Search criteria
11278 vulnerabilities
CVE-2026-28426 (GCVE-0-2026-28426)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:23 – Updated: 2026-02-27 22:23
VLAI?
Title
Statamic vulnerable to privilege escalation via stored cross-site scripting
Summary
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This has been fixed in 5.73.11 and 6.4.0.
Severity ?
8.7 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "cms",
"vendor": "statamic",
"versions": [
{
"status": "affected",
"version": "\u003c 5.73.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This has been fixed in 5.73.11 and 6.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T22:23:42.660Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/statamic/cms/security/advisories/GHSA-5vrj-wf7v-5wr7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/statamic/cms/security/advisories/GHSA-5vrj-wf7v-5wr7"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v5.73.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v5.73.11"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v6.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v6.4.0"
}
],
"source": {
"advisory": "GHSA-5vrj-wf7v-5wr7",
"discovery": "UNKNOWN"
},
"title": "Statamic vulnerable to privilege escalation via stored cross-site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28426",
"datePublished": "2026-02-27T22:23:42.660Z",
"dateReserved": "2026-02-27T15:54:05.137Z",
"dateUpdated": "2026-02-27T22:23:42.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28425 (GCVE-0-2026-28425)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:20 – Updated: 2026-02-27 22:20
VLAI?
Title
Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
Summary
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and potential impact on availability. Exploitation is only possible where Antlers runs on user-controlled content—for example, content fields with Antlers explicitly enabled (requiring permission to configure fields and to edit entries), built-in config that supports Antlers such as Forms email notification settings (requiring configuration permission), or third-party addons that add Antlers-enabled fields to entries (for example, the SEO Pro addon). In each case the attacker must have the relevant control panel permissions. This has been fixed in 5.73.11 and 6.4.0. Users of addons that depend on Statamic should ensure that after updating they are running a patched Statamic version.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "cms",
"vendor": "statamic",
"versions": [
{
"status": "affected",
"version": "\u003c 5.73.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and potential impact on availability. Exploitation is only possible where Antlers runs on user-controlled content\u2014for example, content fields with Antlers explicitly enabled (requiring permission to configure fields and to edit entries), built-in config that supports Antlers such as Forms email notification settings (requiring configuration permission), or third-party addons that add Antlers-enabled fields to entries (for example, the SEO Pro addon). In each case the attacker must have the relevant control panel permissions. This has been fixed in 5.73.11 and 6.4.0. Users of addons that depend on Statamic should ensure that after updating they are running a patched Statamic version."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T22:20:39.735Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/statamic/cms/security/advisories/GHSA-cpv7-q2wx-m8rw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/statamic/cms/security/advisories/GHSA-cpv7-q2wx-m8rw"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v5.73.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v5.73.11"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v6.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v6.4.0"
}
],
"source": {
"advisory": "GHSA-cpv7-q2wx-m8rw",
"discovery": "UNKNOWN"
},
"title": "Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28425",
"datePublished": "2026-02-27T22:20:39.735Z",
"dateReserved": "2026-02-27T15:54:05.136Z",
"dateUpdated": "2026-02-27T22:20:39.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28424 (GCVE-0-2026-28424)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:14 – Updated: 2026-02-27 22:14
VLAI?
Title
Statamic's missing authorization allows access to email addresses
Summary
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 and 6.4.0.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "cms",
"vendor": "statamic",
"versions": [
{
"status": "affected",
"version": "\u003c 5.73.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype\u2019s data endpoint for control panel users who did not have the \"view users\" permission. This has been fixed in 5.73.11 and 6.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T22:14:01.779Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/statamic/cms/security/advisories/GHSA-w878-f8c6-7r63",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/statamic/cms/security/advisories/GHSA-w878-f8c6-7r63"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v5.73.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v5.73.11"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v6.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v6.4.0"
}
],
"source": {
"advisory": "GHSA-w878-f8c6-7r63",
"discovery": "UNKNOWN"
},
"title": "Statamic\u0027s missing authorization allows access to email addresses"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28424",
"datePublished": "2026-02-27T22:14:01.779Z",
"dateReserved": "2026-02-27T15:54:05.136Z",
"dateUpdated": "2026-02-27T22:14:01.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28423 (GCVE-0-2026-28423)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:11 – Updated: 2026-02-27 22:11
VLAI?
Title
Statamic Vulnerable to Server-Side Request Forgery via Glide
Summary
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode (which is not the default), the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal services, cloud metadata endpoints, and other hosts reachable from the server. This has been fixed in 5.73.11 and 6.4.0.
Severity ?
6.8 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "cms",
"vendor": "statamic",
"versions": [
{
"status": "affected",
"version": "\u003c 5.73.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode (which is not the default), the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs\u2014either via the URL directly or via the watermark feature. That can allow access to internal services, cloud metadata endpoints, and other hosts reachable from the server. This has been fixed in 5.73.11 and 6.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T22:11:55.802Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/statamic/cms/security/advisories/GHSA-cwpp-325q-2cvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/statamic/cms/security/advisories/GHSA-cwpp-325q-2cvp"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v5.73.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v5.73.11"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v6.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v6.4.0"
}
],
"source": {
"advisory": "GHSA-cwpp-325q-2cvp",
"discovery": "UNKNOWN"
},
"title": "Statamic Vulnerable to Server-Side Request Forgery via Glide"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28423",
"datePublished": "2026-02-27T22:11:55.802Z",
"dateReserved": "2026-02-27T15:54:05.136Z",
"dateUpdated": "2026-02-27T22:11:55.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28422 (GCVE-0-2026-28422)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:08 – Updated: 2026-02-28 00:15
VLAI?
Title
Vim has stack-buffer-overflow in build_stl_str_hl()
Summary
Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-28T00:15:38.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/27/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0078"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T22:08:11.384Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf"
},
{
"name": "https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.2.0078",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.2.0078"
}
],
"source": {
"advisory": "GHSA-gmqx-prf2-8mwf",
"discovery": "UNKNOWN"
},
"title": "Vim has stack-buffer-overflow in build_stl_str_hl()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28422",
"datePublished": "2026-02-27T22:08:11.384Z",
"dateReserved": "2026-02-27T15:54:05.136Z",
"dateUpdated": "2026-02-28T00:15:38.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28421 (GCVE-0-2026-28421)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:06 – Updated: 2026-02-28 00:15
VLAI?
Title
Vim has a heap-buffer-overflow and a segmentation fault
Summary
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.
Severity ?
5.3 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-28T00:15:36.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/27/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0077"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim\u0027s swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T22:06:34.312Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p"
},
{
"name": "https://github.com/vim/vim/commit/65c1a143c331c886dc28",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/65c1a143c331c886dc28"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.2.0077",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.2.0077"
}
],
"source": {
"advisory": "GHSA-r2gw-2x48-jj5p",
"discovery": "UNKNOWN"
},
"title": "Vim has a heap-buffer-overflow and a segmentation fault"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28421",
"datePublished": "2026-02-27T22:06:34.312Z",
"dateReserved": "2026-02-27T15:54:05.136Z",
"dateUpdated": "2026-02-28T00:15:36.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28420 (GCVE-0-2026-28420)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:04 – Updated: 2026-02-28 00:15
VLAI?
Title
Vim has Heap-based Buffer Overflow and OOB Read in :terminal
Summary
Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.
Severity ?
4.4 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-28T00:15:35.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/27/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0076"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim\u0027s terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T22:04:36.189Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg"
},
{
"name": "https://github.com/vim/vim/commit/bb6de2105b160e729c34063",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/bb6de2105b160e729c34063"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.2.0076",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.2.0076"
}
],
"source": {
"advisory": "GHSA-rvj2-jrf9-2phg",
"discovery": "UNKNOWN"
},
"title": "Vim has Heap-based Buffer Overflow and OOB Read in :terminal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28420",
"datePublished": "2026-02-27T22:04:36.189Z",
"dateReserved": "2026-02-27T15:33:57.290Z",
"dateUpdated": "2026-02-28T00:15:35.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28419 (GCVE-0-2026-28419)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:02 – Updated: 2026-02-28 00:15
VLAI?
Title
Vim has Heap-based Buffer Underflow in Emacs tags parsing
Summary
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.
Severity ?
5.3 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-28T00:15:33.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/27/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0075"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim\u0027s Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-124",
"description": "CWE-124: Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T22:02:55.952Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-xcc8-r6c5-hvwv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-xcc8-r6c5-hvwv"
},
{
"name": "https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.2.0075",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.2.0075"
}
],
"source": {
"advisory": "GHSA-xcc8-r6c5-hvwv",
"discovery": "UNKNOWN"
},
"title": "Vim has Heap-based Buffer Underflow in Emacs tags parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28419",
"datePublished": "2026-02-27T22:02:55.952Z",
"dateReserved": "2026-02-27T15:33:57.290Z",
"dateUpdated": "2026-02-28T00:15:33.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28418 (GCVE-0-2026-28418)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:58 – Updated: 2026-02-28 00:15
VLAI?
Title
Vim has Heap-based Buffer Overflow in Emacs tags parsing
Summary
Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.
Severity ?
4.4 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-28T00:15:32.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/27/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0074"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim\u0027s Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:58:37.277Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j"
},
{
"name": "https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.2.0074",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.2.0074"
}
],
"source": {
"advisory": "GHSA-h4mf-vg97-hj8j",
"discovery": "UNKNOWN"
},
"title": "Vim has Heap-based Buffer Overflow in Emacs tags parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28418",
"datePublished": "2026-02-27T21:58:37.277Z",
"dateReserved": "2026-02-27T15:33:57.290Z",
"dateUpdated": "2026-02-28T00:15:32.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28417 (GCVE-0-2026-28417)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:54 – Updated: 2026-02-28 00:15
VLAI?
Title
Vim has OS Command Injection in netrw
Summary
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Severity ?
4.4 (Medium)
CWE
- CWE-86 - Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-28T00:15:30.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/27/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0073"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-86",
"description": "CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:54:35.196Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336"
},
{
"name": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.2.0073",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.2.0073"
}
],
"source": {
"advisory": "GHSA-m3xh-9434-g336",
"discovery": "UNKNOWN"
},
"title": "Vim has OS Command Injection in netrw"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28417",
"datePublished": "2026-02-27T21:54:35.196Z",
"dateReserved": "2026-02-27T15:33:57.290Z",
"dateUpdated": "2026-02-28T00:15:30.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28411 (GCVE-0-2026-28411)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:52 – Updated: 2026-02-27 21:52
VLAI?
Title
WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)`
Summary
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. Version 3.6.5 fixes the issue.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabRedesCefetRJ | WeGIA |
Affected:
< 3.6.5
|
{
"containers": {
"cna": {
"affected": [
{
"product": "WeGIA",
"vendor": "LabRedesCefetRJ",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. Version 3.6.5 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-473",
"description": "CWE-473: PHP External Variable Modification",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:52:05.032Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7r9-hxc8-8vh7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7r9-hxc8-8vh7"
}
],
"source": {
"advisory": "GHSA-g7r9-hxc8-8vh7",
"discovery": "UNKNOWN"
},
"title": "WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28411",
"datePublished": "2026-02-27T21:52:05.032Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-02-27T21:52:05.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28409 (GCVE-0-2026-28409)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:50 – Updated: 2026-02-27 21:50
VLAI?
Title
WeGIA Vulnerable to Remote Code Execution (RCE) via OS Command Injection
Summary
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentication Bypass) can execute arbitrary OS commands on the server by uploading a backup file with a specifically crafted filename. Version 3.6.5 fixes the issue.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabRedesCefetRJ | WeGIA |
Affected:
< 3.6.5
|
{
"containers": {
"cna": {
"affected": [
{
"product": "WeGIA",
"vendor": "LabRedesCefetRJ",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application\u0027s database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentication Bypass) can execute arbitrary OS commands on the server by uploading a backup file with a specifically crafted filename. Version 3.6.5 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:50:21.849Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5m5g-q2vv-rv3r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5m5g-q2vv-rv3r"
}
],
"source": {
"advisory": "GHSA-5m5g-q2vv-rv3r",
"discovery": "UNKNOWN"
},
"title": "WeGIA Vulnerable to Remote Code Execution (RCE) via OS Command Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28409",
"datePublished": "2026-02-27T21:50:21.849Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-02-27T21:50:21.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28408 (GCVE-0-2026-28408)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:49 – Updated: 2026-02-27 21:49
VLAI?
Title
WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php
Summary
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Postman or the file's URL on the web to access features exclusive to employees. The vulnerability allows external parties to inject unauthorized data in massive quantities into the application server's storage. Version 3.6.5 fixes the issue.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabRedesCefetRJ | WeGIA |
Affected:
< 3.6.5
|
{
"containers": {
"cna": {
"affected": [
{
"product": "WeGIA",
"vendor": "LabRedesCefetRJ",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project\u0027s central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Postman or the file\u0027s URL on the web to access features exclusive to employees. The vulnerability allows external parties to inject unauthorized data in massive quantities into the application server\u0027s storage. Version 3.6.5 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:49:14.747Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xq3w-xwxj-fg2q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xq3w-xwxj-fg2q"
}
],
"source": {
"advisory": "GHSA-xq3w-xwxj-fg2q",
"discovery": "UNKNOWN"
},
"title": "WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28408",
"datePublished": "2026-02-27T21:49:14.747Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-02-27T21:49:14.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28416 (GCVE-0-2026-28416)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:47 – Updated: 2026-02-27 21:47
VLAI?
Title
Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
Summary
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.
Severity ?
8.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gradio-app | gradio |
Affected:
< 6.6.0
|
{
"containers": {
"cna": {
"affected": [
{
"product": "gradio",
"vendor": "gradio-app",
"versions": [
{
"status": "affected",
"version": "\u003c 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim\u0027s server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim\u0027s infrastructure. Version 6.6.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:47:04.975Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-jmh7-g254-2cq9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-jmh7-g254-2cq9"
}
],
"source": {
"advisory": "GHSA-jmh7-g254-2cq9",
"discovery": "UNKNOWN"
},
"title": "Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28416",
"datePublished": "2026-02-27T21:47:04.975Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-02-27T21:47:04.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28415 (GCVE-0-2026-28415)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:44 – Updated: 2026-02-27 21:44
VLAI?
Title
Gradio has Open Redirect in OAuth Flow
Summary
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gradio-app | gradio |
Affected:
< 6.6.0
|
{
"containers": {
"cna": {
"affected": [
{
"product": "gradio",
"vendor": "gradio-app",
"versions": [
{
"status": "affected",
"version": "\u003c 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio\u0027s OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:44:51.956Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x"
}
],
"source": {
"advisory": "GHSA-pfjf-5gxr-995x",
"discovery": "UNKNOWN"
},
"title": "Gradio has Open Redirect in OAuth Flow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28415",
"datePublished": "2026-02-27T21:44:51.956Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-02-27T21:44:51.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28414 (GCVE-0-2026-28414)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:43 – Updated: 2026-02-27 21:43
VLAI?
Title
Gradio has Absolute Path Traversal on Windows with Python 3.13+
Summary
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
Severity ?
7.5 (High)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gradio-app | gradio |
Affected:
< 6.7
|
{
"containers": {
"cna": {
"affected": [
{
"product": "gradio",
"vendor": "gradio-app",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio\u0027s logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:43:28.453Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-39mp-8hj3-5c49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-39mp-8hj3-5c49"
}
],
"source": {
"advisory": "GHSA-39mp-8hj3-5c49",
"discovery": "UNKNOWN"
},
"title": "Gradio has Absolute Path Traversal on Windows with Python 3.13+"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28414",
"datePublished": "2026-02-27T21:43:28.453Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-02-27T21:43:28.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27167 (GCVE-0-2026-27167)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:40 – Updated: 2026-02-27 21:40
VLAI?
Title
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
Summary
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable. Version 6.6.0 fixes the issue.
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gradio-app | gradio |
Affected:
>= 4.16.0, < 6.6.0
|
{
"containers": {
"cna": {
"affected": [
{
"product": "gradio",
"vendor": "gradio-app",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.16.0, \u003c 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable \"mocked\" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor\u0027s session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner\u0027s HF token. The session cookie is signed with a hardcoded secret derived from the string `\"-v4\"`, making the payload trivially decodable. Version 6.6.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:40:57.917Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-h3h8-3v2v-rg7m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-h3h8-3v2v-rg7m"
}
],
"source": {
"advisory": "GHSA-h3h8-3v2v-rg7m",
"discovery": "UNKNOWN"
},
"title": "Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27167",
"datePublished": "2026-02-27T21:40:57.917Z",
"dateReserved": "2026-02-18T00:18:53.963Z",
"dateUpdated": "2026-02-27T21:40:57.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27939 (GCVE-0-2026-27939)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:34 – Updated: 2026-02-27 21:34
VLAI?
Title
Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass
Summary
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.
Severity ?
8.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"cna": {
"affected": [
{
"product": "cms",
"vendor": "statamic",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user\u2019s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:34:39.107Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789"
},
{
"name": "https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a"
}
],
"source": {
"advisory": "GHSA-rw9x-pxqx-q789",
"discovery": "UNKNOWN"
},
"title": "Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27939",
"datePublished": "2026-02-27T21:34:39.107Z",
"dateReserved": "2026-02-25T03:11:36.689Z",
"dateUpdated": "2026-02-27T21:34:39.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28407 (GCVE-0-2026-28407)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:28 – Updated: 2026-02-27 21:28
VLAI?
Title
malcontent's nested archive extraction failure can drop content from scan inputs
Summary
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue.
Severity ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| chainguard-dev | malcontent |
Affected:
< 1.21.0
|
{
"containers": {
"cna": {
"affected": [
{
"product": "malcontent",
"vendor": "chainguard-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 1.21.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:28:06.258Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/chainguard-dev/malcontent/security/advisories/GHSA-945p-3jhm-6rcp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/chainguard-dev/malcontent/security/advisories/GHSA-945p-3jhm-6rcp"
},
{
"name": "https://github.com/chainguard-dev/malcontent/pull/1383",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chainguard-dev/malcontent/pull/1383"
},
{
"name": "https://github.com/chainguard-dev/malcontent/commit/356c56659ccfcad0b249a97de8cf71f151ed3ee9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chainguard-dev/malcontent/commit/356c56659ccfcad0b249a97de8cf71f151ed3ee9"
}
],
"source": {
"advisory": "GHSA-945p-3jhm-6rcp",
"discovery": "UNKNOWN"
},
"title": "malcontent\u0027s nested archive extraction failure can drop content from scan inputs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28407",
"datePublished": "2026-02-27T21:28:06.258Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-02-27T21:28:06.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28406 (GCVE-0-2026-28406)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:20 – Updated: 2026-02-27 21:20
VLAI?
Title
kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory
Summary
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.
Severity ?
8.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| chainguard-forks | kaniko |
Affected:
>= 1.25.4, < 1.25.10
|
{
"containers": {
"cna": {
"affected": [
{
"product": "kaniko",
"vendor": "chainguard-forks",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.25.4, \u003c 1.25.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:20:52.764Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/chainguard-forks/kaniko/security/advisories/GHSA-6rxq-q92g-4rmf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/chainguard-forks/kaniko/security/advisories/GHSA-6rxq-q92g-4rmf"
},
{
"name": "https://github.com/chainguard-forks/kaniko/pull/326",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chainguard-forks/kaniko/pull/326"
},
{
"name": "https://github.com/chainguard-forks/kaniko/commit/a370e4b1f66e6e842b685c8f70ed507964c4b221",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chainguard-forks/kaniko/commit/a370e4b1f66e6e842b685c8f70ed507964c4b221"
}
],
"source": {
"advisory": "GHSA-6rxq-q92g-4rmf",
"discovery": "UNKNOWN"
},
"title": "kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28406",
"datePublished": "2026-02-27T21:20:52.764Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-02-27T21:20:52.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28402 (GCVE-0-2026-28402)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:08 – Updated: 2026-02-27 21:08
VLAI?
Title
nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification
Summary
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later code expects this binding and may panic on mismatch, crashing validators. Note that the impact is only for validator nodes. The patch for this vulnerability is formally released as part of v1.2.2. The patch adds the corresponding body root verification in the proposal checks. No known workarounds are available.
Severity ?
7.1 (High)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nimiq | core-rs-albatross |
Affected:
< 1.2.2
|
{
"containers": {
"cna": {
"affected": [
{
"product": "core-rs-albatross",
"vendor": "nimiq",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later code expects this binding and may panic on mismatch, crashing validators. Note that the impact is only for validator nodes. The patch for this vulnerability is formally released as part of v1.2.2. The patch adds the corresponding body root verification in the proposal checks. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:08:53.573Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-7wh6-rmxx-ww47",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-7wh6-rmxx-ww47"
},
{
"name": "https://github.com/nimiq/core-rs-albatross/pull/3623",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nimiq/core-rs-albatross/pull/3623"
},
{
"name": "https://github.com/nimiq/core-rs-albatross/commit/6454c26d966858c5520f55739a30b94c17656c85",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nimiq/core-rs-albatross/commit/6454c26d966858c5520f55739a30b94c17656c85"
},
{
"name": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.2.2"
}
],
"source": {
"advisory": "GHSA-7wh6-rmxx-ww47",
"discovery": "UNKNOWN"
},
"title": "nimiq/core-rs-albatross\u0027s nimiq-blockchain missing proposal body root verification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28402",
"datePublished": "2026-02-27T21:08:53.573Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-02-27T21:08:53.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28400 (GCVE-0-2026-28400)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:06 – Updated: 2026-02-27 21:06
VLAI?
Title
Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint
Summary
Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST `/engines/_configure` endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server (llama.cpp). By injecting the --log-file flag, an attacker with network access to the Model Runner API can write or overwrite arbitrary files accessible to the Model Runner process. When bundled with Docker Desktop (where Model Runner is enabled by default since version 4.46.0), it is reachable from any default container at model-runner.docker.internal without authentication. In this context, the file overwrite can target the Docker Desktop VM disk (`Docker.raw` ), resulting in the destruction of all containers, images, volumes, and build history. However, in specific configurations and with user interaction, it is possible to convert this vulnerability in a container escape. The issue is fixed in Docker Model Runner 1.0.16. Docker Desktop users should update to 4.61.0 or later, which includes the fixed Model Runner. A workaround is available. For Docker Desktop users, enabling Enhanced Container Isolation (ECI) blocks container access to Model Runner, preventing exploitation. However, if the Docker Model Runner is exposed to localhost over TCP in specific configurations, the vulnerability is still exploitable.
Severity ?
7.6 (High)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| docker | model-runner |
Affected:
< 1.0.16
|
{
"containers": {
"cna": {
"affected": [
{
"product": "model-runner",
"vendor": "docker",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST `/engines/_configure` endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server (llama.cpp). By injecting the --log-file flag, an attacker with network access to the Model Runner API can write or overwrite arbitrary files accessible to the Model Runner process. When bundled with Docker Desktop (where Model Runner is enabled by default since version 4.46.0), it is reachable from any default container at model-runner.docker.internal without authentication. In this context, the file overwrite can target the Docker Desktop VM disk (`Docker.raw` ), resulting in the destruction of all containers, images, volumes, and build history. However, in specific configurations and with user interaction, it is possible to convert this vulnerability in a container escape. The issue is fixed in Docker Model Runner 1.0.16. Docker Desktop users should update to 4.61.0 or later, which includes the fixed Model Runner. A workaround is available. For Docker Desktop users, enabling Enhanced Container Isolation (ECI) blocks container access to Model Runner, preventing exploitation. However, if the Docker Model Runner is exposed to localhost over TCP in specific configurations, the vulnerability is still exploitable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:06:12.418Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/docker/model-runner/security/advisories/GHSA-m456-c56c-hh5c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/docker/model-runner/security/advisories/GHSA-m456-c56c-hh5c"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-28379",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-28379"
}
],
"source": {
"advisory": "GHSA-m456-c56c-hh5c",
"discovery": "UNKNOWN"
},
"title": "Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28400",
"datePublished": "2026-02-27T21:06:12.418Z",
"dateReserved": "2026-02-27T15:33:57.288Z",
"dateUpdated": "2026-02-27T21:06:12.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28355 (GCVE-0-2026-28355)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:04 – Updated: 2026-02-27 21:04
VLAI?
Title
"PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting
Summary
Canarytokens help track activity and actions on a network. Versions prior to `sha-7ff0e12` have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can insert Javascript into the title field of their PWA token. When the creator later browses the installation page for their own Canarytoken, the Javascript executes. This is a self-XSS. An attacker could create a Canarytoken with this self-XSS, and send the install link to a victim. When they click on it, the Javascript would execute. However, no sensitive information (ex. session information) will be disclosed to the malicious actor. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after sha-7ff0e12.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thinkst | canarytokens |
Affected:
< sha-7ff0e12
|
{
"containers": {
"cna": {
"affected": [
{
"product": "canarytokens",
"vendor": "thinkst",
"versions": [
{
"status": "affected",
"version": "\u003c sha-7ff0e12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Canarytokens help track activity and actions on a network. Versions prior to `sha-7ff0e12` have a Self Cross-Site Scripting vulnerability in the \"PWA\" Canarytoken, whereby the Canarytoken\u0027s creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can insert Javascript into the title field of their PWA token. When the creator later browses the installation page for their own Canarytoken, the Javascript executes. This is a self-XSS. An attacker could create a Canarytoken with this self-XSS, and send the install link to a victim. When they click on it, the Javascript would execute. However, no sensitive information (ex. session information) will be disclosed to the malicious actor. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after sha-7ff0e12."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:04:13.445Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-6734-fqcj-x5h3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-6734-fqcj-x5h3"
}
],
"source": {
"advisory": "GHSA-6734-fqcj-x5h3",
"discovery": "UNKNOWN"
},
"title": "\"PWA\" Canarytoken Vulnerable to Stored Self Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28355",
"datePublished": "2026-02-27T21:04:13.445Z",
"dateReserved": "2026-02-26T18:38:13.890Z",
"dateUpdated": "2026-02-27T21:04:13.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28352 (GCVE-0-2026-28352)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:01 – Updated: 2026-02-27 21:01
VLAI?
Title
Indico missing access check in event series management API
Summary
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to getting the metadata (title, category chain, start/end date) for events in an existing series, deleting an existing event series, and modifying an existing event series. This vulnerability does NOT allow unauthorized access to events (beyond the basic metadata mentioned above), nor any kind of tampering with user-visible data in events. Version 3.3.11 fixes the issue. As a workaround, use the webserver to restrict access to the series management API endpoint.
Severity ?
6.5 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"cna": {
"affected": [
{
"product": "indico",
"vendor": "indico",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to getting the metadata (title, category chain, start/end date) for events in an existing series, deleting an existing event series, and modifying an existing event series. This vulnerability does NOT allow unauthorized access to events (beyond the basic metadata mentioned above), nor any kind of tampering with user-visible data in events. Version 3.3.11 fixes the issue. As a workaround, use the webserver to restrict access to the series management API endpoint."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:01:45.740Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/indico/indico/security/advisories/GHSA-rfpp-2hgm-gp5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/indico/indico/security/advisories/GHSA-rfpp-2hgm-gp5v"
},
{
"name": "https://github.com/indico/indico/releases/tag/v3.3.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/indico/indico/releases/tag/v3.3.11"
}
],
"source": {
"advisory": "GHSA-rfpp-2hgm-gp5v",
"discovery": "UNKNOWN"
},
"title": "Indico missing access check in event series management API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28352",
"datePublished": "2026-02-27T21:01:45.740Z",
"dateReserved": "2026-02-26T18:38:13.890Z",
"dateUpdated": "2026-02-27T21:01:45.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28351 (GCVE-0-2026-28351)
Vulnerability from cvelistv5 – Published: 2026-02-27 20:59 – Updated: 2026-02-27 20:59
VLAI?
Title
Manipulated RunLengthDecode streams can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:59:16.839Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3664",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3664"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.7.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.7.4"
}
],
"source": {
"advisory": "GHSA-f2v5-7jq9-h8cg",
"discovery": "UNKNOWN"
},
"title": "Manipulated RunLengthDecode streams can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28351",
"datePublished": "2026-02-27T20:59:16.839Z",
"dateReserved": "2026-02-26T18:38:13.890Z",
"dateUpdated": "2026-02-27T20:59:16.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28338 (GCVE-0-2026-28338)
Vulnerability from cvelistv5 – Published: 2026-02-27 20:28 – Updated: 2026-02-27 20:28
VLAI?
Title
PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages
Summary
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's `vbhtml` and `yahtml` report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains executable JavaScript that runs when opened in a browser. Practical impact is limited because `vbhtml` and `yahtml` are legacy formats rarely used in practice. The default `html` format is properly escaped and not affected. Version 7.22.0 contains a fix for the issue.
Severity ?
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"cna": {
"affected": [
{
"product": "pmd",
"vendor": "pmd",
"versions": [
{
"status": "affected",
"version": "\u003c 7.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD\u0027s `vbhtml` and `yahtml` report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains executable JavaScript that runs when opened in a browser. Practical impact is limited because `vbhtml` and `yahtml` are legacy formats rarely used in practice. The default `html` format is properly escaped and not affected. Version 7.22.0 contains a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:28:05.739Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pmd/pmd/security/advisories/GHSA-8rr6-2qw5-pc7r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pmd/pmd/security/advisories/GHSA-8rr6-2qw5-pc7r"
},
{
"name": "https://github.com/pmd/pmd/pull/6475",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pmd/pmd/pull/6475"
},
{
"name": "https://github.com/pmd/pmd/commit/c140c0e1de5853a08efb84c9f91dfeb015882442",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pmd/pmd/commit/c140c0e1de5853a08efb84c9f91dfeb015882442"
}
],
"source": {
"advisory": "GHSA-8rr6-2qw5-pc7r",
"discovery": "UNKNOWN"
},
"title": "PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28338",
"datePublished": "2026-02-27T20:28:05.739Z",
"dateReserved": "2026-02-26T18:38:13.889Z",
"dateUpdated": "2026-02-27T20:28:05.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28288 (GCVE-0-2026-28288)
Vulnerability from cvelistv5 – Published: 2026-02-27 20:25 – Updated: 2026-02-27 20:45
VLAI?
Title
Dify has a user enumeration issue
Summary
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue.
Severity ?
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Affected:
< 1.9.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28288",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T20:44:24.552212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:45:44.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:25:24.599Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-9qpf-wcv3-w3qx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-9qpf-wcv3-w3qx"
},
{
"name": "https://github.com/langgenius/dify/issues/24323",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/issues/24323"
}
],
"source": {
"advisory": "GHSA-9qpf-wcv3-w3qx",
"discovery": "UNKNOWN"
},
"title": "Dify has a user enumeration issue"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28288",
"datePublished": "2026-02-27T20:25:24.599Z",
"dateReserved": "2026-02-26T01:52:58.735Z",
"dateUpdated": "2026-02-27T20:45:44.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28272 (GCVE-0-2026-28272)
Vulnerability from cvelistv5 – Published: 2026-02-27 20:22 – Updated: 2026-02-27 20:22
VLAI?
Title
Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability
Summary
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface. Version 9.2.0 contains a patch for the issue.
Severity ?
8.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | security-advisories |
Affected:
< 9.2.0
|
{
"containers": {
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface. Version 9.2.0 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:22:59.656Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-7hxj-ch78-xqgr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-7hxj-ch78-xqgr"
}
],
"source": {
"advisory": "GHSA-7hxj-ch78-xqgr",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28272",
"datePublished": "2026-02-27T20:22:59.656Z",
"dateReserved": "2026-02-26T01:52:58.733Z",
"dateUpdated": "2026-02-27T20:22:59.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28271 (GCVE-0-2026-28271)
Vulnerability from cvelistv5 – Published: 2026-02-27 20:21 – Updated: 2026-02-27 20:21
VLAI?
Title
Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)
Summary
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | security-advisories |
Affected:
< 9.2.0
|
{
"containers": {
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-350",
"description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:21:29.444Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87"
}
],
"source": {
"advisory": "GHSA-rmfx-6h9w-fq87",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28271",
"datePublished": "2026-02-27T20:21:12.194Z",
"dateReserved": "2026-02-26T01:52:58.733Z",
"dateUpdated": "2026-02-27T20:21:29.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28270 (GCVE-0-2026-28270)
Vulnerability from cvelistv5 – Published: 2026-02-27 20:19 – Updated: 2026-02-27 20:19
VLAI?
Title
Kiteworks Core has an Unrestricted Upload of File with Dangerous Type
Summary
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.
Severity ?
4.9 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | security-advisories |
Affected:
< 9.2.0
|
{
"containers": {
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:19:54.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-v8x9-vwg6-cj45",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-v8x9-vwg6-cj45"
}
],
"source": {
"advisory": "GHSA-v8x9-vwg6-cj45",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Core has an Unrestricted Upload of File with Dangerous Type"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28270",
"datePublished": "2026-02-27T20:19:54.611Z",
"dateReserved": "2026-02-26T01:52:58.733Z",
"dateUpdated": "2026-02-27T20:19:54.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}