Archive
All bulletins, by year.
dotnet/aspire v13.4.4-release: DCP reconnection and ExcludeFromMcp() fixes
Patch release for Aspire 13.4 with two fixes: improved DCP connection reliability during request execution (reconnection is now at
ESLint 10.5.0 Released
ESLint version 10.5.0 is now available. This is an AST-based pattern checker for JavaScript.
tailwindcss 4.3.1 released
Release of tailwindcss version 4.
Firefly III Stored XSS in Piggy Bank Names via Audit Logs
Stored XSS vulnerability: piggy bank names are rendered unsanitized in audit log views, allowing arbitrary JavaScript execution.
@langchain/langgraph-checkpoint-mongodb NoSQL injection vulnerability fixed in 1.3.1
A NoSQL injection vulnerability in MongoDBSaver where checkpoint identifier fields from config.
Budibase executeQuery SSRF via automation step queryId
The executeQuery automation step accepts a queryId from inputs and passes it to the query execution controller without validation,
@budibase/backend-core CSRF bypass via unanchored route regex
The buildMatcherRegex() and matches() functions in packages/backend-core/src/middleware/matchers.
pypdf Vulnerability: Large Memory Usage in Layout Mode Text Extraction
A vulnerability in pypdf allows an attacker to craft a PDF that leads to large memory usage when extracting text in layout mode wi
pypdf Denial of Service via Crafted Cross-Reference Stream
A security vulnerability in pypdf allows crafted PDFs with cross-reference streams using /W [0 0 0] and large /Size values to caus
Tornado: Buffer Overread in tornado.speedups websocket_mask
Tornado's optional native extension `tornado.
typo3/html-sanitizer: Whitespace-variant closing tags bypass sanitization when ALLOW_INSECURE_RAW_TEXT is enabled
When ALLOW_INSECURE_RAW_TEXT is enabled, the sanitizer fails to recognize whitespace-variant closing tags (e.
typo3/cms-core: XSS in Indexed Search plugin via unsanitized page titles
Cross-Site Scripting vulnerability in Indexed Search plugin: page titles with HTML markup are stored in search index without sanit
typo3/cms-core: Missing read permission check in clipboard allows unauthorized data access
Backend users could insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, allowing un
typo3/cms-core: Missing permission checks in Backend API file metadata routes
Authenticated backend users could retrieve file metadata via Backend API routes without proper permission checks, allowing access
typo3/cms-core: Path Allowance Check Bypass in GeneralUtility::isAllowedAbsPath()
The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a dire
typo3/cms-core: VariableFrontend and Registry now prevent PHP Object Injection
VariableFrontend and Registry now deserialize PHP payloads with integrity validation and class restrictions, preventing PHP Object
typo3/cms-core: Backend users could move records without source edit permissions
Backend users could move records to a different page without edit permissions on the source page.
typo3/html-sanitizer: Namespace attribute encoding bypass (XSS)
Namespace attributes are not encoded correctly during HTML serialization, allowing bypass of the cross-site scripting prevention m
typo3/cms-core: Open redirect in GeneralUtility::sanitizeLocalUrl
Applications using GeneralUtility::sanitizeLocalUrl are vulnerable to open redirect attacks if the URL is used after sanitization.
typo3/cms-core: Recycler module privilege escalation fix
Backend users with Recycler module access could restore soft-deleted records on unauthorized pages or tables.
esbuild dev server path traversal on Windows
The esbuild development server on Windows has a path traversal vulnerability.
Fabric.js XSS via Gradient ColorStops in toSVG()
A Cross-Site Scripting (XSS) vulnerability was discovered in Fabric.
@budibase/server: OAuth2 token fetch and REST integration lack SSRF protection
OAuth2 token fetch in packages/server/src/sdk/workspace/oauth2/utils.
@budibase/server: Unauthenticated webhook schema update vulnerability
The webhook schema-building endpoint at POST /api/webhooks/schema/:instance/:id is incorrectly bypassed by authorization middlewar
typo3/cms-core: Unauthorized file download via fallback storage in Media Module
Backend users with file download permissions could download files from the fallback storage of the file abstraction layer (FAL) vi
typo3/cms-core: File upload bypass via mixed-case extensions leads to SQL injection and privilege escalation
Backend users with file write permissions can upload form definition files with mixed-case extensions (e.
typo3/cms-core: Form Framework SQL Injection and Privilege Escalation via DataHandler
Backend users with write access to the form_definition table can bypass Form Framework's persistence validation and permission che
typo3/cms-core: Missing authorization check allows non-privileged users to modify root folders of file mounts
Non-privileged backend users with file mount access could perform write operations (move, delete, rename) on root folders of activ
typo3/cms-core: Form Framework File Inclusion Vulnerability
Backend users with Form Framework access could use files not ending in .
esbuild Deno module lacks binary integrity verification
The esbuild Deno module (lib/deno/mod.