Most recent entries from github

Most recent entries from github https://vulnerability.circl.lu Contains only the most 10 recent entries. http://www.rssboard.org/rss-specification python-feedgen en Thu, 18 Jun 2026 13:42:39 +0000 ghsa-x9g3-xrwr-cwfg https://vulnerability.circl.lu/vuln/ghsa-x9g3-xrwr-cwfg piscina: Prototype Pollution Gadget → RCE via inherited options.filename piscina: Prototype Pollution Gadget → RCE via inherited options.filename https://vulnerability.circl.lu/vuln/ghsa-x9g3-xrwr-cwfg Thu, 18 Jun 2026 13:05:11 +0000 ghsa-3w5p-95mh-gq75 https://vulnerability.circl.lu/vuln/ghsa-3w5p-95mh-gq75 NCalc: Denial of Service via Unbounded and Non-Terminating Factorial Evaluation NCalc: Denial of Service via Unbounded and Non-Terminating Factorial Evaluation https://vulnerability.circl.lu/vuln/ghsa-3w5p-95mh-gq75 Thu, 18 Jun 2026 13:05:37 +0000 ghsa-64mm-vxmg-q3vj https://vulnerability.circl.lu/vuln/ghsa-64mm-vxmg-q3vj http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass https://vulnerability.circl.lu/vuln/ghsa-64mm-vxmg-q3vj Thu, 18 Jun 2026 13:06:11 +0000 ghsa-gcq2-9pq2-cxqm https://vulnerability.circl.lu/vuln/ghsa-gcq2-9pq2-cxqm http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody` http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody` https://vulnerability.circl.lu/vuln/ghsa-gcq2-9pq2-cxqm Thu, 18 Jun 2026 13:06:21 +0000 ghsa-94jp-7776-qj6q https://vulnerability.circl.lu/vuln/ghsa-94jp-7776-qj6q Hydro: Insufficient session expiration when recreating sessions Hydro: Insufficient session expiration when recreating sessions https://vulnerability.circl.lu/vuln/ghsa-94jp-7776-qj6q Thu, 18 Jun 2026 13:06:35 +0000 ghsa-2c85-rfcc-g74j https://vulnerability.circl.lu/vuln/ghsa-2c85-rfcc-g74j Karate Mock Server RCE via embedded expression evaluation of request-derived data Karate Mock Server RCE via embedded expression evaluation of request-derived data https://vulnerability.circl.lu/vuln/ghsa-2c85-rfcc-g74j Thu, 18 Jun 2026 13:06:46 +0000 ghsa-2vcc-5v34-9jc8 https://vulnerability.circl.lu/vuln/ghsa-2vcc-5v34-9jc8 TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes https://vulnerability.circl.lu/vuln/ghsa-2vcc-5v34-9jc8 Thu, 18 Jun 2026 13:07:05 +0000 ghsa-2r2c-cx56-8933 https://vulnerability.circl.lu/vuln/ghsa-2r2c-cx56-8933 JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry https://vulnerability.circl.lu/vuln/ghsa-2r2c-cx56-8933 Thu, 18 Jun 2026 13:07:16 +0000 ghsa-47qp-hqvx-6r3f https://vulnerability.circl.lu/vuln/ghsa-47qp-hqvx-6r3f JLine3 Telnet server: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables JLine3 Telnet server: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables https://vulnerability.circl.lu/vuln/ghsa-47qp-hqvx-6r3f Thu, 18 Jun 2026 13:07:25 +0000 ghsa-6x8v-2fq5-2229 https://vulnerability.circl.lu/vuln/ghsa-6x8v-2fq5-2229 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers https://vulnerability.circl.lu/vuln/ghsa-6x8v-2fq5-2229 Thu, 18 Jun 2026 13:07:34 +0000