Export limit exceeded: 367078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367078 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-48504 2026-07-17 5.3 Medium
OpenTelemetry Rust is the Rust OpenTelemetry implementation. In 0.32.0 and earlier, BaggagePropagator::extract_with_context in opentelemetry_sdk did not enforce W3C Baggage size limits before parsing an inbound baggage header, so a large attacker-controlled header could cause unnecessary CPU work and short-lived heap allocations while parsing entries later discarded by the SDK's baggage storage limits. Services that accept untrusted inbound propagation headers may experience increased per-request resource usage when processing oversized baggage headers. This issue is fixed in version 0.32.1.
CVE-2026-44974 2026-07-17 N/A
@hapi/content provided HTTP Content-* headers parsing. Prior to 6.0.2, Content.disposition() retained the last occurrence of each duplicate parameter while Content.type() retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another component in the request-processing chain resolves duplicates the opposite way. This can allow an upload filename allowlist bypass in headers such as Content-Disposition: form-data; name="file"; filename="safe.txt"; filename="shell.php". This issue is fixed in version 6.0.2.
CVE-2026-54171 2026-07-17 6.5 Medium
Excon is usable, fast, simple HTTP 1.1 for Ruby. Prior to 1.5.0, Excon's RedirectFollower middleware failed to strip additional sensitive headers when following redirects and did not provide a custom list of headers to strip. This could cause inadvertent leakage of sensitive data when the initial request includes header information that is not intended for the new target. This issue is fixed in version 1.5.0.
CVE-2026-54465 2026-07-17 N/A
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server() or to complement a WebSocket client, a peer can make a single connection consume an unbounded amount of memory by sending an HTTP request or response with a never-ending list of headers. This can lead to the receiving process running out of memory. This issue is fixed in version 0.8.1.
CVE-2026-54463 2026-07-17 N/A
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an indefinite sequence of 0x80 or higher bytes that the peer parses into an ever-growing Ruby integer. This can make a WebSocket connection consume an unbounded amount of memory and lead to the host process running out of memory. This issue is fixed in version 0.8.1.
CVE-2026-54464 2026-07-17 N/A
### Impact If this library is used in tandem with the `permessage-deflate` extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the size of the compressed data, not the size after decompression. This can lead to applications accepting larger messages than expected and exceeding their intended resource usage. ### Patches The issue has been patched in version 0.8.1, by checking the length of messages after they are processed by incoming extensions. All users should upgrade to this version. ### Workarounds No known workarounds exist. ### Acknowledgements This issue was discovered and reported by Pranjali Thakur, DepthFirst Security Research Team.
CVE-2026-13448 1 Ibm 1 Langflow Oss 2026-07-17 8.1 High
IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint ( /api/v1/build_public_tmp/{flow_id}/flow ). The vulnerability stems from an incomplete denylist in the validate_public_flow_no_code_execution() function that fails to block several code-execution agent components including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent.
CVE-2026-13473 1 Ibm 1 Storage Protect Client 2026-07-17 8.1 High
IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
CVE-2026-14499 1 Ibm 1 Langflow Oss 2026-07-17 8.8 High
IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component.
CVE-2026-14501 1 Ibm 2 Agentics, Db2 Genius Hub 2026-07-17 4.3 Medium
IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 could allow an attacker to execute arbitrary code or obtain sensitive information due to the use of dangerous functions without sufficient restrictions.
CVE-2026-55254 2026-07-17 4.8 Medium
NCalc is a fast, lightweight expression evaluator for .NET. Prior to 6.1.1, the factorial operator implementation in src/NCalc.Core/Helpers/MathHelper.cs permits specially crafted expressions with extremely large factorial operands, causing excessive CPU consumption or a non-terminating loop due to integer overflow in the factorial calculation logic when applications evaluate untrusted expressions. This issue is fixed in version 6.1.1.
CVE-2026-46420 2026-07-17 5.6 Medium
setup-php is a GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and tools. From 2.25.0 prior to 2.37.1, shivammathur/setup-php resolves the PHP version from repository-controlled files such as .php-version, composer.lock through platform-overrides.php, and composer.json through config.platform.php, and insufficiently constrains those values before incorporating them into generated shell or PowerShell setup scripts, allowing command injection on a GitHub Actions runner when workflows such as pull_request_target check out attacker-controlled contents before invoking setup-php. This issue is fixed in version 2.37.1.
CVE-2026-14971 1 Ibm 1 Powervm Novalink 2026-07-17 3.9 Low
IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and 2.3.02.3.0.12.3.12.3.2 IBM NovaLink APIs misconfiguration may increase attack surface and enable unintended or unauthorized operations under non-default conditions.
CVE-2026-45799 2026-07-17 7.5 High
Wire provides gRPC and protocol buffers for Android, Kotlin, Swift, and Java. Prior to 6.3.0 and 7.0.0-alpha03, ByteArrayProtoReader32.skipGroup() and ProtoReader.skipGroup() in wire-runtime do not validate that a LENGTH_DELIMITED field length is non-negative before skip(), allowing a crafted protobuf varint encoding -128 as a signed Int to make skip(-128) move the internal position negative and make the next readByte() throw ArrayIndexOutOfBoundsException instead of the documented IOException or ProtocolException, which can crash services using ProtoAdapter.decode(byte[]) on untrusted payloads. This issue is fixed in versions 6.3.0 and 7.0.0-alpha03.
CVE-2025-51678 2026-07-17 N/A
An issue was discovered in RISC-V PicoRV32 commit 87c89a. A mismatch in the PCPI INSN and memory address can lead to unexpected behavior.
CVE-2026-14979 1 Ibm 1 Engineering Lifecycle Management 2026-07-17 5.3 Medium
IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.
CVE-2026-50273 2026-07-17 7.5 High
Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES on extraction, allowing a remote unauthenticated attacker to send a baggage header with many comma-separated key-value pairs or one very large value and cause unbounded CPU and memory consumption in services with baggage propagation enabled. This issue is fixed in version 3.43.0.
CVE-2026-48819 2026-07-17 4.8 Medium
Hey API is an ecosystem for turning API specifications into production-ready code. Prior to 0.97.3, dist/clients/core/params.ts ships a runtime template copied into generated SDKs as params.gen.ts, and buildClientParams writes unknown slot-prefixed keys such as $body_, $headers_, $path_, and $query_ directly to the corresponding slot, allowing $query___proto__ alongside a legitimate q field to set params.query through params["query"]["__proto__"] = value, call Object.setPrototypeOf(params.query, value), and expose inherited attacker-controlled keys during for..in iteration. This issue is fixed in version 0.97.3.
CVE-2026-49835 2026-07-17 5.9 Medium
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.1.0, the global wrapMetrics middleware records raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency and request count metric vectors before routing, allowing an unauthenticated remote attacker to issue requests with random paths such as /api/v1/timestamp/<uuid> or random HTTP methods and create unbounded permanent time-series entries that exhaust memory. This issue is fixed in version 2.1.0.
CVE-2026-9202 1 Ibm 1 Langflow Oss 2026-07-17 9.8 Critical
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW_USER_IS_ACTIVE=true (documented deployment option), newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need for AUTO_LOGIN.