Overview
Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing.
Statistics
- 1 Post
Last activity: 10 hours ago
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- gvfs
26 Feb 2026
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV
Description
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network.
Statistics
- 1 Post
- 1 Interaction
Last activity: 20 hours ago
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- gvfs
26 Feb 2026
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV
Description
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.
Statistics
- 1 Post
- 1 Interaction
Last activity: 20 hours ago
Overview
Description
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as `../`), which can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a patches the issue.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
Description
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.
Statistics
- 1 Post
Last activity: 20 hours ago
Overview
- NVIDIA
- CUDA Toolkit
20 Jan 2026
Published
26 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.7)
EPSS
0.02%
KEV
Description
NVIDIA Nsight Systems for Windows contains a vulnerability in the applicationโs DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
Description
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.
Statistics
- 1 Post
Last activity: 20 hours ago