📡 GitHub-Advisory · 2026-05-06 CVE-2026-42557 - JupyterLab's command linker attributes in HTML enable one-click command executio CVE-2026-42557 GHSA-mqcg-5x36-vfcg HIGH pip/jupyterlab CVE: CVE-2026-42557 JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command

📡 GitHub-Advisory · 2026-05-06 CVE-2026-42555 - Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code CVE-2026-42555 GHSA-j7j9-5253-f7vh CRITICAL maven/com.ritense.valtimo:document CVE: CVE-2026-42555 Summary Multiple classes evaluate Spring Expression Language (SpEL) expressions from user-supplied input using StandardEvaluationContext, which provides unrestricted access to Java types and methods. An authenticated user

📡 NVD-Latest · 2026-05-05 CVE-2026-31195 (CVSS 8.8) - The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR Franc CVE-2026-31195 CVE-2026-31195 CVSS:8.8 The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into

📡 NVD-Latest · 2026-05-05 CVE-2026-31196 (CVSS 8.8) - The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR CVE-2026-31196 CVE-2026-31196 CVSS:8.8 The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a

📡 GitHub-Advisory · 2026-05-07 CVE-2026-42788 - Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhau CVE-2026-42788 GHSA-q6v9-r226-v65f MEDIUM erlang/bandit CVE: CVE-2026-42788 Summary Bandit's HTTP/2 parser checks frame size *after* it has already buffered the full body, instead of when it sees the 9-byte

📡 GitHub-Advisory · 2026-05-07 CVE-2026-39807 - Bandit trusts client-supplied URI scheme on plaintext connections CVE-2026-39807 GHSA-375f-4r2h-f99j MEDIUM erlang/bandit CVE: CVE-2026-39807 Summary Bandit reflects the client-supplied URI scheme into conn.scheme without verifying the actual transport. Over a plaintext HTTP/1.1 connection (or h2c), an unauthenticated attacker can send an absolute-form

📡 GitHub-Advisory · 2026-05-07 CVE-2026-39805 - Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Conten CVE-2026-39805 GHSA-c67r-gc9j-2qf7 MEDIUM erlang/bandit CVE: CVE-2026-39805 Summary Bandit is vulnerable to CL.CL HTTP request smuggling: it silently accepts requests with two Content-Length headers whose values differ, takes the first value, and dispatches

📡 GitHub-Advisory · 2026-05-07 CVE-2026-42786 - Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated CVE-2026-42786 GHSA-pf94-94m9-536p HIGH erlang/bandit CVE: CVE-2026-42786 Summary A single unauthenticated WebSocket client can exhaust server memory in any Bandit-fronted application that accepts WebSocket connections. The fragmented-message reassembly path appends every Continuation{fin: false} frame's payload

📡 GitHub-Advisory · 2026-05-07 CVE-2026-39804 - Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame CVE-2026-39804 GHSA-frh3-6pv6-rc8j HIGH erlang/bandit CVE: CVE-2026-39804 Summary When a Bandit-fronted server has explicitly enabled WebSocket permessage-deflate (compress: true), an unauthenticated client can OOM the BEAM with a single ~6 MiB WebSocket frame.

📡 GitHub-Advisory · 2026-05-07 CVE-2026-44544 - gittuf's policy can be rolled back to prior valid versions CVE-2026-44544 GHSA-vxvc-cg7j-rwqj MEDIUM go/github.com/gittuf/gittuf CVE: CVE-2026-44544 Summary An attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy

📡 GitHub-Advisory · 2026-05-07 GHSA-mmpx-jh39-wrv6 - FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP H GHSA-mmpx-jh39-wrv6 MEDIUM go/github.com/gtsteffaniak/filebrowser CVE: Summary FileBrowser Quantum serves inline SVG files without a Content-Security-Policy header, allowing embedded JavaScript in SVG files to execute when accessed via public share

📡 GitHub-Advisory · 2026-05-07 CVE-2026-44542 - FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitr CVE-2026-44542 GHSA-fwj3-42wh-8673 CRITICAL go/github.com/gtsteffaniak/filebrowser CVE: CVE-2026-44542 **Summary** Attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As

📡 GitHub-Advisory · 2026-05-07 CVE-2026-44283 - etcd RBAC bypass allows unauthorized data access via PrevKv/lease attachment in CVE-2026-44283 GHSA-x35m-3gp4-4fh5 LOW go/go.etcd.io/etcd/v3 CVE: CVE-2026-44283 Impact _What kind of vulnerability is it? Who is impacted?_ A vulnerability in etcd allows read access via PrevKv, or lease attachment in

📡 GitHub-Advisory · 2026-05-07 CVE-2026-44520 - docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler CVE-2026-44520 GHSA-fqph-j6v6-jvgx MEDIUM pip/docling-graph CVE: CVE-2026-44520 Impact The URLInputHandler class in docling_graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local

📡 GitHub-Advisory · 2026-05-07 GHSA-w5p8-4jcx-2j6r - imageproc: integer overflow in kernel size check leads to out-of-bounds read GHSA-w5p8-4jcx-2j6r MEDIUM rust/imageproc CVE: A bounds verification of a slice storage of a 2-dimensional matrix's coefficients (a kernel) would compare the total size against the product of individual dimensions. This would erroneously

📡 GitHub-Advisory · 2026-05-07 GHSA-qg8r-f7x3-25f7 - imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling GHSA-qg8r-f7x3-25f7 MEDIUM rust/imageproc CVE: A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the

📡 GitHub-Advisory · 2026-05-07 GHSA-5qv7-j6w5-fr4m - imageproc has fragile bounds check when sampling from image GHSA-5qv7-j6w5-fr4m MEDIUM rust/imageproc CVE: A read of pixels was coded as modifying coordinates to lie within the image bounds. It would calculate a coordinate by adding a constant to an input and taking the minimum of

📡 GitHub-Advisory · 2026-05-07 CVE-2026-44426 - ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypa CVE-2026-44426 GHSA-vwx9-7qcf-gg7f MEDIUM go/github.com/shellhub-io/shellhub CVE: CVE-2026-44426 Summary GET /api/namespaces/:tenant returns the full namespace object — including the members list (user IDs, e-mails, roles), settings, and device counts — to

📡 GitHub-Advisory · 2026-05-07 GHSA-q2qq-hmj6-3wpp - hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) CVE-2024-8508 GHSA-q2qq-hmj6-3wpp MEDIUM rust/hickory-proto CVE: During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec<(usize, Vec<u8>)>. The

📡 GitHub-Advisory · 2026-05-07 GHSA-3v94-mw7p-v465 - hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on GHSA-3v94-mw7p-v465 HIGH rust/hickory-proto CVE: The NSEC3 closest-encloser proof validation in hickory-proto's (0.25.0-alpha.3 ... 0.25.2) and hickory-net's (0.26.0-alpha.1 .. 0.26.0) DnssecDnsHandle walks from the QNAME

📡 GitHub-Advisory · 2026-05-07 GHSA-258c-965c-p3hc - Daptin's Session Management Vulnerability Leads to Insufficient Session Expirati GHSA-258c-965c-p3hc MEDIUM go/github.com/daptin/daptin CVE: Summary A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens (JWTs) remain fully valid after a user changes their password. The

📡 GitHub-Advisory · 2026-05-07 GHSA-m38g-vww2-mvgx - Talos Linux has a local privilege escalation from untrusted workloads CVE-2026-31431 GHSA-m38g-vww2-mvgx HIGH go/github.com/siderolabs/talos CVE: Summary A vulnerability in the Linux kernel's algif_aead subsystem (CVE-2026-31431, "copy.fail") allows an unprivileged container workload to corrupt arbitrary file page-cache

📡 GitHub-Advisory · 2026-05-07 CVE-2026-44514 - Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read CVE-2026-44514 GHSA-v8j7-hp7c-738f MEDIUM go/github.com/kubetail-org/kubetail/modules/dashboard CVE: CVE-2026-44514 Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web

📡 GitHub-Advisory · 2026-05-07 GHSA-j7w6-vpvq-j3gm - Diffusers: None.py has Trust Remote Code Bypass GHSA-j7w6-vpvq-j3gm HIGH pip/diffusers CVE: Background This vulnerability is found in the DiffusionPipeline.from_pretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function accepts an optional custom_pipeline keyword argument: the name

📡 GitHub-Advisory · 2026-05-07 CVE-2026-44511 - katalyst-koi: Session cookies can be replayed after user logout CVE-2026-44511 GHSA-4cx3-3c38-j9vv HIGH rubygems/katalyst-koi CVE: CVE-2026-44511 Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after