Search CVE reports


Toggle filters

261 – 270 of 42731 results

Status is adjusted based on your filters.


CVE-2026-59947

Medium priority
Needs evaluation

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a...

1 affected package

composer

Package 20.04 LTS
composer Needs evaluation
Show less packages

CVE-2026-59946

Medium priority
Needs evaluation

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation...

1 affected package

composer

Package 20.04 LTS
composer Needs evaluation
Show less packages

CVE-2026-59936

Medium priority
Needs evaluation

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker...

2 affected packages

pypdf, pypdf2

Package 20.04 LTS
pypdf
pypdf2 Needs evaluation
Show less packages

CVE-2026-59935

Medium priority
Needs evaluation

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an...

2 affected packages

pypdf, pypdf2

Package 20.04 LTS
pypdf
pypdf2 Needs evaluation
Show less packages

CVE-2026-58501

Medium priority
Needs evaluation

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD...

1 affected package

python-zeep

Package 20.04 LTS
python-zeep Needs evaluation
Show less packages

CVE-2026-58212

Medium priority
Not affected

Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be determined to be a Vulnerability, regardless of whether the dependencies...

2 affected packages

golang-github-nats-io-nkeys, nats-server

Package 20.04 LTS
golang-github-nats-io-nkeys Not affected
nats-server
Show less packages

CVE-2026-55404

Medium priority
Needs evaluation

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using...

2 affected packages

youtube-dl, yt-dlp

Package 20.04 LTS
youtube-dl Needs evaluation
yt-dlp
Show less packages

CVE-2026-14891

Medium priority
Needs evaluation

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially...

1 affected package

nomad

Package 20.04 LTS
nomad Needs evaluation
Show less packages

CVE-2026-14373

Medium priority
Needs evaluation

HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace...

1 affected package

nomad

Package 20.04 LTS
nomad Needs evaluation
Show less packages

CVE-2026-59938

Medium priority
Needs evaluation

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image...

2 affected packages

pypdf, pypdf2

Package 20.04 LTS
pypdf
pypdf2 Needs evaluation
Show less packages