Search CVE reports


Toggle filters

391 – 400 of 43971 results

Status is adjusted based on your filters.


CVE-2026-59924

Medium priority
Needs evaluation

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory,...

1 affected package

mistune

Package 22.04 LTS
mistune Needs evaluation
Show less packages

CVE-2026-59923

Medium priority
Needs evaluation

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections...

1 affected package

mistune

Package 22.04 LTS
mistune Needs evaluation
Show less packages

CVE-2026-59922

Medium priority
Needs evaluation

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the...

1 affected package

mistune

Package 22.04 LTS
mistune Needs evaluation
Show less packages

CVE-2026-59890

Medium priority
Needs evaluation

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by...

1 affected package

setuptools

Package 22.04 LTS
setuptools Needs evaluation
Show less packages

CVE-2026-59883

Medium priority

Not in release

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain() applied ordinary...

1 affected package

guzzle

Package 22.04 LTS
guzzle Not in release
Show less packages

CVE-2026-59882

Medium priority
Needs evaluation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets,...

1 affected package

php-guzzlehttp-psr7

Package 22.04 LTS
php-guzzlehttp-psr7 Needs evaluation
Show less packages

CVE-2026-59879

Medium priority
Needs evaluation

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 **...

1 affected package

node-immutable

Package 22.04 LTS
node-immutable Needs evaluation
Show less packages

CVE-2026-42505

Medium priority
Needs evaluation

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 22.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Needs evaluation
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Needs evaluation
golang-1.18 Needs evaluation
golang-1.20 Needs evaluation
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-39822

Medium priority
Needs evaluation

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")'...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 22.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Needs evaluation
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Needs evaluation
golang-1.18 Needs evaluation
golang-1.20 Needs evaluation
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-29009

Medium priority
Needs evaluation

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net/nfs-common.c) when CONFIG_CMD_NFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfs_path_buff...

2 affected packages

u-boot, u-boot-nezha

Package 22.04 LTS
u-boot Needs evaluation
u-boot-nezha Needs evaluation
Show less packages