Search CVE reports


Toggle filters

151 – 160 of 42582 results

Status is adjusted based on your filters.


CVE-2026-58403

Medium priority
Needs evaluation

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat,...

1 affected package

hugo

Package 20.04 LTS
hugo Needs evaluation
Show less packages

CVE-2026-58402

Medium priority
Needs evaluation

Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A...

1 affected package

hugo

Package 20.04 LTS
hugo Needs evaluation
Show less packages

CVE-2026-50134

Medium priority
Needs evaluation

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server (or an...

1 affected package

hugo

Package 20.04 LTS
hugo Needs evaluation
Show less packages

CVE-2026-50133

Medium priority
Needs evaluation

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type (typically .html files under /content, or pages produced by a content adapter that...

1 affected package

hugo

Package 20.04 LTS
hugo Needs evaluation
Show less packages

CVE-2026-55798

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-55380

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-55379

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-54291

Medium priority
Needs evaluation

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without...

1 affected package

libpgjava

Package 20.04 LTS
libpgjava Needs evaluation
Show less packages

CVE-2026-54060

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(),...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-54059

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages