π¨ CVE-2026-21441
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
π@cveNotify
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
π@cveNotify
GitHub
Merge commit from fork Β· urllib3/urllib3@8864ac4
* Stop decoding response content during redirects needlessly
* Rename the new query parameter
* Add a changelog entry
* Rename the new query parameter
* Add a changelog entry
π¨ CVE-2026-21683
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `icStatusCMM::CIccEvalCompare::EvaluateProfile()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
π@cveNotify
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `icStatusCMM::CIccEvalCompare::EvaluateProfile()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
π@cveNotify
GitHub
Known Defect | Type Confusion |runtime error: downcast of address ... which does not point to an object of type 'CIccTagLutAtoB'β¦
Summary Type Confusion exists from the Initial Commit in IccEval.cpp:139 Asan Reproduction IccProfLib/IccEval.cpp:139:28: runtime error: downcast of address 0x507000000090 which does not point to a...
π¨ CVE-2026-21684
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
π@cveNotify
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
π@cveNotify
GitHub
Known Defect: runtime error: -nan is outside the range of representable values of type 'int' | IccProfLib/IccUtil.cpp:555 Β· Issueβ¦
Summary Last Updated: Fri Nov 21 07:36:50 AM EST 2025 Using: Commit fd5db3a Repro HOST Linux 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64...
π¨ CVE-2025-48429
An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability.
π@cveNotify
An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability.
π@cveNotify
π¨ CVE-2023-7333
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.
π@cveNotify
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.
π@cveNotify
GitHub
RM-95 use Table object to prevent SQLInjection Β· bluelabsio/records-mover@3f8383a
RM-95 use Table
Revert "RM-95 builtin has_table"
This reverts commit 43edb5e3554561cee7f5317e616f1f218118ee65.
RM-95 builtin has_table
RM-95 remove unused ignore
RM-95 add if...
Revert "RM-95 builtin has_table"
This reverts commit 43edb5e3554561cee7f5317e616f1f218118ee65.
RM-95 builtin has_table
RM-95 remove unused ignore
RM-95 add if...
π¨ CVE-2025-62224
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
π@cveNotify
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
π@cveNotify
π¨ CVE-2025-69262
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0.
π@cveNotify
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0.
π@cveNotify
GitHub
Release pnpm 10.27 Β· pnpm/pnpm
Minor Changes
Adding trustPolicyIgnoreAfter allows you to ignore trust policy checks for packages published more than a specified time ago#10352.
Added project registry for global virtual store...
Adding trustPolicyIgnoreAfter allows you to ignore trust policy checks for packages published more than a specified time ago#10352.
Added project registry for global virtual store...
π¨ CVE-2026-21697
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the shared `http.Client`'s `Transport`, `Timeout`, and `CheckRedirect` properties. Impacted applications include that that use axios4go with concurrent requests (multiple goroutines, `GetAsync`, `PostAsync`, etc.), those where different requests use different proxy configurations, and those that handle sensitive data (authentication credentials, tokens, API keys). Version 0.6.4 fixes this issue.
π@cveNotify
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the shared `http.Client`'s `Transport`, `Timeout`, and `CheckRedirect` properties. Impacted applications include that that use axios4go with concurrent requests (multiple goroutines, `GetAsync`, `PostAsync`, etc.), those where different requests use different proxy configurations, and those that handle sensitive data (authentication credentials, tokens, API keys). Version 0.6.4 fixes this issue.
π@cveNotify
GitHub
fixed security issue Β· rezmoss/axios4go@b651604
A Go HTTP client library inspired by Axios, providing a simple and intuitive API for making HTTP requests with features like interceptors, JSON handling, configurable instances, and automatic retries - fixed security issue Β· rezmoss/axios4go@b651604
π¨ CVE-2026-21851
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.
π@cveNotify
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.
π@cveNotify
GitHub
Fix Zip Slip vulnerability in NGC private bundle download (#8682) Β· Project-MONAI/MONAI@4014c84
Replaced the unsafe `zipfile.extractall()` in
`_download_from_ngc_private` with MONAI's safe extraction utility.
Prevents path traversal via crafted zip member paths (CWE-22).
### Descript...
`_download_from_ngc_private` with MONAI's safe extraction utility.
Prevents path traversal via crafted zip member paths (CWE-22).
### Descript...
π¨ CVE-2026-21857
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.
π@cveNotify
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.
π@cveNotify
GitHub
Release Version 5.20.2 Β· redaxo/redaxo
REDAXO-Core 5.20.2 β 05.01.2026
Bugfixes
rex_editor: in PHP 8.5 kam es teils zu Deprecated-Meldungen (@gharlan)
EOL-Daten fΓΌr PHP/MySQL/MariaDB aktualisiert (@gharlan)
backup 2.9.4 β 05.01.2026
S...
Bugfixes
rex_editor: in PHP 8.5 kam es teils zu Deprecated-Meldungen (@gharlan)
EOL-Daten fΓΌr PHP/MySQL/MariaDB aktualisiert (@gharlan)
backup 2.9.4 β 05.01.2026
S...
π¨ CVE-2017-20212
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
π@cveNotify
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures
π¨ CVE-2017-20213
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.
π@cveNotify
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure
π¨ CVE-2017-20214
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.
π@cveNotify
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials
π¨ CVE-2017-20215
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.
π@cveNotify
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
π¨ CVE-2017-20216
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC).
π@cveNotify
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC).
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root
π¨ CVE-2019-25231
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.
π@cveNotify
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.
π@cveNotify
Cxsecurity
devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation - CXSecurity.com
Stefan Petrushevski has realised a new security note devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
π¨ CVE-2019-25259
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.
π@cveNotify
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.
π@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2019-25268
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code.
π@cveNotify
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code.
π@cveNotify
Cxsecurity
NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution - CXSecurity.com
LiquidWorm has realised a new security note NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution
β€1
π¨ CVE-2019-25270
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a victim's browser session.
π@cveNotify
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a victim's browser session.
π@cveNotify
Cxsecurity
SOCA Access Control System 180612 Cross Site Scripting - CXSecurity.com
LiquidWorm has realised a new security note SOCA Access Control System 180612 Cross Site Scripting
π¨ CVE-2019-25277
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks.
π@cveNotify
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks.
π@cveNotify
Cxsecurity
FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting - CXSecurity.com
LiquidWorm has realised a new security note FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting