[{"id": "CVE-2025-4748", "title": "Absolute path traversal in zip:unzip/1,2", "datePublished": "2025-06-16T11:00:54.643Z", "dateUpdated": "2026-05-27T15:40:23.055Z", "details": "/cves/CVE-2025-4748.json"},{"id": "CVE-2025-4754", "title": "Missing Session Revocation on Logout in ash_authentication_phoenix", "datePublished": "2025-06-17T14:31:37.006Z", "dateUpdated": "2026-05-27T15:40:14.352Z", "details": "/cves/CVE-2025-4754.json"},{"id": "CVE-2025-48038", "title": "Unverified File Handles can Cause Excessive Use of System Resources", "datePublished": "2025-09-11T08:13:04.030Z", "dateUpdated": "2026-06-05T11:58:55.918Z", "details": "/cves/CVE-2025-48038.json"},{"id": "CVE-2025-48039", "title": "Unverified Paths can Cause Excessive Use of System Resources", "datePublished": "2025-09-11T08:13:36.878Z", "dateUpdated": "2026-06-05T11:58:56.396Z", "details": "/cves/CVE-2025-48039.json"},{"id": "CVE-2025-48040", "title": "Malicious Key Exchange Messages may Lead to Excessive Resource Consumption", "datePublished": "2025-09-11T08:14:19.671Z", "dateUpdated": "2026-06-05T11:58:58.555Z", "details": "/cves/CVE-2025-48040.json"},{"id": "CVE-2025-48041", "title": "SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles", "datePublished": "2025-09-11T08:14:20.508Z", "dateUpdated": "2026-06-05T11:58:57.578Z", "details": "/cves/CVE-2025-48041.json"},{"id": "CVE-2025-48042", "title": "Before action hooks may execute in certain scenarios despite a request being forbidden", "datePublished": "2025-09-07T16:01:01.470Z", "dateUpdated": "2026-05-27T15:40:15.857Z", "details": "/cves/CVE-2025-48042.json"},{"id": "CVE-2025-48043", "title": "Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization", "datePublished": "2025-10-10T15:57:29.225Z", "dateUpdated": "2026-05-27T15:40:17.241Z", "details": "/cves/CVE-2025-48043.json"},{"id": "CVE-2025-48044", "title": "Authorization bypass when bypass policy condition evaluates to true", "datePublished": "2025-10-17T13:52:53.644Z", "dateUpdated": "2026-05-27T15:40:21.571Z", "details": "/cves/CVE-2025-48044.json"},{"id": "CVE-2026-21618", "title": "Cross-site scripting (XSS) in OAuth Device Authorization screen", "datePublished": "2026-01-19T14:22:46.770Z", "dateUpdated": "2026-04-06T16:44:10.863Z", "details": "/cves/CVE-2026-21618.json"},{"id": "CVE-2026-21619", "title": "Unsafe Deserialization of Erlang Terms in hex_core", "datePublished": "2026-02-27T17:57:11.513Z", "dateUpdated": "2026-05-27T15:40:33.166Z", "details": "/cves/CVE-2026-21619.json"},{"id": "CVE-2026-21620", "title": "TFTP Path Traversal", "datePublished": "2026-02-20T10:57:08.620Z", "dateUpdated": "2026-05-27T15:40:46.090Z", "details": "/cves/CVE-2026-21620.json"},{"id": "CVE-2026-21621", "title": "Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access", "datePublished": "2026-03-05T19:20:05.831Z", "dateUpdated": "2026-04-06T16:44:09.535Z", "details": "/cves/CVE-2026-21621.json"},{"id": "CVE-2026-21622", "title": "Password Reset Tokens Do Not Expire", "datePublished": "2026-03-05T21:18:03.883Z", "dateUpdated": "2026-04-21T04:15:20.750Z", "details": "/cves/CVE-2026-21622.json"},{"id": "CVE-2026-23939", "title": "Path Traversal in Local File Store Backend", "datePublished": "2026-02-26T19:41:18.762Z", "dateUpdated": "2026-04-07T14:38:03.183Z", "details": "/cves/CVE-2026-23939.json"},{"id": "CVE-2026-23940", "title": "Denial of Service via Oversized Package Upload", "datePublished": "2026-03-13T16:07:53.328Z", "dateUpdated": "2026-04-06T16:44:14.100Z", "details": "/cves/CVE-2026-23940.json"},{"id": "CVE-2026-23941", "title": "Request smuggling via first-wins Content-Length parsing in inets httpd", "datePublished": "2026-03-13T09:11:58.175Z", "dateUpdated": "2026-05-27T15:40:34.616Z", "details": "/cves/CVE-2026-23941.json"},{"id": "CVE-2026-23942", "title": "SFTP root escape via component-agnostic prefix check in ssh_sftpd", "datePublished": "2026-03-13T09:11:56.424Z", "dateUpdated": "2026-05-27T15:41:40.808Z", "details": "/cves/CVE-2026-23942.json"},{"id": "CVE-2026-23943", "title": "Pre-auth SSH DoS via unbounded zlib inflate", "datePublished": "2026-03-13T09:11:57.794Z", "dateUpdated": "2026-06-10T14:35:39.425Z", "details": "/cves/CVE-2026-23943.json"},{"id": "CVE-2026-28806", "title": "Improper authorization in device bulk actions and device update API allows cross-organization device control", "datePublished": "2026-03-10T21:30:58.581Z", "dateUpdated": "2026-05-27T15:41:33.000Z", "details": "/cves/CVE-2026-28806.json"},{"id": "CVE-2026-28807", "title": "Path Traversal in wisp.serve_static allows arbitrary file read", "datePublished": "2026-03-10T21:34:47.859Z", "dateUpdated": "2026-04-06T16:44:07.589Z", "details": "/cves/CVE-2026-28807.json"},{"id": "CVE-2026-28808", "title": "ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)", "datePublished": "2026-04-07T12:28:16.056Z", "dateUpdated": "2026-05-27T15:40:51.025Z", "details": "/cves/CVE-2026-28808.json"},{"id": "CVE-2026-28809", "title": "XXE in esaml SAML library allows local file read and potential SSRF", "datePublished": "2026-03-23T10:09:29.233Z", "dateUpdated": "2026-05-27T15:41:20.808Z", "details": "/cves/CVE-2026-28809.json"},{"id": "CVE-2026-28810", "title": "Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver", "datePublished": "2026-04-07T07:50:11.072Z", "dateUpdated": "2026-05-27T15:40:59.850Z", "details": "/cves/CVE-2026-28810.json"},{"id": "CVE-2026-32144", "title": "OCSP designated-responder authorization bypass via missing signature verification", "datePublished": "2026-04-07T12:28:00.767Z", "dateUpdated": "2026-05-27T15:40:36.070Z", "details": "/cves/CVE-2026-32144.json"},{"id": "CVE-2026-32145", "title": "Multipart form body parser bypasses body size limits in wisp", "datePublished": "2026-04-02T10:30:47.485Z", "dateUpdated": "2026-04-07T04:07:10.339Z", "details": "/cves/CVE-2026-32145.json"},{"id": "CVE-2026-32146", "title": "Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification", "datePublished": "2026-04-11T12:59:22.911Z", "dateUpdated": "2026-05-27T15:41:03.772Z", "details": "/cves/CVE-2026-32146.json"},{"id": "CVE-2026-32147", "title": "SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT", "datePublished": "2026-04-21T12:01:20.350Z", "dateUpdated": "2026-06-10T14:35:34.287Z", "details": "/cves/CVE-2026-32147.json"},{"id": "CVE-2026-32148", "title": "Lockfile checksums not verified in Hex allows dependency integrity bypass", "datePublished": "2026-04-30T18:17:03.783Z", "dateUpdated": "2026-05-01T04:33:38.198Z", "details": "/cves/CVE-2026-32148.json"},{"id": "CVE-2026-32685", "title": "Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write", "datePublished": "2026-06-02T13:41:37.885Z", "dateUpdated": "2026-06-02T19:14:20.700Z", "details": "/cves/CVE-2026-32685.json"},{"id": "CVE-2026-32686", "title": "Unbounded exponent in decimal enables unauthenticated DoS", "datePublished": "2026-05-07T14:04:47.222Z", "dateUpdated": "2026-05-27T15:40:44.556Z", "details": "/cves/CVE-2026-32686.json"},{"id": "CVE-2026-32687", "title": "SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3", "datePublished": "2026-05-12T14:18:07.607Z", "dateUpdated": "2026-05-26T19:46:52.054Z", "details": "/cves/CVE-2026-32687.json"},{"id": "CVE-2026-32688", "title": "Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy", "datePublished": "2026-04-27T13:45:35.160Z", "dateUpdated": "2026-04-29T17:08:07.227Z", "details": "/cves/CVE-2026-32688.json"},{"id": "CVE-2026-32689", "title": "Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix", "datePublished": "2026-05-05T15:17:30.664Z", "dateUpdated": "2026-05-07T04:25:07.013Z", "details": "/cves/CVE-2026-32689.json"},{"id": "CVE-2026-39803", "title": "HTTP/1 chunked body reader ignores length cap in bandit", "datePublished": "2026-05-13T13:36:09.648Z", "dateUpdated": "2026-05-27T15:40:37.538Z", "details": "/cves/CVE-2026-39803.json"},{"id": "CVE-2026-39804", "title": "WebSocket permessage-deflate inflate has no output-size cap in bandit", "datePublished": "2026-05-01T20:34:24.604Z", "dateUpdated": "2026-05-27T15:41:26.362Z", "details": "/cves/CVE-2026-39804.json"},{"id": "CVE-2026-39805", "title": "CL.CL HTTP request smuggling via duplicate Content-Length in bandit", "datePublished": "2026-05-01T20:34:29.400Z", "dateUpdated": "2026-05-27T15:41:34.493Z", "details": "/cves/CVE-2026-39805.json"},{"id": "CVE-2026-39806", "title": "HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit", "datePublished": "2026-05-13T13:36:17.806Z", "dateUpdated": "2026-05-27T15:41:42.286Z", "details": "/cves/CVE-2026-39806.json"},{"id": "CVE-2026-39807", "title": "Client-supplied URI scheme trusted without transport verification in bandit", "datePublished": "2026-05-01T20:34:22.832Z", "dateUpdated": "2026-05-27T15:41:35.917Z", "details": "/cves/CVE-2026-39807.json"},{"id": "CVE-2026-42786", "title": "WebSocket fragmented message reassembly unbounded in bandit", "datePublished": "2026-05-01T20:34:17.014Z", "dateUpdated": "2026-05-27T15:41:06.211Z", "details": "/cves/CVE-2026-42786.json"},{"id": "CVE-2026-42788", "title": "HTTP/2 frame size limit checked after body is buffered in bandit", "datePublished": "2026-05-01T20:34:11.911Z", "dateUpdated": "2026-05-27T15:40:29.557Z", "details": "/cves/CVE-2026-42788.json"},{"id": "CVE-2026-42789", "title": "Non-CA certificate accepted as intermediate issuer in public_key path validation", "datePublished": "2026-05-27T12:23:06.355Z", "dateUpdated": "2026-05-27T15:46:57.832Z", "details": "/cves/CVE-2026-42789.json"},{"id": "CVE-2026-42790", "title": "nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification", "datePublished": "2026-05-27T15:09:01.860Z", "dateUpdated": "2026-05-28T04:39:17.033Z", "details": "/cves/CVE-2026-42790.json"},{"id": "CVE-2026-42791", "title": "OCSP responder certificate validity period not checked in public_key", "datePublished": "2026-05-27T12:23:13.584Z", "dateUpdated": "2026-05-27T15:41:07.758Z", "details": "/cves/CVE-2026-42791.json"},{"id": "CVE-2026-42793", "title": "Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe", "datePublished": "2026-05-08T15:42:46.101Z", "dateUpdated": "2026-05-09T12:41:41.873Z", "details": "/cves/CVE-2026-42793.json"},{"id": "CVE-2026-42794", "title": "Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug", "datePublished": "2026-05-08T15:42:40.706Z", "dateUpdated": "2026-05-16T10:21:31.067Z", "details": "/cves/CVE-2026-42794.json"},{"id": "CVE-2026-42795", "title": "Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root", "datePublished": "2026-06-02T13:41:39.527Z", "dateUpdated": "2026-06-02T19:14:25.176Z", "details": "/cves/CVE-2026-42795.json"},{"id": "CVE-2026-43965", "title": "Path Traversal in build/packages/packages.toml Allows Arbitrary Directory Deletion", "datePublished": "2026-06-02T13:41:37.421Z", "dateUpdated": "2026-06-02T19:14:19.113Z", "details": "/cves/CVE-2026-43965.json"},{"id": "CVE-2026-43966", "title": "HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2", "datePublished": "2026-06-08T16:34:33.364Z", "dateUpdated": "2026-06-09T04:38:15.827Z", "details": "/cves/CVE-2026-43966.json"},{"id": "CVE-2026-43967", "title": "Quadratic fragment-name uniqueness check causes denial of service in absinthe", "datePublished": "2026-05-08T15:42:34.347Z", "dateUpdated": "2026-05-09T04:18:14.810Z", "details": "/cves/CVE-2026-43967.json"},{"id": "CVE-2026-43968", "title": "CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1", "datePublished": "2026-05-11T18:06:42.881Z", "dateUpdated": "2026-05-12T12:11:43.388Z", "details": "/cves/CVE-2026-43968.json"},{"id": "CVE-2026-43969", "title": "Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1", "datePublished": "2026-05-11T18:06:40.667Z", "dateUpdated": "2026-05-12T04:26:34.206Z", "details": "/cves/CVE-2026-43969.json"},{"id": "CVE-2026-43970", "title": "Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame", "datePublished": "2026-05-13T18:43:11.640Z", "dateUpdated": "2026-05-15T04:33:30.898Z", "details": "/cves/CVE-2026-43970.json"},{"id": "CVE-2026-43972", "title": "gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection", "datePublished": "2026-06-08T14:12:38.780Z", "dateUpdated": "2026-06-08T16:34:45.350Z", "details": "/cves/CVE-2026-43972.json"},{"id": "CVE-2026-43973", "title": "gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion", "datePublished": "2026-06-08T14:12:42.128Z", "dateUpdated": "2026-06-08T16:35:01.405Z", "details": "/cves/CVE-2026-43973.json"},{"id": "CVE-2026-43974", "title": "gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM", "datePublished": "2026-06-08T14:12:36.957Z", "dateUpdated": "2026-06-08T16:34:38.989Z", "details": "/cves/CVE-2026-43974.json"},{"id": "CVE-2026-47066", "title": "Infinite loop in Alt-Svc header parser in hackney", "datePublished": "2026-05-25T14:00:39.707Z", "dateUpdated": "2026-05-27T15:40:41.946Z", "details": "/cves/CVE-2026-47066.json"},{"id": "CVE-2026-47067", "title": "Atom table exhaustion via unrecognized URL schemes in hackney", "datePublished": "2026-05-25T14:00:48.507Z", "dateUpdated": "2026-05-27T15:41:27.821Z", "details": "/cves/CVE-2026-47067.json"},{"id": "CVE-2026-47068", "title": "Cross-session PubSub topic injection via URL parameter in phoenix_storybook", "datePublished": "2026-05-20T13:35:33.215Z", "dateUpdated": "2026-05-27T15:41:37.339Z", "details": "/cves/CVE-2026-47068.json"},{"id": "CVE-2026-47069", "title": "CRLF injection in cookie domain/path options in hackney", "datePublished": "2026-05-25T14:00:39.394Z", "dateUpdated": "2026-05-27T15:40:38.975Z", "details": "/cves/CVE-2026-47069.json"},{"id": "CVE-2026-47070", "title": "HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney", "datePublished": "2026-05-25T14:00:46.420Z", "dateUpdated": "2026-05-27T15:41:16.046Z", "details": "/cves/CVE-2026-47070.json"},{"id": "CVE-2026-47071", "title": "SOCKS5 TLS upgrade ignores caller timeout in hackney", "datePublished": "2026-05-25T14:00:41.112Z", "dateUpdated": "2026-05-27T15:40:48.584Z", "details": "/cves/CVE-2026-47071.json"},{"id": "CVE-2026-47072", "title": "CRLF injection in WebSocket upgrade request in hackney", "datePublished": "2026-05-25T14:00:47.852Z", "dateUpdated": "2026-05-27T15:41:24.863Z", "details": "/cves/CVE-2026-47072.json"},{"id": "CVE-2026-47073", "title": "Unbounded memory consumption in WebSocket client in hackney", "datePublished": "2026-05-25T14:00:49.112Z", "dateUpdated": "2026-05-27T15:41:30.606Z", "details": "/cves/CVE-2026-47073.json"},{"id": "CVE-2026-47074", "title": "ex_aws_sns SigningCertURL not validated in verify_message/1", "datePublished": "2026-05-28T09:05:54.815Z", "dateUpdated": "2026-05-29T04:40:43.232Z", "details": "/cves/CVE-2026-47074.json"},{"id": "CVE-2026-47075", "title": "CR/LF injection in query parameter in hackney", "datePublished": "2026-05-25T14:00:45.781Z", "dateUpdated": "2026-05-27T15:41:12.825Z", "details": "/cves/CVE-2026-47075.json"},{"id": "CVE-2026-47076", "title": "SSRF allowlist bypass via percent-encoded host in hackney", "datePublished": "2026-05-25T14:00:46.707Z", "dateUpdated": "2026-05-27T15:41:17.845Z", "details": "/cves/CVE-2026-47076.json"},{"id": "CVE-2026-47077", "title": "Unbounded body accumulation in HTTP/3 response loop in hackney", "datePublished": "2026-05-25T14:00:42.217Z", "dateUpdated": "2026-05-27T15:40:53.384Z", "details": "/cves/CVE-2026-47077.json"},{"id": "CVE-2026-48592", "title": "Missing authorization check on save-job event handler in oban_web", "datePublished": "2026-05-26T19:46:48.611Z", "dateUpdated": "2026-05-27T15:41:23.434Z", "details": "/cves/CVE-2026-48592.json"},{"id": "CVE-2026-48593", "title": "Unbounded range expansion in cron describe causes memory exhaustion in oban_web", "datePublished": "2026-05-26T19:46:43.980Z", "dateUpdated": "2026-05-27T15:40:57.317Z", "details": "/cves/CVE-2026-48593.json"},{"id": "CVE-2026-48594", "title": "Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression", "datePublished": "2026-06-02T19:08:49.596Z", "dateUpdated": "2026-06-04T04:45:31.475Z", "details": "/cves/CVE-2026-48594.json"},{"id": "CVE-2026-48595", "title": "Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects", "datePublished": "2026-06-02T19:08:48.339Z", "dateUpdated": "2026-06-04T04:45:31.067Z", "details": "/cves/CVE-2026-48595.json"},{"id": "CVE-2026-48596", "title": "CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection", "datePublished": "2026-06-02T19:09:31.615Z", "dateUpdated": "2026-06-04T04:45:42.210Z", "details": "/cves/CVE-2026-48596.json"},{"id": "CVE-2026-48597", "title": "Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint", "datePublished": "2026-06-02T19:08:40.203Z", "dateUpdated": "2026-06-04T04:45:28.962Z", "details": "/cves/CVE-2026-48597.json"},{"id": "CVE-2026-48598", "title": "CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection", "datePublished": "2026-06-02T19:08:19.921Z", "dateUpdated": "2026-06-04T04:45:23.895Z", "details": "/cves/CVE-2026-48598.json"},{"id": "CVE-2026-48855", "title": "SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured", "datePublished": "2026-06-10T14:35:49.683Z", "dateUpdated": "2026-06-11T04:45:29.864Z", "details": "/cves/CVE-2026-48855.json"},{"id": "CVE-2026-48856", "title": "httpc leaks Authorization header to cross-origin redirect targets", "datePublished": "2026-06-10T14:41:51.616Z", "dateUpdated": "2026-06-11T04:45:35.836Z", "details": "/cves/CVE-2026-48856.json"},{"id": "CVE-2026-48858", "title": "ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks", "datePublished": "2026-06-10T14:35:45.466Z", "dateUpdated": "2026-06-11T04:45:36.460Z", "details": "/cves/CVE-2026-48858.json"},{"id": "CVE-2026-48859", "title": "SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration", "datePublished": "2026-06-10T14:35:43.553Z", "dateUpdated": "2026-06-11T04:45:32.938Z", "details": "/cves/CVE-2026-48859.json"},{"id": "CVE-2026-48860", "title": "Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist", "datePublished": "2026-06-10T14:35:49.987Z", "dateUpdated": "2026-06-11T04:45:42.753Z", "details": "/cves/CVE-2026-48860.json"},{"id": "CVE-2026-48861", "title": "CRLF injection in HTTP/1 request line via unvalidated method in Mint", "datePublished": "2026-06-02T14:15:09.015Z", "dateUpdated": "2026-06-02T19:14:00.466Z", "details": "/cves/CVE-2026-48861.json"},{"id": "CVE-2026-48862", "title": "Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency", "datePublished": "2026-06-02T14:15:10.591Z", "dateUpdated": "2026-06-02T19:14:09.683Z", "details": "/cves/CVE-2026-48862.json"},{"id": "CVE-2026-49753", "title": "HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing", "datePublished": "2026-06-02T14:15:17.078Z", "dateUpdated": "2026-06-02T19:14:42.817Z", "details": "/cves/CVE-2026-49753.json"},{"id": "CVE-2026-49754", "title": "HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation", "datePublished": "2026-06-02T14:15:14.951Z", "dateUpdated": "2026-06-02T19:14:33.100Z", "details": "/cves/CVE-2026-49754.json"},{"id": "CVE-2026-49755", "title": "Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies", "datePublished": "2026-06-08T15:20:57.415Z", "dateUpdated": "2026-06-08T17:14:08.858Z", "details": "/cves/CVE-2026-49755.json"},{"id": "CVE-2026-49756", "title": "Multipart form-data header injection in Req via unescaped name/filename/content_type", "datePublished": "2026-06-08T15:20:24.035Z", "dateUpdated": "2026-06-08T16:34:58.505Z", "details": "/cves/CVE-2026-49756.json"},{"id": "CVE-2026-49759", "title": "Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash", "datePublished": "2026-06-10T14:35:38.838Z", "dateUpdated": "2026-06-11T04:45:45.953Z", "details": "/cves/CVE-2026-49759.json"},{"id": "CVE-2026-49760", "title": "Stack Buffer Overflow in ei_s_print_term at Very Large Integer", "datePublished": "2026-06-10T14:35:36.804Z", "dateUpdated": "2026-06-11T04:45:57.427Z", "details": "/cves/CVE-2026-49760.json"},{"id": "CVE-2026-49762", "title": "Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service", "datePublished": "2026-06-09T14:04:07.405Z", "dateUpdated": "2026-06-10T04:43:08.517Z", "details": "/cves/CVE-2026-49762.json"},{"id": "CVE-2026-7790", "title": "Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS", "datePublished": "2026-05-11T18:06:41.490Z", "dateUpdated": "2026-05-26T19:46:42.244Z", "details": "/cves/CVE-2026-7790.json"},{"id": "CVE-2026-8466", "title": "Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy", "datePublished": "2026-05-13T18:26:21.089Z", "dateUpdated": "2026-05-14T04:30:32.552Z", "details": "/cves/CVE-2026-8466.json"},{"id": "CVE-2026-8467", "title": "Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground", "datePublished": "2026-05-20T13:35:29.018Z", "dateUpdated": "2026-05-27T15:41:02.357Z", "details": "/cves/CVE-2026-8467.json"},{"id": "CVE-2026-8468", "title": "Unbounded buffer accumulation in multipart header parsing causes denial of service in plug", "datePublished": "2026-05-14T10:29:51.062Z", "dateUpdated": "2026-05-27T15:41:29.241Z", "details": "/cves/CVE-2026-8468.json"},{"id": "CVE-2026-8469", "title": "Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook", "datePublished": "2026-05-20T13:35:27.914Z", "dateUpdated": "2026-05-27T15:40:55.927Z", "details": "/cves/CVE-2026-8469.json"}]