๐จ CVE-2026-50812
A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changeset_apply_v3() applies a corrupt changeset and reaches sqlite3_value_type() with a NULL sqlite3_value pointer.
๐@cveNotify
A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changeset_apply_v3() applies a corrupt changeset and reaches sqlite3_value_type() with a NULL sqlite3_value pointer.
๐@cveNotify
Gist
gist:bb556f333957c5226dede314db0e9e91
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50813
An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path
๐@cveNotify
An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path
๐@cveNotify
Gist
gist:f8acb66bafb80134c8e1a1c8c7c9f4f4
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-58501
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed in version 4.3.3.
๐@cveNotify
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed in version 4.3.3.
๐@cveNotify
GitHub
Wire up forbid_external setting to block transitive remote loads ยท mvantellingen/python-zeep@83eb07b
The forbid_external setting was defined but unused since the move off
defusedxml in 4.0. When enabled it now refuses to transitively fetch
http/https resources via xsd:import, xsd:include, wsdl:imp...
defusedxml in 4.0. When enabled it now refuses to transitively fetch
http/https resources via xsd:import, xsd:include, wsdl:imp...
๐จ CVE-2026-15170
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
๐@cveNotify
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
๐@cveNotify
GitLab
[Security] Z39.50 MARC21 dissector: heap overflow (directory entry count floor/ceil mismatch) in dissect_marc_record() (ANT-2026โฆ
I am writing to report a heap-buffer-overflow (write) that is triggerable by way of the Wireshark fuzzing harness fuzzshark There is a slight patch needed on
๐จ CVE-2026-15171
SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
๐@cveNotify
SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
๐@cveNotify
GitLab
NULL pointer dereference in ssh_keylog_process_line when opening a pcapng with malformed SSH Decryption Secrets (#21378) ยท Issuesโฆ
Summary When Wireshark ingests SSH decryption secrets from a pcapng Decryption Secrets Block (DSB), a malformed SSH key-log...
๐จ CVE-2026-15172
FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
๐@cveNotify
FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
๐@cveNotify
GitLab
FMP Notify dissector integer overflow (#21347) ยท Issues ยท Wireshark Foundation / Wireshark ยท GitLab
Build Information TShark (Wireshark) 4.6.6 (v4.6.6-0-g3a22c3ef473d). Copyright 1998-2026 Gerald Combs <gerald@wireshark.org> and contributors. Licensed under the terms of the...
๐จ CVE-2026-57111
Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin requests to administrative REST endpoints via a cross-origin request from an arbitrary origin, since the filter unconditionally returns Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true and reflects arbitrary Access-Control-Request-Method / Access-Control-Request-Headers values in preflight responses. Users are recommended to upgrade to version 2.0.1, which fixes this issue.
๐@cveNotify
Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin requests to administrative REST endpoints via a cross-origin request from an arbitrary origin, since the filter unconditionally returns Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true and reflects arbitrary Access-Control-Request-Method / Access-Control-Request-Headers values in preflight responses. Users are recommended to upgrade to version 2.0.1, which fixes this issue.
๐@cveNotify
๐จ CVE-2026-50644
SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed (by the attacker or another user).
This issue was fixed in version 1.56.01.
๐@cveNotify
SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed (by the attacker or another user).
This issue was fixed in version 1.56.01.
๐@cveNotify
cert.pl
Vulnerability in SOPlanning software
SQL Injection vulnerability (CVE-2026-50644) has been found in SOPlanning software.
๐จ CVE-2026-56288
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing.
An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.
This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313
๐@cveNotify
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing.
An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.
This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313
๐@cveNotify
cert.pl
Vulnerabilities in GNU patch software
CERT Polska has received a report about 2 vulnerabilities (CVE-2026-56288 and CVE-2026-56289) found in GNU patch software.
๐จ CVE-2026-56289
GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position.
This results in excessive CPU consumption and prevents the process from completing.
An attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination.
This issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9
๐@cveNotify
GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position.
This results in excessive CPU consumption and prevents the process from completing.
An attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination.
This issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9
๐@cveNotify
cert.pl
Vulnerabilities in GNU patch software
CERT Polska has received a report about 2 vulnerabilities (CVE-2026-56288 and CVE-2026-56289) found in GNU patch software.
๐จ CVE-2026-12116
A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.
๐@cveNotify
A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.
๐@cveNotify
GitHub
Fix #1543 - Handle antivirus configuration in a different way ยท thexerteproject/xerteonlinetoolkits@8ef2062
Xerte Online Toolkits. Contribute to thexerteproject/xerteonlinetoolkits development by creating an account on GitHub.
๐จ CVE-2026-14261
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
๐@cveNotify
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
๐@cveNotify
GitHub
Fixed #1532 - Denial of Service vulnerability ยท thexerteproject/xerteonlinetoolkits@8fec660
Xerte Online Toolkits. Contribute to thexerteproject/xerteonlinetoolkits development by creating an account on GitHub.
๐จ CVE-2026-60108
Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit the NVT_Analyzer component's lack of a maximum line length check, causing it to continuously double its internal buffer without bounds during base64 decoding of an attacker-controlled ADAT token, resulting in denial of service of the Zeek sensor.
๐@cveNotify
Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit the NVT_Analyzer component's lack of a maximum line length check, causing it to continuously double its internal buffer without bounds during base64 decoding of an attacker-controlled ADAT token, resulting in denial of service of the Zeek sensor.
๐@cveNotify
GitHub
contentline: Fix unbounded state growth in lines ยท zeek/zeek@93ff695
Multiple analyzers that used the ContentLine analyzer omitted the check
for max_line_length. This could result in unbounded state growth for
these cases if the line was too long.
One potential fix...
for max_line_length. This could result in unbounded state growth for
these cases if the line was too long.
One potential fix...
๐จ CVE-2026-60109
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRB_ERROR message with error-code 25 (KDC_ERR_PREAUTH_REQUIRED) containing a PA-DATA element with padata-type 2, 3, 11, or 19. Attackers can exploit a parser and analyzer state mismatch where proc_padata() dereferences an uninitialized pa_data_element field selected by the wrong parsing arm, triggering a crash via a single UDP or TCP packet to port 88 without any credentials or prior authentication.
๐@cveNotify
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRB_ERROR message with error-code 25 (KDC_ERR_PREAUTH_REQUIRED) containing a PA-DATA element with padata-type 2, 3, 11, or 19. Attackers can exploit a parser and analyzer state mismatch where proc_padata() dereferences an uninitialized pa_data_element field selected by the wrong parsing arm, triggering a crash via a single UDP or TCP packet to port 88 without any credentials or prior authentication.
๐@cveNotify
GitHub
krb: Fix crash with Kerberos error handling ยท zeek/zeek@c82e3c7
An attacker could craft a packet such that Kerberos enters "error" mode
but then forces data to parse from the non-error variable, causing a
nullptr dereference. This fixes that b...
but then forces data to parse from the non-error variable, causing a
nullptr dereference. This fixes that b...
๐จ CVE-2026-59206
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated requests to be treated as a privileged user and exposing user and project listing endpoints. This issue is fixed in versions 1.123.61, 2.27.4, and 2.28.1.
๐@cveNotify
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated requests to be treated as a privileged user and exposing user and project listing endpoints. This issue is fixed in versions 1.123.61, 2.27.4, and 2.28.1.
๐@cveNotify
GitHub
Release n8n@2.27.4 ยท n8n-io/n8n
2.27.4 (2026-06-24)
Bug Fixes
core: Let allowlisted Python packages import their own submodules via relative imports (#32832) (62e876c)
Features
core: Fix building incorrect chained nodes (#3285...
Bug Fixes
core: Let allowlisted Python packages import their own submodules via relative imports (#32832) (62e876c)
Features
core: Fix building incorrect chained nodes (#3285...
๐จ CVE-2026-59207
n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a shared credential to send its secret to an external server they control. This issue is fixed in versions 2.27.4 and 2.28.1.
๐@cveNotify
n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a shared credential to send its secret to an external server they control. This issue is fixed in versions 2.27.4 and 2.28.1.
๐@cveNotify
GitHub
Release n8n@2.27.4 ยท n8n-io/n8n
2.27.4 (2026-06-24)
Bug Fixes
core: Let allowlisted Python packages import their own submodules via relative imports (#32832) (62e876c)
Features
core: Fix building incorrect chained nodes (#3285...
Bug Fixes
core: Let allowlisted Python packages import their own submodules via relative imports (#32832) (62e876c)
Features
core: Fix building incorrect chained nodes (#3285...
๐จ CVE-2026-59208
n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker with a valid token from one trusted issuer and a sub matching a victim under another issuer to authenticate as that victim. This issue is fixed in versions 2.27.4 and 2.28.1.
๐@cveNotify
n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker with a valid token from one trusted issuer and a sub matching a victim under another issuer to authenticate as that victim. This issue is fixed in versions 2.27.4 and 2.28.1.
๐@cveNotify
GitHub
Release n8n@2.27.4 ยท n8n-io/n8n
2.27.4 (2026-06-24)
Bug Fixes
core: Let allowlisted Python packages import their own submodules via relative imports (#32832) (62e876c)
Features
core: Fix building incorrect chained nodes (#3285...
Bug Fixes
core: Let allowlisted Python packages import their own submodules via relative imports (#32832) (62e876c)
Features
core: Fix building incorrect chained nodes (#3285...
๐จ CVE-2026-13462
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
๐@cveNotify
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
๐@cveNotify
cwe.mitre.org
CWE -
CWE-295: Improper Certificate Validation (4.20)
CWE-295: Improper Certificate Validation (4.20)
Common Weakness Enumeration (CWE) is a list of software weaknesses.
๐จ CVE-2026-15308
The incremental HTML parser (html.parser.HTMLParser) allows for CPU
denial-of-service through repeated unterminated markup declarations when
processing uncontrolled data.
๐@cveNotify
The incremental HTML parser (html.parser.HTMLParser) allows for CPU
denial-of-service through repeated unterminated markup declarations when
processing uncontrolled data.
๐@cveNotify
GitHub
[3.14] gh-153030: Fix quadratic complexity in incremental parsing in โฆ ยท python/cpython@07efb08
โฆHTMLParser (GH-153031) (GH-153039)
When an unterminated construct (e.g. a tag or comment) spanned many
feed() calls, rescanning the growing buffer and concatenating new data
onto it were both qua...
When an unterminated construct (e.g. a tag or comment) spanned many
feed() calls, rescanning the growing buffer and concatenating new data
onto it were both qua...
๐จ CVE-2026-55420
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.
๐@cveNotify
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.
๐@cveNotify
GitHub
SECURITY: Harden imagemagick execution ยท discourse/discourse@ca5a7e0
Add a default-deny ImageMagick security policy at `config/imagemagick/policy.xml`, loaded via `MAGICK_CONFIGURE_PATH` which is set in `config/initializers/003-imagemagick.rb`. Child processes inher...
๐จ CVE-2026-0279
Multiple cross site scripting vulnerabilities in the User-IDโข Authentication Portal (aka Captive Portal) service, GlobalProtectโข gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OSยฎ software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.
The security risk posed by this issue is minimized when the management interface and access to the User-IDโข Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW is not affected by this vulnerability.
๐@cveNotify
Multiple cross site scripting vulnerabilities in the User-IDโข Authentication Portal (aka Captive Portal) service, GlobalProtectโข gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OSยฎ software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.
The security risk posed by this issue is minimized when the management interface and access to the User-IDโข Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW is not affected by this vulnerability.
๐@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
Multiple cross site scripting vulnerabilities in the User-IDโข Authentication Portal (aka Captive Portal) service, GlobalProtectโข gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS...