Search CVE reports


Toggle filters

301 – 310 of 30717 results

Status is adjusted based on your filters.


CVE-2026-53624

Medium priority

Not in release

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it...

2 affected packages

golang-github-gofiber-fiber, golang-github-gofiber-fiber-v2

Package 26.04 LTS
golang-github-gofiber-fiber Not in release
golang-github-gofiber-fiber-v2 Not in release
Show less packages

CVE-2026-45045

Medium priority

Not in release

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an...

2 affected packages

golang-github-gofiber-fiber, golang-github-gofiber-fiber-v2

Package 26.04 LTS
golang-github-gofiber-fiber Not in release
golang-github-gofiber-fiber-v2 Not in release
Show less packages

CVE-2026-44512

Medium priority
Needs evaluation

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7()...

1 affected package

onnx

Package 26.04 LTS
onnx Needs evaluation
Show less packages

CVE-2026-44332

Medium priority

Not in release

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash...

1 affected package

golang-github-gofiber-fiber

Package 26.04 LTS
golang-github-gofiber-fiber Not in release
Show less packages

CVE-2026-14891

Medium priority

Not in release

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially...

1 affected package

nomad

Package 26.04 LTS
nomad Not in release
Show less packages

CVE-2026-14373

Medium priority

Not in release

HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace...

1 affected package

nomad

Package 26.04 LTS
nomad Not in release
Show less packages

CVE-2026-59938

Medium priority
Needs evaluation

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image...

2 affected packages

pypdf, pypdf2

Package 26.04 LTS
pypdf Needs evaluation
pypdf2 Not in release
Show less packages

CVE-2026-59937

Medium priority
Needs evaluation

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table...

2 affected packages

pypdf, pypdf2

Package 26.04 LTS
pypdf Needs evaluation
pypdf2 Not in release
Show less packages

CVE-2026-50813

Medium priority
Needs evaluation

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path

2 affected packages

sqlite, sqlite3

Package 26.04 LTS
sqlite Not in release
sqlite3 Needs evaluation
Show less packages

CVE-2026-50812

Medium priority
Needs evaluation

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service....

2 affected packages

sqlite, sqlite3

Package 26.04 LTS
sqlite Not in release
sqlite3 Needs evaluation
Show less packages