Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,601
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,221 - 14,240 of 37,897 CVEs
CVE-2026-42596 CRITICAL - 9.4

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://[::fff...

Vendor: go
Product: github.com/gotenberg/gotenberg/v8
Published: May 07, 2026
Source: GitHub
CVE-2026-42594 HIGH - 7.5

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

Vendor: go
Product: github.com/gotenberg/gotenberg/v8
Published: May 07, 2026
Source: GitHub
CVE-2026-42593 MEDIUM - 5.3

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression...

Vendor: go
Product: github.com/gotenberg/gotenberg/v8
Published: May 07, 2026
Source: GitHub
CVE-2026-42592 MEDIUM - 5.3

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it n...

Vendor: go
Product: github.com/gotenberg/gotenberg/v8
Published: May 07, 2026
Source: GitHub
CVE-2026-42591 HIGH - 8.2

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely ...

Vendor: go
Product: github.com/gotenberg/gotenberg/v8
Published: May 07, 2026
Source: GitHub
CVE-2026-42590 HIGH - 8.2

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

Vendor: go
Product: github.com/gotenberg/gotenberg/v8
Published: May 07, 2026
Source: GitHub
CVE-2026-42589 CRITICAL - 9.8

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded...

Vendor: go
Product: github.com/gotenberg/gotenberg/v8
Published: May 07, 2026
Source: GitHub
CVE-2026-44484 CRITICAL - 9.8

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

Vendor: pip
Product: pytorch-lightning
Published: May 07, 2026
Source: GitHub
CVE-2026-42587 HIGH - 7.5

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate en...

Vendor: maven
Product: io.netty:netty-codec-http
Published: May 07, 2026
Source: GitHub
CVE-2026-42586 MEDIUM - 6.8

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\r\n) characters. Since the R...

Vendor: maven
Product: io.netty:netty-codec-redis
Published: May 07, 2026
Source: GitHub
CVE-2026-42585 MEDIUM - 6.5

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

Vendor: maven
Product: io.netty:netty-codec-http
Published: May 07, 2026
Source: GitHub
CVE-2026-42584 HIGH - 7.3

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103, th...

Vendor: maven
Product: io.netty:netty-codec-http
Published: May 07, 2026
Source: GitHub
CVE-2026-42583 HIGH - 7.5

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if ...

Vendor: maven
Product: io.netty:netty-codec-compression
Published: May 07, 2026
Source: GitHub
CVE-2026-42582 HIGH - 7.5

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for a string literal before verifying that length byt...

Vendor: maven
Product: io.netty:netty-codec-http3
Published: May 07, 2026
Source: GitHub
CVE-2026-42581 MEDIUM - 5.8

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absent f...

Vendor: maven
Product: io.netty:netty-codec-http
Published: May 07, 2026
Source: GitHub
CVE-2026-42580 MEDIUM - 6.5

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

Vendor: maven
Product: io.netty:netty-codec-http
Published: May 07, 2026
Source: GitHub
CVE-2026-42579 HIGH - 7.5

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit...

Vendor: maven
Product: io.netty:netty-codec-dns
Published: May 07, 2026
Source: GitHub

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage() method creates headers using DefaultHttpHeadersFactory.hea...

Vendor: maven
Product: io.netty:netty-handler-proxy
Published: May 07, 2026
Source: GitHub
CVE-2026-44216 MEDIUM - 7.5

Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is alloc...

Vendor: rust
Product: wasmtime
Published: May 07, 2026
Source: GitHub

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) did no...

Vendor: maven
Product: io.awspring.cloud:spring-cloud-aws-sns
Published: May 07, 2026
Source: GitHub