Decidim's private data exports can lead to data leaks

Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by #13571 and affects Decidim versions 0.30.0 or newer (currently 2025-09-23). This issue was discovered by running the following spec several times in a row, as it can randomly fail due to this bug: $ cd decidim-core $ for i in {1..10}; do bundle exec rspec …

Decidim's private data exports can lead to data leaks

Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by #13571 and affects Decidim versions 0.30.0 or newer (currently 2025-09-23). This issue was discovered by running the following spec several times in a row, as it can randomly fail due to this bug: $ cd decidim-core $ for i in {1..10}; do bundle exec rspec …

Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes

Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to …

Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing

An Insecure Direct Object Reference (CWE-639) has been found to exist in createHeaderBasedEmailResolver() function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin checks, allowing an external attacker with control of these headers to route inbound mail to arbitrary Durable Object instances and namespaces.

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocol.io), this could have enabled attackers to register domains like modelcontextprotocol.io.example.com that would pass validation. This could enable automatic requests to attacker-controlled domains without user consent, potentially leading to data exfiltration. Users on standard Claude Code auto-update have received this fix already. Users …

Claude Code has a Command Injection in find Command Bypasses User Approval Prompt

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version. Claude Code thanks https://hackerone.com/alexbernier

bytes has integer overflow in BytesMut::reserve

Details In the unique reclaim path of BytesMut::reserve, the condition if v_capacity >= new_cap + offset uses an unchecked addition. When new_cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as spare_capacity_mut() then trust this corrupted cap value and may create out-of-bounds slices, leading to UB. This behavior is …

bytes has integer overflow in BytesMut::reserve

Details In the unique reclaim path of BytesMut::reserve, the condition if v_capacity >= new_cap + offset uses an unchecked addition. When new_cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as spare_capacity_mut() then trust this corrupted cap value and may create out-of-bounds slices, leading to UB. This behavior is …

Apache Syncope: Reflected XSS on Enduser Login

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

Apache Syncope: Console XXE on Keymaster parameters

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

@isaacs/brace-expansion has Uncontrolled Resource Consumption

@isaacs/brace-expansion is vulnerable to a Denial of Service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process.

vLLM has RCE In Video Processing

A chain of vulnerabilities in vLLM allow Remote Code Execution (RCE): Info Leak - PIL error messages expose memory addresses, bypassing ASLR Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution Result: Send a malicious video URL to vLLM Completions or Invocations for a video model -> Execute arbitrary commands on the server Completely default vLLM instance directly from pip, or docker, …

SignalK Server has Path Traversal leading to information disclosure

A Path Traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The validateAppId() function blocks forward slashes (/) but not backslashes (), which are treated as directory separators by path.join() on Windows. This enables attackers to escape the intended applicationData directory.

Signal K set-system-time plugin vulnerable to RCE - Command Injection

A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K server. This occurs due to unsafe construction of shell commands when processing navigation.datetime values received via WebSocket delta messages.

SageMaker Python SDK has Exposed HMAC

SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified.

pip Path Traversal vulnerability

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking

The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application.

OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl

The Control UI trusts gatewayUrl from the query string without validation and auto-connects on load, sending the stored gateway token in the WebSocket connect payload. Clicking a crafted link or visiting a malicious site can send the token to an attacker-controlled server. The attacker can then connect to the victim's local gateway, modify config (sandbox, tool policies), and invoke privileged actions, achieving 1-click RCE. This vulnerability is exploitable even on …

OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable

A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This issue has been fixed and regression tests have been added to prevent reintroduction.

mlflow Creates of Temporary File in Directory with Insecure Permissions

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.

ml-dsa's UseHint function has off by two error when r0 equals zero

There's a bug in the use_hint function where it adds 1 instead of subtracting 1 when the decomposed low bits r0 equal exactly zero. FIPS 204 Algorithm 40 is pretty clear that r0 > 0 means strictly positive, but the current code treats zero as positive. This causes valid signatures to potentially fail verification when this edge case gets hit.

Lollms has an Improper Access Control vulnerability

A vulnerability in the lollms_generation_events.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The add_events function registers event handlers such as generate_text, cancel_generation, generate_msg, and generate_msg_from without implementing authentication or authorization checks. This allows unauthenticated clients to execute resource-intensive or state-altering operations, leading to potential denial of service, state corruption, and race conditions. Additionally, the use of global flags (lollmsElfServer.busy, lollmsElfServer.cancel_gen) for state management in a …

locutus is vulnerable to Prototype Pollution

A Prototype Pollution vulnerability exists in the the npm package locutus (>2.0.12). Despite a previous fix that attempted to mitigate Prototype Pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using String.prototype. This issue was fixed in version 2.0.39.

locutus is vulnerable to Prototype Pollution

A Prototype Pollution vulnerability exists in the the npm package locutus (>2.0.12). Despite a previous fix that attempted to mitigate Prototype Pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using String.prototype. This issue was fixed in version 2.0.39.

llama-index-core vulnerable to Uncontrolled Resource Consumption

The SimpleDirectoryReader component in llama_index.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (num_files_limit) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.

Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scope langroid <= 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langroid/utils/pandas_utils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to _literal_ok() returning False instead of raising UnsafeCommandError on invalid input, combined with unrestricted access to dangerous dunder attributes (init, globals, builtins). This allows chaining whitelisted DataFrame methods to leak the eval builtin …

Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning

An IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can …

jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)

User control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. Example attack vector: import { jsPDF } from "jspdf" const …

jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, wich lead to excessive memory allocation. Other affected methods …

jsPDF has Shared State Race Condition in addJS Plugin

The addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF …

jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution

User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are: AcroformChoiceField.addOption AcroformChoiceField.setOptions AcroFormCheckBox.appearanceState AcroFormRadioButton.appearanceState Example attack vector: import …

Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET request, reading the entire response body into memory and cloning it before decoding. This behavior can lead to resource exhaustion, including network bandwidth saturation, memory inflation, and CPU overutilization. The …

H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the /3/Frames/framename/export endpoint. The impact of this vulnerability includes the potential for remote code execution and complete access to the system running h2o-3, as attackers can overwrite …

H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the /3/Frames/framename/export endpoint. The impact of this vulnerability includes the potential for remote code execution and complete access to the system running h2o-3, as attackers can overwrite …

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.

Fastify's Content-Type header tab character allows body validation bypass

A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. For example, a request with Content-Type: application/json\ta will bypass JSON schema validation but still be parsed as JSON. This vulnerability …

Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream

A Denial of Service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation.

FacturaScripts is Vulnerable to Reflected XSS

A reflected XSS bug has been found in FacturaScripts. The problem is in how error messages get displayed - it's using Twig's | raw filter which skips HTML escaping. When a database error is triggered (like passing a string where an integer is expected), the error message includes all input and gets rendered without sanitization. Attackers can use this to phish credentials from other users since HttpOnly is set on …

Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration

A stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script execution. If a user has database backup utility permissions (which do not require an elevated session), an attacker can exfiltrate the entire database, including all user credentials, customer PII, order history, and 2FA recovery codes. Users are recommended to update to the patched …

Craft Commerce has Stored XSS in Product Type Name

Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input (source) is in Commerce (Product Type settings), but the sink is in CMS user permissions settings. Reporting to Commerce GHSA since the input originates here. Users are recommended to update to the patched 5.5.2 release to mitigate the issue.

CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details The password reset flow returns different responses based on whether the provided email address exists in the database or not. If the email is registered, the system typically returns a success message (e.g., …

CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details The password reset flow returns different responses based on whether the provided email address exists in the database or not. If the email is registered, the system typically returns a success message (e.g., …

CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor

Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution (RCE). By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability Details The vulnerability exists in the /backend/fileeditor/createFile and /backend/fileeditor/save API endpoints. Unrestricted File Creation: The createFile endpoint allows users to create files with any extension …

CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor

Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution (RCE). By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability Details The vulnerability exists in the /backend/fileeditor/createFile and /backend/fileeditor/save API endpoints. Unrestricted File Creation: The createFile endpoint allows users to create files with any extension …

cert-manager-controller DoS via Specially Crafted DNS Response

The cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in Denial of Service (DoS) of the cert-manager controller. The issue can also be exploited if the …

cert-manager-controller DoS via Specially Crafted DNS Response

The cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in Denial of Service (DoS) of the cert-manager controller. The issue can also be exploited if the …

Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

A hardcoded secret key used for signing JWTs is checked into source code ManyAPI routes do not check authentication print("\n" + "=" * 70) print("\n[SUMMARY]\n") print(f"Endpoints accessible WITHOUT authentication ({len(results['no_auth'])}):") for ep in results["no_auth"]: print(f" - {ep}") print(f"\nEndpoints accessible with FORGED JWT only ({len(results['jwt_only'])}):") for ep in results["jwt_only"]: print(f" - {ep}") print(f"\nEndpoints that rejected both ({len(results['both_fail'])}):") for ep, no_auth, jwt_auth in results["both_fail"]: print(f" - {ep} (no_auth: {no_auth}, jwt: {jwt_auth})") if …

Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

A hardcoded secret key used for signing JWTs is checked into source code ManyAPI routes do not check authentication print("\n" + "=" * 70) print("\n[SUMMARY]\n") print(f"Endpoints accessible WITHOUT authentication ({len(results['no_auth'])}):") for ep in results["no_auth"]: print(f" - {ep}") print(f"\nEndpoints accessible with FORGED JWT only ({len(results['jwt_only'])}):") for ep in results["jwt_only"]: print(f" - {ep}") print(f"\nEndpoints that rejected both ({len(results['both_fail'])}):") for ep, no_auth, jwt_auth in results["both_fail"]: print(f" - {ep} (no_auth: {no_auth}, jwt: {jwt_auth})") if …

@backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator

A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with techdocs.generator.runIn: local. When processing documentation from untrusted sources, symlinks within the docs directory are followed by MkDocs during the build process. File contents are embedded into generated HTML and exposed to users who can view the documentation.

Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. This does not apply to any other commands and only applies to the login command if the –cacert flag was not provided. An attacker with network-level …

LobeHub Vulnerable to Improper Authorization in Presigned Upload

The file upload feature in Knowledge Base > File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitrary files in abnormal or unintended paths. In addition, since lobechat.com relies on the size parameter from the request to calculate file usage, an attacker can manipulate this value to misrepresent the actual file …

Jan 2026

PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

PsySH automatically loads and executes a .psysh.php file from the Current Working Directory (CWD) on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When the victim runs PsySH with elevated privileges (e.g., root), this results in local privilege escalation.

SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE

The /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. Affected Version: 3.5.3 (and likely all prior versions)

SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE

The /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. Affected Version: 3.5.3 (and likely all prior versions)

React Server Components have multiple Denial of Service Vulnerabilities

It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.1.1, 19.1.2, 19.1.3, 19.1.4, 19.2.0, 19.2.1, 19.2.2, 19.2.3 of: react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and …

React Server Components have multiple Denial of Service Vulnerabilities

It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.1.1, 19.1.2, 19.1.3, 19.1.4, 19.2.0, 19.2.1, 19.2.2, 19.2.3 of: react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and …

React Server Components have multiple Denial of Service Vulnerabilities

It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.1.1, 19.1.2, 19.1.3, 19.1.4, 19.2.0, 19.2.1, 19.2.2, 19.2.3 of: react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and …

malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction

malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The handleSymlink function received arguments in the wrong order, causing the symlink target to be used as the symlink location. Additionally, symlink targets were not validated to ensure they resolved within the extraction directory.

malcontent OCI image pull credential exfiltration via malicious registry token realm

Malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. Malcontent uses google/go-containerregistry for OCI image pulls, which by default uses the Docker credential keychain. A malicious registry could return a WWW-Authenticate header redirecting token authentication to an attacker-controlled endpoint, causing credentials to be sent to that endpoint. Fix: Default to anonymous auth for OCI pulls Acknowledgements Thank you to Oleh Konko …

Maker.js has Unsafe Property Copying in makerjs.extendObject

The makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks hasOwnProperty() checks and does not filter dangerous keys, allowing inherited properties and potentially malicious properties to be copied to target objects.

Juju has broken CMR authorization

Cross-model Relation authorization is broken and has a potential security vulnerability. If the controller does not have the root key to verify the macaroon (or if the macaroon has expired), an unvalidated and therefore untrusted macaroon is used to extract declared caveats. Facts from these caveats are then blindly used to mint a new macaroon that becomes valid.

AutoGPT is Vulnerable to RCE via Disabled Block Execution

AutoGPT Platform's block execution endpoints (both main web API and external API) allow executing blocks by UUID without checking the disabled flag. Any authenticated user can execute the disabled BlockInstallationBlock, which writes arbitrary Python code to the server filesystem and executes it via import(), achieving Remote Code Execution. In default self-hosted deployments where Supabase signup is enabled, an attacker can self-register; if signup is disabled (e.g., hosted), the attacker needs …

vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector

A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods obtain and process media from URLs provided by users, using different Python parsing libraries when restricting the target host. These two parsing libraries have different interpretations of backslashes, which allows the host name restriction to be bypassed. This allows an attacker to coerce the vLLM server into …

Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows

The Symfony Process component did not correctly treat some characters (notably =) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters. This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.

Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows

The Symfony Process component did not correctly treat some characters (notably =) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters. This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.

soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64

Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::gen_range (for u64) methods in the soroban-sdk in versions prior to and including 25.0.1. Contracts that pass user-controlled or computed range bounds to Bytes::slice, Vec::slice, or Prng::gen_range may silently operate on incorrect data ranges or generate random numbers from an unintended range, potentially resulting in corrupted contract state. Note that the best practice when using the soroban-sdk and building Soroban …

NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload

A stored Cross-site Scripting (XSS) vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline and executed in the browsers of other users who view the attachment. Because the malicious payload is stored server-side and executed under the application’s origin, successful exploitation can lead to account compromise, data exfiltration and unauthorized actions performed on behalf of affected users.

NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter

An unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect value and conditionally performs client-side navigation without enforcing any restrictions on the destination’s origin, domain or protocol. This allows attackers to redirect authenticated users to arbitrary external websites after login.

NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS

An authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server restart. While the pollution technically bypasses SUPER_ADMIN authorization checks, no practical privileged actions can be performed because database operations fail immediately after pollution.

Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result …

Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related vulnerabilities allow an attacker to crash the server process through memory exhaustion: Unbounded request body buffering: The server buffers the entire POST request body into memory using Buffer.concat() without …

ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

The ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be strictly increasing. The current implementation uses a non-strict monotonic check (<= instead of <), allowing duplicate indices. Note: This is a regression bug. The original implementation was correct, but commit b01c3b7 ("Make ML-DSA signature decoding …

EGroupware has SQL Injection in Nextmatch Filter Processing

Critical Authenticated SQL Injection in Nextmatch Widget Filter Processing A critical SQL Injection vulnerability exists in the core components of EGroupware, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the WHERE clause of database queries. This is achieved by exploiting a PHP type juggling issue where JSON decoding converts numeric strings into integers, bypassing the is_int() security check used by the …

Clatter has a PSK Validity Rule Violation issue

Protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule (Noise Protocol Framework Section 9.3). This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness, weakening security guarantees and potentially allowing catastrophic key reuse. Affected default patterns include noise_pqkk_psk0, noise_pqkn_psk0, noise_pqnk_psk0, noise_pqnn_psk0, and some hybrid variants. Users of these patterns may have been using handshakes that do not …

Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

On x86-64 platforms with AVX Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When [signals-based-traps] are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but unless there is another bug in Cranelift this data is not visible to WebAssembly guests.

PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling

Overview A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage() method, which deserializes code coverage files without validation, potentially allowing remote code execution if malicious .coverage files are present prior to the execution of the PHPT test. Technical Details Affected Component: PHPT test runner, method cleanupForCoverage() Affected Versions: <= 8.5.51, <= 9.6.32, <= 10.5.61, <= 11.5.49, <= …

oneshot has potential Use After Free when used asynchronously

There is a race condition that can lead to a use-after-free if a oneshot::Receiver is polled but then dropped instead of polled to completion. This could happen if the receiver future was cancelled while receiving, for example by being wrapped in a timeout future or similar. When the Receiver is polled (Future::poll) it writes a waker to the channel and sets it to the RECEIVING state. If the Receiver was …

OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on …

Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration

A DoS vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint (/_next/image) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that remotePatterns is configured to allow image optimization from external domains and that the attacker can serve or control a …

n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution

n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized …

LibreNMS contains an authenticated SQL Injection vulnerability

LibreNMS 1.46 contains an authenticated SQL Injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL Injection techniques to retrieve sensitive database contents through time-based blind SQL Injection.

Kyverno Cross-Namespace Privilege Escalation via Policy apiCall

A critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with permission to create a namespaced Policy can cause Kyverno to perform Kubernetes API requests using Kyverno’s admission controller identity, targeting any API path allowed by that ServiceAccount’s RBAC. This breaks …

Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access

A bug was found with authentication checks on the GetConfig() API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty Bearer token value, regardless of validity. This vulnerability did allow for exfiltration of configuration data such as endpoints for connected Argo CD clusters. This data could allow an attacker to enumerate cluster URLs and namespaces for use in subsequent attacks. Additionally, the …

Withdrawn Advisory: eslint has a Stack Overflow when serializing objects with circular references

Withdrawn Advisory This advisory has been withdrawn because RuleTester is used for testing rules during development and results in a error rather than crashing the application. Original Description There is a Stack Overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, …

vm2 has a Sandbox Escape

In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. const { VM } = require("vm2"); const code = ` const error = new Error(); error.name = Symbol(); const f = async () => error.stack; const promise = f(); promise.catch(e => { const Error = e.constructor; const Function = Error.constructor; const f = new Function( "process.mainModule.require('child_process').execSync('echo HELLO …

Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE

There is a reflected XSS vulnerability in the GET /admin/edit-codepage/:name route through the name parameter. This can be used to hijack the session of an admin if they click a specially crafted link. Additionally, there is a Command Injection vulnerability in GET /admin/backup. The admin can inject a shell command in the backup password which is inserted in the command used to create the backup zip. Both vulnerabilities can be …

pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing ../ or absolute paths that escape the extraction root via AdmZip's extractAllTo, and (2) The BinaryResolution.prefix field is concatenated into the extraction path without validation, allowing a crafted prefix like ../../evil to redirect extracted files outside targetDir.

pnpm has Windows-specific tarball Path Traversal

A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .. On Windows, backslashes are directory separators, enabling path traversal. This vulnerability is Windows-only.

pnpm has symlink traversal in file:/git dependencies

When pnpm installs a file: (directory) or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path (e.g., /etc/passwd, ~/.ssh/id_rsa) causes pnpm to copy that file's contents into node_modules, leaking local data. Preconditions: Only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are NOT affected.

pnpm has Path Traversal via arbitrary file permission modification

When pnpm processes a package's directories.bin field, it uses path.join() without validating the result stays within the package root. A malicious npm package can specify "directories": {"bin": "../../../../tmp"} to escape the package directory, causing pnpm to chmod 755 files at arbitrary locations. Note: Only affects Unix/Linux/macOS. Windows is not affected (fixBin gated by EXECUTABLE_SHEBANG_SUPPORTED).

MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

A Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from <data android:scheme="android_secret_code"> elements is rendered in HTML reports without sanitization, enabling session hijacking and account takeover.

KubeVirt Guest Agent DoS via Excessive Network Interface Reports

A flaw was found in KubeVirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes to the Virtual Machine Instance (VMI). This allows the VM user to restrict the VM administrator's ability to manage the VM, …

Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.

go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

go-tuf's TAP 4 Multirepo Client uses the map file repository name string (repoName) as a filesystem path component when selecting the local metadata cache directory. If an application accepts a map file from an untrusted source, an attacker can supply a repoName containing traversal (e.g., ../escaped-repo) and cause go-tuf to create directories and write the root metadata file outside the intended LocalMetadataDir cache base, within the running process's filesystem permissions.

Gakido vulnerable to HTTP Header Injection (CRLF Injection)

A vulnerability was discovered in Gakido that allowed HTTP Header Injection through CRLF (Carriage Return Line Feed) sequences in user-supplied header values and names. When making HTTP requests with user-controlled header values containing \r\n (CRLF), \n (LF), or \x00 (null byte) characters, an attacker could inject arbitrary HTTP headers into the request.

Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2464-8j7c-4cjm. This link is maintained to preserve external references. Original Description A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.

Duplicate Advisory: gix-date can create non-utf8 string with `TimeBuf::as_str`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mw6-mj76-grwc. This link is maintained to preserve external references. Original Description A flaw was found in gix-date. The gix_date::parse::TimeBuf::as_str function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or …

dcap-qvl has Missing Verification for QE Identity

This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral (including qe_identity, qe_identity_signature, and qe_identity_issuer_chain) from the PCCS. However, it skips to verify the QE Identity signature against its certificate chain and does not enforce policy constraints on the QE Report.

dcap-qvl has Missing Verification for QE Identity

This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral (including qe_identity, qe_identity_signature, and qe_identity_issuer_chain) from the PCCS. However, it skips to verify the QE Identity signature against its certificate chain and does not enforce policy constraints on the QE Report.

dcap-qvl has Missing Verification for QE Identity

This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral (including qe_identity, qe_identity_signature, and qe_identity_issuer_chain) from the PCCS. However, it skips to verify the QE Identity signature against its certificate chain and does not enforce policy constraints on the QE Report.

dcap-qvl has Missing Verification for QE Identity

This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral (including qe_identity, qe_identity_signature, and qe_identity_issuer_chain) from the PCCS. However, it skips to verify the QE Identity signature against its certificate chain and does not enforce policy constraints on the QE Report.

dcap-qvl has Missing Verification for QE Identity

This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral (including qe_identity, qe_identity_signature, and qe_identity_issuer_chain) from the PCCS. However, it skips to verify the QE Identity signature against its certificate chain and does not enforce policy constraints on the QE Report.

BentoML has a Path Traversal via Bentofile Configuration

BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields (description, docker.setup_script, docker.dockerfile_template, conda.environment_yml). An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files from the filesystem into the bento archive. This enables supply chain attacks where sensitive files (SSH keys, credentials, environment variables) are silently embedded in bentos and exposed when pushed to registries or deployed.

AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

An XML External Entity (XXE) vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocument(String) method initializes DocumentBuilderFactory with default settings, without disabling DTDs or external entities. This formatter is used by the isXmlEqualTo(CharSequence) assertion for CharSequence values. An application is vulnerable only when it uses untrusted XML input with one of the following methods: isXmlEqualTo(CharSequence) from org.assertj.core.api.AbstractCharSequenceAssert xmlPrettyFormat(String) from org.assertj.core.util.xml.XmlStringPrettyFormatter

Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter Log Socket Collector exposes port 4560 without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. The Log Socket Collector is vulnerable to deserialization of untrusted data, eventually causing DoS. NB: Decanter Log Socket Collector is not installed by default. Users who have not installed the Decanter Log Socket are not impacted by this issue. …

Apache Continuum vulnerable to Command Injection through Installations REST API

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the Installations REST API can use this to invoke arbitrary commands on the server. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access …

XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

A reflected cross site scripting (XSS) vulnerability in XWiki allows an attacker to execute arbitrary actions in XWiki with the rights of the victim if the attacker manages to trick a victim into visiting a crafted URL. If the victim has administrative or programming rights, those rights can be exploited to gain full access to the XWiki installation.

protobuf affected by a JSON recursion depth bypass

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges …

Moodle affected by a code injection vulnerability

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.

miniserve affected by a TOCTOU and symlink race vulnerability

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume).

LavaLite CMS affected by a stored cross-site scripting vulnerability

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without proper output encoding in package search results. When other users view search results that include the malicious package, the injected script executes in their browsers, potentially enabling …

CometBFT has inconsistencies between how commit signatures are verified and how block time is derived

Name: CSA-2026-001: Tachyon Criticality: Critical (Catastrophic Impact; Possible Likelihood per ACMv1.2) Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps A consensus-level vulnerability was discovered in CometBFT's "BFT Time" implementation due to an inconsistency between how commit signatures are verified and how block time is derived. This breaks a core BFT Time guarantee: "A faulty process cannot arbitrarily increase the Time value."

Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass

Client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The /api/trpc/credentials.getCredentials endpoint returns plaintext API keys without verifying credential ownership

SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions

Unprivileged users (for example, those with the database editor role) can create or modify fields in records that contain functions or futures. Futures are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who originally defined the future. Likewise, fields containing functions or custom-defined logic (closures) are executed under the privileges of the invoking user, …

sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

The legacy TUF client pkg/tuf/client.go, which supports caching target files to disk, constructs a filesystem path by joining a cache base directory with a target name sourced from signed target metadata, but it does not validate that the resulting path stays within the cache base directory. Note that this should only affect clients that are directly using the TUF client in sigstore/sigstore or are using an older version of Cosign. …

Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL

/api/v1/index/retrieve supports retrieving a public key via a user-provided URL, allowing attackers to trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF.

Orval Mock Generation Code Injection via const

I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions (https://github.com/advisories/GHSA-h526-wf6g-67jv), but it affects a different code path in the faker-based mock generator rather than @orval/core. The vulnerability allows untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema properties. …

Moonraker affected by LDAP search filter injection

Instances of Moonraker configured with the ldap component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes.

Logback allows an attacker to instantiate classes already present on the class path

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful …

Incus container environment configuration newline injection

A user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to the newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host.

Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue

Summary An authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control Panel (CP) builder and integrations views. User-controlled form labels and integration metadata are rendered with dangerouslySetInnerHTML without sanitization, leading to stored XSS that executes when any admin views the builder/integration screens. Affected Product Ecosystem: Packagist (Craft CMS plugin) Package: solspace/craft-freeform Version: <= 5.14.6 (latest observed). Likely all 5.x until patched.

Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability (CWE-78) has been found to exist in the wrangler pages deploy command. The issue occurs because the –commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of –commit-hash to execute arbitrary commands on the system running Wrangler. Root cause The commitHash variable, derived from user input via the –commit-hash CLI argument, is interpolated directly into …

Triton VM Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied verifier of the affected versions of Triton VM are completely broken. Protocols implementing their own verifier might be unaffected. The flaw was corrected in commit 3a045d63, …

Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization

A critical deserialization vulnerability exists in Tendenci Helpdesk module (NOTE, by default, Helpdesk is NOT enabled), affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution (RCE) by an authenticated user with staff security level due to using Python's pickle module on the helpdesk /reports/. The damage is contained to the user that your Tendenci application runs. Key Finding: The original CVE-2020-14942 was incompletely patched. While ticket_list() was …

Soft Serve Affected by an Authentication Bypass

What kind of vulnerability is it? Who is impacted? This issue impacts every Soft Serve instance. A critical authentication bypass allows an attacker to impersonate any user (including Admin) by "offering" the victim's public key during the SSH handshake before authenticating with their own valid key. This occurs because the user identity is stored in the session context during the "offer" phase and is not cleared if that specific authentication …

sm-crypto Affected by Signature Forgery in SM2-DSA

A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the message associated with the forged signature to satisfy specific formatting requirements.

SiYuan vulnerable to Arbitrary file Read / SSRF

Markdown feature allows unrestricted server side html-rendering which allows arbitary file read (LFD) and fully SSRF access We in @0xL4ugh ( @abdoghazy2015, @xtromera, @A-z4ki, @ZeyadZonkorany and @KarimTantawey) During playing Null CTF 2025 that helps us solved a challenge with unintended way : ) Please note that we used the latest Version and deployed it via this dockerfile : Dockerfile: FROM b3log/siyuan ENV TZ=America/New_York \ PUID=1000 \ PGID=1000 \ SIYUAN_ACCESS_AUTH_CODE=SuperSecretPassword RUN …

seroval Affected by Remote Code Execution via JSON Deserialization

Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to perform 4 separate requests on the same function and partial knowledge of how the serialized data is used during later runtime processing. This vulnerability affects the fromJSON and …

seroval affected by Denial of Service via RegExp serialization

Overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS (Regular Expression Denial of Service). Mitigation: Seroval introduces disabledFeatures (a bitmask) in serialization/deserialization methods, with Feature.RegExp as a dedicated flag. Users are recommended to configure disabledFeatures to disable RegExp serialization entirely.

Orval has a code injection via unsanitized x-enum-descriptions in enum generation

Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability (CVE-2026-22785), but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript code into generated clients via the x-enumDescriptions field, which is embedded without proper escaping in getEnumImplementation(). I have confirmed that the injection occurs during const …

OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format

When installing module packages from attacker-controlled sources, tofu init may cause high CPU usage when encountering maliciously-crafted .zip archives for either provider or module distribution packages. Those who depend on modules or providers served from untrusted third-party servers may experience denial of service due to tofu init failing to complete in a timely manner. Other processes running on the same computer as OpenTofu may also have their performance degraded due …

mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport

The extension extends TYPO3’s FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004. Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004.

Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API

Server-Side Request Forgery (SSRF) via HTML Check CSS Download The HTML Check feature (/api/v1/message/{ID}/html-check) is designed to analyze HTML emails for compatibility. During this process, the inlineRemoteCSS() function automatically downloads CSS files from external <link rel="stylesheet" href="…"> tags to inline them for testing. Affected Components Primary File: internal/htmlcheck/css.go (lines 132-207) API Endpoint: /api/v1/message/{ID}/html-check Handler: server/apiv1/other.go (lines 38-75) Vulnerable Functions: inlineRemoteCSS() - line 132 downloadToBytes() - line 193 isURL() - line …

Laravel Redis Horizontal Scaling Insecure Deserialization

This vulnerability affects Laravel Reverb versions prior to v1.7.0 when horizontal scaling is enabled (REVERB_SCALING_ENABLED=true). The exploitability of this vulnerability is increased because Redis servers are commonly deployed without authentication. With horizontal scaling enabled, Reverb servers communicate via Redis PubSub. Reverb previously passed data from the Redis channel directly into PHP’s unserialize() function without restricting which classes could be instantiated. Risk: Remote Code Execution (RCE)

Keycloak does not validate and update refresh token usage atomically

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening …

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims

A privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. After OIDC token claims are processed through CEL expressions, there is no validation that the resulting username and groups values are non-empty. When both values are empty, the Kubernetes client-go library does not add impersonation headers to API …

FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

Timing side-channel vulnerability in verify_key(). The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a key_id corresponds to a valid key, potentially accelerating brute-force or enumeration attacks. Affected: all users relying on verify_key() for API key authentication prior to the fix.

Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description SummaryA command injection vulnerability (CWE-78) has been found to exist in the wrangler pages deploy command. The issue occurs because the –commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of –commit-hash to execute arbitrary commands …

CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error disclosure and potential data extraction. This issue is classified as MEDIUM severity, as it allows SQL execution in an authenticated admin context.

Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true

Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the –UNSAFE,–trust flag. As it turns out, a safe template can currently write to arbitrary directories outside the destination path by using directory a symlink along with _preserve_symlinks: true and a generated directory structure whose rendered path is inside the symlinked directory. …

Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false

Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the –UNSAFE,–trust flag. As it turns out, a safe template can currently include arbitrary files/directories outside the local template clone location by using symlinks along with _preserve_symlinks: false (which is Copier's default setting). Imagine, e.g., a malicious template author who creates a …

Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPIC_BASE_URL to an attacker-controlled endpoint, Claude Code would issue API requests before showing the trust prompt, including potentially leaking the user's API keys. Users on standard Claude Code auto-update have …

Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to: Read arbitrary files via the debug:log action by creating a symlink pointing to sensitive files (e.g., /etc/passwd, configuration files, secrets) Delete arbitrary files via the fs:delete action by creating symlinks pointing outside the workspace Write files outside the workspace via archive extraction …

Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to: Read arbitrary files via the debug:log action by creating a symlink pointing to sensitive files (e.g., /etc/passwd, configuration files, secrets) Delete arbitrary files via the fs:delete action by creating symlinks pointing outside the workspace Write files outside the workspace via archive extraction …

Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to: Read arbitrary files via the debug:log action by creating a symlink pointing to sensitive files (e.g., /etc/passwd, configuration files, secrets) Delete arbitrary files via the fs:delete action by creating symlinks pointing outside the workspace Write files outside the workspace via archive extraction …

Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

The FetchUrlReader component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in backend.reading.allow to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control. This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow …

Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria are impacted by this vulnerability: Use of Solr's "RuleBasedAuthorizationPlugin" A RuleBasedAuthorizationPlugin config (see security.json) that specifies multiple "roles" A RuleBasedAuthorizationPlugin permission list (see security.json) that uses one …

Apache Solr: Insufficient file-access checking in standalone core-creation requests

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting https://https://solr.apache.org/guide/solr/latest/configuration-guide/configuring-solr-xml.html#the-solr-element . These read-only accesses can allow users to create cores using unexpected configsets if any are accessible via the filesystem. On Windows systems configured to allow UNC …

@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

The resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation by: Symlink chains: Creating link1 → link2 → /outside where intermediate symlinks eventually resolve outside the allowed directory Dangling symlinks: Creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations This function …

WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

A Server-Side Request Forgery (SSRF) Protection Bypass exists in WeasyPrint's default_url_fetcher. The vulnerability allows attackers to access internal network resources (such as localhost services or cloud metadata endpoints) even when a developer has implemented a custom url_fetcher to block such access. This occurs because the underlying urllib library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy.

Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks

Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu. Additionally, there is not a limit applied to the total size of messages being sent or received, allowing a malicious user to open thousands …

Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted

Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, it is possible for a malicious user to send a massive volume of requests at the same time that would create more resources than the server is allotted. …

MineAdmin improperly refreshes tokens

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made available to the public and could be used for attacks. The …

Mailpit has an SMTP Header Injection via Regex Bypass

Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers (or corrupt existing ones) by including carriage return characters (\r) in the email address. This header injection occurs because the regex intended to filter control characters fails to exclude \r and \n when used inside a character class.

Kimai has an Authenticated Server-Side Template Injection (SSTI)

| Field | Value | |——-|——-| | Title | Authenticated SSTI via Permissive Export Template Sandbox || Attack Vector | Network | | Attack Complexity | Low | | Privileges Required | High (Admin with export permissions and server access) | | User Interaction | None | | Impact | Confidentiality: HIGH (Credential/Secret Extraction) | | Affected Versions | Kimai 2.45.0 (likely earlier versions) | | Tested On | Docker: …

Fastify Middie Middleware Path Bypass

A security vulnerability exists in @fastify/middie where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., /%61dmin instead of /admin). While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify router correctly decodes the path and matches the route handler, allowing attackers to access protected endpoints without the middleware constraints.

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

The getSecretKey template function, while introduced for senhasegura Devops Secrets Management (DSM) provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, as everything done with that templating function can be done in a different way while respecting our safeguards (for example, using sourceRef like explained here: https://github.com/external-secrets/external-secrets/issues/5690#issuecomment-3630977865)

Chainlit contain a server-side request forgery (SSRF) vulnerability

Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy element creation logic using an outbound HTTP GET request. This allows an attacker to make arbitrary HTTP requests from the Chainlit server to internal network services or …

binary-parser library has a code injection vulnerability

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without sanitization, enabling attackers to execute arbitrary code in the context of the Node.js process.

@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

A security vulnerability exists in @fastify/express where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., /%61dmin instead of /admin). While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify router correctly decodes the path and matches the route handler, allowing attackers to access protected endpoints without the middleware constraints.

Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the Keycloak server into making HTTP requests to internal or restricted network resources. As a result, attackers can probe internal services and cloud metadata endpoints, creating an information disclosure and …

Apache Linkis: Password Exposure

When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode failed", e). If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will be left in the log files when decoding fails, resulting in information leakage. Affected Scope Component: Sensitive fields in hive-site.xml (e.g., javax.jdo.option.ConnectionPassword) or other fields encoded in Base64. Version: Apache Linkis 1.0.0 …

Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters. Scope of Impact This issue affects Apache Linkis: from 1.3.0 through 1.7.0. Severity level moderate Solution Continuously …

risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Skipper is vulnerable to arbitrary code execution through lua filters

Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs they an read …

REC in MCPJam inspector due to HTTP Endpoint exposes

MCPJam inspector is the local-first development platform for MCP servers. The Latest version Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. This vulnerability is similar to CVE-2025-49596, but more severe. While CVE-2025-49596 requires tricking a user into clicking a malicious link, this vulnerability is exploitable …

PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the context of applications that render the SVG.

Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability

Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).

Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability

Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).

Dask Distributed is Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard

When Jupyter Lab, jupyter-server-proxy and Dask distributed are all run together it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link …

Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules and execute system commands. Attack Vector: POST /crawl { "urls": ["https://example.com"], "hooks": { "code": { "on_page_context_created": "async def hook(page, context, **kwargs):\n import('os').system('malicious_command')\n return page" } } }

Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: POST /execute_js { "url": "file:///etc/passwd", "scripts": ["document.body.innerText"] } Impact An unauthenticated attacker can: Read sensitive files (/etc/passwd, /etc/shadow, application configs) Access environment variables via /proc/self/environ Discover internal application structure Potentially read credentials and API keys Workarounds Disable …

Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets were not reliably masked before truncation and display. Users are recommended to upgrade to 3.1.6 or later, which fixes this issue

Apache Airflow proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed. Users are recommended to upgrade to 3.1.6 or later, …

ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection

ActiveRecord-JDBC-Adapter (AR-JDBC) contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the sql.gsub() function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Vert.x Web static handler component cache can be manipulated to deny the access to static files

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component (used by Vert.x Web): https://github.com/eclipse-vertx/vert.x/pull/5895 Steps to reproduce Given a file served by the static handler, craft an URI that introduces …

Umbraco CMS contains a server-side request forgery vulnerability

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Affected code: pkg/server/router/tcp/router.go (ACME TLS-ALPN handling). When a ClientHello advertises acme-tls/1, Traefik intercepts it and calls tls.Server(…).Handshake() without any read/write deadlines and without closing the connection afterward. Immediately before this branch, existing deadlines set by the entrypoint are cleared. A client that sends the ALPN marker and then stops responding can keep the goroutine and socket open indefinitely, potentially exhausting the entrypoint under load. Exposure is limited to entrypoints where …

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Affected code: pkg/server/router/tcp/router.go (ACME TLS-ALPN handling). When a ClientHello advertises acme-tls/1, Traefik intercepts it and calls tls.Server(…).Handshake() without any read/write deadlines and without closing the connection afterward. Immediately before this branch, existing deadlines set by the entrypoint are cleared. A client that sends the ALPN marker and then stops responding can keep the goroutine and socket open indefinitely, potentially exhausting the entrypoint under load. Exposure is limited to entrypoints where …

solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data

Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page.

Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

The API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions (e.g., name, key, type, default value) used across documents, assets, and objects to standardize custom attributes and improve editorial workflows, as documented in Pimcore's official properties guide. Testing confirmed that an authenticated backend user without explicit permissions for property management could successfully call the endpoint and retrieve the …

Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization

The application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to successfully invoke the endpoint and modify or retrieve these configurations. This violates the principle of least privilege and constitutes a classic example of Broken Access Control (OWASP Top 10 A01:2021). Because authorization …

Pimcore is Vulnerable to Broken Access Control: Missing Function Level Authorization on "Static Routes" Listing

The application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit …

Keycloak has an improper input validation vulnerability

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments, potentially bypassing proxy-level path filtering. This could expose administrative or sensitive endpoints that operators believe are not externally reachable.

h3 v1 has Request Smuggling (TE.TE) issue

I was digging into h3 v1 (specifically v1.15.4) and found a critical HTTP Request Smuggling vulnerability. Basically, readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. The Bug: If I send a request with Transfer-Encoding: ChuNked (mixed case), h3 misses it. Since it doesn't see "chunked" and there's no Content-Length, it assumes the body …

Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the ArrayBuffer hydration expecting base64 encoded strings as input, but not checking the assumption before decoding the input.

Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array hydration expecting an ArrayBuffer as input, but not checking the assumption before creating the typed array.

Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE

Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to run before or after a container update. The label value is passed directly to /bin/sh -c without sanitization or validation. Because any authenticated user (not limited to administrators) can create projects through the API, an attacker can create a project that specifies one of these lifecycle labels with a malicious command. When an administrator later …

alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass

application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET (or $_REQUEST), so an attacker can perform CSRF by forcing a victim's browser to issue a crafted GET request. Impact: creation of admin accounts, modification of admin email/password, and full admin account takeover

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

The fetch() API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, br). This is also supported by the undici decompress interceptor. However, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation.