Skip to main content

Suse

9339 CVEs vendor

Monthly

CVE-2026-32614 Go HIGH PATCH This Week

Cryptographic authentication bypass vulnerability in the SM9 implementation of the Go gmsm library (github.com/emmansun/gmsm) that allows attackers to forge valid ciphertexts without knowing any secret keys. An attacker who only knows a target user's ID can craft malicious ciphertexts that decrypt successfully to attacker-controlled plaintext, completely bypassing cryptographic integrity checks. A proof-of-concept exploit is publicly available, and while not currently in CISA KEV, the vulnerability has a CVSS score of 7.5 (High).

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31886 Go CRITICAL PATCH Act Now

Path traversal via dagRunId in DAG execution endpoints.

Python Authentication Bypass Denial Of Service Path Traversal Docker +1
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-2581 npm MEDIUM PATCH This Month

Node.js Undici's response deduplication feature accumulates response bodies in memory instead of streaming them, allowing remote attackers to trigger denial of service through large or concurrent responses from untrusted endpoints. Applications using the deduplicate() interceptor are vulnerable to out-of-memory crashes when processing large or chunked responses. No patch is currently available.

Node.js Denial Of Service Undici Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-1527 npm MEDIUM PATCH This Month

CRLF injection in undici's HTTP upgrade handling allows authenticated attackers to inject arbitrary headers and perform request smuggling attacks against backend services like Redis and Elasticsearch when user input is passed unsanitized to the upgrade option. The vulnerability stems from insufficient validation of the upgrade parameter before writing to the socket, enabling attackers to terminate HTTP requests prematurely and route malicious data to non-HTTP protocols. This requires prior authentication and user interaction, with no patch currently available.

Code Injection Redis Elastic Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-32320 Go MEDIUM PATCH This Month

Medium severity vulnerability in Ella Networks Core. Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.

Denial Of Service Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-32319 Go HIGH PATCH This Week

High severity vulnerability in Ella Networks Core. Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-1289 NuGet MEDIUM POC PATCH This Month

Medium severity vulnerability in ImageMagick. # Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS.

Denial Of Service PHP Debian Docker Red Hat +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-32260 Cargo HIGH PATCH This Week

Deno versions 2.7.0 through 2.7.1 contain a command injection vulnerability in the node:child_process polyfill where improper quote handling allows attackers to bypass previous security fixes and execute arbitrary OS commands through shell metacharacter injection in spawn/spawnSync arguments. This vulnerability bypasses Deno's permission system entirely, enabling complete system compromise for applications processing untrusted input. A patch is available in version 2.7.2.

Command Injection Deno Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-32259 MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by stack-based buffer overflow (CVSS 6.7).

Stack Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-32249 MEDIUM PATCH This Month

command line text editor. From 9.1.0011 to versions up to 9.2.0137 is affected by null pointer dereference (CVSS 5.3).

Null Pointer Dereference Denial Of Service Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32240 MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 contains a vulnerability that allows attackers to HTTP request/response smuggling.

Information Disclosure Capnproto Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32239 MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 is affected by integer overflow or wraparound.

Information Disclosure Integer Overflow Capnproto Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1525 npm MEDIUM PATCH This Month

Undici fails to normalize HTTP header names when processing arrays, allowing duplicate Content-Length headers with case-variant names (e.g., "Content-Length" and "content-length") to be sent in malformed requests. Applications using undici's low-level APIs with user-controlled header inputs are vulnerable to request rejection by strict HTTP parsers or potential HTTP request smuggling attacks if intermediaries and backend servers interpret conflicting header values inconsistently. No patch is currently available.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32246 Go HIGH POC PATCH This Week

High severity vulnerability in TinyAuth. #

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-32245 Go MEDIUM POC PATCH This Month

Medium severity vulnerability in TinyAuth. #

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31890 MEDIUM This Month

Silent event loss in Inspektor Gadget prior to 0.50.1 allows local attackers to cause denial of service by filling the 256KB ring-buffer, which triggers undetected data drops without alerting users or administrators. When the buffer becomes full, gadgets silently discard events and fail to report the loss count, potentially hiding critical system events from Kubernetes cluster and Linux host monitoring. A local attacker with limited privileges can exploit this to obscure malicious activity or system anomalies by saturating the instrumentation buffer.

Linux Kubernetes Denial Of Service Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-3099 MEDIUM PATCH This Month

Libsoup's digest authentication mechanism fails to validate nonce reuse and enforce proper nonce-count incrementation, enabling attackers to replay captured authentication headers to bypass access controls. A remote attacker can exploit this to impersonate legitimate users and access protected resources without valid credentials. No patch is currently available.

Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-2808 Go MEDIUM PATCH This Month

Medium severity vulnerability in HashiCorp Consul. HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

Kubernetes Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-31988 npm MEDIUM PATCH This Month

Denial of service in yauzl 3.2.0 (Node.js zip parsing library) allows remote attackers to crash applications by submitting malformed zip files with specially crafted NTFS timestamp fields that trigger an out-of-bounds buffer read. The vulnerability affects any Node.js application that processes untrusted zip uploads and extracts file modification dates. No patch is currently available.

Node.js Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-3942 MEDIUM PATCH This Month

Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).

Google Information Disclosure Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3941 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 4.3).

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3940 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3939 MEDIUM PATCH This Month

Insufficient policy enforcement in PDF in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3938 MEDIUM PATCH This Month

Insufficient policy enforcement in Clipboard in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3937 MEDIUM PATCH This Month

Incorrect security UI in Downloads in Google Chrome on Android versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome Android Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3936 HIGH PATCH This Week

Use after free in WebView in Google Chrome on Android versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Memory Corruption Denial Of Service Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3935 MEDIUM PATCH This Month

Incorrect security UI in WebAppInstalls in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3934 MEDIUM PATCH This Month

Insufficient policy enforcement in ChromeDriver in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3932 HIGH PATCH This Week

Insufficient policy enforcement in PDF in Google Chrome on Android versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome Android Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3931 HIGH PATCH This Week

Heap buffer overflow in Skia in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Buffer Overflow Heap Overflow Chrome Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3930 MEDIUM PATCH This Month

Unsafe navigation in Navigation in Google Chrome on iOS versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Apple Chrome iOS +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3928 MEDIUM PATCH This Month

Insufficient policy enforcement in Extensions in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3927 MEDIUM PATCH This Month

Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3926 HIGH PATCH This Week

Out of bounds read in V8 in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).

Information Disclosure Buffer Overflow Chrome Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3925 MEDIUM PATCH This Month

Incorrect security UI in LookalikeChecks in Google Chrome on Android versions up to 146.0.7680.71 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).

Google Information Disclosure Chrome Android Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3924 HIGH PATCH This Week

use after free in WindowDialog in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 7.5).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3923 HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3922 HIGH PATCH This Week

Use after free in MediaStream in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3921 HIGH PATCH This Week

Use after free in TextEncoding in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3920 HIGH PATCH This Week

Out of bounds memory access in WebML in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).

Google Information Disclosure Buffer Overflow AI / ML Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3919 HIGH PATCH This Week

Use after free in Extensions in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3918 HIGH PATCH This Week

Use after free in WebMCP in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3917 HIGH PATCH This Week

Use after free in Agents in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3916 CRITICAL PATCH Act Now

Sandbox escape via Web Speech in Chrome before 146.0.7680.71. Patch available.

Google Information Disclosure Buffer Overflow Chrome Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-3915 HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Google Buffer Overflow Heap Overflow AI / ML Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3914 HIGH PATCH This Week

Integer overflow in WebML in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 8.8).

Google Buffer Overflow AI / ML Chrome Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3913 HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Google Buffer Overflow Heap Overflow AI / ML Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-32136 Go CRITICAL PATCH Act Now

Auth bypass in AdGuard Home before 0.107.73.

Authentication Bypass Adguardhome Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-32110 Go HIGH PATCH This Week

High severity vulnerability in SiYuan Note. # The `/api/network/forwardProxy` endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services.

SSRF Siyuan Suse
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-32102 Go MEDIUM PATCH This Month

### Summary OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure. I validated this on OliveTin 3000.10.2. ### Details The issue is in the live event streaming path. EventStream() only checks whether the caller may access the dashboard, then registers the user as a stream subscriber: - service/internal/api/api.go:776 After subscription, execution events are broadcast to all connected clients without checking whether each recipient is authorized to view logs for the action: - service/internal/api/api.go:846 OnExecutionStarted - service/internal/api/api.go:869 OnExecutionFinished - service/internal/api/api.go:1047 OnOutputChunk The event payload includes action output through: - service/internal/api/api.go:295 internalLogEntryToPb - service/internal/api/api.go:302 Output By contrast, the normal log APIs do apply per-action authorization checks: - service/internal/api/api.go:518 GetLogs - service/internal/api/api.go:585 GetActionLogs - service/internal/api/api.go:544 isLogEntryAllowed Root cause: - the subscription path enforces only coarse dashboard access - execution callbacks broadcast to every connected client - no per-recipient ACL check is applied before sending action metadata or output I validated the issue using: - an admin user with full ACLs - an alice user with no ACLs - a protected action that outputs TOPSECRET=alpha-bravo-charlie Despite having no relevant ACLs, alice still receives the ExecutionFinished event for the privileged action, including the protected output. ### PoC Tested version: ``` - 3000.10.2 ``` 1. Fetch and check out 3000.10.2 in a clean worktree: ```bash git -C OliveTin fetch origin tag 3000.10.2 git -C OliveTin worktree add /home/kali/CVE/OliveTin-3000.10.2 3000.10.2 ``` 2. Copy the PoC test into the clean tree: ```bash cp OliveTin/service/internal/api/event_stream_leak_test.go \ OliveTin-3000.10.2/service/internal/api/ ``` 3. Run the targeted PoC test: ```bash cd OliveTin-3000.10.2/service go test ./internal/api -run TestEventStreamLeaksUnauthorizedExecutionOutput -count=1 -timeout 30s -v ``` 4. Optional: save validation output: ```bash go test ./internal/api -run TestEventStreamLeaksUnauthorizedExecutionOutput -count=1 -timeout 30s -v \ 2>&1 | tee /tmp/olivetin_eventstream_3000.10.2.log ``` Observed validation output: ```bash === RUN TestEventStreamLeaksUnauthorizedExecutionOutput time="2026-03-01T04:44:59-05:00" level=info msg="Action requested" actionTitle=secret-action tags="[]" time="2026-03-01T04:44:59-05:00" level=info msg="Action parse args - Before" actionTitle=secret-action cmd="echo 'TOPSECRET=alpha-bravo-charlie'" time="2026-03-01T04:44:59-05:00" level=info msg="Action parse args - After" actionTitle=secret-action cmd="echo 'TOPSECRET=alpha-bravo-charlie'" time="2026-03-01T04:44:59-05:00" level=info msg="Action started" actionTitle=secret-action timeout=1 time="2026-03-01T04:44:59-05:00" level=info msg="Action finished" actionTitle=secret-action exit=0 outputLength=30 timedOut=false --- PASS: TestEventStreamLeaksUnauthorizedExecutionOutput (0.00s) PASS ok github.com/OliveTin/OliveTin/internal/api 0.025s ``` What this proves: - admin can execute the protected action - alice has no ACLs - alice still receives the streamed completion event for the protected action - protected action output is exposed through the event stream ### Impact This is an authenticated broken access control / information disclosure vulnerability. A low-privileged authenticated user can subscribe to EventStream and receive: - action execution metadata - execution tracking IDs - initiating username - live output chunks - final command output Who is impacted: - multi-user OliveTin deployments - environments where privileged actions produce secrets, tokens, internal system details, or other sensitive operational output - deployments where lower-privileged authenticated users can access the dashboard and subscribe to live events This bypasses intended per-action log/view restrictions for protected actions.

Information Disclosure Authentication Bypass Olivetin Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-31979 HIGH PATCH This Week

Local privilege escalation in Himmelblau prior to versions 3.1.0 and 2.3.8 allows authenticated local users to exploit insecure Kerberos cache file handling in the root-running himmelblaud-tasks daemon through symlink attacks. The vulnerability stems from the removal of PrivateTmp protections, exposing /tmp operations to symlink-based file overwrite and ownership manipulation attacks. An attacker with local access can leverage this flaw to achieve arbitrary file modification and full system compromise.

Privilege Escalation Microsoft Himmelblau Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31961 Go MEDIUM PATCH This Month

Quill before v0.7.1 is susceptible to denial of service through unbounded memory allocation when processing maliciously crafted Mach-O binaries. Environments accepting externally-submitted binaries for signing—such as CI/CD pipelines and shared signing services—face resource exhaustion attacks if they process attacker-controlled files. An authenticated local attacker can trigger excessive memory consumption by exploiting unvalidated size fields in code signing structures, causing the application to crash or hang.

Golang Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31960 Go MEDIUM PATCH This Month

Unbounded memory consumption in Quill's Apple notarization process allows denial of service when HTTP responses lack size validation, affecting environments with TLS-intercepting proxies or compromised certificate authorities where response manipulation is possible. An attacker positioned to intercept or modify notarization API responses can return arbitrarily large payloads to exhaust memory and crash the signing process. This impacts corporate networks and environments with trust boundary violations, though exploitation is not feasible under standard HTTPS conditions with proper certificate validation.

TLS Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31959 Go MEDIUM PATCH This Month

Quill before v0.7.1 contains a server-side request forgery vulnerability in its Apple notarization log retrieval functionality that fails to validate URL schemes and destination hosts. Exploitation requires an attacker to intercept or modify API responses, making it primarily a threat in environments with TLS-intercepting proxies, compromised certificate authorities, or other trust boundary violations. An attacker could redirect notarization requests to internal or multicast addresses, potentially exposing sensitive information or accessing restricted resources.

TLS SSRF Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31958 PyPI HIGH PATCH GHSA This Week

In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.

Python Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-31870 HIGH PATCH This Week

cpp-httplib versions prior to 0.37.1 crash when the streaming API receives a malformed Content-Length header from any server, as the library fails to validate or handle exceptions from the underlying string parsing function. An attacker can exploit this denial of service condition by hosting a malicious server, performing a man-in-the-middle attack, or leveraging HTTP redirects to crash any client application using the vulnerable library. Currently no patch is available for this issue.

Denial Of Service Cpp Httplib Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-31866 Go HIGH PATCH This Week

Kubernetes flagd feature flag daemon versions before 0.14.2 are vulnerable to denial of service through unbounded memory allocation on publicly accessible evaluation endpoints. An unauthenticated attacker can send HTTP requests with arbitrarily large payloads to exhaust memory and crash the service. This affects deployments without external authentication controls, allowing trivial process termination in containerized environments.

Kubernetes Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-30226 npm HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31853 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by heap-based buffer overflow (CVSS 5.7).

Buffer Overflow Heap Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-3805 HIGH POC PATCH This Week

Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. An attacker can crash Curl-based applications or services by triggering multiple SMB requests, though remote code execution is not possible due to the nature of the memory corruption.

Use After Free Curl Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3783 MEDIUM POC PATCH This Month

OAuth2 bearer token leakage in curl and .NET occurs when HTTP redirects are followed to a second hostname that matches entries in the .netrc configuration file, allowing attackers to obtain valid authentication tokens for unintended hosts. Public exploit code exists for this vulnerability affecting curl and .NET applications that rely on OAuth2 authentication with automatic redirect handling. This medium-severity vulnerability (CVSS 5.3) requires network access but no user interaction, and patches are available from vendors.

.NET Curl Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1965 MEDIUM PATCH This Month

libcurl incorrectly reuses authenticated connections when processing Negotiate authentication requests, allowing an attacker with valid credentials to access resources authenticated under different user accounts. An authenticated attacker can exploit this connection pooling logic error to bypass authentication checks by reusing an existing connection that was authenticated with different credentials. This affects libcurl implementations using Negotiate authentication where multiple users access the same server.

Information Disclosure Curl Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-31838 MEDIUM POC This Month

Istio versions prior to 1.29.1, 1.28.5, and 1.27.8 are vulnerable to authorization policy bypass through improper Envoy RBAC handling of multi-valued HTTP headers. An attacker can craft requests with multiple header values that cause the authorization engine to evaluate headers differently than intended, allowing unauthorized access to protected microservices. No patch is currently available for this vulnerability.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-31826 PyPI MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. versions up to 6.8.0 is affected by allocation of resources without limits or throttling.

Python Denial Of Service Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31817 Go HIGH POC PATCH This Week

Arbitrary file write in OliveTin prior to 3000.11.2 allows authenticated attackers to write files to arbitrary filesystem locations via path traversal in the UniqueTrackingId parameter when the saveLogs feature is enabled. The vulnerability enables denial of service and potential system compromise through log file manipulation. Public exploit code exists and no patch is currently available.

Path Traversal Olivetin Suse
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.2%
CVE-2026-31809 Go MEDIUM POC PATCH This Month

SiYuan's SVG sanitizer fails to properly filter malicious href attributes when whitespace characters are inserted into javascript: URLs, allowing reflected cross-site scripting on the unauthenticated /api/icon/getDynamicIcon endpoint. Public exploit code exists for this vulnerability, which bypasses the previous fix for CVE-2026-29183. Attackers can inject executable JavaScript to target unauthenticated users of SiYuan versions prior to 3.5.10.

XSS Siyuan Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-31807 Go MEDIUM POC PATCH This Month

Reflected XSS in SiYuan's /api/icon/getDynamicIcon endpoint allows unauthenticated attackers to inject malicious JavaScript through SVG animation elements that bypass the sanitizer's static filters. The vulnerability exists because the SVG sanitizer blocks script tags and event handlers but fails to restrict <animate> and <set> elements, which can dynamically modify attributes at runtime to execute code. Public exploit code exists and patches are not yet available for affected versions prior to 3.5.10.

XSS Siyuan Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-31801 Go HIGH PATCH This Week

Zot registry versions 1.3.0 through 2.1.14 have an authorization bypass in the manifest upload endpoint that allows authenticated users with only create permissions to overwrite the latest tag when it already exists. An attacker with limited write privileges can leverage this flaw to replace the latest image version, potentially distributing malicious container images to downstream consumers. The vulnerability is fixed in version 2.1.15.

Authentication Bypass Zot Suse
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-3847 HIGH PATCH This Week

Arbitrary code execution in Firefox versions prior to 148.0.2 results from multiple memory corruption flaws in the browser's memory safety implementation. An unauthenticated attacker can exploit these vulnerabilities through a malicious webpage requiring user interaction to achieve remote code execution with full system privileges. No patch is currently available for this vulnerability.

Mozilla Buffer Overflow RCE Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3846 MEDIUM PATCH This Month

Firefox's CSS parsing engine fails to properly enforce same-origin policy restrictions, allowing attackers to perform unauthorized modifications to web content across different origins through user interaction. Versions prior to 148.0.2 are affected, and the vulnerability requires user engagement to exploit. No patch is currently available, leaving vulnerable installations at risk of data integrity attacks.

Mozilla Authentication Bypass Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-30934 Go HIGH PATCH This Week

Stored cross-site scripting in FileBrowser versions prior to 1.3.1-beta and 1.2.2-stable allows authenticated attackers to inject malicious scripts through share metadata fields that are improperly rendered without HTML escaping. When victims visit affected share URLs, the injected scripts execute in their browsers with full privileges, potentially leading to session hijacking, credential theft, or further compromise. A patch is available in the fixed versions, though exploitation currently shows 0% adoption likelihood.

XSS Filebrowser Suse
NVD GitHub VulDB
CVSS 3.1
8.9
EPSS
0.0%
CVE-2026-30933 Go HIGH PATCH GHSA This Week

FileBrowser versions prior to 1.3.1-beta and 1.2.2-stable leak authentication tokens through the /public/api/share/info endpoint, allowing unauthenticated attackers to bypass password protections on shared files. The vulnerability stems from an incomplete fix to CVE-2026-27611 and enables token disclosure that could facilitate unauthorized file access. No patch is currently available for affected installations.

Information Disclosure Filebrowser Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-30928 PyPI HIGH POC PATCH This Week

Glances is an open-source system cross-platform monitoring tool. versions up to 4.5.1 is affected by information exposure.

Information Disclosure Glances Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26127 NuGet HIGH POC PATCH This Week

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Red Hat Suse
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23907 Maven MEDIUM PATCH This Month

Apache PDFBox versions 2.0.24-2.0.35 and 3.0.0-3.0.6 contain a path traversal vulnerability in the ExtractEmbeddedFiles example that allows attackers to write files outside the intended extraction directory by manipulating embedded file names. Organizations that have integrated this example code into production systems are at risk of unauthorized file writes on the host system. No patch is currently available, requiring developers to manually implement path validation to ensure extracted files remain within the designated directory.

Apache Path Traversal Pdfbox Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-30869 Go CRITICAL PATCH Act Now

SiYuan prior to 3.5.10 has a path traversal vulnerability enabling arbitrary file access through crafted API requests.

RCE Path Traversal Siyuan Suse
NVD GitHub VulDB
CVSS 3.1
9.3
EPSS
0.4%
CVE-2026-28513 Go HIGH POC PATCH This Week

Pocket ID versions prior to 2.4.0 fail to properly validate authorization codes at the OIDC token endpoint, enabling attackers with valid credentials to exchange codes across different clients or reuse expired codes. This authentication bypass affects any service relying on Pocket ID for passkey-based authentication and allows token acquisition without proper authorization. Public exploit code exists for this vulnerability, and no patch is currently available.

Authentication Bypass Pocket Id Suse
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-28512 Go HIGH POC PATCH This Week

Pocket ID versions 2.0.0 through 2.3.x suffer from improper callback URL validation that allows attackers to bypass redirect URI restrictions using URL userinfo characters (@), enabling authorization code interception. An attacker can craft a malicious authorization link to redirect authentication codes to an attacker-controlled server if a user is tricked into clicking it. Public exploit code exists for this vulnerability, and no patch is currently available.

Open Redirect Pocket Id Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-30937 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.

Buffer Overflow Microsoft Heap Overflow Imagemagick Windows +2
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-30936 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-30935 NuGet MEDIUM PATCH This Month

BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur. ``` ================================================================= ==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370 READ of size 4 at 0x50a0000079c0 thread T0 ```

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-30931 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.

Buffer Overflow Heap Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-30929 NuGet HIGH PATCH This Week

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

Buffer Overflow Stack Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-30926 Go HIGH This Week

SiYuan Note prior to version 3.5.10 contains an insufficient authorization flaw in the /api/block/appendHeadingChildren endpoint that allows authenticated users with read-only (RoleReader) privileges to modify notebook content by appending blocks to documents. The vulnerability exists because the endpoint applies only basic authentication checks instead of enforcing stricter administrative or read-only restrictions. Affected users should upgrade to version 3.5.10 or later, as no workaround is currently available and exploitation requires only network access and valid read-only credentials.

Privilege Escalation Authentication Bypass Siyuan Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-30883 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by buffer overflow (CVSS 5.7).

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-28692 NuGet MEDIUM PATCH This Month

Heap over-read in ImageMagick's MAT decoder prior to versions 7.1.2-16 and 6.9.13-41 results from incorrect arithmetic parenthesization, allowing remote attackers to leak sensitive memory contents and cause denial of service through crafted MAT image files. The vulnerability requires no authentication or user interaction and affects systems using vulnerable ImageMagick versions for image processing. No patch is currently available, leaving users dependent on upgrading to patched versions when released.

Buffer Overflow Information Disclosure Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-28690 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-28689 NuGet MEDIUM PATCH This Month

Imagemagick versions up to 7.1.2-16 is affected by improper link resolution before file access (CVSS 6.3).

Path Traversal Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-28688 NuGet MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-16 and 6.9.13-41 contain a heap-use-after-free vulnerability in the MSL encoder that can be triggered by local attackers to cause denial of service through double-free conditions on cloned images. The vulnerability requires local access with no special privileges or user interaction, resulting in application crashes or potential memory corruption. No patch is currently available for affected versions.

Use After Free Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28687 NuGet MEDIUM PATCH This Month

Heap use-after-free in ImageMagick's MSL decoder (versions before 7.1.2-16 and 6.9.13-41) allows remote attackers to trigger memory access violations via specially crafted MSL files, resulting in denial of service. The vulnerability requires no authentication or user interaction and affects systems processing untrusted image files. No patch is currently available for this MEDIUM severity issue.

Use After Free Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Cryptographic authentication bypass vulnerability in the SM9 implementation of the Go gmsm library (github.com/emmansun/gmsm) that allows attackers to forge valid ciphertexts without knowing any secret keys. An attacker who only knows a target user's ID can craft malicious ciphertexts that decrypt successfully to attacker-controlled plaintext, completely bypassing cryptographic integrity checks. A proof-of-concept exploit is publicly available, and while not currently in CISA KEV, the vulnerability has a CVSS score of 7.5 (High).

Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Path traversal via dagRunId in DAG execution endpoints.

Python Authentication Bypass Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Node.js Undici's response deduplication feature accumulates response bodies in memory instead of streaming them, allowing remote attackers to trigger denial of service through large or concurrent responses from untrusted endpoints. Applications using the deduplicate() interceptor are vulnerable to out-of-memory crashes when processing large or chunked responses. No patch is currently available.

Node.js Denial Of Service Undici +2
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

CRLF injection in undici's HTTP upgrade handling allows authenticated attackers to inject arbitrary headers and perform request smuggling attacks against backend services like Redis and Elasticsearch when user input is passed unsanitized to the upgrade option. The vulnerability stems from insufficient validation of the upgrade parameter before writing to the socket, enabling attackers to terminate HTTP requests prematurely and route malicious data to non-HTTP protocols. This requires prior authentication and user interaction, with no patch currently available.

Code Injection Redis Elastic +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Medium severity vulnerability in Ella Networks Core. Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

High severity vulnerability in Ella Networks Core. Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Medium severity vulnerability in ImageMagick. # Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS.

Denial Of Service PHP Debian +3
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Deno versions 2.7.0 through 2.7.1 contain a command injection vulnerability in the node:child_process polyfill where improper quote handling allows attackers to bypass previous security fixes and execute arbitrary OS commands through shell metacharacter injection in spawn/spawnSync arguments. This vulnerability bypasses Deno's permission system entirely, enabling complete system compromise for applications processing untrusted input. A patch is available in version 2.7.2.

Command Injection Deno Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by stack-based buffer overflow (CVSS 6.7).

Stack Overflow Buffer Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

command line text editor. From 9.1.0011 to versions up to 9.2.0137 is affected by null pointer dereference (CVSS 5.3).

Null Pointer Dereference Denial Of Service Vim +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 contains a vulnerability that allows attackers to HTTP request/response smuggling.

Information Disclosure Capnproto Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 is affected by integer overflow or wraparound.

Information Disclosure Integer Overflow Capnproto +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Undici fails to normalize HTTP header names when processing arrays, allowing duplicate Content-Length headers with case-variant names (e.g., "Content-Length" and "content-length") to be sent in malformed requests. Applications using undici's low-level APIs with user-controlled header inputs are vulnerable to request rejection by strict HTTP parsers or potential HTTP request smuggling attacks if intermediaries and backend servers interpret conflicting header values inconsistently. No patch is currently available.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

High severity vulnerability in TinyAuth. #

Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Medium severity vulnerability in TinyAuth. #

Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM This Month

Silent event loss in Inspektor Gadget prior to 0.50.1 allows local attackers to cause denial of service by filling the 256KB ring-buffer, which triggers undetected data drops without alerting users or administrators. When the buffer becomes full, gadgets silently discard events and fail to report the loss count, potentially hiding critical system events from Kubernetes cluster and Linux host monitoring. A local attacker with limited privileges can exploit this to obscure malicious activity or system anomalies by saturating the instrumentation buffer.

Linux Kubernetes Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Libsoup's digest authentication mechanism fails to validate nonce reuse and enforce proper nonce-count incrementation, enabling attackers to replay captured authentication headers to bypass access controls. A remote attacker can exploit this to impersonate legitimate users and access protected resources without valid credentials. No patch is currently available.

Authentication Bypass Red Hat Suse
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Medium severity vulnerability in HashiCorp Consul. HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

Kubernetes Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in yauzl 3.2.0 (Node.js zip parsing library) allows remote attackers to crash applications by submitting malformed zip files with specially crafted NTFS timestamp fields that trigger an out-of-bounds buffer read. The vulnerability affects any Node.js application that processes untrusted zip uploads and extracts file modification dates. No patch is currently available.

Node.js Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 4.3).

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient policy enforcement in PDF in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in Clipboard in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Incorrect security UI in Downloads in Google Chrome on Android versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebView in Google Chrome on Android versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Incorrect security UI in WebAppInstalls in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in ChromeDriver in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Insufficient policy enforcement in PDF in Google Chrome on Android versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Skia in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Buffer Overflow Heap Overflow Chrome +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unsafe navigation in Navigation in Google Chrome on iOS versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Apple +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in Extensions in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds read in V8 in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).

Information Disclosure Buffer Overflow Chrome +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Incorrect security UI in LookalikeChecks in Google Chrome on Android versions up to 146.0.7680.71 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

use after free in WindowDialog in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 7.5).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in MediaStream in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in TextEncoding in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds memory access in WebML in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).

Google Information Disclosure Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Extensions in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebMCP in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Agents in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape via Web Speech in Chrome before 146.0.7680.71. Patch available.

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Google Buffer Overflow Heap Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in WebML in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 8.8).

Google Buffer Overflow AI / ML +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Google Buffer Overflow Heap Overflow +4
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Auth bypass in AdGuard Home before 0.107.73.

Authentication Bypass Adguardhome Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

High severity vulnerability in SiYuan Note. # The `/api/network/forwardProxy` endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services.

SSRF Siyuan Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

### Summary OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure. I validated this on OliveTin 3000.10.2. ### Details The issue is in the live event streaming path. EventStream() only checks whether the caller may access the dashboard, then registers the user as a stream subscriber: - service/internal/api/api.go:776 After subscription, execution events are broadcast to all connected clients without checking whether each recipient is authorized to view logs for the action: - service/internal/api/api.go:846 OnExecutionStarted - service/internal/api/api.go:869 OnExecutionFinished - service/internal/api/api.go:1047 OnOutputChunk The event payload includes action output through: - service/internal/api/api.go:295 internalLogEntryToPb - service/internal/api/api.go:302 Output By contrast, the normal log APIs do apply per-action authorization checks: - service/internal/api/api.go:518 GetLogs - service/internal/api/api.go:585 GetActionLogs - service/internal/api/api.go:544 isLogEntryAllowed Root cause: - the subscription path enforces only coarse dashboard access - execution callbacks broadcast to every connected client - no per-recipient ACL check is applied before sending action metadata or output I validated the issue using: - an admin user with full ACLs - an alice user with no ACLs - a protected action that outputs TOPSECRET=alpha-bravo-charlie Despite having no relevant ACLs, alice still receives the ExecutionFinished event for the privileged action, including the protected output. ### PoC Tested version: ``` - 3000.10.2 ``` 1. Fetch and check out 3000.10.2 in a clean worktree: ```bash git -C OliveTin fetch origin tag 3000.10.2 git -C OliveTin worktree add /home/kali/CVE/OliveTin-3000.10.2 3000.10.2 ``` 2. Copy the PoC test into the clean tree: ```bash cp OliveTin/service/internal/api/event_stream_leak_test.go \ OliveTin-3000.10.2/service/internal/api/ ``` 3. Run the targeted PoC test: ```bash cd OliveTin-3000.10.2/service go test ./internal/api -run TestEventStreamLeaksUnauthorizedExecutionOutput -count=1 -timeout 30s -v ``` 4. Optional: save validation output: ```bash go test ./internal/api -run TestEventStreamLeaksUnauthorizedExecutionOutput -count=1 -timeout 30s -v \ 2>&1 | tee /tmp/olivetin_eventstream_3000.10.2.log ``` Observed validation output: ```bash === RUN TestEventStreamLeaksUnauthorizedExecutionOutput time="2026-03-01T04:44:59-05:00" level=info msg="Action requested" actionTitle=secret-action tags="[]" time="2026-03-01T04:44:59-05:00" level=info msg="Action parse args - Before" actionTitle=secret-action cmd="echo 'TOPSECRET=alpha-bravo-charlie'" time="2026-03-01T04:44:59-05:00" level=info msg="Action parse args - After" actionTitle=secret-action cmd="echo 'TOPSECRET=alpha-bravo-charlie'" time="2026-03-01T04:44:59-05:00" level=info msg="Action started" actionTitle=secret-action timeout=1 time="2026-03-01T04:44:59-05:00" level=info msg="Action finished" actionTitle=secret-action exit=0 outputLength=30 timedOut=false --- PASS: TestEventStreamLeaksUnauthorizedExecutionOutput (0.00s) PASS ok github.com/OliveTin/OliveTin/internal/api 0.025s ``` What this proves: - admin can execute the protected action - alice has no ACLs - alice still receives the streamed completion event for the protected action - protected action output is exposed through the event stream ### Impact This is an authenticated broken access control / information disclosure vulnerability. A low-privileged authenticated user can subscribe to EventStream and receive: - action execution metadata - execution tracking IDs - initiating username - live output chunks - final command output Who is impacted: - multi-user OliveTin deployments - environments where privileged actions produce secrets, tokens, internal system details, or other sensitive operational output - deployments where lower-privileged authenticated users can access the dashboard and subscribe to live events This bypasses intended per-action log/view restrictions for protected actions.

Information Disclosure Authentication Bypass Olivetin +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in Himmelblau prior to versions 3.1.0 and 2.3.8 allows authenticated local users to exploit insecure Kerberos cache file handling in the root-running himmelblaud-tasks daemon through symlink attacks. The vulnerability stems from the removal of PrivateTmp protections, exposing /tmp operations to symlink-based file overwrite and ownership manipulation attacks. An attacker with local access can leverage this flaw to achieve arbitrary file modification and full system compromise.

Privilege Escalation Microsoft Himmelblau +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Quill before v0.7.1 is susceptible to denial of service through unbounded memory allocation when processing maliciously crafted Mach-O binaries. Environments accepting externally-submitted binaries for signing—such as CI/CD pipelines and shared signing services—face resource exhaustion attacks if they process attacker-controlled files. An authenticated local attacker can trigger excessive memory consumption by exploiting unvalidated size fields in code signing structures, causing the application to crash or hang.

Golang Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded memory consumption in Quill's Apple notarization process allows denial of service when HTTP responses lack size validation, affecting environments with TLS-intercepting proxies or compromised certificate authorities where response manipulation is possible. An attacker positioned to intercept or modify notarization API responses can return arbitrarily large payloads to exhaust memory and crash the signing process. This impacts corporate networks and environments with trust boundary violations, though exploitation is not feasible under standard HTTPS conditions with proper certificate validation.

TLS Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Quill before v0.7.1 contains a server-side request forgery vulnerability in its Apple notarization log retrieval functionality that fails to validate URL schemes and destination hosts. Exploitation requires an attacker to intercept or modify API responses, making it primarily a threat in environments with TLS-intercepting proxies, compromised certificate authorities, or other trust boundary violations. An attacker could redirect notarization requests to internal or multicast addresses, potentially exposing sensitive information or accessing restricted resources.

TLS SSRF Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.

Python Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

cpp-httplib versions prior to 0.37.1 crash when the streaming API receives a malformed Content-Length header from any server, as the library fails to validate or handle exceptions from the underlying string parsing function. An attacker can exploit this denial of service condition by hosting a malicious server, performing a man-in-the-middle attack, or leveraging HTTP redirects to crash any client application using the vulnerable library. Currently no patch is available for this issue.

Denial Of Service Cpp Httplib Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Kubernetes flagd feature flag daemon versions before 0.14.2 are vulnerable to denial of service through unbounded memory allocation on publicly accessible evaluation endpoints. An unauthenticated attacker can send HTTP requests with arbitrarily large payloads to exhaust memory and crash the service. This affects deployments without external authentication controls, allowing trivial process termination in containerized environments.

Kubernetes Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue +2
NVD GitHub VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by heap-based buffer overflow (CVSS 5.7).

Buffer Overflow Heap Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. An attacker can crash Curl-based applications or services by triggering multiple SMB requests, though remote code execution is not possible due to the nature of the memory corruption.

Use After Free Curl Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

OAuth2 bearer token leakage in curl and .NET occurs when HTTP redirects are followed to a second hostname that matches entries in the .netrc configuration file, allowing attackers to obtain valid authentication tokens for unintended hosts. Public exploit code exists for this vulnerability affecting curl and .NET applications that rely on OAuth2 authentication with automatic redirect handling. This medium-severity vulnerability (CVSS 5.3) requires network access but no user interaction, and patches are available from vendors.

.NET Curl Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

libcurl incorrectly reuses authenticated connections when processing Negotiate authentication requests, allowing an attacker with valid credentials to access resources authenticated under different user accounts. An authenticated attacker can exploit this connection pooling logic error to bypass authentication checks by reusing an existing connection that was authenticated with different credentials. This affects libcurl implementations using Negotiate authentication where multiple users access the same server.

Information Disclosure Curl Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Istio versions prior to 1.29.1, 1.28.5, and 1.27.8 are vulnerable to authorization policy bypass through improper Envoy RBAC handling of multi-valued HTTP headers. An attacker can craft requests with multiple header values that cause the authorization engine to evaluate headers differently than intended, allowing unauthorized access to protected microservices. No patch is currently available for this vulnerability.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. versions up to 6.8.0 is affected by allocation of resources without limits or throttling.

Python Denial Of Service Pypdf +2
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Arbitrary file write in OliveTin prior to 3000.11.2 allows authenticated attackers to write files to arbitrary filesystem locations via path traversal in the UniqueTrackingId parameter when the saveLogs feature is enabled. The vulnerability enables denial of service and potential system compromise through log file manipulation. Public exploit code exists and no patch is currently available.

Path Traversal Olivetin Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

SiYuan's SVG sanitizer fails to properly filter malicious href attributes when whitespace characters are inserted into javascript: URLs, allowing reflected cross-site scripting on the unauthenticated /api/icon/getDynamicIcon endpoint. Public exploit code exists for this vulnerability, which bypasses the previous fix for CVE-2026-29183. Attackers can inject executable JavaScript to target unauthenticated users of SiYuan versions prior to 3.5.10.

XSS Siyuan Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Reflected XSS in SiYuan's /api/icon/getDynamicIcon endpoint allows unauthenticated attackers to inject malicious JavaScript through SVG animation elements that bypass the sanitizer's static filters. The vulnerability exists because the SVG sanitizer blocks script tags and event handlers but fails to restrict <animate> and <set> elements, which can dynamically modify attributes at runtime to execute code. Public exploit code exists and patches are not yet available for affected versions prior to 3.5.10.

XSS Siyuan Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Zot registry versions 1.3.0 through 2.1.14 have an authorization bypass in the manifest upload endpoint that allows authenticated users with only create permissions to overwrite the latest tag when it already exists. An attacker with limited write privileges can leverage this flaw to replace the latest image version, potentially distributing malicious container images to downstream consumers. The vulnerability is fixed in version 2.1.15.

Authentication Bypass Zot Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in Firefox versions prior to 148.0.2 results from multiple memory corruption flaws in the browser's memory safety implementation. An unauthenticated attacker can exploit these vulnerabilities through a malicious webpage requiring user interaction to achieve remote code execution with full system privileges. No patch is currently available for this vulnerability.

Mozilla Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Firefox's CSS parsing engine fails to properly enforce same-origin policy restrictions, allowing attackers to perform unauthorized modifications to web content across different origins through user interaction. Versions prior to 148.0.2 are affected, and the vulnerability requires user engagement to exploit. No patch is currently available, leaving vulnerable installations at risk of data integrity attacks.

Mozilla Authentication Bypass Suse
NVD VulDB
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Stored cross-site scripting in FileBrowser versions prior to 1.3.1-beta and 1.2.2-stable allows authenticated attackers to inject malicious scripts through share metadata fields that are improperly rendered without HTML escaping. When victims visit affected share URLs, the injected scripts execute in their browsers with full privileges, potentially leading to session hijacking, credential theft, or further compromise. A patch is available in the fixed versions, though exploitation currently shows 0% adoption likelihood.

XSS Filebrowser Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

FileBrowser versions prior to 1.3.1-beta and 1.2.2-stable leak authentication tokens through the /public/api/share/info endpoint, allowing unauthenticated attackers to bypass password protections on shared files. The vulnerability stems from an incomplete fix to CVE-2026-27611 and enables token disclosure that could facilitate unauthorized file access. No patch is currently available for affected installations.

Information Disclosure Filebrowser Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Glances is an open-source system cross-platform monitoring tool. versions up to 4.5.1 is affected by information exposure.

Information Disclosure Glances Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Red Hat +1
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Apache PDFBox versions 2.0.24-2.0.35 and 3.0.0-3.0.6 contain a path traversal vulnerability in the ExtractEmbeddedFiles example that allows attackers to write files outside the intended extraction directory by manipulating embedded file names. Organizations that have integrated this example code into production systems are at risk of unauthorized file writes on the host system. No patch is currently available, requiring developers to manually implement path validation to ensure extracted files remain within the designated directory.

Apache Path Traversal Pdfbox +2
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

SiYuan prior to 3.5.10 has a path traversal vulnerability enabling arbitrary file access through crafted API requests.

RCE Path Traversal Siyuan +1
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Pocket ID versions prior to 2.4.0 fail to properly validate authorization codes at the OIDC token endpoint, enabling attackers with valid credentials to exchange codes across different clients or reuse expired codes. This authentication bypass affects any service relying on Pocket ID for passkey-based authentication and allows token acquisition without proper authorization. Public exploit code exists for this vulnerability, and no patch is currently available.

Authentication Bypass Pocket Id Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Pocket ID versions 2.0.0 through 2.3.x suffer from improper callback URL validation that allows attackers to bypass redirect URI restrictions using URL userinfo characters (@), enabling authorization code interception. An attacker can craft a malicious authorization link to redirect authentication codes to an attacker-controlled server if a user is tricked into clicking it. Public exploit code exists for this vulnerability, and no patch is currently available.

Open Redirect Pocket Id Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.

Buffer Overflow Microsoft Heap Overflow +4
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur. ``` ================================================================= ==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370 READ of size 4 at 0x50a0000079c0 thread T0 ```

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.

Buffer Overflow Heap Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

Buffer Overflow Stack Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

SiYuan Note prior to version 3.5.10 contains an insufficient authorization flaw in the /api/block/appendHeadingChildren endpoint that allows authenticated users with read-only (RoleReader) privileges to modify notebook content by appending blocks to documents. The vulnerability exists because the endpoint applies only basic authentication checks instead of enforcing stricter administrative or read-only restrictions. Affected users should upgrade to version 3.5.10 or later, as no workaround is currently available and exploitation requires only network access and valid read-only credentials.

Privilege Escalation Authentication Bypass Siyuan +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by buffer overflow (CVSS 5.7).

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Heap over-read in ImageMagick's MAT decoder prior to versions 7.1.2-16 and 6.9.13-41 results from incorrect arithmetic parenthesization, allowing remote attackers to leak sensitive memory contents and cause denial of service through crafted MAT image files. The vulnerability requires no authentication or user interaction and affects systems using vulnerable ImageMagick versions for image processing. No patch is currently available, leaving users dependent on upgrading to patched versions when released.

Buffer Overflow Information Disclosure Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Imagemagick versions up to 7.1.2-16 is affected by improper link resolution before file access (CVSS 6.3).

Path Traversal Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-16 and 6.9.13-41 contain a heap-use-after-free vulnerability in the MSL encoder that can be triggered by local attackers to cause denial of service through double-free conditions on cloned images. The vulnerability requires local access with no special privileges or user interaction, resulting in application crashes or potential memory corruption. No patch is currently available for affected versions.

Use After Free Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap use-after-free in ImageMagick's MSL decoder (versions before 7.1.2-16 and 6.9.13-41) allows remote attackers to trigger memory access violations via specially crafted MSL files, resulting in denial of service. The vulnerability requires no authentication or user interaction and affects systems processing untrusted image files. No patch is currently available for this MEDIUM severity issue.

Use After Free Imagemagick Red Hat +1
NVD GitHub VulDB
Prev Page 36 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy