Search
Search Results (334129 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25755 | 1 Parall | 1 Jspdf | 2026-02-20 | 8.1 High |
| jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method. | ||||
| CVE-2025-71247 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-71248 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-71249 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-71250 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-25087 | 1 Apache | 1 Arrow | 2026-02-20 | 7 High |
| Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with variadic buffers (such as Binary View and String View data). Depending on the number of variadic buffers in a record batch column and on the temporal sequence of multi-threaded IO, a write to a dangling pointer could occur. The value (a `std::shared_ptr<Buffer>` object) that is written to the dangling pointer is not under direct control of the attacker. Pre-buffering is disabled by default but can be enabled using a specific C++ API call (`RecordBatchFileReader::PreBufferMetadata`). The functionality is not exposed in language bindings (Python, Ruby, C GLib), so these bindings are not vulnerable. The most likely consequence of this issue would be random crashes or memory corruption when reading specific kinds of IPC files. If the application allows ingesting IPC files from untrusted sources, this could plausibly be exploited for denial of service. Inducing more targeted kinds of misbehavior (such as confidential data extraction from the running process) depends on memory allocation and multi-threaded IO temporal patterns that are unlikely to be easily controlled by an attacker. Advice for users of Arrow C++: 1. check whether you enable pre-buffering on the IPC file reader (using `RecordBatchFileReader::PreBufferMetadata`) 2. if so, either disable pre-buffering (which may have adverse performance consequences), or switch to Arrow 23.0.1 which is not vulnerable | ||||
| CVE-2026-2629 | 1 Jishi | 1 Node-sonos-http-api | 2026-02-20 | 7.3 High |
| A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-27325 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27324 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27323 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27322 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27321 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27320 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27319 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27318 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27317 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-26995 | 2026-02-20 | N/A | ||
| Further research determined the issue is an external dependency vulnerability. | ||||
| CVE-2026-21434 | 1 Quic-go | 1 Webtransport-go | 2026-02-19 | 5.3 Medium |
| webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WT_CLOSE_SESSION capsule containing an excessively large Application Error Message. The implementation does not enforce the draft-mandated limit of 1024 bytes on this field, allowing a peer to send an arbitrarily large message payload that is fully read and stored in memory. This allows an attacker to consume an arbitrary amount of memory. The attacker must transmit the full payload to achieve the memory consumption, but the lack of any upper bound makes large-scale attacks feasible given sufficient bandwidth. This vulnerability is fixed in 0.10.0. | ||||
| CVE-2026-21435 | 1 Quic-go | 1 Webtransport-go | 2026-02-19 | 5.3 Medium |
| webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WT_CLOSE_SESSION capsule and causing the close operation to hang. This vulnerability is fixed in v0.10.0. | ||||
| CVE-2026-21438 | 1 Quic-go | 1 Webtransport-go | 2026-02-19 | 5.3 Medium |
| webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. This vulnerability is fixed in v0.10.0. | ||||