CISA-KEV
CRITICAL
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV
CRITICAL
Nx Console Embedded Malicious Code Vulnerability
Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV
CRITICAL
TanStack Unspecified Vulnerability
TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV
CRITICAL
Daemon Tools Lite Embedded Malicious Code Vulnerability
Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV
CRITICAL
LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NVD
CRITICAL
CVE-2026-45631
Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via th…
CWE: CWE-798
GitHub-GHSA
CRITICAL
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
GHSA-rp36-8xq3-r6c4
pkg: vm2
eco: npm
published: May 29, 2026
## Summary
`NodeVM` blocks several dangerous Node.js builtins such as `module`, `worker_threads`, `cluster`, `vm`, `repl`, and `inspector`.
However, the denylist misses `process` and `inspector/promises`. Both can be used from sandboxed code to reach host-side execution primitives.
This allows sa…
CVE-2026-47140
GitHub-GHSA
CRITICAL
vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
GHSA-m4wx-m65x-ghrr
pkg: vm2
eco: npm
published: May 29, 2026
## Summary
The fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in `nodevm.js` line 263 that blocks the combination `nesting: true` + `require: false`. However, the check uses strict equality (`options.require === false`), which is trivially bypassed by omitting the `require` option …
CVE-2026-47137
GitHub-GHSA
CRITICAL
vm2 is Vulnerable to Sandbox Breakout Through Promise Species
GHSA-76w7-j9cq-rx2j
pkg: vm2
eco: npm
published: May 29, 2026
### Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.
### Details
The `localPromise` constructor was changed to call `this.then(undefined, eater)` to ensure a reje…
CVE-2026-47208
GitHub-GHSA
CRITICAL
vm2 has a Sandbox Escape issue
GHSA-v6mx-mf47-r5wg
pkg: vm2
eco: npm
published: May 29, 2026
### Summary
By combining `Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__")`, `Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__")`, and Node.js's `ERR_INVALID_ARG_TYPE` Error, the host's `TypeError` constructor can be obtained, which allows the escape from the sandbox.
This allows a…
CVE-2026-47131
GitHub-GHSA
CRITICAL
LiquidJS is Vulnerable to Remote Code Execution
GHSA-gf2q-c269-pqgc
pkg: liquidjs
eco: npm
published: May 27, 2026
### Summary
It is possible to execute arbitrary code with crafted templates
### Details
<details>
<summary>
`1|valueOf` -> `this` when evaluating the filter
</summary>
“`liquid
{%assign r=1|valueOf%}
{{r|inspect}}
“`
“`json
{"context":{"scopes":[{"r":"[Circular]"}],"registers":{},"breakCa…
CVE-2026-45618
NVD
CRITICAL
CVE-2026-44330
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token (e.g. Authorization: …
CWE: CWE-863
NVD
CRITICAL
CVE-2026-44329
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and th…
CWE: CWE-306, CWE-862
NVD
CRITICAL
CVE-2026-44327
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handler …
CWE: CWE-306, CWE-862
GitHub-GHSA
CRITICAL
PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
GHSA-4mr5-g6f9-cfrh
pkg: praisonaiagents, PraisonAI
eco: pip
published: May 29, 2026
## Summary
`execute_code()` in `praisonaiagents/tools/python_tools.py` (v1.6.37, subprocess sandbox mode) can be fully bypassed using `print.__self__` to retrieve the real Python `builtins` module, from which `__import__` can be extracted via `vars()` and runtime string construction. This achieves …
CVE-2026-47392
NVD
CRITICAL
CVE-2026-45625
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eight …
CWE: CWE-862
NVD
CRITICAL
CVE-2026-45663
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly in…
CWE: CWE-77
NVD
CRITICAL
CVE-2026-45102
OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98.
CWE: CWE-693
NVD
CRITICAL
CVE-2026-44450
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code execution …
CWE: CWE-88
NVD
CRITICAL
CVE-2026-46624
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the …
CWE: CWE-78, CWE-89
NVD
CRITICAL
CVE-2026-7374
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to th…
CWE: CWE-59
GitHub-GHSA
CRITICAL
praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset
GHSA-3qg8-5g3r-79v5
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary
**Type:** Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal `"dev-secret-change-me"` when `PLATFORM_JWT_SECRET` is unset. A safety check exists but only fires when `PLATFORM_ENV != "dev"`; the default value of `PLATFORM_ENV` is `"dev"`, so the c…
CVE-2026-47410
GitHub-GHSA
CRITICAL
PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
GHSA-vg22-4gmj-prxw
pkg: PraisonAI
eco: pip
published: May 29, 2026
## Summary
The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain:
1. The example exposes an A2A server without configuring `auth_token`.
2. The same example binds the server to `0.0.0.0`.
3. The example registers a `calculate(expression)` …
CVE-2026-47391
GitHub-GHSA
CRITICAL
PraisonAI `deploy –type api` emits a Flask server with authentication disabled by default
GHSA-8444-4fhq-fxpq
pkg: PraisonAI
eco: pip
published: May 29, 2026
### Summary
CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that PraisonAI ships a code-generator (`praisonai.deploy.api.generate_api_server_code`) that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart (`praisonai deploy –type api`) get a …
CVE-2026-47393
GitHub-GHSA
CRITICAL
PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
GHSA-86qc-r5v2-v6x6
pkg: PraisonAI
eco: pip
published: May 29, 2026
### Summary
PraisonAI's call server exposes a network-facing agent control API without authentication when `CALL_SERVER_TOKEN` is not configured.
The affected component is the `praisonai.api.agent_invoke` router as mounted by `praisonai.api.call`. The authentication helper `verify_token()` fails o…
CVE-2026-47396
GitHub-GHSA
CRITICAL
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection
GHSA-29h4-r29x-hchv
pkg: redshift-connector
eco: pip
published: May 29, 2026
### Summary
amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitra…
CVE-2026-8838
GitHub-GHSA
CRITICAL
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
GHSA-6j2x-vhqr-qr7q
pkg: vm2
eco: npm
published: May 29, 2026
### Summary
A sandbox escape vulnerability in `vm2` allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (`WebAssembly.promising` / `WebAssembly.Suspending`). In the tested configuration, a JSPI-backed Promise ca…
CVE-2026-47210
NVD
CRITICAL
CVE-2026-10042
manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} endpoints deserialize attacker-controlled HTTP request…
CWE: CWE-502
GitHub-GHSA
CRITICAL
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
GHSA-vmwp-vh32-rj75
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
# Remote Code Execution via Mission Database algorithm override
## Summary
The Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in `MdbOverrideApi.updateAlgorithm` is constructed without a `ClassFilter`, allowing a user with the `ChangeMissionDatabase` privilege to execute arbi…
CVE-2026-46562
NVD
CRITICAL
CVE-2026-45083
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the b…
CWE: CWE-306
NVD
CRITICAL
CVE-2026-44888
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into
pialert.conf without validation. Since pialert.conf is loaded via Python's exec() every 3–5 m…
CWE: CWE-94
NVD
CRITICAL
CVE-2026-44887
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the da…
CWE: CWE-94
GitHub-GHSA
CRITICAL
Langroid has Prompt to SQL Injection, Leading to RCE
GHSA-mxfr-6hcw-j9rq
pkg: langroid
eco: pip
published: May 27, 2026
# Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid
## Affected Scope
langroid < 0.63.0
## Vulnerability Description
SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privi…
CVE-2026-25879
NVD
CRITICAL
CVE-2026-48902
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
NVD
CRITICAL
CVE-2026-8376
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.
Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a la…
CWE: CWE-680
GitHub-GHSA
CRITICAL
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
GHSA-c2m8-4gcg-v22g
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary
**Type:** Vertical privilege escalation. The `PATCH /workspaces/{workspace_id}/members/{user_id}` endpoint is gated by `require_workspace_member(workspace_id)`, which defaults to `min_role="member"` and is never overridden by the route. The handler then calls `MemberService.update_role(w…
CVE-2026-47416
NVD
CRITICAL
CVE-2026-45628
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (which runs through /bin/sh -c). User-supplied branch names, repository URLs, and Docker credentials a…
CWE: CWE-20, CWE-77
NVD
CRITICAL
CVE-2026-45323
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect (repeated) radio range to execute arbitrary javascript in the Home Assistant frontend of anyone viewi…
CWE: CWE-79
NVD
CRITICAL
CVE-2026-44985
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables C…
CWE: CWE-346
NVD
CRITICAL
CVE-2026-44326
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptions …
CWE: CWE-862
NVD
CRITICAL
CVE-2026-44315
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a fo…
CWE: CWE-862
NVD
CRITICAL
CVE-2026-44451
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator (validateComponentOverrideSou…
CWE: CWE-693
GitHub-GHSA
CRITICAL
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection
GHSA-2g95-6x5q-xjwj
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
### Summary
A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython (via the JSR-223 ScriptEngine API) without enforcing a secure sandbox. An authenti…
CVE-2026-46621
GitHub-GHSA
CRITICAL
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`
GHSA-524g-x36v-9wm6
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
### Summary
A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory`). The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated us…
CVE-2026-44632
NVD
CRITICAL
CVE-2026-46833
Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. While the vulnerability is in Net Service, attack…
NVD
CRITICAL
CVE-2026-45721
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute …
CWE: CWE-20, CWE-426, CWE-552
GitHub-GHSA
CRITICAL
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
GHSA-h8q5-cp56-rr65
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary
The Platform server exposes resources under `/api/v1/workspaces/{workspace_id}/…` and protects them with a `require_workspace_member(workspace_id)` FastAPI dependency. The dependency only checks that the caller is a member of the workspace_id in the URL prefix. The route handlers then …
CVE-2026-47407
GitHub-GHSA
CRITICAL
stigmem-node's federation peer registration lacked explicit out-of-band approval
GHSA-9vp8-3hmv-8fgh
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
Federation peer registration accepted peer key material during registration without a separate administrator approval step based on an out-of-band fingerprint check. Impacted deployments are nodes that accept federation peer registration across a network where initial registration could b…
GitHub-GHSA
CRITICAL
stigmem-node's federation insecure transport settings may allow non-loopback cleartext federation
GHSA-jmfc-hfjq-pxcp
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
Stigmem nodes with federation enabled could be configured to run without mTLS outside loopback-only local development. In affected deployments, federation traffic may traverse the network without the intended transport protection. Impacted users are operators who enabled federation and ex…
GitHub-GHSA
CRITICAL
stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback
GHSA-fp6w-8wpg-74g5
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node…
GitHub-GHSA
CRITICAL
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
GHSA-qrvh-r3f2-9h4r
pkg: org.xwiki.platform:xwiki-platform-rest-server, org.xwiki.platform:xwiki-platform-rest-server, org.xwiki.platform:xwiki-platform-rest-server
eco: maven
published: May 26, 2026
### Impact
`POST /wikis/{wikiName}` executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki
### Patches
This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1…
CVE-2026-33137
GitHub-GHSA
CRITICAL
XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash
GHSA-xq3r-2qv5-vqqm
pkg: org.xwiki.commons:xwiki-commons-classloader-api, org.xwiki.commons:xwiki-commons-classloader-api, org.xwiki.commons:xwiki-commons-classloader-api
eco: maven
published: May 26, 2026
### Impact
It's possible to get access and read configuration files by using URLs such as `http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false`.
This can apparently be reproduced on Tomcat instances.
### Patches
This has been patched in 18.0.0-rc-1, 17.10.3,…
CVE-2026-23734
GitHub-GHSA
HIGH
PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership
GHSA-h37g-4h4p-9×97
pkg: praisonai-platform
eco: pip
published: May 29, 2026
### Summary
PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to `owner`.
The issue is caused by privileged workspace-management routes using the shared dependency `require_workspace_member(…)` wi…
CVE-2026-47405
GitHub-GHSA
HIGH
PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
GHSA-6h6v-6m7w-7vxx
pkg: praisonai-platform
eco: pip
published: May 29, 2026
### Summary
PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global UUID.
The affected patt…
CVE-2026-47399
GitHub-GHSA
HIGH
PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
GHSA-gv23-xrm3-8c62
pkg: praisonai-platform
eco: pip
published: May 29, 2026
### Summary
The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any …
CVE-2026-48169
NVD
HIGH
CVE-2026-47125
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin author…
CWE: CWE-862
GitHub-GHSA
HIGH
Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename
GHSA-hwc4-gmrw-5222
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 29, 2026
### Summary
`filepath.Base` on the Linux container does not strip backslashes (`\`), because `\` is only a path separator on Windows. A multipart filename like `..\..\..\..\Windows\System32\evil.pdf` survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output…
CVE-2026-44829
NVD
HIGH
CVE-2026-45662
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${response.registryUrl} without shell escaping. In the same file, the docker login command correctly uses shE…
CWE: CWE-78
NVD
HIGH
CVE-2026-9984
Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-9945
Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-9928
Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125
GitHub-GHSA
HIGH
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
GHSA-897w-fcg9-f6xj
pkg: dulwich
eco: pip
published: May 28, 2026
## Impact
Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows.
Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax:
– \ — the Windows path …
CVE-2026-42305
NVD
HIGH
CVE-2026-46125
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: remove station if connection prep fails
If connection preparation fails for MLO connections, then the
interface is completely reset to non-MLD. In this case, we must
not keep the station since it's related to the l…
NVD
HIGH
CVE-2026-46113
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
The shadow MMU computes GFNs for direct shadow pages using sp->gfn plus
the SPTE index. This assumption breaks for shadow paging if the guest
page tables are modifie…
NVD
HIGH
CVE-2026-44346
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom…
CWE: CWE-78, CWE-94
NVD
HIGH
CVE-2026-44345
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 interpolates docker.base_image raw with no escaping, newline filtering, or validation. A malicious bent…
CWE: CWE-78
NVD
HIGH
CVE-2026-36044
@pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js chi…
CWE: CWE-78
NVD
HIGH
CVE-2026-24187
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE: CWE-416
GitHub-GHSA
HIGH
vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
GHSA-m5q2-4fm3-vfqp
pkg: vm2
eco: npm
published: May 29, 2026
## Summary
vm2 3.11.2 `Symbol.for` override in `setup-sandbox.js` only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's `set`/`defineProperty`/`deleteProperty` traps having **no** `isDangerousCrossRealmSymbol` key check, sandbox code can obtain real cross-realm sy…
CVE-2026-47135
GitHub-GHSA
HIGH
axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
GHSA-35jp-ww65-95wh
pkg: axios
eco: npm
published: May 29, 2026
# Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
## Summary
The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any `Object.prototype` pollution in the application's dependency tree to be escalated into a **full Ma…
CVE-2026-44494
GitHub-GHSA
HIGH
HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint
GHSA-g2g8-95qg-v35h
pkg: @haxtheweb/haxcms-nodejs
eco: npm
published: May 29, 2026
## Summary
HaxCMS is affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by injecting an event handler attribute without whitespace before the attribute name.
For e…
CVE-2026-48527
NVD
HIGH
CVE-2026-48527
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by in…
CWE: CWE-79
NVD
HIGH
CVE-2026-45348
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the…
CWE: CWE-79
NVD
HIGH
CVE-2026-44543
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-pat…
CWE: CWE-269
NVD
HIGH
CVE-2026-42197
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin accou…
CWE: CWE-79
GitHub-GHSA
HIGH
Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview
GHSA-6m7c-xfhp-p9fh
pkg: @typebot.io/js
eco: npm
published: May 26, 2026
## Summary
The rating block's custom icon feature accepts arbitrary HTML/SVG via the `customIcon.svg` field and renders it using Solid's `innerHTML` directive without any sanitization. When a malicious typebot is imported or crafted by a workspace collaborator, the payload executes in the builder's …
CVE-2026-28445
NVD
HIGH
CVE-2026-44697
Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on t…
CWE: CWE-409, CWE-770
GitHub-GHSA
HIGH
NodeVM network builtin exclusions bypass via internal _http_client and _http_server
GHSA-r9pm-gxmw-wv6p
pkg: vm2
eco: npm
published: May 29, 2026
## Summary
`NodeVM` supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to `http`, `https`, `http2`, `net`, `dgram`, `tls`, `dns`, and `dns/promises` is blocked.
However, Node.js also exposes underscored internal HTTP builtins such as …
CVE-2026-47139
GitHub-GHSA
HIGH
vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain
GHSA-c4cf-2hgv-2qv6
pkg: vm2
eco: npm
published: May 29, 2026
## Summary
The `BaseHandler.set` trap in `bridge.js` (line 1231) ignores the `receiver` parameter and unconditionally writes to the host target object. Per the Proxy `set` trap specification, when `receiver !== proxy` (e.g., when a child object inherits from the proxy via `Object.create`), the prop…
CVE-2026-47209
GitHub-GHSA
HIGH
axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
GHSA-pjwm-pj3p-43mv
pkg: axios, axios
eco: npm
published: May 29, 2026
### Summary
shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as `127.0.0.1` or `169.254.169.254`, a request URL using the IPv4-mapped IPv6 form (`::ffff:7f00:1`, `::ffff:a9fe:a9fe`) still routes th…
CVE-2026-44492
GitHub-GHSA
HIGH
yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation
GHSA-vv9j-gjw2-j8wp
pkg: yeoman-environment
eco: npm
published: May 26, 2026
### Impact
`yeoman-environment` versions `>= 2.9.0` and `< 6.0.1` install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package i…
CVE-2026-42089
NVD
HIGH
CVE-2026-45298
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that …
CWE: CWE-918
GitHub-GHSA
HIGH
authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user
GHSA-c3m2-jqmq-pvp3
pkg: goauthentik.io
eco: go
published: May 29, 2026
### Summary
authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user.
### Patches
authentik 2026.5.1, 20…
CVE-2026-47201
NVD
HIGH
CVE-2026-44850
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for non-adminis…
CWE: CWE-863
NVD
HIGH
CVE-2026-48153
Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no sch…
CWE: CWE-918
GitHub-GHSA
HIGH
compliance-trestle – jinja has an Arbitrary File Write via Path Traversal
GHSA-4q5v-7g7x-j79w
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 28, 2026
**Relevant Products/Components:**
* `trestle/core/commands/author/jinja.py`
* `trestle author jinja`
—
## Detailed Description:
The `-o/–output` argument in `trestle author jinja` allows writing files outside the intended workspace.
The application does not properly validate:
* `../`
* `..\…
CVE-2026-46345
NVD
HIGH
CVE-2026-10105
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string interpolation in clickho…
CWE: CWE-89
NVD
HIGH
CVE-2026-9994
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-9966
Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-472
NVD
HIGH
CVE-2026-9949
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-9937
Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-9932
Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-9924
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-122
NVD
HIGH
CVE-2026-9905
Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-9890
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD
HIGH
CVE-2026-10000
Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-45627
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution lands…
CWE: CWE-79
NVD
HIGH
CVE-2026-46510
form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, or prototype. A single HTTP form field whose name starts with __proto__[…] causes the library to mu…
CWE: CWE-1321
NVD
HIGH
CVE-2026-44358
Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolu…
CWE: CWE-427, CWE-829
NVD
HIGH
CVE-2026-44483
RVF (formerly Remix Validated Form) provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get (used by @rvf/core to flatten incoming form data into a nested object) does not block the keys __proto__, constructor, or prototype when wal…
CWE: CWE-1321
NVD
HIGH
CVE-2026-44328
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally dereferences upNode.UPF after the type-guarded a…
CWE: CWE-306, CWE-476, CWE-862
NVD
HIGH
CVE-2026-42083
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer(), the smPolicyGroup route group is created and routes are a…
CWE: CWE-862
NVD
HIGH
CVE-2026-45843
In the Linux kernel, the following vulnerability has been resolved:
slip: bound decode() reads against the compressed packet length
slhc_uncompress() parses a VJ-compressed TCP header by advancing a
pointer through the packet via decode() and pull16(). Neither helper
bounds-checks against isize, a…
NVD
HIGH
CVE-2026-44843
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load() with …
CWE: CWE-502
GitHub-GHSA
HIGH
praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role
GHSA-w388-2392-px73
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary
**Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can remove any other member, including the workspace owner, using …
CVE-2026-47409
GitHub-GHSA
HIGH
praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks
GHSA-4x6r-9v57-3gqw
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary
**Type:** Insecure Direct Object Reference. The dependency endpoints (`POST/GET /workspaces/{workspace_id}/issues/{issue_id}/dependencies` and `DELETE …/dependencies/{dep_id}`) gate access on `require_workspace_member(workspace_id)` only, then dispatch to `DependencyService` calls that…
CVE-2026-47406
GitHub-GHSA
HIGH
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` – sibling of CVE-2026-44334
GHSA-78r8-wwqv-r299
pkg: PraisonAI
eco: pip
published: May 29, 2026
<html><head></head><body><h2>Arbitrary code execution via ungated <code>spec.loader.exec_module</code> in <code>agents_generator.py</code> (v4.6.32 chokepoint refactor bypass)</h2>
<h3>Summary</h3>
<p>The v4.6.32 chokepoint refactor (which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj) added the <cod…
CVE-2026-47398
NVD
HIGH
CVE-2026-45707
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLE_MULTI_TENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that omitt…
CWE: CWE-284
NVD
HIGH
CVE-2026-44882
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer (kubeClientMiddle…
CWE: CWE-863
NVD
HIGH
CVE-2026-45574
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-signed, expired, wrong CN) and intercept all SOAP traffic. This includes patient ide…
CWE: CWE-295
NVD
HIGH
CVE-2026-8855
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).
CWE: CWE-94
NVD
HIGH
CVE-2026-46076
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want
to intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and the
hypercall is some…
NVD
HIGH
CVE-2026-32325
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
CWE: CWE-268
NVD
HIGH
CVE-2026-27788
Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
CWE: CWE-732
GitHub-GHSA
HIGH
compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)
GHSA-gg2g-p7xc-qqmm
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 28, 2026
A High severity Server-Side Template Injection (SSTI) vulnerability exists in the `trestle author jinja` command. The command recursively evaluates rendered templates, allowing an attacker to achieve arbitrary command execution with privileges of the running process by injecting malicious payloads i…
CVE-2026-46439
NVD
HIGH
CVE-2026-46209
In the Linux kernel, the following vulnerability has been resolved:
drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
drm_gem_fb_init_with_funcs() computes sub-sampled plane dimensions
using plain integer division:
unsigned int width = mode_cmd->width / (i …
NVD
HIGH
CVE-2026-46129
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double free in create_space_info() error path
When kobject_init_and_add() fails, the call chain is:
create_space_info()
-> btrfs_sysfs_add_space_info_type()
-> kobject_init_and_add()
-> failure
-> kobject_put(&space_in…
NVD
HIGH
CVE-2026-46117
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()
Sashiko points out that the user can specify WQs sharing the same CQ as a
part of the uAPI and this will trigger the WARN_ON() then go on to corrupt
the kerne…
NVD
HIGH
CVE-2026-46116
In the Linux kernel, the following vulnerability has been resolved:
xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
KASAN reproduces a slab-use-after-free in __xfrm_state_delete()'s
hlist_del_rcu calls under syzkaller load on linux-6.12.y stable
(reproduced on 6.12.47, also reacha…
NVD
HIGH
CVE-2026-46107
In the Linux kernel, the following vulnerability has been resolved:
dm-thin: fix metadata refcount underflow
There's a bug in dm-thin in the function rebalance_children. If the
internal btree node has one entry, the code tries to copy all btree
entries from the node's child to the node itself and …
NVD
HIGH
CVE-2026-44724
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained int…
CWE: CWE-78
NVD
HIGH
CVE-2026-46065
In the Linux kernel, the following vulnerability has been resolved:
fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
Hold state of deferred I/O in struct fb_deferred_io_state. Allocate an
instance as part of initializing deferred I/O and remove it only after
the final mapp…
NVD
HIGH
CVE-2026-45942
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix e4b bitmap inconsistency reports
A bitmap inconsistency issue was observed during stress tests under
mixed huge-page workloads. Ext4 reported multiple e4b bitmap check
failures like:
ext4_mb_complex_scan_group:2508: gro…
NVD
HIGH
CVE-2026-45933
In the Linux kernel, the following vulnerability has been resolved:
bpf: Preserve id of register in sync_linked_regs()
sync_linked_regs() copies the id of known_reg to reg when propagating
bounds of known_reg to reg using the off of known_reg, but when
known_reg was linked to reg like:
known_reg …
NVD
HIGH
CVE-2026-45852
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix double free in rxe_srq_from_init
In rxe_srq_from_init(), the queue pointer 'q' is assigned to
'srq->rq.queue' before copying the SRQ number to user space.
If copy_to_user() fails, the function calls rxe_queue_cleanup…
NVD
HIGH
CVE-2023-52945
Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.
CWE: CWE-427
NVD
HIGH
CVE-2026-24194
NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execu…
CWE: CWE-281
NVD
HIGH
CVE-2026-24193
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE: CWE-787
NVD
HIGH
CVE-2026-24192
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data …
CWE: CWE-681
NVD
HIGH
CVE-2026-24191
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE: CWE-367
NVD
HIGH
CVE-2026-24190
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and …
CWE: CWE-862
NVD
HIGH
CVE-2026-24162
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
CWE: CWE-502
NVD
HIGH
CVE-2026-47179
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectServ…
CWE: CWE-22
GitHub-GHSA
HIGH
Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives
GHSA-c3px-h233-h6fq
pkg: github.com/getarcaneapp/arcane/backend
eco: go
published: May 28, 2026
## Summary
`ProjectService.GetProjectFileContent` returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because `ProjectService.CreateProject` writes attacker-supplied compose content to disk without validating i…
CVE-2026-47179
NVD
HIGH
CVE-2026-45296
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify th…
CWE: CWE-284
NVD
HIGH
CVE-2026-48146
Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection. The safe wrapper fetchWithBlacklist() exists in the same codebase and is used in every other outboun…
CWE: CWE-918
NVD
HIGH
CVE-2026-45061
Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passe…
CWE: CWE-918
GitHub-GHSA
HIGH
praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)
GHSA-5jx9-w35f-vp65
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary
**Type:** Insecure Direct Object Reference. Five label endpoints — `PATCH /workspaces/{workspace_id}/labels/{label_id}`, `DELETE …/labels/{label_id}`, `POST …/issues/{issue_id}/labels/{label_id}`, `DELETE …/issues/{issue_id}/labels/{label_id}`, `GET …/issues/{issue_id}/labels` …
CVE-2026-47414
NVD
HIGH
CVE-2026-44680
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path emitters (Platform.getS…
CWE: CWE-89
NVD
HIGH
CVE-2026-45082
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward …
CWE: CWE-918
NVD
HIGH
CVE-2026-7459
The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unreact_to_event()). The endpoints register get_items_pe…
CWE: CWE-640
GitHub-GHSA
HIGH
russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
GHSA-wwx6-x28x-8259
pkg: russh
eco: rust
published: May 29, 2026
### Summary
When SSH compression is enabled, `russh` accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected.
…
CVE-2026-46702
GitHub-GHSA
HIGH
ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag
GHSA-h64w-w9pr-82m4
pkg: exifreader
eco: npm
published: May 29, 2026
### Impact
When parsing an image with an embedded ICC profile that contains a crafted `multiLocalizedUnicodeType` (`mluc`) tag, ExifReader can be made to allocate memory proportional to attacker-controlled fields in the tag rather than to
the actual size of the input. Processing such an image cause…
CVE-2026-8813
GitHub-GHSA
HIGH
Gotenberg has a Race Condition via Multipart `downloadFrom` Handling
GHSA-vp73-vjw8-8f32
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 29, 2026
### Summary
Gotenberg is vulnerable to a remote denial of service in multipart `downloadFrom` handling.
A multipart request containing multiple `downloadFrom` entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with `fatal error: con…
CVE-2026-45742
GitHub-GHSA
HIGH
Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes
GHSA-86m8-88fq-xfxp
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 29, 2026
### Summary
`IsPublicIP` in `pkg/gotenberg/outbound.go` incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public IPs, allowing an unauthenticated attacker to reach internal destinations (e.g., cloud metadata services at `169.254.169.254`) via a single crafted DNS AAAA re…
CVE-2026-45741
NVD
HIGH
CVE-2026-10056
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeove…
CWE: CWE-942
NVD
HIGH
CVE-2026-48116
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a — end-of-options separator. …
CWE: CWE-77, CWE-88
NVD
HIGH
CVE-2026-10044
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal sequence…
CWE: CWE-36
NVD
HIGH
CVE-2026-46835
Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can result…
CWE: CWE-400
NVD
HIGH
CVE-2026-46834
Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can result…
CWE: CWE-400
NVD
HIGH
CVE-2026-32847
DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /{full_path:path} endpoint. Attackers can bypass Starlette'…
CWE: CWE-22
GitHub-GHSA
HIGH
FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations
GHSA-q3w6-q3hc-c5x6
pkg: fuxa-server
eco: npm
published: May 27, 2026
### Summary
The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled.
### Details
File: `server/api/projects/index.js`
“`javascript
prjApp.get("/api/project", secureFnc, function(req, res) {
const permission = ch…
CVE-2026-47717
NVD
HIGH
CVE-2026-45090
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes (clos…
CWE: CWE-362, CWE-404
NVD
HIGH
CVE-2026-45047
bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&request) without restricting the maximum read size. An unauthenticated remote attacker can stream an …
CWE: CWE-400
GitHub-GHSA
HIGH
LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
GHSA-r7g9-xpmj-5fcq
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary
The built-in `strip_html` filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many `<script`, `<style`, or `<!–` opener tokens without matching closers, the V8 regex engine performs O(N²) backtracking, blocking the Node.js event loop. A…
CVE-2026-45617
GitHub-GHSA
HIGH
LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)
GHSA-hh27-hf48-9f5q
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary
The `date` filter's strftime implementation parses width specifiers like `%9999999d` and forwards the captured width unchecked into `pad()`/`padStart()` in `src/util/underscore.ts`. The pad loop performs unbounded string concatenation without consulting the Context's `memoryLimit` or `re…
CVE-2026-45357
NVD
HIGH
CVE-2026-44321
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFromConfi…
CWE: CWE-306, CWE-617, CWE-862
NVD
HIGH
CVE-2026-44319
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(…) and on any delivery erro…
CWE: CWE-20, CWE-617, CWE-755
NVD
HIGH
CVE-2026-48922
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if …
CWE: CWE-20
NVD
HIGH
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default 0.0.0.0:9464) has no error handling around URL parsing, so a request with an invalid …
CWE: CWE-755
NVD
HIGH
CVE-2026-46052
In the Linux kernel, the following vulnerability has been resolved:
ceph: only d_add() negative dentries when they are unhashed
Ceph can call d_add(dentry, NULL) on a negative dentry that is already
present in the primary dcache hash.
In the current VFS that is not safe. d_add() goes through __d…
GitHub-GHSA
HIGH
XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests
GHSA-rh28-mqj4-8×59
pkg: org.xwiki.platform:xwiki-platform-livetable-ui, org.xwiki.platform:xwiki-platform-livetable-ui, org.xwiki.platform:xwiki-platform-livetable-ui
eco: maven
published: May 26, 2026
### Impact
XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the `LiveTableResults`, it is still possible to discover password hashes one bit at a time, so with 768 requests, the full password salt and hash can be retrieved of a user.
…
CVE-2026-48048
NVD
HIGH
CVE-2026-24212
NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CWE: CWE-319
NVD
HIGH
CVE-2026-47071
Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which d…
CWE: CWE-400
GitHub-GHSA
HIGH
GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands
GHSA-8xvp-7hj6-mcj9
pkg: github.com/cli/cli/v2
eco: go
published: May 29, 2026
### Summary
GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands.
**Affected users:**
– Authenticated `github.com` users who previously ran `gh attestation` commands, …
CVE-2026-48501
NVD
HIGH
CVE-2026-46579
A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a …
CWE: CWE-287
NVD
HIGH
CVE-2026-48526
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret…
CWE: CWE-287, CWE-347
GitHub-GHSA
HIGH
Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
GHSA-chqv-56wv-7564
pkg: deno
eco: rust
published: May 27, 2026
## Summary
A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When `autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook t…
CVE-2026-44726
NVD
HIGH
CVE-2026-45575
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects uri_puk_idp_enc and uri…
CWE: CWE-347
NVD
HIGH
CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but neve…
CWE: CWE-295
NVD
HIGH
CVE-2026-44320
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g. Authorization: Bearer not-a-real-token) is enough to reach the SMF-callback …
CWE: CWE-306, CWE-862
NVD
HIGH
CVE-2026-36045
picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete.
CWE: CWE-78
NVD
HIGH
CVE-2026-48962
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.
_parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through …
CWE: CWE-95
NVD
HIGH
CVE-2026-45609
mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it processes untrusted UR…
CWE: CWE-918
GitHub-GHSA
HIGH
OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd
GHSA-q537-qhj4-wcjx
pkg: pycti
eco: pip
published: May 28, 2026
### Summary
An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization.
### Impact
Full platform access, access to sensitive or proprietary information.
CVE-2026-44730
GitHub-GHSA
HIGH
CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests
GHSA-rw47-hm26-6wr7
pkg: github.com/crowdsecurity/crowdsec
eco: go
published: May 27, 2026
## Summary
The CrowdSec AppSec component fails to read the HTTP request body for any request whose `Content-Length` is not positive — most notably HTTP/1.1 requests using `Transfer-Encoding: chunked` and HTTP/2 requests sent without a `content-length` header. Coraza is then evaluated against an e…
CVE-2026-44982
NVD
HIGH
CVE-2026-46175
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix fsck inconsistency caused by FGGC of node block
During FGGC node block migration, fsck may incorrectly treat the
migrated node block as fsync-written data.
The reproduction scenario:
root@vm:/mnt/f2fs# seq 1 2048 | xarg…
NVD
HIGH
CVE-2026-45134
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPromptCommit in JS/TS) fetch and deserialize prompt manifests fr…
CWE: CWE-502
NVD
HIGH
CVE-2026-45856
In the Linux kernel, the following vulnerability has been resolved:
RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send
ib_uverbs_post_send() uses cmd.wqe_size from userspace without any
validation before passing it to kmalloc() and using the allocated
buffer as struct ib_uverbs_…
NVD
HIGH
CVE-2026-24196
NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
CWE: CWE-125
NVD
HIGH
CVE-2026-24195
NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service.
CWE: CWE-20
GitHub-GHSA
HIGH
axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
GHSA-3g43-6gmg-66jw
pkg: axios, axios
eco: npm
published: May 29, 2026
## Summary
Axios versions before the fixed releases contain prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted `Object.prototype.transformResponse`, affected Axios versions may treat that inherited value as request …
CVE-2026-44495
GitHub-GHSA
HIGH
Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring
GHSA-9rfg-v8g9-9367
pkg: @fedify/fedify
eco: npm
published: May 26, 2026
### Summary
An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received.
### Details
The vulnerability essentially boil…
CVE-2026-42462
GitHub-GHSA
HIGH
PraisonAI has an Arbitrary File Write in Python API
GHSA-hvhp-v2gc-268q
pkg: PraisonAI
eco: pip
published: May 29, 2026
# Bug Report: Arbitrary File Write in Python API
## Summary
Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. `write_file` skips path validation when `workspace=None` (always `None` in production).
## Affected
PraisonAI <= 4.6.37 (pip i…
CVE-2026-47397
GitHub-GHSA
HIGH
PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
GHSA-9cr9-25q5-8prj
pkg: PraisonAI
eco: pip
published: May 29, 2026
## Summary
The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_server/adapters/cli_tools.py`:
> "registers four file-handling tools by default, `praisonai.rules.create`, `praisonai.rules.show`, `praisonai.rules.de…
CVE-2026-47394
GitHub-GHSA
HIGH
stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment
GHSA-w7pm-9g55-mxfm
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded.
### Patches
Patched in 0.9.0a2. Disabling plugin si…
GitHub-GHSA
HIGH
stigmem-node's Postgres schema identifier handling required defensive quoting
GHSA-9pc9-4crj-mhpj
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
Postgres backend schema identifiers were interpolated into SQL strings. In the reviewed code path the schema value is operator-controlled, but the pattern was unsafe if future call sites allowed tenant or request-controlled schema names. Impacted users are operators using the Postgres bac…
GitHub-GHSA
HIGH
stigmem-node's federation peer token timestamp validation may reject valid peer tokens
GHSA-xh5j-xjfq-qvvx
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
A mismatch in federation peer-token timestamp handling could cause valid peer tokens to be treated as expired. Impacted deployments are Stigmem nodes using federation peer authentication paths from affected versions. The primary impact is availability and reliability of authenticated fede…
GitHub-GHSA
HIGH
ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
GHSA-c4m7-2gwp-vw76
pkg: ouroboros-ai
eco: pip
published: May 29, 2026
### Impact
A Remote Code Execution (RCE) vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover.
The vulnerability (CWE-426: Untrusted Search Path & C…
CVE-2026-47211
GitHub-GHSA
HIGH
CC-Tweaked has an SSRF Protection Bypass with NAT64
GHSA-5jh9-2h63-pw4q
pkg: cc.tweaked:cc-tweaked-1.21-core, cc.tweaked:cc-tweaked-1.20.1-core, cc.tweaked:cc-tweaked-1.20.4-core
eco: maven
published: May 29, 2026
### Summary
CC-Tweaked's HTTP API (`http.request`, `http.websocket`) blocks requests to private network ranges to prevent server-side request forgery (SSRF). This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses (`64:ff9b::/96`). An attacker who can execute…
CVE-2026-47695
GitHub-GHSA
HIGH
AgenticMail API/storage and outbound relay hardening fixes
GHSA-wjjv-3mj2-39hf
pkg: @agenticmail/api, @agenticmail/core
eco: npm
published: May 29, 2026
The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct stora…
CVE-2026-47255
GitHub-GHSA
HIGH
Dulwich Vulnerable to Command Injection via Merge Driver Path
GHSA-9277-mp7x-85jf
pkg: dulwich
eco: pip
published: May 28, 2026
## Summary
Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the merge driver command via the `%P` placeholder and executes it with `subprocess.run(…, shell=True)`. An attacker who can cause a victim to merge an u…
CVE-2026-42563
GitHub-GHSA
HIGH
OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL
GHSA-v8v8-cm84-m686
pkg: github.com/openbao/openbao
eco: go
published: May 28, 2026
# Impact
OpenBao's namespaces provide multi-tenant separation. A tenant who intentionally leaks lease identifiers can have their lease and underlying credential revoked or renewed by a user in another tenant via the legacy, undocumented `sys/revoke` and `sys/renew` endpoints.
# Patch
This will be…
CVE-2026-45808
GitHub-GHSA
HIGH
compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal
GHSA-g3vg-vx23-3858
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 27, 2026
## Summary
The compliance-trestle library's remote fetching cache mechanism (HTTPSFetcher and SFTPFetcher) constructs the local cache file path from the URL path component without sanitizing path traversal sequences (`../`). When a remote OSCAL profile references a URL with traversal in its path, t…
CVE-2026-45725
GitHub-GHSA
HIGH
Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
GHSA-2gv2-cffp-j227
pkg: github.com/kata-containers/kata-containers
eco: go
published: May 27, 2026
### Summary
In the runtime-rs standalone virtio-fs path, verified here with QEMU (and verified with Cloud Hypervisor too), Kata Containers runs host `virtiofsd` as root with:
“`
–sandbox none –seccomp none
“`
If an attacker has root-equivalent execution inside the Kata guest VM, they can send…
CVE-2026-47243
GitHub-GHSA
HIGH
@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters
GHSA-36hh-x5p5-jgc8
pkg: @hapi/content
eco: npm
published: May 27, 2026
### Impact
The two parsers resolved duplicates inconsistently and silently:
– `Content.disposition()` retained the last occurrence of each parameter.
– `Content.type()` retained the first occurrence of charset and boundary.
Either behavior creates a parameter-smuggling primitive when another compon…
CVE-2026-44974
GitHub-GHSA
HIGH
tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape
GHSA-ph9p-34f9-6g65
pkg: tmp
eco: npm
published: May 27, 2026
### Summary
The tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the `prefix`, `postfix`, or `dir` options. By embedding traversal sequences (e.g., `../`) or path separators in these parameters, attackers ca…
CVE-2026-44705
GitHub-GHSA
HIGH
FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass
GHSA-rg3m-cfq7-g6h6
pkg: fuxa-server
eco: npm
published: May 26, 2026
### Summary
An unauthenticated Remote Code Execution vulnerability exists in FUXA when `secureEnabled` is set to `true`. The `POST /api/runscript` endpoint checks authorization against the stored script's permission by ID, but when `test: true` is set in the request, it compiles and executes attack…
CVE-2026-43947
GitHub-GHSA
HIGH
FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue
GHSA-fwcm-rqvw-j3p7
pkg: fuxa-server
eco: npm
published: May 26, 2026
### Summary
An authorization bypass in the /api/getTagValue endpoint allows unauthenticated access to tag values when the referenced script does not exist.
### Details
The issue is caused by the combination of these code paths:
– `server/api/apikeys/verify-api-or-token.js:45` sends requests…
CVE-2026-43946
GitHub-GHSA
HIGH
FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection
GHSA-p69w-mmfv-xrfj
pkg: @frangoteam/fuxa
eco: npm
published: May 26, 2026
**Pre-auth** RCE in FUXA via Logic Bypass
Summary
A Critical vulnerability chain exists in FUXA (v.1.3.0-2706) that allows an unauthenticated remote attacker to achieve Full Remote Code Execution (RCE) as root. The exploit succeeds even when the platform is configured in its most secure state (Sec…
CVE-2026-43945
NVD
MEDIUM
CVE-2026-44247
Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially cau…
CWE: CWE-400, CWE-770
NVD
MEDIUM
CVE-2026-44707
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not o…
CWE: CWE-283, CWE-287
GitHub-GHSA
MEDIUM
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
GHSA-w76h-q7c6-jpjp
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 28, 2026
A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module.
**Finding 1 (Critical): SSRF (CWE-918)**
The HTTPSFetcher._do_fetch() method passes a user-supplied URL directly to requests.get() without validation. This allows an at…
CVE-2026-46380
GitHub-GHSA
MEDIUM
praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership
GHSA-27p4-pjqv-whgj
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary
**Type:** Insecure Direct Object Reference. The `GET /workspaces/{workspace_id}/issues/{issue_id}/activity` endpoint is gated by `require_workspace_member(workspace_id)` and dispatches to `ActivityService.list_for_issue(issue_id)`, which executes `SELECT * FROM activity WHERE issue_id = …
CVE-2026-47408
GitHub-GHSA
MEDIUM
BoxLite has a Timeout Bypass Vulnerability
GHSA-xjhv-pp2r-6f82
pkg: boxlite
eco: pip
published: May 29, 2026
#### Summary
BoxLite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill t…
CVE-2026-47213
GitHub-GHSA
MEDIUM
zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
GHSA-rfg2-pjw2-56×2
pkg: zeroconf
eco: pip
published: May 29, 2026
### Impact
`DNSCache._async_add` inserted every response record into `cache`, `_expirations`, `_expire_heap`, and `service_cache` with no cap on entry count. The only pre-existing protection was a PTR TTL floor (`_DNS_PTR_MIN_TTL = 1125` s, RFC 6762 §10), which actually *prolonged* attacker-inject…
CVE-2026-47184
GitHub-GHSA
MEDIUM
zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
GHSA-phvx-9mgw-67r5
pkg: zeroconf
eco: pip
published: May 29, 2026
### Impact
`DNSIncoming._log_exception_debug` and the four `QuietLogger` exception-dedup methods stored an unbounded `_seen_logs` dict keyed by `str(sys.exc_info()[1])`. The seven `IncomingDecodeError` messages raised from `_read_name` / `_decode_labels_at_offset` (RFC 6762 §18 name-decoding error …
CVE-2026-47183
GitHub-GHSA
MEDIUM
zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
GHSA-9pgc-3ccv-5297
pkg: zeroconf
eco: pip
published: May 29, 2026
### Impact
`DNSIncoming._decode_labels_at_offset` recurses once per DNS-name compression pointer (RFC 1035 §4.1.4). Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single ~3 kB mDNS packet carrying ~1500 chained pointers drives the recursion …
CVE-2026-47180
GitHub-GHSA
MEDIUM
go-git: Malformed Git object data may cause panics or resource exhaustion
GHSA-w5pp-99ch-qj29
pkg: github.com/go-git/go-git/v5, github.com/go-git/go-git/v6
eco: go
published: May 29, 2026
### Impact
Several denial-of-service issues were identified in `go-git` when parsing maliciously crafted Git repository data.
An attacker may craft a malicious `.pack`, `.idx` or loose objects that causes an application using an affected version of `go-git` to panic or consume excessive resources.
…
NVD
MEDIUM
CVE-2026-45619
WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS pinning via CURLOPT_RESOLVE, opening DNS-rebinding TOCTOU.
CWE: CWE-367, CWE-918
NVD
MEDIUM
CVE-2026-45582
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend.…
CWE: CWE-201
NVD
MEDIUM
CVE-2026-42399
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression co…
CWE: CWE-400
NVD
MEDIUM
CVE-2026-45306
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect the Flask session directory (/tmp/pyLoad/flask). An authenticated attacker can set storage_folder to…
CWE: CWE-706
NVD
MEDIUM
CVE-2026-44796
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in co…
CWE: CWE-400, CWE-1333
NVD
MEDIUM
CVE-2026-5737
The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrer_url values when the signature matches, combined with a sc…
CWE: CWE-918
NVD
MEDIUM
CVE-2026-47273
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and device-supplied identifiers (USB device serial, model, vendor) to query /etc/pamusb.conf. These identifi…
CWE: CWE-91
NVD
MEDIUM
CVE-2026-48147
Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex() / matches() functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. T…
CWE: CWE-185, CWE-352
NVD
MEDIUM
CVE-2026-44324
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId doe…
CWE: CWE-704, CWE-754
NVD
MEDIUM
CVE-2026-44318
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock() via BSFContext.GetSubscription(subId), but i…
CWE: CWE-362, CWE-820
NVD
MEDIUM
CVE-2026-3676
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced enviro…
CWE: CWE-1284
GitHub-GHSA
MEDIUM
LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body
GHSA-8xx9-69p8-7jp3
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary
The `renderLimit` option — documented in `docs/source/tutorials/dos.md` as the mechanism that "mitigates this by limiting the time consumed by each render() call" — can be fully bypassed by a `{% for %}` (or `{% tablerow %}`) tag whose body is empty. The per-iteration time check is r…
CVE-2026-44645
GitHub-GHSA
MEDIUM
Yamcs has No Rate Limiting on Authentication Endpoint
GHSA-w5r6-mcgq-7pq4
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
### Summary
The authentication endpoint `POST /auth/token` in `yamcs-core` lacks any form of rate limiting, account lockout, or failed attempt throttling. As a result, an unauthenticated remote attacker can perform unlimited password guessing attempts against any user account.
This missing rate li…
CVE-2026-44596
NVD
MEDIUM
CVE-2026-47672
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment (e.g., followin…
CWE: CWE-306
NVD
MEDIUM
CVE-2026-24197
NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnera…
CWE: CWE-1188
NVD
MEDIUM
CVE-2026-24182
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.
CWE: CWE-667
GitHub-GHSA
MEDIUM
Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
GHSA-6×26-5727-rrm9
pkg: github.com/nezhahq/nezha
eco: go
published: May 29, 2026
#### Summary
An authenticated Nezha dashboard user can create or update a DDNS profile with provider `webhook` and configure an arbitrary `webhook_url`, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured req…
CVE-2026-47268
NVD
MEDIUM
CVE-2026-8866
The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes (userid, albumid, authkey, imgmax, maxr…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-8842
The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes ('id' and 'name') in the gplusnamelink_gener…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-9831
A race condition in the shared Extreme Platform
ONE IAM Gateway API-key authentication path could, under specific
high-concurrency traffic conditions, intermittently allow requests
authenticated with an Extreme Platform ONE /IAM-issued API key to receive
response data for another tenant. The issue w…
CWE: CWE-362, CWE-488
NVD
MEDIUM
CVE-2026-45626
Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is passed to a shell command (sh -c "find … | while …") inside an Arcane helper container. The path …
CWE: CWE-78
NVD
MEDIUM
CVE-2026-10101
ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `InfraEnv` objects and recover the referenced Secret's…
CWE: CWE-201
NVD
MEDIUM
CVE-2026-42328
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list …
CWE: CWE-674
GitHub-GHSA
MEDIUM
nono: Sandbox escape on Linux via D-Bus: `systemd-run –user`
GHSA-27vp-2mmc-vmh3
pkg: nono-cli
eco: rust
published: May 28, 2026
### Summary
The nono Landlock/seccomp policies allow access to local Unix domain sockets (concrete and abstract). This allows an easy sandbox escape by talking to the per-user systemd dbus socket.
Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so th…
CVE-2026-47128
NVD
MEDIUM
CVE-2026-44681
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attack…
CWE: CWE-601, CWE-863
GitHub-GHSA
MEDIUM
LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS
GHSA-2qv6-9wx5-cwv4
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary
The `strip_html` filter in liquidjs is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The implementation uses a regex whose catch-all branch (`<.*?>`) does not match line terminators, so any HTML tag containing a `\n` or `\r` characte…
CVE-2026-44644
NVD
MEDIUM
CVE-2026-44898
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the visible link label) are inserted into <a> tags via a …
CWE: CWE-79
NVD
MEDIUM
CVE-2026-44897
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTML — with no call to escape(), safe_entity(), or any other sanitisation function. A double-quote cha…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-44896
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRend…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-44708
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($…$) and block math ($$…$$) by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is exp…
CWE: CWE-79
GitHub-GHSA
MEDIUM
CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS
GHSA-g2g4-47gv-p72v
pkg: cryptpad
eco: npm
published: May 26, 2026
### Summary
CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags.
Because the sanitizer only validates the src attribute of `<iframe>` `<video>`, and `<audio>` elements, and does not restrict other attributes, an attacker can inject arbitrary H…
CVE-2026-26028
GitHub-GHSA
MEDIUM
unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
GHSA-6m57-8r3p-pqx6
pkg: unbounded-spsc
eco: rust
published: May 29, 2026
## Summary
`Sender::send` in `src/lib.rs` contains an `unsafe` block in the `DISCONNECTED` arm that transmutes a **raw pointer** (`*mut Producer<T>`) into the bytes of a **value-level** `Consumer<T>`. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. T…
CVE-2026-46690
NVD
MEDIUM
CVE-2026-49129
Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP…
CWE: CWE-918
NVD
MEDIUM
CVE-2026-24198
NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of servi…
CWE: CWE-200
GitHub-GHSA
MEDIUM
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
GHSA-5cxw-77wg-jrf3
pkg: praisonaiagents, PraisonAI
eco: pip
published: May 29, 2026
### Summary
PraisonAI's direct-prompt CLI automatically expands `@url:` mentions in raw prompt text before agent execution begins.
If a prompt contains `@url:<http-or-https-url>`, the CLI calls `MentionsParser.process(…)`. The `@url:` handler then performs a direct `urllib.request.urlopen()` req…
CVE-2026-47395
GitHub-GHSA
MEDIUM
PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
GHSA-5c6w-wwfq-7qqm
pkg: praisonaiagents, PraisonAI
eco: pip
published: May 29, 2026
### Summary
PraisonAI's `spider_tools` URL validation can be bypassed using alternate loopback host encodings.
The affected component is:
“`text
praisonaiagents/tools/spider_tools.py
““
The tool contains a URL validation function intended to block local or unsafe targets before fetching attac…
CVE-2026-47390
GitHub-GHSA
MEDIUM
CAPM3 vulnerable to Cross-Namespace resource access
GHSA-rf84-wr5g-m3rp
pkg: github.com/metal3-io/cluster-api-provider-metal3, github.com/metal3-io/cluster-api-provider-metal3
eco: go
published: May 29, 2026
## Summary
CAPM3 is Metal3's Cluster API (CAPI) provider for baremetal provisioning in Kubernetes. Multiple cross-namespace access control vulnerabilities in Cluster API Provider Metal3 allow users with permissions to create or modify CAPM3 resources in one namespace to reference, read, or claim re…
NVD
MEDIUM
CVE-2026-44885
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target dire…
CWE: CWE-22
GitHub-GHSA
MEDIUM
Shamefile has an arbitrary file read via shamefile.yaml in shame next
GHSA-x6p3-76f2-xxvh
pkg: shamefile, shamefile, shamefile
eco: npm
published: May 28, 2026
### Impact
A path traversal vulnerability in `shame next` allows an attacker-controlled `shamefile.yaml` to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details.
### Patches
Fixed in 0.1.7. Up…
CVE-2026-47144
NVD
MEDIUM
CVE-2025-13755
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.
CWE: CWE-532
NVD
MEDIUM
CVE-2026-48523
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature veri…
CWE: CWE-347
NVD
MEDIUM
CVE-2026-45571
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were intr…
CWE: CWE-22
GitHub-GHSA
MEDIUM
Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers
GHSA-hqmv-v56g-4m47
pkg: @typebot.io/js
eco: npm
published: May 26, 2026
### Summary
The Typebot viewer (`packages/embeds/js`) renders anchor tags from rich text bubble content without filtering the `javascript:` URI scheme. A bot author can set a link URL to `javascript:PAYLOAD`, which executes in the visitor's browser context when clicked. Since the viewer is typicall…
CVE-2026-39964
GitHub-GHSA
MEDIUM
Nerdbank.MessagePack has Inefficient CPU Computation
GHSA-92vj-hp7m-gwcj
pkg: Nerdbank.MessagePack
eco: nuget
published: May 29, 2026
### Impact
Applications that call `OptionalConverters.WithExpandoObjectConverter` and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a `O(n²)` algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an `ExpandoObject`, whos…
GitHub-GHSA
MEDIUM
Nerdbank.MessagePack has a memory amplification DoS in collection deserialization
GHSA-qjvr-435c-5fjh
pkg: Nerdbank.MessagePack
eco: nuget
published: May 29, 2026
Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be allocated…
GitHub-GHSA
MEDIUM
russh server userauth state is not reset when authentication principal changes
GHSA-hpv4-5h6f-wqr3
pkg: russh
eco: rust
published: May 29, 2026
### Summary
The `russh` server authentication path keeps internal userauth state across `SSH_MSG_USERAUTH_REQUEST` messages without separating that state when the request principal changes.
RFC 4252 allows the `user name` and `service name` fields to change between authentication requests. The issu…
CVE-2026-46705
GitHub-GHSA
MEDIUM
ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
GHSA-rr89-w3h9-m66j
pkg: exifreader
eco: npm
published: May 29, 2026
### Impact
Versions of ExifReader from 4.20.0 through 4.38.1 do not bound the size of decompressed metadata blocks. When a caller invokes the asynchronous API (e.g. `ExifReader.load(file)` or `ExifReader.load(buffer, {async: true})`) on an attacker-supplied image, a small compressed chunk in the fi…
CVE-2026-8814
GitHub-GHSA
MEDIUM
OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens
GHSA-7j6w-vvw2-5f9c
pkg: github.com/openbao/openbao
eco: go
published: May 28, 2026
### Impact
In OpenBao's Kerberos auth method on the `GET` handler, or when an `Authorization: Negotiate` header is supplied, the response is includes a `logical.Auth` object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entit…
CVE-2026-46405
GitHub-GHSA
MEDIUM
opentelemetry-go's baggage parsing no longer caps raw header length
GHSA-5wrp-cwcj-q835
pkg: go.opentelemetry.io/otel/baggage, go.opentelemetry.io/otel/propagation, go.opentelemetry.io/otel/baggage
eco: go
published: May 28, 2026
### Summary
https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs.
### Details
The commit removes the upfront baggage-string length che…
CVE-2026-41178
NVD
MEDIUM
CVE-2026-48525
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For b6…
CWE: CWE-400
NVD
MEDIUM
CVE-2026-7552
The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to expose sensitive plugin co…
CWE: CWE-862
GitHub-GHSA
MEDIUM
LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`
GHSA-9x9p-qf8f-mvjg
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary
`Context.spawn()` in liquidjs creates a child `Context` for the `{% render %}` tag but does not propagate the parent context's resolved `ownPropertyOnly` value. The new context re-derives `ownPropertyOnly` from `opts.ownPropertyOnly` (the instance-level option), silently discarding any `…
CVE-2026-44646
NVD
MEDIUM
CVE-2026-47271
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(data != NULL). The C standard specifies that all assert() expressions are compiled out when NDEBUG is de…
CWE: CWE-476
GitHub-GHSA
MEDIUM
local-deep-research has an SSRF bypass in `safe_get`
GHSA-g23j-2vwm-5c25
pkg: local-deep-research
eco: pip
published: May 28, 2026
### Summary
The URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks.
### Details
The current project uses `validate_url` to validate the input URL. The main logic is to perform security checks on the host portion of the URL extra…
CVE-2026-46526
NVD
MEDIUM
CVE-2026-46561
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with…
CWE: CWE-918
NVD
MEDIUM
CVE-2026-41704
AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing 'exception' goes thr…
CWE: CWE-284
NVD
MEDIUM
CVE-2026-9568
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack's c…
CWE: CWE-74, CWE-94
NVD
MEDIUM
CVE-2026-44723
Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script run_tests_model_g…
CWE: CWE-78, CWE-1336
GitHub-GHSA
MEDIUM
Weblate has a Server-Side Request Forgery issue
GHSA-hfpv-mc5v-p9mm
pkg: Weblate
eco: pip
published: May 26, 2026
### Impact
The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, the repository URL field is not validated or sanitized, allowing an attacker to suppl…
CVE-2025-66407
NVD
MEDIUM
CVE-2026-9801
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password …
CWE: CWE-1284
NVD
MEDIUM
CVE-2026-42797
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.
An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-se…
CWE: CWE-202
GitHub-GHSA
MEDIUM
axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
GHSA-898c-q2cr-xwhg
pkg: axios, axios
eco: npm
published: May 29, 2026
## Summary
axios `1.15.2` exposes two read-side prototype-pollution gadgets. When `Object.prototype` is polluted by an upstream dependency in the same process (e.g. lodash `_.merge` / [CVE-2018-16487](https://nvd.nist.gov/vuln/detail/CVE-2018-16487)), axios silently picks up the polluted values:
1…
CVE-2026-44490
NVD
MEDIUM
CVE-2026-47673
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds …
CWE: CWE-285
GitHub-GHSA
MEDIUM
CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters
GHSA-7g26-2qgj-chfg
pkg: carrierwave, carrierwave
eco: rubygems
published: May 27, 2026
### Summary
CarrierWave's content_type_denylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block.
**Note**: CarrierWave is aware `#content_type_denylist is deprecated for the security reason`, but it s…
CVE-2026-44587
NVD
MEDIUM
CVE-2026-44899
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^\d+(?:\.\d*)?"). When the validated value is not a plain integer, render_block_image() inserts it dir…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-24199
NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service.
CWE: CWE-362
GitHub-GHSA
MEDIUM
IPAM controller service account granted unnecessary full access to Secrets
GHSA-49pm-43hf-6xfq
pkg: github.com/metal3-io/ip-address-manager, github.com/metal3-io/ip-address-manager
eco: go
published: May 29, 2026
### Impact
IPAM is the IP address Manager for Cluster API Provider Metal3. The IPAM controller's ClusterRole granted full CRUD permissions (create, delete, get, list, patch, update, watch) on core/v1 Secrets. The controller never accesses Secrets during normal operation. If the controller pod were …
CVE-2026-47190
NVD
MEDIUM
CVE-2026-48792
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to return 0 (no virtual devices found) even when every open() call failed due to…
CWE: CWE-390, CWE-693
NVD
MEDIUM
CVE-2026-41164
nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint (/auth/v1/introspect_access_token) accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claim…
CWE: CWE-345
NVD
MEDIUM
CVE-2025-33221
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.
CWE: CWE-20
GitHub-GHSA
MEDIUM
Ironic Standalone Operator's controller modifies user-owned resources without consent
GHSA-hfc8-w5f4-3x6m
pkg: github.com/metal3-io/ironic-standalone-operator, github.com/metal3-io/ironic-standalone-operator
eco: go
published: May 29, 2026
## Impact
The Ironic Standalone Operator (IRSO) is the operator to maintain an Ironic deployment for Metal3. IRSO controller automatically adds its environment label to user-provided Secrets and ConfigMaps without the resource owner's consent. A high-privilege controller modifying user-owned resour…
GitHub-GHSA
MEDIUM
Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces
GHSA-7cwm-fpfh-rrch
pkg: github.com/metal3-io/ironic-standalone-operator
eco: go
published: May 29, 2026
## Impact
The Ironic Standalone Operator (IRSO) is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 (all network interfaces) by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to a…
NVD
MEDIUM
CVE-2026-9907
Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125
NVD
MEDIUM
CVE-2026-9618
The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.120.46. This is due to missing or incorrect nonce validation on the peachpay_str…
CWE: CWE-352
NVD
MEDIUM
CVE-2026-7533
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the `handle_oauth_redirect()` function, which is registered on the `admin_init` hook and processes Square OAuth tokens…
CWE: CWE-352
NVD
MEDIUM
CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
CWE: CWE-601
NVD
MEDIUM
CVE-2026-8943
The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostats_manage() function. This makes it possible for unauthenticated attackers to update the plugin's set…
CWE: CWE-352
GitHub-GHSA
MEDIUM
Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints
GHSA-p2rj-mrmc-9w29
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
### Summary
The IAM API endpoints (`listUsers`, `getUser`, `listGroups`, and `getGroup`) in `yamcs-core` do not enforce the required `SystemPrivilege.ControlAccess` check. As a result, **any authenticated user** (even those with low or no privileges) can enumerate all user accounts in the system, i…
CVE-2026-44595
GitHub-GHSA
MEDIUM
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
GHSA-cqh3-jg8p-336j
pkg: org.yamcs:yamcs-core
eco: maven
published: May 26, 2026
### Summary
An LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping.
### Root Cause
**File:** `yamcs-core/src/main/java/org/yamcs/security/Ldap…
CVE-2026-42568
NVD
MEDIUM
CVE-2026-46430
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort("", ":5553") resolves to ":5553". Th…
CWE: CWE-668, CWE-1188
NVD
MEDIUM
CVE-2026-44502
Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be (partially) bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For …
CWE: CWE-918
NVD
MEDIUM
CVE-2026-48522
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no docum…
CWE: CWE-441, CWE-918
GitHub-GHSA
MEDIUM
tuf has platform-dependent delegation path matching
GHSA-qp9x-wp8f-qgjj
pkg: tuf
eco: pip
published: May 28, 2026
`DelegatedRole._is_target_in_pathpattern` uses `fnmatch.fnmatch` to decide whether a given target path is authorized by a delegation's glob pattern.
Python's `fnmatch.fnmatch` calls `os.path.normcase()` on both arguments before matching. On POSIX hosts `normcase` is the identity function; on Window…
GitHub-GHSA
MEDIUM
uv is vulnerable to arbitrary file write through entry point names
GHSA-4gg8-gxpx-9rph
pkg: uv, uv
eco: pip
published: May 29, 2026
### Impact
In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification (under `console_scripts` or `gui_scripts`), uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scr…
GitHub-GHSA
MEDIUM
Parse Server's GraphQL "Did you mean …?" validation suggestions disclose schema to unauthenticated callers
GHSA-8cph-rgr4-g5vj
pkg: parse-server, parse-server
eco: npm
published: May 29, 2026
### Impact
Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through `Did you mean …?` suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconst…
CVE-2026-47248
GitHub-GHSA
MEDIUM
tar has a PAX header desynchronization issue
GHSA-3pv8-6f4r-ffg2
pkg: tar
eco: rust
published: May 29, 2026
### Summary
When a tar stream contains multiple "header" entries prior to a file entry, tar-rs applies the PAX header (`x`) to the _next_ entry in the stream, regardless of type. For example, a stream of `x -> L -> file` (PAX, GNU longname, file) would result in `x`'s extensions being applied to `L…
GitHub-GHSA
MEDIUM
astral-tokio-tar has a PAX Header Desynchronization issue
GHSA-3cv2-h65g-fgmm
pkg: astral-tokio-tar
eco: rust
published: May 29, 2026
### Impact
Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle une…
GitHub-GHSA
MEDIUM
NodeVM observability builtins leak host process and HTTP request data
GHSA-9g8x-92q2-p28f
pkg: vm2
eco: npm
published: May 29, 2026
## Summary
`NodeVM` exposes some process-wide observability builtins when they are allowed through `require.builtin`.
The following builtins are not blocked by the dangerous builtin denylist:
“`text
diagnostics_channel
async_hooks
perf_hooks
“`
These modules are process-wide, not sandbox-local…
CVE-2026-47141
GitHub-GHSA
MEDIUM
Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`
GHSA-hg3f-28rg-4jxj
pkg: nuxt, @nuxt/nitro-server, @nuxt/nitro-server
eco: npm
published: May 29, 2026
### Summary
When `experimental.componentIslands` is enabled (default in Nuxt 4), any `.server.vue` file under `pages/` is automatically registered as a server island under the key `page_<routeName>` and exposed via the `/__nuxt_island/:name` endpoint. Until this fix, requests through that endpoint …
CVE-2026-47200
GitHub-GHSA
MEDIUM
FUXA provides guest and invalid-token access to protected read APIs in secure mode
GHSA-r9g5-7q8j-958c
pkg: fuxa-server
eco: npm
published: May 28, 2026
### Summary
When `secureEnabled=true`, FUXA `1.3.0-2773` still allows guest and invalid-token requests to read project, alarms, and scheduler APIs.
### Details
In secure mode, requests with no token or an explicitly invalid token were still able to access protected read endpoints.
Confir…
CVE-2026-47718
GitHub-GHSA
MEDIUM
OpenBao's Inline Auth Incorrectly Redacted Headers
GHSA-q8cj-789h-vg24
pkg: github.com/openbao/openbao
eco: go
published: May 28, 2026
### Impact
OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source authenti…
CVE-2026-46358
GitHub-GHSA
MEDIUM
compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal
GHSA-mj4x-vf5c-5xg8
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 28, 2026
## Summary
The compliance-trestle library's profile import mechanism resolves `trestle://` URIs and relative file paths by joining them with `trestle_root` and calling `.resolve()`, but performs **no boundary check** to ensure the resolved path stays within the trestle workspace. An attacker can cr…
CVE-2026-45774
GitHub-GHSA
MEDIUM
Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability
GHSA-qjjm-7j9w-pw72
pkg: github.com/projectcapsule/capsule
eco: go
published: May 28, 2026
# TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability
## Summary
The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Tenant administrators…
CVE-2026-22872
GitHub-GHSA
MEDIUM
AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username
GHSA-g794-3fmp-753h
pkg: asyncssh
eco: pip
published: May 27, 2026
## Summary
AsyncSSH 2.22.0 expands the OpenSSH-compatible `AuthorizedKeysFile` `%u` token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as `AuthorizedKeysFile authorized_keys/%u` can be made to read an author…
CVE-2026-45309
GitHub-GHSA
MEDIUM
CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression
GHSA-273h-gvwr-c3qj
pkg: github.com/crowdsecurity/crowdsec
eco: go
published: May 27, 2026
The LAPI router uses `gin-contrib/gzip` with `DefaultDecompressHandle` globally (`pkg/apiserver/controllers/controller.go`).
This middleware decompresses incoming request bodies without enforcing a maximum decompressed size.
The endpoints `/v1/watchers` or `/v1/watchers/login` require no authentic…
CVE-2026-44981
GitHub-GHSA
MEDIUM
@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects
GHSA-vhjm-w67q-g75c
pkg: @hapi/wreck
eco: npm
published: May 27, 2026
### Impact
When `@hapi/wreck` follows a 3xx redirect to a different hostname, only the `Authorization` and `Cookie` headers are stripped. The standard credential header `Proxy-Authorization` is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside …
CVE-2026-44979
GitHub-GHSA
MEDIUM
Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations
GHSA-rr59-xxvx-96qr
pkg: github.com/kata-containers/kata-containers
eco: go
published: May 26, 2026
## Summary
Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the `io.katacontainers.config.hypervisor.virtio_fs_extra_args` pod annotation. By injecting `-o source=/` along with `–no-announce-su…
CVE-2026-44210
GitHub-GHSA
MEDIUM
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures
GHSA-f659-372h-6x3x
pkg: io.netty.incubator:netty-incubator-codec-ohttp
eco: maven
published: May 26, 2026
HKDF_expand: returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key.
When EVP_HPKE_CTX_export fails it also returns an empty b…
CVE-2026-41207
GitHub-GHSA
MEDIUM
XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin
GHSA-vgwr-23fq-pr7g
pkg: org.xwiki.platform:xwiki-platform-webjars-api, org.xwiki.platform:xwiki-platform-webjars-api, org.xwiki.platform:xwiki-platform-webjars-api
eco: maven
published: May 26, 2026
### Impact
A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requi…
CVE-2026-48047