π¨ CVE-2023-52355
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
π@cveNotify
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
π@cveNotify
π¨ CVE-2023-52356
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
π@cveNotify
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
π@cveNotify
π¨ CVE-2025-5318
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
π@cveNotify
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
π@cveNotify
π¨ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
π¨ CVE-2025-60344
An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link DSR series routers allows remote attackers to retrieve sensitive configuration files in clear text. The exposed files contain administrative credentials, VPN settings, and other sensitive information, enabling full administrative access to the router. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW.
π@cveNotify
An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link DSR series routers allows remote attackers to retrieve sensitive configuration files in clear text. The exposed files contain administrative credentials, VPN settings, and other sensitive information, enabling full administrative access to the router. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW.
π@cveNotify
π¨ CVE-2020-37167
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
π@cveNotify
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
π@cveNotify
π1
π¨ CVE-2026-2664
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop 4.62.0 .
π@cveNotify
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop 4.62.0 .
π@cveNotify
Docker Documentation
Release notes
Find the Docker Desktop release notes for Mac, Linux, and Windows.
π¨ CVE-2026-3118
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.
π@cveNotify
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.
π@cveNotify
π¨ CVE-2025-50180
esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability.
π@cveNotify
esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability.
π@cveNotify
π¨ CVE-2026-27730
esm.sh is a no-build content delivery network (CDN) for web development. Versions up to and including 137 have an SSRF vulnerability (CWE-918) in esm.shβs `/http(s)` fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains. This allows an external requester to make the esm.sh server fetch internal localhost services. As of time of publication, no known patched versions exist.
π@cveNotify
esm.sh is a no-build content delivery network (CDN) for web development. Versions up to and including 137 have an SSRF vulnerability (CWE-918) in esm.shβs `/http(s)` fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains. This allows an external requester to make the esm.sh server fetch internal localhost services. As of time of publication, no known patched versions exist.
π@cveNotify
GitHub
SSRF localhost/private-network bypass in `/http(s)` module route
### Summary
An SSRF vulnerability (CWE-918) exists in esm.shβs `/http(s)` fetch route.
The service tries to block localhost/internal targets, but the validation is based on hostname string chec...
An SSRF vulnerability (CWE-918) exists in esm.shβs `/http(s)` fetch route.
The service tries to block localhost/internal targets, but the validation is based on hostname string chec...
π¨ CVE-2026-27705
Plane is an an open-source project management tool. Prior to version 1.2.2, the `ProjectAssetEndpoint.patch()` method in `apps/api/plane/app/views/asset/v2.py` (lines 579β593) performs a global asset lookup using only the asset ID (`pk`) via `FileAsset.objects.get(id=pk)`, without verifying that the asset belongs to the workspace and project specified in the URL path. This allows any authenticated user (including those with the GUEST role) to modify the `attributes` and `is_uploaded` status of assets belonging to any workspace or project in the entire Plane instance by guessing or enumerating asset UUIDs. Version 1.2.2 fixes the issue.
π@cveNotify
Plane is an an open-source project management tool. Prior to version 1.2.2, the `ProjectAssetEndpoint.patch()` method in `apps/api/plane/app/views/asset/v2.py` (lines 579β593) performs a global asset lookup using only the asset ID (`pk`) via `FileAsset.objects.get(id=pk)`, without verifying that the asset belongs to the workspace and project specified in the URL path. This allows any authenticated user (including those with the GUEST role) to modify the `attributes` and `is_uploaded` status of assets belonging to any workspace or project in the entire Plane instance by guessing or enumerating asset UUIDs. Version 1.2.2 fixes the issue.
π@cveNotify
GitHub
fix: IDOR Vulnerabilities in Asset & Attachment Endpoints (#8644) Β· makeplane/plane@9070acb
* fix: idor issues in project assets and issue attachements
* fix: comments
* fix: comments
π¨ CVE-2026-27706
Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue.
π@cveNotify
Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue.
π@cveNotify
GitHub
Release v1.2.2 Β· makeplane/plane
Security patch
Fixed arbitrary modification of API token rate limits by enforcing server-side validation and authorization checks.
Mitigated SSRF vulnerability in work item link handling through s...
Fixed arbitrary modification of API token rate limits by enforcing server-side validation and authorization checks.
Mitigated SSRF vulnerability in work item link handling through s...
π¨ CVE-2022-46764
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
π@cveNotify
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
π@cveNotify
GitHub
public_cve_submissions/CVE-2022-46764.txt at main Β· sldlb/public_cve_submissions
Contribute to sldlb/public_cve_submissions development by creating an account on GitHub.
π¨ CVE-2025-60344
A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as β../β). Successful exploitation may allow access to files outside of the intended directory, potentially exposing sensitive system or configuration files. The issue results from insufficient validation or sanitization of user-supplied input. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW.
π@cveNotify
A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as β../β). Successful exploitation may allow access to files outside of the intended directory, potentially exposing sensitive system or configuration files. The issue results from insufficient validation or sanitization of user-supplied input. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW.
π@cveNotify
π¨ CVE-2025-69929
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format
π@cveNotify
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format
π@cveNotify
N3uron Website
Industrial IoT and Visualization Software Solutions by N3uron
N3uron is a Highly Customizable Communications Platform Offering Multiple Industrial IoT and Visualization Software Solutions for Carrying out a Multitude of Tasks.
π¨ CVE-2026-25141
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ('), double quotes (") and so on, it is still possible to achieve code injection using only a limited set of characters that are currently not escaped. The vulnerability lies in the fact that the application can be forced to execute arbitrary JavaScript using characters such as []()!+. By using a technique known as JSFuck, an attacker can bypass the current sanitization logic and run arbitrary code without needing any alphanumeric characters or quotes. Version 7.21.0 and 8.2.0 contain an updated fix.
π@cveNotify
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ('), double quotes (") and so on, it is still possible to achieve code injection using only a limited set of characters that are currently not escaped. The vulnerability lies in the fact that the application can be forced to execute arbitrary JavaScript using characters such as []()!+. By using a technique known as JSFuck, an attacker can bypass the current sanitization logic and run arbitrary code without needing any alphanumeric characters or quotes. Version 7.21.0 and 8.2.0 contain an updated fix.
π@cveNotify
GitHub
orval/packages/core/src/utils/string.ts at 02211fc413524be340ba9ace866a2ef68845ca7c Β· orval-labs/orval
orval is able to generate client with appropriate type-signatures (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification, either in yaml or json formats. πΊ - orval-labs/orval
π¨ CVE-2026-2226
A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Zhangzhou Douke Network Technology Co., Ltd. DouPHP <=v1.9 admin/backup.php Remote Code Execution(CVE-2026-2226) Β· Issue #2 Β· β¦
Zhangzhou Douke Network Technology Co., Ltd. DouPHP <=v1.9 admin/backup.php Remote Code Execution(CVE-2026-2226) NAME OF AFFECTED PRODUCT(S) DouPHP CMS Vendor Homepage https://www.douphp.com/ AF...
π¨ CVE-2025-15570
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
GitHub
GitHub - ckolivas/lrzip: Long Range Zip
Long Range Zip. Contribute to ckolivas/lrzip development by creating an account on GitHub.
π¨ CVE-2026-1772
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.
π@cveNotify
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.
π@cveNotify
π¨ CVE-2026-1773
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
π@cveNotify
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
π@cveNotify
π¨ CVE-2026-27597
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1.
π@cveNotify
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1.
π@cveNotify
GitHub
feat: add tests for disallowed identifier detection in object coercio⦠· agentfront/enclave@09afbeb
β¦n scenarios (#55)
* feat: add tests for disallowed identifier detection in object coercion scenarios
(cherry picked from commit 759061e7c5cd7386d022d79911b9048af5fbf3ae)
* feat: enhance coercio...
* feat: add tests for disallowed identifier detection in object coercion scenarios
(cherry picked from commit 759061e7c5cd7386d022d79911b9048af5fbf3ae)
* feat: enhance coercio...