π¨ CVE-2024-41597
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.
π@cveNotify
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.
π@cveNotify
Gist
CVE-2024-41597
CVE-2024-41597. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2026-48948
An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.
π@cveNotify
An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.
π@cveNotify
Joomla! Developer Networkβ’
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
π¨ CVE-2026-13126
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.
π@cveNotify
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.
π@cveNotify
Foxit
Security Bulletins | Foxit
A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software.
π¨ CVE-2026-57237
When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application.
π@cveNotify
When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application.
π@cveNotify
Foxit
Security Bulletins | Foxit
A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software.
π¨ CVE-2026-57238
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash.
π@cveNotify
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash.
π@cveNotify
Foxit
Security Bulletins | Foxit
A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software.
π¨ CVE-2026-57240
When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash.
π@cveNotify
When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash.
π@cveNotify
Foxit
Security Bulletins | Foxit
A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software.
π¨ CVE-2026-57242
The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash.
π@cveNotify
The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash.
π@cveNotify
Foxit
Security Bulletins | Foxit
A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software.
π¨ CVE-2026-45045
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream servers for logging, rate limiting, and access control. This issue is fixed in version 3.3.0 and 2.52.14.
π@cveNotify
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream servers for logging, rate limiting, and access control. This issue is fixed in version 3.3.0 and 2.52.14.
π@cveNotify
GitHub
Merge pull request #4260 from gofiber/fix-x-real-ip-header-handling-i⦠· gofiber/fiber@1403cc8
β¦n-balancerforward
π¨ CVE-2026-58501
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed in version 4.3.3.
π@cveNotify
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed in version 4.3.3.
π@cveNotify
GitHub
Wire up forbid_external setting to block transitive remote loads Β· mvantellingen/python-zeep@83eb07b
The forbid_external setting was defined but unused since the move off
defusedxml in 4.0. When enabled it now refuses to transitively fetch
http/https resources via xsd:import, xsd:include, wsdl:imp...
defusedxml in 4.0. When enabled it now refuses to transitively fetch
http/https resources via xsd:import, xsd:include, wsdl:imp...
π¨ CVE-2026-59936
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1.
π@cveNotify
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1.
π@cveNotify
GitHub
SEC: Detect end of stream during inline image end marker detection (#β¦ Β· py-pdf/pypdf@ec3b145
β¦3891)
π¨ CVE-2026-15166
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
π@cveNotify
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
π@cveNotify
GitLab
[Security] 802.11 EAPOL-Key decryption: stack buffer overflow in Dot11DecryptDecryptKeyData() (#21391) Β· Issues Β· Wireshark Foundationβ¦
I am writing to report a stack-buffer-overflow (write) in tshark This is a security issue that was found by Anthropic using Claude to find vulnerabilities,...
π¨ CVE-2026-15174
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
π@cveNotify
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
π@cveNotify
GitLab
Buffer overlow/segfault in Catapult DCT2000 dissector via not check no_ddi_entries in header (#21270) Β· Issues Β· Wireshark Foundationβ¦
From Michael Bommarito on the security list: In attach_fp_info() (epan/dissectors/packet-catapult-dct2000.c), the E-DCH branch reads p_fp_info->no_ddi_entries from the parsed outhdr_values[] block and then loops over that value...
π¨ CVE-2026-54528
JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded directories. This issue is fixed in version 0.54.0.
π@cveNotify
JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded directories. This issue is fixed in version 0.54.0.
π@cveNotify
GitHub
Merge commit from fork Β· jupyterlab/jupyterlab-git@4600352
A Git extension for JupyterLab. Contribute to jupyterlab/jupyterlab-git development by creating an account on GitHub.
π¨ CVE-2026-55542
Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the `authorize()` call used by the local-file branch. Version 8.6.1 contains a patch.
π@cveNotify
Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the `authorize()` call used by the local-file branch. Version 8.6.1 contains a patch.
π@cveNotify
GitHub
Chekc auth before assigning S3 temporary link Β· grokability/snipe-it@ded6515
A free open source IT asset/license management system - Chekc auth before assigning S3 temporary link Β· grokability/snipe-it@ded6515
π¨ CVE-2026-58525
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
π@cveNotify
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
π@cveNotify
π¨ CVE-2026-59818
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the gRPC listener, allowing a client with a revoked certificate to authenticate successfully over gRPC. This issue is fixed in versions 3.5.32 and 3.6.13.
π@cveNotify
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the gRPC listener, allowing a client with a revoked certificate to authenticate successfully over gRPC. This issue is fixed in versions 3.5.32 and 3.6.13.
π@cveNotify
GitHub
Reject the client reqeust if the client certificate has been revoked Β· etcd-io/etcd@2308ce1
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
π¨ CVE-2026-10037
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.
π@cveNotify
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.
π@cveNotify
Launchpad
Bug #2153100 β.jar MIME handler allows escaping Firefox's Snap s...β : Bugs : openjdk-25 package : Ubuntu
Ubuntu Desktop 24.04.4 provides a number of OpenJDK versions. The packages for each of these versions include a MIME handler for .jar files at /usr/share/applications/openjdk-*-java.desktop. These handlers blindly execute the opened .jar file, provided that:β¦
π¨ CVE-2026-54777
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListener startup between shared memory GUID publication and service named pipe creation. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListener startup between shared memory GUID publication and service named pipe creation. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Refuse to attach to a pre-existing NetNamedPipe instance on startup Β· CoreWCF/CoreWCF@8ed9c78
The named pipe listener publishes its randomly chosen pipe name through a
shared memory section before the accept pump has actually created the pipe
instance. NamedPipeListener._firstConnection was...
shared memory section before the accept pump has actually created the pipe
instance. NamedPipeListener._firstConnection was...
π¨ CVE-2026-55470
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched the DSTU2 module, leaving FHIRPathEngine.matches() in org.hl7.fhir.dstu2/utils/FHIRPathEngine.java to call raw String.matches(sw) without RegexTimeout protection while replaceMatches() was updated, allowing an unauthenticated attacker to trigger catastrophic regex backtracking and exhaust server CPU. This issue is fixed in version 6.9.10.
π@cveNotify
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched the DSTU2 module, leaving FHIRPathEngine.matches() in org.hl7.fhir.dstu2/utils/FHIRPathEngine.java to call raw String.matches(sw) without RegexTimeout protection while replaceMatches() was updated, allowing an unauthenticated attacker to trigger catastrophic regex backtracking and exhaust server CPU. This issue is fixed in version 6.9.10.
π@cveNotify
GitHub
Add regextimeout to dstu2 funcMatches Β· hapifhir/org.hl7.fhir.core@56376f7
Contribute to hapifhir/org.hl7.fhir.core development by creating an account on GitHub.
π¨ CVE-2026-55471
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform(...) overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl() without ACCESS_EXTERNAL_DTD or ACCESS_EXTERNAL_STYLESHEET restrictions, allowing an attacker who controls or can tamper with transformed XML to trigger XML External Entity injection for local file disclosure and blind XXE or SSRF to arbitrary URLs reachable from the host. This issue is fixed in version 6.9.10.
π@cveNotify
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform(...) overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl() without ACCESS_EXTERNAL_DTD or ACCESS_EXTERNAL_STYLESHEET restrictions, allowing an attacker who controls or can tamper with transformed XML to trigger XML External Entity injection for local file disclosure and blind XXE or SSRF to arbitrary URLs reachable from the host. This issue is fixed in version 6.9.10.
π@cveNotify
GitHub
Add newXXEProtectedSaxonTransformerFactory + tests + checkstyle Β· hapifhir/org.hl7.fhir.core@01ca2ec
Contribute to hapifhir/org.hl7.fhir.core development by creating an account on GitHub.
π¨ CVE-2026-15105
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
GitHub
GitHub - davenardella/snap7: Snap7 Official repository
Snap7 Official repository. Contribute to davenardella/snap7 development by creating an account on GitHub.