thecodingmachine

Top products

The 15 most recently published vulnerabilities affecting thecodingmachine.

• CVE-2026-42590Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist8.2May 14, 2026
• CVE-2026-42597Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme5.9May 14, 2026
• CVE-2026-42595Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass8.6May 14, 2026
• CVE-2026-42594Gotenberg: Unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine7.5May 14, 2026
• CVE-2026-42593Gotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes5.3May 14, 2026
• CVE-2026-42592Gotenberg: DNS rebinding bypasses SSRF validation on Chromium URL conversion routes5.3May 14, 2026
• CVE-2026-42591Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v88.2May 14, 2026
• CVE-2026-42596Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook9.4May 14, 2026
• CVE-2026-40893Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move8.2May 14, 2026
• CVE-2026-42589Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection9.8May 14, 2026
• CVE-2026-40281Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values10.0May 6, 2026
• CVE-2026-39383Gotenberg unauthenticated blind SSRF via unfiltered webhook URL7.2May 5, 2026
• CVE-2026-40280Gotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-lists7.5May 5, 2026
• CVE-2026-35458Gotenberg has a ReDoS via extraHttpHeaders scope feature9.8Apr 7, 2026
• CVE-2026-27018Gotenberg: Chromium deny-list bypass via case-insensitive URL scheme7.5Mar 30, 2026