Search CVE reports


Toggle filters

21 – 30 of 39869 results

Status is adjusted based on your filters.


CVE-2026-47083

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could...

1 affected package

cyrus-imapd

Package 24.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-47082

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc (to save a copy of the sent message) could deliver...

1 affected package

cyrus-imapd

Package 24.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-47081

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other...

1 affected package

cyrus-imapd

Package 24.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-46378

Medium priority
Needs evaluation

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the selector lexer matchRegexPattern closure in (*Tokenizer).parseCurRune in selector/lexer/tokenize.go...

1 affected package

dasel

Package 24.04 LTS
dasel Needs evaluation
Show less packages

CVE-2026-46377

Medium priority
Needs evaluation

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the escape sequence handler in (*Tokenizer).parseCurRune in selector/lexer/tokenize.go increments past a...

1 affected package

dasel

Package 24.04 LTS
dasel Needs evaluation
Show less packages

CVE-2026-46338

Medium priority
Needs evaluation

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. From 10.0.1 until 10.21.3, pymdownx.snippets uses a string-prefix containment check in SnippetPreprocessor.get_snippet_path()...

1 affected package

pymdown-extensions

Package 24.04 LTS
pymdown-extensions Needs evaluation
Show less packages

CVE-2026-44982

Medium priority
Needs evaluation

CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from max(r.ContentLength, 0), so HTTP/1.1 requests using...

1 affected package

crowdsec

Package 24.04 LTS
crowdsec Needs evaluation
Show less packages

CVE-2026-44981

Medium priority
Needs evaluation

CrowdSec offers crowdsourced protection against malicious IPs. From 1.7.0 until 1.7.8, the LAPI router used gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go, causing /v1/watchers...

1 affected package

crowdsec

Package 24.04 LTS
crowdsec Needs evaluation
Show less packages

CVE-2026-44453

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 6b5370d, h2o is vulnerable to a Denial of Service attack when calling alloca under certain conditions. When serving static files, h2o builds the...

2 affected packages

h2o, dnsdist

Package 24.04 LTS
h2o Needs evaluation
dnsdist Needs evaluation
Show less packages

CVE-2026-44452

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 8dc37cb, when h2o receives a ClientHello message over TLS or QUIC and it contains a zero-length SNI extension, the h2o server runs over...

2 affected packages

h2o, dnsdist

Package 24.04 LTS
h2o Needs evaluation
dnsdist Needs evaluation
Show less packages