Search CVE reports


Toggle filters

361 – 370 of 43971 results

Status is adjusted based on your filters.


CVE-2026-59935

Medium priority
Needs evaluation

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an...

2 affected packages

pypdf, pypdf2

Package 22.04 LTS
pypdf Not in release
pypdf2 Needs evaluation
Show less packages

CVE-2026-58501

Medium priority
Needs evaluation

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD...

1 affected package

python-zeep

Package 22.04 LTS
python-zeep Needs evaluation
Show less packages

CVE-2026-58254

Medium priority

Not in release

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to...

1 affected package

nats-server

Package 22.04 LTS
nats-server Not in release
Show less packages

CVE-2026-58253

Medium priority

Not in release

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections...

1 affected package

nats-server

Package 22.04 LTS
nats-server Not in release
Show less packages

CVE-2026-58252

Medium priority

Not in release

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription...

1 affected package

nats-server

Package 22.04 LTS
nats-server Not in release
Show less packages

CVE-2026-58251

Medium priority

Not in release

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny...

1 affected package

nats-server

Package 22.04 LTS
nats-server Not in release
Show less packages

CVE-2026-58250

Medium priority

Not in release

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash...

1 affected package

nats-server

Package 22.04 LTS
nats-server Not in release
Show less packages

CVE-2026-58214

Medium priority

Not in release

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject...

1 affected package

nats-server

Package 22.04 LTS
nats-server Not in release
Show less packages

CVE-2026-58213

Medium priority

Not in release

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were...

1 affected package

nats-server

Package 22.04 LTS
nats-server Not in release
Show less packages

CVE-2026-58212

Medium priority
Not affected

Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be determined to be a Vulnerability, regardless of whether the dependencies...

2 affected packages

golang-github-nats-io-nkeys, nats-server

Package 22.04 LTS
golang-github-nats-io-nkeys Not affected
nats-server Not in release
Show less packages