Search CVE reports


Toggle filters

91 – 100 of 30717 results

Status is adjusted based on your filters.


CVE-2026-15712

Medium priority
Needs evaluation

A heap buffer over-read vulnerability was discovered in libsoup's (versions: libsoup 3.0 to 3.7.0) HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional...

1 affected package

libsoup3

Package 26.04 LTS
libsoup3 Needs evaluation
Show less packages

CVE-2026-57108

Medium priority
Vulnerable

Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS
dotnet6 Not in release
dotnet7 Not in release
dotnet8 Not in release
dotnet9 Not in release
dotnet10 Vulnerable
Show less packages

CVE-2026-45756

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45077

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45074

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost(), which...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45067

Medium priority
Needs evaluation

### Description `Symfony\Component\Mime\Address` is the value-object every Symfony Mailer address (to/cc/bcc/from/reply-to) flows through; its constructor is documented as validating the address and throwing on invalid input,...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45066

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45065

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-15747

Medium priority
Needs evaluation

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token generates and caches one token per session and returns the same value on...

1 affected package

libmojolicious-perl

Package 26.04 LTS
libmojolicious-perl Needs evaluation
Show less packages

CVE-2026-59888

Medium priority
Needs evaluation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore...

1 affected package

jackson-databind

Package 26.04 LTS
jackson-databind Needs evaluation
Show less packages