CVE Notify
19.3K subscribers
4 photos
203K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2026-9697
Impact:
undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.

Applications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.

Affected applications are those that use undici's ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.

Patches:
Upgrade to undici v7.28.0 or v8.5.0.

Workarounds:
No workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.

🎖@cveNotify
🚨 CVE-2026-41523
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (python -O or PYTHONOPTIMIZE=1). This vulnerability is fixed in 0.22.0.

🎖@cveNotify
🚨 CVE-2026-48746
vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing the configured VLLM_API_KEY or --api-key. This vulnerability is fixed in 0.22.0.

🎖@cveNotify
🚨 CVE-2026-48933
A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.

This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

🎖@cveNotify
🚨 CVE-2026-14867
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. 

Active Directory accounts are not affected by this vulnerability.

🎖@cveNotify
🚨 CVE-2026-14868
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gain privileged access to the PcVue application.

🎖@cveNotify
🚨 CVE-2026-11340
Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Liman MYS: before release.Master.1107.

🎖@cveNotify
🚨 CVE-2011-10043
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.

Module names starting with "::" could be passed to the load function to specify arbitrary module paths.

Attackers able to influence module names passed to load could use that bug to execute arbitrary code.

🎖@cveNotify
🚨 CVE-2026-11348
Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data.

This issue affects Liman MYS: before release.Master.1107.

🎖@cveNotify
🚨 CVE-2026-13696
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.

This issue affects Liman MYS: before release.Master.1107.

🎖@cveNotify
🚨 CVE-2026-57986
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🎖@cveNotify
🚨 CVE-2026-57987
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

🎖@cveNotify
🚨 CVE-2026-57988
Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🎖@cveNotify
🚨 CVE-2026-57991
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

🎖@cveNotify
🚨 CVE-2026-57992
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🎖@cveNotify
🚨 CVE-2026-58287
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🎖@cveNotify
🚨 CVE-2026-58289
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🎖@cveNotify
🚨 CVE-2026-58292
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🎖@cveNotify
🚨 CVE-2026-58293
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🎖@cveNotify
🚨 CVE-2026-58294
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

🎖@cveNotify
🚨 CVE-2026-58295
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

🎖@cveNotify