Vuldb Updates

A vulnerability marked as problematic has been reported in Istio up to 1.27.7/1.28.4/1.29.0. This affects an unknown function. Performing a manipulation results in incorrect authorization. This vulnerability was named CVE-2026-31838. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Sylius up to 2.2.2. Affected by this issue is the function orderBy. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-31825. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in fastify up to 5.8.0. Affected by this issue is some unknown functionality of the component Header Handler. Such manipulation of the argument Content-Type leads to incorrect regular expression. This vulnerability is documented as CVE-2026-3419. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Agentgateway up to 0.11.x. This affects an unknown part. The manipulation results in improper input validation. This vulnerability is known as CVE-2026-29791. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in FlintSH Flare up to 1.7.2. The affected element is the function path.join of the component Path Validation Handler. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2026-30942. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in gtsteffaniak filebrowser up to 1.2.1-stable/1.3.0-beta and classified as problematic. Affected is an unknown function of the file /public/share/. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-30934. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in vLLM up to 0.16.x. This impacts the function urllib3.util.parse_url of the component Incomplete Fix CVE-2026-24779. Performing a manipulation results in server-side request forgery. This vulnerability is known as CVE-2026-25960. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in ImageMagick up to 6.9.13-40/7.1.2-15. It has been classified as critical. Affected is an unknown function of the component XWD Encoder. The manipulation leads to heap-based buffer overflow. This vulnerability is referenced as CVE-2026-30937. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in isaacs node-tar up to 7.5.10. This affects an unknown function. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2026-31802. An attack has to be approached locally. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in TIMLEGGE Crypt::NaCl::Sodium up to 2.002 on Perl. This issue affects the function bin2hex/aes256gcm_encrypt_afternm/seal of the component Message Handler. Performing a manipulation results in integer overflow. This vulnerability is cataloged as CVE-2026-30909. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as problematic, has been found in stellar rs--xdr up to 25.0.0. This impacts the function StringM::from_str. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2026-29795. The attack is restricted to local execution. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in GNU Binutils up to 2.46 and classified as problematic. Affected is the function process_got_section_contents of the component readelf. This manipulation causes denial of service. This vulnerability appears as CVE-2025-69651. The attack requires local access. There is no available exploit.

A vulnerability was found in GNU Binutils up to 2.46 and classified as problematic. Affected by this vulnerability is the function process_got_section_contents of the component readelf. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2025-69650. An attack has to be approached locally. There is no exploit available.

A vulnerability labeled as problematic has been found in Microsoft Windows. The affected element is an unknown function of the component Desktop Window Manager. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-20805. Local access is required to approach this attack. Moreover, an exploit is present. It is best practice to apply a patch to resolve this issue.

A vulnerability classified as critical was found in TOKUHIROM HTTP::Session2 up to 1.09 on Perl. This vulnerability affects unknown code. Executing a manipulation of the argument ID can lead to improper input validation. This vulnerability appears as CVE-2018-25160. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in langchain-ai helm up to 0.12.70. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in injection. This vulnerability was named CVE-2026-25750. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability has been found in NanoMQ MQTT Broker 0.24.6 and classified as critical. Affected by this issue is the function free. Performing a manipulation results in use after free. This vulnerability is known as CVE-2026-22040. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic has been found in darkreader up to 4.9.116. Affected by this vulnerability is the function setFetchMethod of the component CSS File Parser. This manipulation causes information disclosure. This vulnerability is registered as CVE-2025-68467. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in rustdesk-client RustDesk Client up to 1.4.5. This issue affects the function parseRustdeskUri/importConfig in the library flutter/lib/common.Dart of the file hbb_common/src/config.Rs. The manipulation leads to risky cryptographic algorithm. This vulnerability is traded as CVE-2026-30791. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in OpenSift up to 1.6.2 and classified as critical. Affected is an unknown function. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2026-28676. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.