CVE Notify
19.3K subscribers
4 photos
204K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2026-58226
Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding.

hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets. 'Elixir.HPAX.Types':decode_remaining_integer/3 accumulates the integer as int + (value <<< m), shifting by 7 more bits for each continuation octet and stopping only on a terminating octet or truncated input, never because the integer grew too large. Because BEAM integers are arbitrary precision, a run of N continuation octets builds an O(N)-bit bignum and re-adds into an ever-larger bignum on each step, so the total decoding cost is superlinear (about O(N^2)). An unauthenticated attacker who can send an HTTP/2 header block to a server using this decoder (reached through the 'Elixir.HPAX':decode/2 entry point) can supply a small header block that forces a large, attacker-controlled amount of CPU (and transient memory), a denial-of-service amplification.

This issue affects hpax from 0.1.1 before 1.0.4.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-6901
Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL.

This issue affects APROL: before R 4.4-01P5.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57974
Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57975
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57981
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57983
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57984
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57985
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57986
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57988
Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57991
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-57992
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-58276
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-58284
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-58285
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-58288
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-58294
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-58522
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-14797
A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-8591
The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application.

By leveraging this weakness, an attacker can cause the user's browser to redirect to a malicious website, modify the UI of the webpage, or retrieve information from the browser. However, the impact is mitigated by the use of httpOnly flags on session-related cookies, preventing session hijacking.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-49297
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author โ€” partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.

๐ŸŽ–@cveNotify