Skip to main content

Suse

9339 CVEs vendor

Monthly

CVE-2025-71238 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access in kernel mode [5353358.825195] #PF: error_code(0x0002) - not-present page [5353358.825196] PGD 100006067 P4D 0 [5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI [5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1 [5353358.825203] Hardware name: HPE ProLiant DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025 [5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10 [5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246 [5353358.825212] RAX: ff5f5e897b024000 RBX: 0000000000007090 RCX: 0000000000001000 [5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI: ff5f5e897b024000 [5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000 [5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090 [5353358.825216] R13: ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000 [5353358.825218] FS: 00007f1e88d47740(0000) GS:ff46cf935f940000(0000) knlGS:0000000000000000 [5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0 [5353358.825221] PKRU: 55555554 [5353358.825222] Call Trace: [5353358.825223] <TASK> [5353358.825224] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825232] ? sg_copy_buffer+0xc8/0x110 [5353358.825236] ? __die_body.cold+0x8/0xd [5353358.825238] ? page_fault_oops+0x134/0x170 [5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110 [5353358.825244] ? exc_page_fault+0xa8/0x150 [5353358.825247] ? asm_exc_page_fault+0x22/0x30 [5353358.825252] ? memcpy_erms+0x6/0x10 [5353358.825253] sg_copy_buffer+0xc8/0x110 [5353358.825259] qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx] [5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0 [qla2xxx] Most routines in qla_bsg.c call bsg_done() only for success cases.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27932 PyPI HIGH POC PATCH This Week

Joserfc versions 1.6.2 and earlier fail to validate the PBES2 iteration count parameter in JWE tokens, allowing unauthenticated attackers to trigger CPU exhaustion by specifying arbitrarily large values in the p2c header field. An attacker can exploit this resource exhaustion vulnerability to cause denial of service against any system using the library to decrypt JWE tokens. Public exploit code exists for this vulnerability, and a patch is available.

Python Denial Of Service Joserfc Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0540 npm MEDIUM PATCH This Month

DOMPurify versions 2.5.3-2.5.8 and 3.1.3-3.3.1 fail to sanitize attribute values within certain rawtext HTML elements (noscript, xmp, noembed, noframes, iframe), allowing attackers to inject malicious scripts that execute when sanitized content is rendered in these contexts. An attacker can exploit this by embedding JavaScript payloads in HTML attributes, bypassing DOMPurify's sanitization to achieve cross-site scripting. A patch is available in commit 729097f.

XSS Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-3351 Go MEDIUM POC PATCH This Month

Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authenticated users with restricted privileges to enumerate all certificate fingerprints trusted by the server. Public exploit code exists for this vulnerability. While this enables information disclosure with limited impact, it could facilitate further attacks by revealing trust relationships on the system.

Linux Lxd Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3337 Cargo MEDIUM PATCH This Month

Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.

AWS Aws Libcrypto Aws Lc Fips Sys Aws Lc Sys Red Hat +2
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-27631 MEDIUM PATCH This Month

Exiv2 versions prior to 0.28.8 are vulnerable to a denial of service attack through integer overflow in the preview component when specific command-line arguments are used, causing the application to crash with an uncaught exception. An attacker can trigger this vulnerability by providing a specially crafted image file to crash Exiv2 processes, affecting systems that rely on the library for metadata processing. A patch is available in version 0.28.8 and later.

Integer Overflow Denial Of Service Exiv2 Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27596 HIGH PATCH This Week

Out-of-bounds memory read in Exiv2 prior to version 0.28.8 causes denial of service through application crash when processing specially crafted image files with the preview extraction feature. The vulnerability requires specific command-line arguments (such as -pp) to trigger and affects all users running vulnerable Exiv2 versions for image metadata operations. A patch is available in version 0.28.8 and later.

Denial Of Service Exiv2 Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25884 HIGH POC PATCH This Week

Out-of-bounds read in Exiv2's CRW image parser allows remote attackers to cause denial of service and potentially disclose sensitive memory contents through crafted image files. Versions prior to 0.28.8 are affected, and public exploit code exists for this vulnerability. A patch is available that administrators should deploy immediately to prevent exploitation.

Buffer Overflow Information Disclosure Exiv2 Red Hat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28421 MEDIUM POC PATCH This Month

Vim versions before 9.2.0077 contain heap buffer overflow and segmentation fault vulnerabilities in swap file recovery that can be triggered by opening a specially crafted swap file, affecting users who recover sessions from untrusted sources. An attacker could exploit this to cause application crashes or potentially achieve code execution through memory corruption. A patch is available in version 9.2.0077 and later.

Code Injection Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28420 MEDIUM POC PATCH This Month

Vim versions prior to 9.2.0076 contain a heap buffer overflow and out-of-bounds read vulnerability in the terminal emulator when handling Unicode combining characters from supplementary planes, allowing a local attacker with user interaction to cause memory corruption and denial of service. The vulnerability requires local access and user interaction to trigger, with no confidentiality impact but potential integrity and availability consequences. A patch is available in version 9.2.0076 and later.

Buffer Overflow Heap Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28419 MEDIUM PATCH This Month

Vim versions prior to 9.2.0075 contain a heap buffer underflow in the tags file parser that triggers when processing malformed tag files with delimiters at line starts, potentially allowing local attackers with user interaction to read out-of-bounds memory and cause information disclosure or crashes. The vulnerability requires local file system access and user interaction to exploit, with a CVSS score of 5.3 indicating medium severity. A patch is available in Vim 9.2.0075 and later versions.

Heap Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28418 MEDIUM PATCH This Month

Vim versions prior to 9.2.0074 contain a heap buffer overflow in the Emacs-style tags file parser that allows reading up to 7 bytes of out-of-bounds memory when processing malformed tags files. A local attacker can trigger this vulnerability through a crafted tags file to leak sensitive information from the application's memory. The vulnerability has been patched in version 9.2.0074 and later.

Buffer Overflow Heap Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28417 MEDIUM PATCH This Month

Arbitrary command execution in Vim's netrw plugin prior to version 9.2.0073 allows attackers to execute shell commands with user privileges by crafting malicious URLs (such as scp:// handlers) that users are tricked into opening. The vulnerability requires user interaction but poses a local privilege escalation risk in multi-user environments. A patch is available in Vim 9.2.0073 and later.

Command Injection Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28407 Go MEDIUM PATCH This Month

Malcontent versions before 1.21.0 fail to preserve nested archives that cannot be extracted, potentially allowing malicious content to evade detection during supply-chain compromise analysis. An attacker could exploit this by embedding malicious payloads in problematic nested archives that the tool would discard without scanning. The vulnerability has a patch available in version 1.21.0 and later.

Information Disclosure Malcontent Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28351 PyPI MEDIUM PATCH This Month

Crafted PDF files can trigger excessive memory consumption in pypdf versions before 6.7.4 when processing content streams with the RunLengthDecode filter, enabling denial-of-service attacks against applications using the library. An unauthenticated attacker can exploit this remotely by submitting a malicious PDF, causing the affected application to exhaust system memory. A patch is available in pypdf 6.7.4 and later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-28268 Go CRITICAL PATCH Act Now

Business logic vulnerability in Vikunja task management platform before 2.1.0 allows incomplete resource cleanup, potentially enabling unauthorized access to shared resources after user removal.

Authentication Bypass Vikunja Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-28231 PyPI CRITICAL POC PATCH Act Now

Integer overflow in pillow_heif Python library before 1.3.0 leads to out-of-bounds read when processing HEIF images, potentially causing information disclosure or crashes. PoC and patch available.

Python Integer Overflow Denial Of Service Information Disclosure Pillow Heif +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-27824 MEDIUM POC This Month

Calibre Content Server's brute-force protection can be bypassed by manipulating the X-Forwarded-For HTTP header, allowing attackers to circumvent IP-based account lockouts and conduct credential stuffing attacks. Public exploit code exists for this vulnerability, which affects Calibre versions prior to 9.4.0 and poses a significant risk to internet-exposed servers where brute-force protection is the primary authentication defense mechanism. No patch is currently available for affected versions.

Authentication Bypass Calibre Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27810 MEDIUM POC This Month

HTTP response header injection in Calibre Content Server prior to version 9.4.0 permits authenticated users to inject arbitrary headers through an unsanitized query parameter, potentially enabling cache poisoning, session fixation, or credential theft attacks. Any authenticated user can exploit this vulnerability directly or via social engineering, affecting all instances with authentication enabled. Public exploit code exists and no patch is currently available.

Code Injection Calibre Suse
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-27734 Go MEDIUM POC PATCH This Month

Path traversal in Beszel hub's container API endpoints allows authenticated users, including those with read-only roles, to bypass validation and access arbitrary Docker Engine API endpoints on agent hosts through improper URL path construction. This exposure of sensitive infrastructure details affects Beszel versions prior to 0.18.4 and Docker integrations, with public exploit code already available. The vulnerability requires valid authentication but no special privileges, making it exploitable by low-privileged users in multi-tenant environments.

Docker Beszel Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13327 LIB MEDIUM PATCH This Month

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package. [CVSS 6.3 MEDIUM]

Information Disclosure Uv Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2021-4456 MEDIUM PATCH This Month

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. [CVSS 6.5 MEDIUM]

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-40932 HIGH This Week

Apache\ versions up to \ contains a vulnerability that allows attackers to gain access to systems (CVSS 8.2).

Apache Suse
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-28280 Go MEDIUM PATCH This Month

Stored XSS in osctrl-admin prior to version 0.5.0 allows low-privileged users with query permissions to inject malicious JavaScript into the on-demand query list, affecting all users who view the page. An attacker can exploit this vulnerability to steal CSRF tokens and impersonate other users, potentially compromising the entire platform if an administrator is compromised. A patch is available in version 0.5.0.

XSS CSRF Osctrl Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28279 Go HIGH PATCH This Week

Remote code execution in osctrl prior to version 0.5.0 allows authenticated administrators to inject arbitrary OS commands through the hostname parameter during environment configuration, which are then executed on all endpoints enrolling via the compromised environment. The injected commands execute with root/SYSTEM privileges before osquery installation, providing complete system compromise with minimal audit trails. A patch is available in version 0.5.0 and later.

RCE Command Injection Osctrl Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-27457 PyPI MEDIUM PATCH This Month

Weblate versions prior to 5.16.1 fail to properly restrict API access to addon data, allowing authenticated users to enumerate and access all addons across every project and component in the system. An attacker with valid credentials can query the REST API endpoints to retrieve sensitive addon information that should be scoped to their assigned permissions. This information disclosure vulnerability is fixed in version 5.16.1.

Information Disclosure Weblate Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27141 Go HIGH PATCH This Week

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic [CVSS 7.5 HIGH]

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28296 MEDIUM PATCH This Month

FTP command injection in GVfs backend allows remote attackers to execute arbitrary FTP commands by embedding CRLF sequences in crafted file paths, potentially leading to unauthorized access or code execution. The vulnerability requires user interaction and affects systems utilizing the FTP GVfs backend for file operations. A patch is available to remediate this input validation weakness.

RCE Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-28295 MEDIUM PATCH This Month

GVfs FTP backend clients blindly trust server-provided IP addresses and ports during passive mode connections, enabling malicious FTP servers to conduct network reconnaissance and probe for open ports from the client's network perspective. The vulnerability requires user interaction but poses a confidentiality risk to network topology information. A patch is available to address this trust validation issue.

SSRF Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27465 Go MEDIUM PATCH This Month

Fleet versions up to 4.80.1 contains a vulnerability that allows attackers to unauthorized access to Google Calendar resources associated with the service acc (CVSS 6.5).

Privilege Escalation Fleet Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25963 Go MEDIUM PATCH This Month

Fleet device management software versions before 4.80.1 contain an authorization bypass in the certificate template deletion API that allows team administrators to delete certificate templates belonging to other teams. The vulnerability stems from insufficient validation of template ownership during batch deletion operations, enabling cross-team resource destruction that could disrupt certificate-dependent functions like device enrollment and VPN access. A patch is not yet available as of this CVE publication.

Privilege Escalation Fleet Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24004 Go MEDIUM PATCH This Month

Fleet's Android MDM Pub/Sub endpoint fails to authenticate requests prior to version 4.80.1, allowing unauthenticated attackers to remotely trigger device unenrollment and remove Android devices from management. The vulnerability has limited impact, affecting only device management continuity without providing access to Fleet itself or device data. Organizations running vulnerable versions should upgrade immediately or disable Android MDM until patching is possible.

Android Fleet Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-23999 Go MEDIUM PATCH This Month

Fleet's device lock and wipe PIN generation relies on predictable timestamps without additional entropy, allowing attackers with physical access to a locked device and knowledge of the approximate lock time to brute-force the 6-digit PIN within a limited search window. This vulnerability affects Fleet versions prior to 4.80.1 and requires local access and timing knowledge to exploit. No patch is currently available.

Authentication Bypass Fleet Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27969 Go HIGH PATCH This Week

Path traversal in Vitess backup manifest handling allows authenticated attackers with access to backup storage to write arbitrary files to any location during restore operations, potentially achieving remote code execution on production MySQL deployments. An attacker can manipulate backup manifests to extract files outside intended directories, gaining unauthorized access to sensitive data and the ability to execute arbitrary commands in the production environment. Patches are available for versions 23.0.3 and 22.0.4.

MySQL Path Traversal Vitess Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27965 Go CRITICAL PATCH Act Now

Command injection in Vitess MySQL clustering system before 23.0.3/22.0.4. Users with read/write access to the backup store can achieve code execution. Patch available.

MySQL Vitess Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27904 npm HIGH POC PATCH This Week

Minimatch versions prior to 10.2.3 (and earlier affected versions) suffer from ReDoS vulnerabilities in nested extglob patterns that generate regexps with catastrophic backtracking, allowing remote attackers to cause denial of service with minimal input. A 12-byte glob pattern like `*(*(*(a|b)))` combined with an 18-byte non-matching string can hang the application for 7+ seconds, with larger patterns stalling for minutes. Public exploit code exists and no patch is currently available, making this a critical risk for any application using the default minimatch API.

Denial Of Service Minimatch Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27900 Go MEDIUM PATCH This Month

The Terraform Provider for Linode prior to version 3.9.0 exposes sensitive credentials including passwords and API tokens in debug logs when debug logging is explicitly enabled. Authenticated attackers with access to these logs through CI/CD pipelines, log aggregation systems, or shared debug output can extract exposed secrets. This vulnerability requires an authenticated user and debug logging activation, making it exploitable primarily in environments where logging is intentionally enabled for troubleshooting.

Information Disclosure Linode Provider Suse
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-27899 Go HIGH PATCH This Week

Privilege escalation in WireGuard Portal prior to version 2.1.3 allows authenticated non-admin users to gain full administrator access by modifying their own user profile with an IsAdmin flag set to true. The vulnerability exists because the server fails to properly validate and restrict the IsAdmin field during profile updates, allowing the privilege change to persist after re-authentication. Affected deployments require immediate patching to version 2.1.3 or later to prevent unauthorized administrative access.

Docker Wireguard Wireguard Portal Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-22728 Go MEDIUM PATCH This Month

Bitnami Sealed Secrets improperly validates user-supplied annotations during secret rotation, allowing authenticated attackers to escalate secret scope from namespace-wide or strict constraints to cluster-wide. An attacker can inject a malicious annotation into the rotation request to obtain a rotated secret accessible across any namespace, potentially enabling lateral movement and unauthorized access to sensitive credentials throughout the cluster.

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-27946 Go MEDIUM PATCH GHSA This Month

Zitadel versions prior to 4.11.1 and 3.4.7 permit authenticated users to bypass email and phone verification procedures through the self-management feature, allowing them to mark contact information as verified without completing actual validation. This integrity bypass enables account compromise scenarios where attackers with valid credentials can impersonate other users or escalate privileges by falsifying verified contact details. No patch is currently available for affected deployments, though implementing action rules (v2) can mitigate the risk.

Authentication Bypass Zitadel Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27945 Go MEDIUM PATCH This Month

Server-Side Request Forgery in Zitadel's Action V2 webhook feature allows unauthenticated attackers to probe internal network services and gather information about internal infrastructure by crafting malicious webhook target URLs pointing to localhost or private IP addresses. The vulnerability affects Zitadel versions 4.0.0 through 4.11.0, with schema validation providing limited mitigation. No patch is currently available.

SSRF Zitadel Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27888 PyPI HIGH PATCH This Week

Denial of service in pypdf prior to version 6.7.3 allows remote attackers to exhaust system memory by crafting malicious PDF files that exploit FlateDecode-compressed streams accessed through the xfa property. The vulnerability requires no authentication or user interaction and affects any application processing untrusted PDF documents with the vulnerable library. Upgrade to pypdf 6.7.3 or later to remediate.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27840 Go MEDIUM PATCH This Month

Zitadel versions 2.31.0 through 3.4.6 and 4.10.x accept truncated opaque OIDC access tokens as valid when shortened to 80 characters, allowing attackers to bypass token validation and gain unauthorized access to protected resources. This affects deployments using the v2 token format where the symmetric encryption scheme fails to properly validate token length, enabling token forgery or reuse attacks.

Information Disclosure Zitadel Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27808 Go MEDIUM POC PATCH This Month

Mailpit versions prior to 1.29.2 contain a Server-Side Request Forgery vulnerability in the Link Check API that allows unauthenticated remote attackers to perform HTTP requests to arbitrary hosts, including internal and private IP addresses. The API fails to validate or filter target URLs and returns status codes for each link, enabling non-blind SSRF attacks. Public exploit code exists for this vulnerability, affecting deployments with default configuration.

SSRF Mailpit Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-27799 NuGet MEDIUM PATCH This Month

Heap buffer over-read in ImageMagick and Magick.NET's DJVU image handler allows local attackers to read out-of-bounds memory through integer truncation in stride calculations. An attacker can trigger this vulnerability by supplying a malicious DJVU file, potentially leading to information disclosure or application crashes. Updates are available for ImageMagick versions 7.1.2-15, 6.9.13-40 and later.

Buffer Overflow Imagemagick Magick.Net Red Hat Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-27798 NuGet MEDIUM PATCH This Month

Magick.NET and ImageMagick versions before 7.1.2-15 and 6.9.13-40 are vulnerable to heap buffer over-read when processing low-resolution images with the wavelet-denoise filter, allowing local attackers to read sensitive memory. This out-of-bounds read could expose confidential information from adjacent heap memory with no possibility of code execution or denial of service. A patch is available for affected users.

Buffer Overflow Magick.Net Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-26186 Go HIGH PATCH This Week

SQL injection in Fleet device management software before version 4.80.1 allows authenticated users to manipulate the order_key parameter and inject arbitrary SQL commands through improper identifier handling in ORDER BY clauses. An attacker with valid credentials can exploit this vulnerability to perform blind SQL injection attacks, potentially extracting sensitive database information or causing denial of service through resource exhaustion. No patch is currently available for this high-severity vulnerability affecting MySQL implementations.

MySQL SQLi Denial Of Service Fleet Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27951 MEDIUM POC PATCH This Month

An integer overflow in FreeRDP's Stream_EnsureCapacity function prior to version 3.23.0 can trigger an endless blocking loop, causing denial of service on affected client and server implementations. This vulnerability primarily impacts 32-bit systems with sufficient physical memory and has public exploit code available. Administrators should upgrade to FreeRDP 3.23.0 or later to remediate this issue.

Integer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-27950 HIGH PATCH This Week

FreeRDP versions prior to 3.23.0 contain an incomplete fix for a heap-use-after-free vulnerability that affects only the SDL2 code path, where freed memory pointers are not properly nulled, allowing an unauthenticated attacker to trigger a denial of service condition. Users running FreeRDP with SDL2 backends remain vulnerable despite the advisory claiming the issue was resolved. Upgrade to version 3.23.0 or later to obtain the complete fix.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27819 Go HIGH POC This Week

Vikunja before version 2.0.0 contains a path traversal vulnerability in its backup restoration function that fails to validate file paths in ZIP archives, allowing attackers with high privileges to write arbitrary files to the host system. Public exploit code exists for this vulnerability, and malformed archives can trigger a denial of service that permanently wipes the database before crashing the application. The flaw affects Vikunja and the underlying Go platform, with no patch currently available.

Golang Denial Of Service Vikunja Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-27616 Go HIGH POC This Week

Stored cross-site scripting (XSS) in Vikunja prior to version 2.0.0 allows authenticated attackers to steal authentication tokens by uploading malicious SVG files containing JavaScript that executes when accessed directly. The vulnerability exists because the application fails to sanitize SVG content before storage and renders it inline under the application origin, enabling token theft from localStorage. Public exploit code exists for this vulnerability and no patch is currently available for affected versions.

File Upload XSS Vikunja Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-27575 Go CRITICAL POC Act Now

Weak password policy in Vikunja task management before 2.0.0 allows users to set trivially guessable passwords. PoC available.

Information Disclosure Vikunja Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27116 Go MEDIUM POC This Month

Vikunja is an open-source self-hosted task management platform. [CVSS 6.1 MEDIUM]

XSS Vikunja Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-26986 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3172 HIGH POC PATCH This Week

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 versions up to 0.8.1 is affected by integer underflow (CVSS 8.1).

Buffer Overflow Denial Of Service AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-27015 MEDIUM POC PATCH This Month

Denial of service in FreeRDP prior to version 3.23.0 allows a malicious RDP server to crash the client application through a missing bounds check in smartcard packet handling. This vulnerability affects users who have explicitly enabled smartcard redirection, and public exploit code exists. The crash is triggered via assertion failure in builds with verbose assert checking enabled, which is the default configuration in FreeRDP 3.22.0.

Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26271 MEDIUM PATCH This Month

FreeRDP versions prior to 3.23.0 are vulnerable to a buffer overread in icon data processing that allows denial of service when clients receive crafted RDP Window Icon data from a server or network attacker. An unauthenticated remote attacker can exploit this vulnerability to crash the FreeRDP client by sending malicious icon structures during the RDP connection. A patch is available in version 3.23.0 and later.

Buffer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25997 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_clipboard_format_equal before 3.23.0. Clipboard format comparison uses freed memory. Fifth FreeRDP UAF. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25959 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_cliprdr_provide_data clipboard handling before 3.23.0. Clipboard data exchange triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25955 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Different code path from CVE-2026-25953. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25954 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25953 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Surface-to-window update triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25952 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_SetWindowMinMaxInfo before version 3.23.0. X11 client window management triggers memory corruption. PoC and patch available.

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25942 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25941 MEDIUM POC PATCH This Month

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 4.3 MEDIUM]

Denial Of Service Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-27730 Go HIGH POC PATCH This Week

esm.sh versions up to 137 contain an SSRF vulnerability in the `/http(s)` fetch route that allows remote attackers to bypass hostname validation through DNS alias domains and access internal localhost services. Public exploit code exists for this vulnerability, and no patches are currently available. This affects users of esm.sh CDN services and any applications relying on the affected versions.

DNS SSRF Esm.Sh Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50180 Go HIGH POC PATCH This Week

esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. [CVSS 7.5 HIGH]

SSRF Esm.Sh Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3203 MEDIUM PATCH This Month

Wireshark versions 4.4.0-4.4.13 and 4.6.0-4.6.3 crash when processing malformed RF4CE Profile protocol packets, enabling local denial of service attacks through user interaction. An attacker can trigger an out-of-bounds read by supplying a specially crafted packet file to a target user, causing the application to become unavailable. No patch is currently available for this vulnerability.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-3202 MEDIUM PATCH This Month

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service [CVSS 4.7 MEDIUM]

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-3201 MEDIUM POC PATCH This Month

Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-27699 npm CRITICAL POC PATCH Act Now

Path traversal in basic-ftp Node.js FTP client library before 5.2.0 allows malicious FTP servers to write files outside the intended download directory. PoC and patch available.

Node.js Path Traversal Basic Ftp Red Hat Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-26104 MEDIUM PATCH This Month

Unprivileged users can extract LUKS encryption headers from the udisks daemon due to missing authorization checks on a privileged D-Bus method, allowing attackers to read sensitive cryptographic metadata and potentially compromise encrypted storage confidentiality. The vulnerability affects systems running vulnerable versions of udisks and requires local access to exploit. No patch is currently available.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-67601 Go HIGH PATCH This Week

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the -cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. [CVSS 8.3 HIGH]

Authentication Bypass Rancher Suse
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-62878 Go CRITICAL PATCH Act Now

Path traversal in Kubernetes PersistentVolume creation via pathPattern parameter allows creating volumes in arbitrary host filesystem locations. CVSS 9.9 with scope change.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-11563 MEDIUM PATCH This Month

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool. [CVSS 4.6 MEDIUM]

Path Traversal Wcurl Red Hat Suse
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-27624 HIGH POC PATCH This Week

Coturn TURN/STUN server contains an access control bypass that allows remote attackers to reach blocked internal addresses by exploiting IPv4-mapped IPv6 address handling in permission and channel binding requests. The vulnerability bypasses "denied-peer-ip" restrictions designed to block loopback ranges, enabling an attacker to interact with internal services that should be unreachable. Public exploit code exists for this flaw, and a patch is available in version 4.9.0 and later.

Authentication Bypass Coturn Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-27628 PyPI HIGH PATCH This Week

Pypdf versions up to 6.7.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27626 Go CRITICAL POC PATCH Act Now

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. PoC available.

RCE Command Injection Olivetin Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27611 Go MEDIUM POC PATCH GHSA This Month

FileBrowser Quantum versions prior to 1.1.3-stable and 1.2.6-beta expose a password bypass vulnerability in shared files, allowing unauthenticated recipients to download protected content by accessing the direct download link embedded in share details. An attacker possessing only the share link can retrieve files without providing the intended password, completely circumventing access controls. Public exploit code exists for this vulnerability, and patches are available in the patched versions.

Information Disclosure Filebrowser Quantum Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27598 Go MEDIUM POC PATCH This Month

Arbitrary file write in Dagu workflow engine up to version 1.16.7 allows authenticated users with DAG write permissions to place malicious YAML files anywhere on the filesystem due to insufficient name validation in the CreateNewDAG API endpoint. Since Dagu executes DAG files as shell commands, an attacker can achieve remote code execution by overwriting existing DAGs or configuration files. Public exploit code exists for this vulnerability, and a patch is available.

RCE Dagu Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25899 Go HIGH POC PATCH This Week

Unbounded memory allocation in Fiber v3 (prior to 3.1.0) allows unauthenticated remote attackers to trigger denial of service by sending a malicious fiber_flash cookie that forces deserialization of up to 85GB of memory. All v3 endpoints are vulnerable regardless of flash message usage, and public exploit code exists. No patch is currently available.

Deserialization Fiber Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25891 Go HIGH POC PATCH This Week

Fiber web framework versions 3.0.0 and earlier on Windows contain a path traversal vulnerability that allows remote attackers to bypass static file middleware protections and read arbitrary files from the server. Public exploit code exists for this vulnerability, which affects applications using the vulnerable Fiber versions. The issue has been patched in Fiber v3.1.0.

Windows Path Traversal Fiber Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25882 Go HIGH POC PATCH This Week

Fiber web framework versions 2 and 3 are vulnerable to denial of service attacks when processing requests to routes containing more than 30 parameters, enabling remote attackers to crash affected applications without authentication. The vulnerability stems from insufficient validation during route registration and unbounded array writes in request matching logic. Public exploit code exists for this high-severity flaw, though patches are available in Fiber v2.52.12 and v3.1.0.

Denial Of Service Fiber Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27590 Go CRITICAL POC PATCH Act Now

FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.

PHP TLS RCE Caddy Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-27589 Go MEDIUM POC PATCH This Month

Caddy versions prior to 2.11.1 allow unauthenticated cross-origin requests to the admin API when origin enforcement is disabled, enabling attackers to remotely reconfigure the server through malicious web content loaded in a victim's browser. Public exploit code exists for this vulnerability, which can be leveraged to modify HTTP server behavior and admin listener settings without user knowledge. The vulnerability affects Caddy and TLS implementations, with no patch currently available for affected versions.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27588 Go CRITICAL POC PATCH Act Now

Host header case sensitivity bypass in Caddy before 2.11.1. Virtual host routing can be bypassed by using alternate casing in the Host header. PoC available.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27587 Go CRITICAL POC PATCH Act Now

Case sensitivity bypass in Caddy web server path matching before 2.11.1. HTTP path matchers can be bypassed using alternate casing on case-insensitive filesystems. PoC available.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27586 Go CRITICAL POC PATCH Act Now

TLS error swallowing in Caddy web server before 2.11.1 allows bypassing client certificate authentication. Errors in ClientCAs handling are silenced, potentially accepting invalid client certificates. PoC available.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-27585 Go MEDIUM POC PATCH This Month

Caddy versions prior to 2.11.1 fail to sanitize backslashes in file path matching, allowing attackers to bypass path-based security controls through specially crafted requests. The vulnerability affects systems with specific Caddy configurations and has public exploit code available. Exploitation requires network access with no authentication, resulting in limited information disclosure or modification of restricted resources.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27571 Go MEDIUM PATCH This Month

NATS Server versions prior to 2.11.2 and 2.12.3 fail to properly limit memory allocation during WebSocket compression, allowing unauthenticated attackers to trigger denial of service through compression bomb attacks that exhaust server memory. The vulnerability is exploitable pre-authentication since compression negotiation occurs before credential validation. A patch is available in versions 2.11.2 and 2.12.3.

Information Disclosure Nats Server Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access in kernel mode [5353358.825195] #PF: error_code(0x0002) - not-present page [5353358.825196] PGD 100006067 P4D 0 [5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI [5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1 [5353358.825203] Hardware name: HPE ProLiant DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025 [5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10 [5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246 [5353358.825212] RAX: ff5f5e897b024000 RBX: 0000000000007090 RCX: 0000000000001000 [5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI: ff5f5e897b024000 [5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000 [5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090 [5353358.825216] R13: ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000 [5353358.825218] FS: 00007f1e88d47740(0000) GS:ff46cf935f940000(0000) knlGS:0000000000000000 [5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0 [5353358.825221] PKRU: 55555554 [5353358.825222] Call Trace: [5353358.825223] <TASK> [5353358.825224] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825232] ? sg_copy_buffer+0xc8/0x110 [5353358.825236] ? __die_body.cold+0x8/0xd [5353358.825238] ? page_fault_oops+0x134/0x170 [5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110 [5353358.825244] ? exc_page_fault+0xa8/0x150 [5353358.825247] ? asm_exc_page_fault+0x22/0x30 [5353358.825252] ? memcpy_erms+0x6/0x10 [5353358.825253] sg_copy_buffer+0xc8/0x110 [5353358.825259] qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx] [5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0 [qla2xxx] Most routines in qla_bsg.c call bsg_done() only for success cases.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Joserfc versions 1.6.2 and earlier fail to validate the PBES2 iteration count parameter in JWE tokens, allowing unauthenticated attackers to trigger CPU exhaustion by specifying arbitrarily large values in the p2c header field. An attacker can exploit this resource exhaustion vulnerability to cause denial of service against any system using the library to decrypt JWE tokens. Public exploit code exists for this vulnerability, and a patch is available.

Python Denial Of Service Joserfc +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

DOMPurify versions 2.5.3-2.5.8 and 3.1.3-3.3.1 fail to sanitize attribute values within certain rawtext HTML elements (noscript, xmp, noembed, noframes, iframe), allowing attackers to inject malicious scripts that execute when sanitized content is rendered in these contexts. An attacker can exploit this by embedding JavaScript payloads in HTML attributes, bypassing DOMPurify's sanitization to achieve cross-site scripting. A patch is available in commit 729097f.

XSS Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authenticated users with restricted privileges to enumerate all certificate fingerprints trusted by the server. Public exploit code exists for this vulnerability. While this enables information disclosure with limited impact, it could facilitate further attacks by revealing trust relationships on the system.

Linux Lxd Suse
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.

AWS Aws Libcrypto Aws Lc Fips Sys +4
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Exiv2 versions prior to 0.28.8 are vulnerable to a denial of service attack through integer overflow in the preview component when specific command-line arguments are used, causing the application to crash with an uncaught exception. An attacker can trigger this vulnerability by providing a specially crafted image file to crash Exiv2 processes, affecting systems that rely on the library for metadata processing. A patch is available in version 0.28.8 and later.

Integer Overflow Denial Of Service Exiv2 +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds memory read in Exiv2 prior to version 0.28.8 causes denial of service through application crash when processing specially crafted image files with the preview extraction feature. The vulnerability requires specific command-line arguments (such as -pp) to trigger and affects all users running vulnerable Exiv2 versions for image metadata operations. A patch is available in version 0.28.8 and later.

Denial Of Service Exiv2 Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Out-of-bounds read in Exiv2's CRW image parser allows remote attackers to cause denial of service and potentially disclose sensitive memory contents through crafted image files. Versions prior to 0.28.8 are affected, and public exploit code exists for this vulnerability. A patch is available that administrators should deploy immediately to prevent exploitation.

Buffer Overflow Information Disclosure Exiv2 +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Vim versions before 9.2.0077 contain heap buffer overflow and segmentation fault vulnerabilities in swap file recovery that can be triggered by opening a specially crafted swap file, affecting users who recover sessions from untrusted sources. An attacker could exploit this to cause application crashes or potentially achieve code execution through memory corruption. A patch is available in version 9.2.0077 and later.

Code Injection Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

Vim versions prior to 9.2.0076 contain a heap buffer overflow and out-of-bounds read vulnerability in the terminal emulator when handling Unicode combining characters from supplementary planes, allowing a local attacker with user interaction to cause memory corruption and denial of service. The vulnerability requires local access and user interaction to trigger, with no confidentiality impact but potential integrity and availability consequences. A patch is available in version 9.2.0076 and later.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vim versions prior to 9.2.0075 contain a heap buffer underflow in the tags file parser that triggers when processing malformed tag files with delimiters at line starts, potentially allowing local attackers with user interaction to read out-of-bounds memory and cause information disclosure or crashes. The vulnerability requires local file system access and user interaction to exploit, with a CVSS score of 5.3 indicating medium severity. A patch is available in Vim 9.2.0075 and later versions.

Heap Overflow Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Vim versions prior to 9.2.0074 contain a heap buffer overflow in the Emacs-style tags file parser that allows reading up to 7 bytes of out-of-bounds memory when processing malformed tags files. A local attacker can trigger this vulnerability through a crafted tags file to leak sensitive information from the application's memory. The vulnerability has been patched in version 9.2.0074 and later.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Arbitrary command execution in Vim's netrw plugin prior to version 9.2.0073 allows attackers to execute shell commands with user privileges by crafting malicious URLs (such as scp:// handlers) that users are tricked into opening. The vulnerability requires user interaction but poses a local privilege escalation risk in multi-user environments. A patch is available in Vim 9.2.0073 and later.

Command Injection Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Malcontent versions before 1.21.0 fail to preserve nested archives that cannot be extracted, potentially allowing malicious content to evade detection during supply-chain compromise analysis. An attacker could exploit this by embedding malicious payloads in problematic nested archives that the tool would discard without scanning. The vulnerability has a patch available in version 1.21.0 and later.

Information Disclosure Malcontent Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Crafted PDF files can trigger excessive memory consumption in pypdf versions before 6.7.4 when processing content streams with the RunLengthDecode filter, enabling denial-of-service attacks against applications using the library. An unauthenticated attacker can exploit this remotely by submitting a malicious PDF, causing the affected application to exhaust system memory. A patch is available in pypdf 6.7.4 and later.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Business logic vulnerability in Vikunja task management platform before 2.1.0 allows incomplete resource cleanup, potentially enabling unauthorized access to shared resources after user removal.

Authentication Bypass Vikunja Suse
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Integer overflow in pillow_heif Python library before 1.3.0 leads to out-of-bounds read when processing HEIF images, potentially causing information disclosure or crashes. PoC and patch available.

Python Integer Overflow Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Calibre Content Server's brute-force protection can be bypassed by manipulating the X-Forwarded-For HTTP header, allowing attackers to circumvent IP-based account lockouts and conduct credential stuffing attacks. Public exploit code exists for this vulnerability, which affects Calibre versions prior to 9.4.0 and poses a significant risk to internet-exposed servers where brute-force protection is the primary authentication defense mechanism. No patch is currently available for affected versions.

Authentication Bypass Calibre Suse
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM POC This Month

HTTP response header injection in Calibre Content Server prior to version 9.4.0 permits authenticated users to inject arbitrary headers through an unsanitized query parameter, potentially enabling cache poisoning, session fixation, or credential theft attacks. Any authenticated user can exploit this vulnerability directly or via social engineering, affecting all instances with authentication enabled. Public exploit code exists and no patch is currently available.

Code Injection Calibre Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Path traversal in Beszel hub's container API endpoints allows authenticated users, including those with read-only roles, to bypass validation and access arbitrary Docker Engine API endpoints on agent hosts through improper URL path construction. This exposure of sensitive infrastructure details affects Beszel versions prior to 0.18.4 and Docker integrations, with public exploit code already available. The vulnerability requires valid authentication but no special privileges, making it exploitable by low-privileged users in multi-tenant environments.

Docker Beszel Suse
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package. [CVSS 6.3 MEDIUM]

Information Disclosure Uv Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. [CVSS 6.5 MEDIUM]

Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Apache\ versions up to \ contains a vulnerability that allows attackers to gain access to systems (CVSS 8.2).

Apache Suse
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Stored XSS in osctrl-admin prior to version 0.5.0 allows low-privileged users with query permissions to inject malicious JavaScript into the on-demand query list, affecting all users who view the page. An attacker can exploit this vulnerability to steal CSRF tokens and impersonate other users, potentially compromising the entire platform if an administrator is compromised. A patch is available in version 0.5.0.

XSS CSRF Osctrl +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Remote code execution in osctrl prior to version 0.5.0 allows authenticated administrators to inject arbitrary OS commands through the hostname parameter during environment configuration, which are then executed on all endpoints enrolling via the compromised environment. The injected commands execute with root/SYSTEM privileges before osquery installation, providing complete system compromise with minimal audit trails. A patch is available in version 0.5.0 and later.

RCE Command Injection Osctrl +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Weblate versions prior to 5.16.1 fail to properly restrict API access to addon data, allowing authenticated users to enumerate and access all addons across every project and component in the system. An attacker with valid credentials can query the REST API endpoints to retrieve sensitive addon information that should be scoped to their assigned permissions. This information disclosure vulnerability is fixed in version 5.16.1.

Information Disclosure Weblate Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic [CVSS 7.5 HIGH]

Denial Of Service Red Hat Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

FTP command injection in GVfs backend allows remote attackers to execute arbitrary FTP commands by embedding CRLF sequences in crafted file paths, potentially leading to unauthorized access or code execution. The vulnerability requires user interaction and affects systems utilizing the FTP GVfs backend for file operations. A patch is available to remediate this input validation weakness.

RCE Red Hat Suse
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

GVfs FTP backend clients blindly trust server-provided IP addresses and ports during passive mode connections, enabling malicious FTP servers to conduct network reconnaissance and probe for open ports from the client's network perspective. The vulnerability requires user interaction but poses a confidentiality risk to network topology information. A patch is available to address this trust validation issue.

SSRF Red Hat Suse
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Fleet versions up to 4.80.1 contains a vulnerability that allows attackers to unauthorized access to Google Calendar resources associated with the service acc (CVSS 6.5).

Privilege Escalation Fleet Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Fleet device management software versions before 4.80.1 contain an authorization bypass in the certificate template deletion API that allows team administrators to delete certificate templates belonging to other teams. The vulnerability stems from insufficient validation of template ownership during batch deletion operations, enabling cross-team resource destruction that could disrupt certificate-dependent functions like device enrollment and VPN access. A patch is not yet available as of this CVE publication.

Privilege Escalation Fleet Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Fleet's Android MDM Pub/Sub endpoint fails to authenticate requests prior to version 4.80.1, allowing unauthenticated attackers to remotely trigger device unenrollment and remove Android devices from management. The vulnerability has limited impact, affecting only device management continuity without providing access to Fleet itself or device data. Organizations running vulnerable versions should upgrade immediately or disable Android MDM until patching is possible.

Android Fleet Suse
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Fleet's device lock and wipe PIN generation relies on predictable timestamps without additional entropy, allowing attackers with physical access to a locked device and knowledge of the approximate lock time to brute-force the 6-digit PIN within a limited search window. This vulnerability affects Fleet versions prior to 4.80.1 and requires local access and timing knowledge to exploit. No patch is currently available.

Authentication Bypass Fleet Suse
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Path traversal in Vitess backup manifest handling allows authenticated attackers with access to backup storage to write arbitrary files to any location during restore operations, potentially achieving remote code execution on production MySQL deployments. An attacker can manipulate backup manifests to extract files outside intended directories, gaining unauthorized access to sensitive data and the ability to execute arbitrary commands in the production environment. Patches are available for versions 23.0.3 and 22.0.4.

MySQL Path Traversal Vitess +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Command injection in Vitess MySQL clustering system before 23.0.3/22.0.4. Users with read/write access to the backup store can achieve code execution. Patch available.

MySQL Vitess Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Minimatch versions prior to 10.2.3 (and earlier affected versions) suffer from ReDoS vulnerabilities in nested extglob patterns that generate regexps with catastrophic backtracking, allowing remote attackers to cause denial of service with minimal input. A 12-byte glob pattern like `*(*(*(a|b)))` combined with an 18-byte non-matching string can hang the application for 7+ seconds, with larger patterns stalling for minutes. Public exploit code exists and no patch is currently available, making this a critical risk for any application using the default minimatch API.

Denial Of Service Minimatch Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The Terraform Provider for Linode prior to version 3.9.0 exposes sensitive credentials including passwords and API tokens in debug logs when debug logging is explicitly enabled. Authenticated attackers with access to these logs through CI/CD pipelines, log aggregation systems, or shared debug output can extract exposed secrets. This vulnerability requires an authenticated user and debug logging activation, making it exploitable primarily in environments where logging is intentionally enabled for troubleshooting.

Information Disclosure Linode Provider Suse
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in WireGuard Portal prior to version 2.1.3 allows authenticated non-admin users to gain full administrator access by modifying their own user profile with an IsAdmin flag set to true. The vulnerability exists because the server fails to properly validate and restrict the IsAdmin field during profile updates, allowing the privilege change to persist after re-authentication. Affected deployments require immediate patching to version 2.1.3 or later to prevent unauthorized administrative access.

Docker Wireguard Wireguard Portal +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Bitnami Sealed Secrets improperly validates user-supplied annotations during secret rotation, allowing authenticated attackers to escalate secret scope from namespace-wide or strict constraints to cluster-wide. An attacker can inject a malicious annotation into the rotation request to obtain a rotated secret accessible across any namespace, potentially enabling lateral movement and unauthorized access to sensitive credentials throughout the cluster.

Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Zitadel versions prior to 4.11.1 and 3.4.7 permit authenticated users to bypass email and phone verification procedures through the self-management feature, allowing them to mark contact information as verified without completing actual validation. This integrity bypass enables account compromise scenarios where attackers with valid credentials can impersonate other users or escalate privileges by falsifying verified contact details. No patch is currently available for affected deployments, though implementing action rules (v2) can mitigate the risk.

Authentication Bypass Zitadel Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Server-Side Request Forgery in Zitadel's Action V2 webhook feature allows unauthenticated attackers to probe internal network services and gather information about internal infrastructure by crafting malicious webhook target URLs pointing to localhost or private IP addresses. The vulnerability affects Zitadel versions 4.0.0 through 4.11.0, with schema validation providing limited mitigation. No patch is currently available.

SSRF Zitadel Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in pypdf prior to version 6.7.3 allows remote attackers to exhaust system memory by crafting malicious PDF files that exploit FlateDecode-compressed streams accessed through the xfa property. The vulnerability requires no authentication or user interaction and affects any application processing untrusted PDF documents with the vulnerable library. Upgrade to pypdf 6.7.3 or later to remediate.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Zitadel versions 2.31.0 through 3.4.6 and 4.10.x accept truncated opaque OIDC access tokens as valid when shortened to 80 characters, allowing attackers to bypass token validation and gain unauthorized access to protected resources. This affects deployments using the v2 token format where the symmetric encryption scheme fails to properly validate token length, enabling token forgery or reuse attacks.

Information Disclosure Zitadel Suse
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Mailpit versions prior to 1.29.2 contain a Server-Side Request Forgery vulnerability in the Link Check API that allows unauthenticated remote attackers to perform HTTP requests to arbitrary hosts, including internal and private IP addresses. The API fails to validate or filter target URLs and returns status codes for each link, enabling non-blind SSRF attacks. Public exploit code exists for this vulnerability, affecting deployments with default configuration.

SSRF Mailpit Suse
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Heap buffer over-read in ImageMagick and Magick.NET's DJVU image handler allows local attackers to read out-of-bounds memory through integer truncation in stride calculations. An attacker can trigger this vulnerability by supplying a malicious DJVU file, potentially leading to information disclosure or application crashes. Updates are available for ImageMagick versions 7.1.2-15, 6.9.13-40 and later.

Buffer Overflow Imagemagick Magick.Net +2
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Magick.NET and ImageMagick versions before 7.1.2-15 and 6.9.13-40 are vulnerable to heap buffer over-read when processing low-resolution images with the wavelet-denoise filter, allowing local attackers to read sensitive memory. This out-of-bounds read could expose confidential information from adjacent heap memory with no possibility of code execution or denial of service. A patch is available for affected users.

Buffer Overflow Magick.Net Imagemagick +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

SQL injection in Fleet device management software before version 4.80.1 allows authenticated users to manipulate the order_key parameter and inject arbitrary SQL commands through improper identifier handling in ORDER BY clauses. An attacker with valid credentials can exploit this vulnerability to perform blind SQL injection attacks, potentially extracting sensitive database information or causing denial of service through resource exhaustion. No patch is currently available for this high-severity vulnerability affecting MySQL implementations.

MySQL SQLi Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

An integer overflow in FreeRDP's Stream_EnsureCapacity function prior to version 3.23.0 can trigger an endless blocking loop, causing denial of service on affected client and server implementations. This vulnerability primarily impacts 32-bit systems with sufficient physical memory and has public exploit code available. Administrators should upgrade to FreeRDP 3.23.0 or later to remediate this issue.

Integer Overflow Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

FreeRDP versions prior to 3.23.0 contain an incomplete fix for a heap-use-after-free vulnerability that affects only the SDL2 code path, where freed memory pointers are not properly nulled, allowing an unauthenticated attacker to trigger a denial of service condition. Users running FreeRDP with SDL2 backends remain vulnerable despite the advisory claiming the issue was resolved. Upgrade to version 3.23.0 or later to obtain the complete fix.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Vikunja before version 2.0.0 contains a path traversal vulnerability in its backup restoration function that fails to validate file paths in ZIP archives, allowing attackers with high privileges to write arbitrary files to the host system. Public exploit code exists for this vulnerability, and malformed archives can trigger a denial of service that permanently wipes the database before crashing the application. The flaw affects Vikunja and the underlying Go platform, with no patch currently available.

Golang Denial Of Service Vikunja +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH POC This Week

Stored cross-site scripting (XSS) in Vikunja prior to version 2.0.0 allows authenticated attackers to steal authentication tokens by uploading malicious SVG files containing JavaScript that executes when accessed directly. The vulnerability exists because the application fails to sanitize SVG content before storage and renders it inline under the application origin, enabling token theft from localStorage. Public exploit code exists for this vulnerability and no patch is currently available for affected versions.

File Upload XSS Vikunja +1
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Weak password policy in Vikunja task management before 2.0.0 allows users to set trivially guessable passwords. PoC available.

Information Disclosure Vikunja Suse
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Vikunja is an open-source self-hosted task management platform. [CVSS 6.1 MEDIUM]

XSS Vikunja Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 versions up to 0.8.1 is affected by integer underflow (CVSS 8.1).

Buffer Overflow Denial Of Service AI / ML +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Denial of service in FreeRDP prior to version 3.23.0 allows a malicious RDP server to crash the client application through a missing bounds check in smartcard packet handling. This vulnerability affects users who have explicitly enabled smartcard redirection, and public exploit code exists. The crash is triggered via assertion failure in builds with verbose assert checking enabled, which is the default configuration in FreeRDP 3.22.0.

Denial Of Service Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

FreeRDP versions prior to 3.23.0 are vulnerable to a buffer overread in icon data processing that allows denial of service when clients receive crafted RDP Window Icon data from a server or network attacker. An unauthenticated remote attacker can exploit this vulnerability to crash the FreeRDP client by sending malicious icon structures during the RDP connection. A patch is available in version 3.23.0 and later.

Buffer Overflow Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_clipboard_format_equal before 3.23.0. Clipboard format comparison uses freed memory. Fifth FreeRDP UAF. PoC and patch available.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_cliprdr_provide_data clipboard handling before 3.23.0. Clipboard data exchange triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Different code path from CVE-2026-25953. PoC and patch available.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Surface-to-window update triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_SetWindowMinMaxInfo before version 3.23.0. X11 client window management triggers memory corruption. PoC and patch available.

Windows Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 4.3 MEDIUM]

Denial Of Service Information Disclosure Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

esm.sh versions up to 137 contain an SSRF vulnerability in the `/http(s)` fetch route that allows remote attackers to bypass hostname validation through DNS alias domains and access internal localhost services. Public exploit code exists for this vulnerability, and no patches are currently available. This affects users of esm.sh CDN services and any applications relying on the affected versions.

DNS SSRF Esm.Sh +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. [CVSS 7.5 HIGH]

SSRF Esm.Sh Suse
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Wireshark versions 4.4.0-4.4.13 and 4.6.0-4.6.3 crash when processing malformed RF4CE Profile protocol packets, enabling local denial of service attacks through user interaction. An attacker can trigger an out-of-bounds read by supplying a specially crafted packet file to a target user, causing the application to become unavailable. No patch is currently available for this vulnerability.

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service [CVSS 4.7 MEDIUM]

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Path traversal in basic-ftp Node.js FTP client library before 5.2.0 allows malicious FTP servers to write files outside the intended download directory. PoC and patch available.

Node.js Path Traversal Basic Ftp +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unprivileged users can extract LUKS encryption headers from the udisks daemon due to missing authorization checks on a privileged D-Bus method, allowing attackers to read sensitive cryptographic metadata and potentially compromise encrypted storage confidentiality. The vulnerability affects systems running vulnerable versions of udisks and requires local access to exploit. No patch is currently available.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the -cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. [CVSS 8.3 HIGH]

Authentication Bypass Rancher Suse
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Path traversal in Kubernetes PersistentVolume creation via pathPattern parameter allows creating volumes in arbitrary host filesystem locations. CVSS 9.9 with scope change.

Information Disclosure Suse
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool. [CVSS 4.6 MEDIUM]

Path Traversal Wcurl Red Hat +1
NVD
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

Coturn TURN/STUN server contains an access control bypass that allows remote attackers to reach blocked internal addresses by exploiting IPv4-mapped IPv6 address handling in permission and channel binding requests. The vulnerability bypasses "denied-peer-ip" restrictions designed to block loopback ranges, enabling an attacker to interact with internal services that should be unreachable. Public exploit code exists for this flaw, and a patch is available in version 4.9.0 and later.

Authentication Bypass Coturn Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Pypdf versions up to 6.7.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. PoC available.

RCE Command Injection Olivetin +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

FileBrowser Quantum versions prior to 1.1.3-stable and 1.2.6-beta expose a password bypass vulnerability in shared files, allowing unauthenticated recipients to download protected content by accessing the direct download link embedded in share details. An attacker possessing only the share link can retrieve files without providing the intended password, completely circumventing access controls. Public exploit code exists for this vulnerability, and patches are available in the patched versions.

Information Disclosure Filebrowser Quantum Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Arbitrary file write in Dagu workflow engine up to version 1.16.7 allows authenticated users with DAG write permissions to place malicious YAML files anywhere on the filesystem due to insufficient name validation in the CreateNewDAG API endpoint. Since Dagu executes DAG files as shell commands, an attacker can achieve remote code execution by overwriting existing DAGs or configuration files. Public exploit code exists for this vulnerability, and a patch is available.

RCE Dagu Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Unbounded memory allocation in Fiber v3 (prior to 3.1.0) allows unauthenticated remote attackers to trigger denial of service by sending a malicious fiber_flash cookie that forces deserialization of up to 85GB of memory. All v3 endpoints are vulnerable regardless of flash message usage, and public exploit code exists. No patch is currently available.

Deserialization Fiber Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Fiber web framework versions 3.0.0 and earlier on Windows contain a path traversal vulnerability that allows remote attackers to bypass static file middleware protections and read arbitrary files from the server. Public exploit code exists for this vulnerability, which affects applications using the vulnerable Fiber versions. The issue has been patched in Fiber v3.1.0.

Windows Path Traversal Fiber +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Fiber web framework versions 2 and 3 are vulnerable to denial of service attacks when processing requests to routes containing more than 30 parameters, enabling remote attackers to crash affected applications without authentication. The vulnerability stems from insufficient validation during route registration and unbounded array writes in request matching logic. Public exploit code exists for this high-severity flaw, though patches are available in Fiber v2.52.12 and v3.1.0.

Denial Of Service Fiber Suse
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.

PHP TLS RCE +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Caddy versions prior to 2.11.1 allow unauthenticated cross-origin requests to the admin API when origin enforcement is disabled, enabling attackers to remotely reconfigure the server through malicious web content loaded in a victim's browser. Public exploit code exists for this vulnerability, which can be leveraged to modify HTTP server behavior and admin listener settings without user knowledge. The vulnerability affects Caddy and TLS implementations, with no patch currently available for affected versions.

TLS Caddy Suse
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Host header case sensitivity bypass in Caddy before 2.11.1. Virtual host routing can be bypassed by using alternate casing in the Host header. PoC available.

TLS Caddy Suse
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Case sensitivity bypass in Caddy web server path matching before 2.11.1. HTTP path matchers can be bypassed using alternate casing on case-insensitive filesystems. PoC available.

TLS Caddy Suse
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

TLS error swallowing in Caddy web server before 2.11.1 allows bypassing client certificate authentication. Errors in ClientCAs handling are silenced, potentially accepting invalid client certificates. PoC available.

TLS Caddy Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Caddy versions prior to 2.11.1 fail to sanitize backslashes in file path matching, allowing attackers to bypass path-based security controls through specially crafted requests. The vulnerability affects systems with specific Caddy configurations and has public exploit code available. Exploitation requires network access with no authentication, resulting in limited information disclosure or modification of restricted resources.

TLS Caddy Suse
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

NATS Server versions prior to 2.11.2 and 2.12.3 fail to properly limit memory allocation during WebSocket compression, allowing unauthenticated attackers to trigger denial of service through compression bomb attacks that exhaust server memory. The vulnerability is exploitable pre-authentication since compression negotiation occurs before credential validation. A patch is available in versions 2.11.2 and 2.12.3.

Information Disclosure Nats Server Red Hat +1
NVD GitHub
Prev Page 38 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy