Vulnerability Digest — July 10, 2026 · 34 Critical · 4 Exploited






Vulnerability Digest — Friday, July 10, 2026


Security Report

Friday, July 10, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
308
Critical
34
High
140
Actively Exploited
4
CISA-KEV4
NVD178
GitHub-GHSA126
Findings sorted by severity
CISA-KEV

CRITICAL
Langflow Authorization Bypass Through User-Controlled Key Vulnerability
CVE-2026-55255
pkg: Langflow Langflow

published: Jul 7, 2026

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Joomlack Page Builder Improper Access Control Vulnerability
CVE-2026-56290
pkg: Joomlack Page Builder

published: Jul 7, 2026

Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Adobe ColdFusion Path Traversal Vulnerability
CVE-2026-48282
pkg: Adobe ColdFusion

published: Jul 7, 2026

Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-48908
pkg: JoomShaper SP Page Builder

published: Jul 7, 2026

JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
NVD

CRITICAL
CVE-2026-54769
CVE-2026-54769
pkg: python

published: Jul 10, 2026

Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages w…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-59726
CVE-2026-59726
pkg: docker

published: Jul 9, 2026

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminal_execute, obtain a…
CWE: CWE-78, CWE-306, CWE-942
NVD

CRITICAL
CVE-2026-54782
CVE-2026-54782
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings…
CWE: CWE-290, CWE-347
GitHub-GHSA

CRITICAL
Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE
GHSA-v5px-423j-pf7p
pkg: github.com/nuclio/nuclio
eco: go
published: Jul 8, 2026
## Summary

Nuclio controller builds a `curl` invocation string for each cron trigger and stores it as the `args` of a Kubernetes CronJob container (`/bin/sh`, `-c`, `<command>`). Two fields in the trigger specification flow into this string without adequate sanitization:

– `event.headers` keys —…

CVE-2026-52831
GitHub-GHSA

CRITICAL
9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
GHSA-vjc7-jrh9-9j86
pkg: 9router
eco: npm
published: Jul 6, 2026

title: Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
product: 9Router
version: <= 0.4.41
severity: critical
cve_request: true

## Summary

Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The `/api/providers` e…

NVD

CRITICAL
CVE-2026-57572
CVE-2026-57572
pkg: kidocode crawl4ai

published: Jul 6, 2026

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together w…
CWE: CWE-88, CWE-94
GitHub-GHSA

CRITICAL
Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent
GHSA-q9p7-wqxg-mrhc
pkg: langroid
eco: pip
published: Jul 6, 2026
### Advisory Details
**Title**: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

**Description**:
### Summary
Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities…

CVE-2026-54769
GitHub-GHSA

CRITICAL
9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover
GHSA-qvfm-67h2-2qfx
pkg: 9router
eco: npm
published: Jul 6, 2026
## Summary

The `/api/settings/database` endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the `ALWAYS_PROTECTED` middleware check, which only validates J…

CVE-2026-55500
NVD

CRITICAL
CVE-2026-34038
CVE-2026-34038
pkg: docker

published: Jul 6, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution and…
CWE: CWE-78
NVD

CRITICAL
CVE-2026-13019
CVE-2026-13019
pkg: esri portal_for_arcgis, kubernetes kubernetes, linux linux_kernel

published: Jul 7, 2026

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.
CWE: CWE-640
NVD

CRITICAL
CVE-2026-9182
CVE-2026-9182
pkg: esri arcgis_server, linux linux_kernel, microsoft windows

published: Jul 6, 2026

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts all …
CWE: CWE-434
NVD

CRITICAL
CVE-2026-9181
CVE-2026-9181
pkg: esri arcgis_server, linux linux_kernel, microsoft windows

published: Jul 6, 2026

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this issu…
CWE: CWE-22
NVD

CRITICAL
CVE-2026-53913
CVE-2026-53913
pkg: apache camel

published: Jul 6, 2026

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in Apache Camel Keycloak Component.

The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess(), which performs three check…

CWE: CWE-287, CWE-306, CWE-636
NVD

CRITICAL
CVE-2026-58422
CVE-2026-58422
pkg: oauth

published: Jul 3, 2026

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
CWE: CWE-284
NVD

CRITICAL
CVE-2026-20896
CVE-2026-20896
pkg: docker

published: Jul 3, 2026

Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
CWE: CWE-284
NVD

CRITICAL
CVE-2026-15113
CVE-2026-15113
pkg: google chrome, google android

published: Jul 8, 2026

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
GitHub-GHSA

CRITICAL
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
GHSA-xqhv-chqm-fhcc
pkg: github.com/BishopFox/joro
eco: go
published: Jul 8, 2026
# Unauthenticated Cross-Origin Plugin Upload Leads to RCE (Joro ≤ v1.1.0)

**Severity:** Critical
**CVSS v3.1:** 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
**Affected versions:** Joro ≤ v1.1.0, proxy mode (default), Linux/macOS
**Reporter:** cstover
**Date:** 2026-05-27

## Summary

Joro's d…

CVE-2026-53649
NVD

CRITICAL
CVE-2026-15062
CVE-2026-15062
pkg: python

published: Jul 8, 2026

SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization scope. An attacker could exploit these vulnerabilities by embedding SQL payloads in source database co…
CWE: CWE-89
GitHub-GHSA

CRITICAL
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
GHSA-26rh-24rg-j3vv
pkg: github.com/zhenorzz/goploy
eco: go
published: Jul 7, 2026
### Summary

`Project.AddFile`, `Project.EditFile`, `Project.RemoveFile`, and `Project.Edit` in `cmd/server/api/project/handler.go` accept a project or project-file row id from the JSON body and act on it without checking that the project belongs to the caller's namespace. The corresponding `model.P…

CVE-2026-53552
GitHub-GHSA

CRITICAL
@better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints
GHSA-5rr4-8452-hf4v
pkg: @better-auth/sso
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `@better-auth/sso` at a version `>= 0.1.0, < 1.6.11` on the stable line, or any `1.7.0-beta.x` on the pre-release line.
– The `sso()` plugin is added to their application's `betterAuth({ plugins: […]…

CVE-2026-53513
NVD

CRITICAL
CVE-2026-15378
CVE-2026-15378
pkg: kubernetes

published: Jul 10, 2026

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including c…
CWE: CWE-918
GitHub-GHSA

CRITICAL
Zebra: Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness
GHSA-ww9q-8r59-xv46
pkg: zebrad, halo2_gadgets, orchard
eco: rust
published: Jul 6, 2026
### Summary

A soundness vulnerability in the variable-base scalar multiplication gadget of `halo2_gadgets` allowed a malicious prover to produce a valid proof for an Orchard Action with an *under-constrained* base point. Because this gadget enforces the diversified-address-integrity condition of th…

CVE-2026-54496
GitHub-GHSA

CRITICAL
Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access
GHSA-3fcv-jvfp-m4q9
pkg: github.com/cilium/cilium, github.com/cilium/cilium, github.com/cilium/cilium
eco: go
published: Jul 6, 2026
### Impact

When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive info…

CVE-2026-49445
NVD

CRITICAL
CVE-2026-58122
CVE-2026-58122
pkg: oauth

published: Jul 9, 2026

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to per…
CWE: CWE-348
GitHub-GHSA

CRITICAL
Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
GHSA-pw9m-5jxm-xr6h
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `better-auth` and has enabled at least one of: `oidcProvider()` (imported from `better-auth/plugins/oidc-provider`), or `mcp()` (imported from `better-auth/plugins/mcp`).
– Their application has at lea…

CVE-2026-53512
GitHub-GHSA

CRITICAL
Decompress: Archive extraction can create files and links outside of the target directory
GHSA-mp2f-45pm-3cg9
pkg: @xhmikosr/decompress, @xhmikosr/decompress, decompress
eco: npm
published: Jul 6, 2026
### Impact

When extracting an archive to a directory, a crafted archive can read or write files outside that directory. The flaw is in the code that writes the parsed entries, so it affects every format decompress handles: tar, tar.gz, tar.bz2, and zip by default, plus any others added through the …

CVE-2026-53486
NVD

CRITICAL
CVE-2026-26247
CVE-2026-26247
pkg: oauth

published: Jul 3, 2026

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check.
CWE: CWE-284
NVD

CRITICAL
CVE-2026-26232
CVE-2026-26232
pkg: oauth

published: Jul 3, 2026

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange.
CWE: CWE-294
GitHub-GHSA

CRITICAL
Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
GHSA-2pq5-3q89-j7cc
pkg: langroid
eco: pip
published: Jul 6, 2026
Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection (direct user input or indirect content the agent reads back via RAG), so an attacker who can influ…
CVE-2026-55615
GitHub-GHSA

CRITICAL
Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
GHSA-6xc5-4r68-67fc
pkg: langroid
eco: pip
published: Jul 6, 2026
# SQLChatAgent `_validate_query` dangerous-pattern regex is bypassable via quoted/commented/qualified function names

## Summary

The `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) with a `sqlg…

CVE-2026-54760
NVD

HIGH
CVE-2026-59148
CVE-2026-59148
pkg: express

published: Jul 9, 2026

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: * with write methods a…
CWE: CWE-306, CWE-352, CWE-732, CWE-942
NVD

HIGH
CVE-2026-15133
CVE-2026-15133
pkg: google chrome

published: Jul 8, 2026

Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15132
CVE-2026-15132
pkg: google chrome

published: Jul 8, 2026

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
NVD

HIGH
CVE-2026-15129
CVE-2026-15129
pkg: google chrome

published: Jul 8, 2026

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-15126
CVE-2026-15126
pkg: google chrome

published: Jul 8, 2026

Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15125
CVE-2026-15125
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-863
NVD

HIGH
CVE-2026-15123
CVE-2026-15123
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-122
NVD

HIGH
CVE-2026-15121
CVE-2026-15121
pkg: google chrome

published: Jul 8, 2026

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15118
CVE-2026-15118
pkg: google chrome

published: Jul 8, 2026

Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15116
CVE-2026-15116
pkg: google chrome

published: Jul 8, 2026

Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15114
CVE-2026-15114
pkg: google chrome

published: Jul 8, 2026

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)
CWE: CWE-125, CWE-787
NVD

HIGH
CVE-2026-15112
CVE-2026-15112
pkg: google chrome

published: Jul 8, 2026

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-15110
CVE-2026-15110
pkg: google chrome

published: Jul 8, 2026

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15107
CVE-2026-15107
pkg: google chrome

published: Jul 8, 2026

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-59257
CVE-2026-59257
pkg: n8n n8n

published: Jul 8, 2026

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated {{ … }} expression values directly into the raw SQL string without parameterization. When a workflow use…
CWE: CWE-89
NVD

HIGH
CVE-2026-34158
CVE-2026-34158
pkg: docker

published: Jul 7, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker() helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a …
CWE: CWE-78
NVD

HIGH
CVE-2026-34168
CVE-2026-34168
pkg: docker

published: Jul 7, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a storag…
CWE: CWE-78
NVD

HIGH
CVE-2026-42204
CVE-2026-42204
pkg: docker

published: Jul 6, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an aut…
CWE: CWE-78
NVD

HIGH
CVE-2026-34599
CVE-2026-34599
pkg: docker

published: Jul 6, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership (lowest privilege member role) to execute a…
CWE: CWE-78
NVD

HIGH
CVE-2026-14535
CVE-2026-14535
pkg: node

published: Jul 4, 2026

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in …
CWE: CWE-693
NVD

HIGH
CVE-2026-14534
CVE-2026-14534
pkg: python

published: Jul 4, 2026

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with…
CWE: CWE-184, CWE-502
NVD

HIGH
CVE-2025-71380
CVE-2025-71380
pkg: node

published: Jul 4, 2026

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete…
CWE: CWE-284
GitHub-GHSA

HIGH
Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding — chunked / HTTP/2 requests
GHSA-659f-rgp5-w4wf
pkg: github.com/zalando/skipper
eco: go
published: Jul 8, 2026
### Summary

`zalando/skipper`'s OpenPolicyAgent integration silently bypasses request-body
inspection on HTTP/1.1 `Transfer-Encoding: chunked` and HTTP/2 requests that
omit the `content-length` pseudo-header. When the
`opaAuthorizeRequestWithBody` filter is configured, the
`OpenPolicyAgentInstance.…

CVE-2026-50197
NVD

HIGH
CVE-2026-14891
CVE-2026-14891
pkg: docker

published: Jul 8, 2026

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability, CVE…
CWE: CWE-59
GitHub-GHSA

HIGH
Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default
GHSA-9h47-pqcx-hjr4
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `better-auth` at a version below the patched release.
– Their application enables `oidcProvider()` from `better-auth/plugins/oidc-provider` or `mcp()` from `better-auth/plugins/mcp` (the mcp plugin del…

GitHub-GHSA

HIGH
Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
GHSA-9rjw-3gwp-f59v
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`UpsertWorkspaceApp` overwrites an existing app's `agent_id` on a primary-key conflict and `insertAgentApp` accepts the app ID from the provisioner's `CompleteJob` payload without verifying it belongs to the workspace being built. `CompleteJob` runs under `dbauthz.AsProvisionerd` so the…

CVE-2026-55429
NVD

HIGH
CVE-2026-57573
CVE-2026-57573
pkg: kidocode crawl4ai

published: Jul 6, 2026

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handle_stream_crawl_request passed seed URLs straight to the crawler with no destination validatio…
CWE: CWE-918
NVD

HIGH
CVE-2026-54765
CVE-2026-54765
pkg: traefik traefik

published: Jul 6, 2026

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only one…
CWE: CWE-284, CWE-863
GitHub-GHSA

HIGH
flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`
GHSA-h9f9-h6gm-wc85
pkg: flyto-core
eco: pip
published: Jul 6, 2026
## Unauthenticated Command Execution via HTTP MCP `execute_module`

### Summary

The HTTP MCP endpoint (`POST /mcp`) in flyto-core accepts unauthenticated JSON-RPC `tools/call` requests and dispatches them to arbitrary registered modules, including `sandbox.execute_shell`, which passes attacker-cont…

CVE-2026-55786
NVD

HIGH
CVE-2026-54424
CVE-2026-54424
pkg: windows

published: Jul 4, 2026

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of …
CWE: CWE-648
NVD

HIGH
CVE-2026-47829
CVE-2026-47829
pkg: openssh

published: Jul 9, 2026

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation.
Affected v…
NVD

HIGH
CVE-2026-15122
CVE-2026-15122
pkg: google chrome, microsoft windows

published: Jul 8, 2026

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-15120
CVE-2026-15120
pkg: google chrome, microsoft windows

published: Jul 8, 2026

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15119
CVE-2026-15119
pkg: google chrome

published: Jul 8, 2026

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-362
NVD

HIGH
CVE-2026-55830
CVE-2026-55830
pkg: python

published: Jul 8, 2026

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted position…
CWE: CWE-184
GitHub-GHSA

HIGH
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
GHSA-37h2-6p4f-mp3q
pkg: serena-agent
eco: pip
published: Jul 8, 2026
### Summary

Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port (TCP 24282, hardcoded as `0x5EDA` in `constants.py`). The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage …

CVE-2026-49471
GitHub-GHSA

HIGH
@better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
GHSA-j8v8-g9cx-5qf4
pkg: @better-auth/scim
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of these hold:

– They install and register the `@better-auth/scim` plugin (`plugins: [scim()]`).
– They create SCIM providers without an `organizationId`, that is, non-organization ("personal") providers. Organization-scoped providers are not affected b…

GitHub-GHSA

HIGH
Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email
GHSA-g38m-r43w-p2q7
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `better-auth` at a version `< 1.6.11` on the stable line, or any current `next` pre-release.
– `emailAndPassword.enabled: true` is set in their application's `betterAuth({ … })` configuration.
– At l…

CVE-2026-53516
GitHub-GHSA

HIGH
Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write
GHSA-qrwj-vh9x-gw5v
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`agentConn.apiClient()` used the default redirect behavior of `http.Client` while its custom transport dialed the host from the request URL as long as the port was the workspace agent HTTP API port (`4`). Agent tailnet IPs are deterministic from agent UUIDs, so a malicious workspace age…

GitHub-GHSA

HIGH
Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`
GHSA-mcqq-fqgf-rxwm
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHConfigOptions`) into the user's `~/.ssh/config` without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration.

> **Note:** P…

CVE-2026-55427
NVD

HIGH
CVE-2026-54423
CVE-2026-54423
pkg: node

published: Jul 10, 2026

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
CWE: CWE-424
GitHub-GHSA

HIGH
`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes
GHSA-4jhm-jv67-739f
pkg: lxml_html_clean
eco: pip
published: Jul 8, 2026
# `lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes (`xlink:href`)

**Reporter:** Guillem Lefait <guillem@datamq.com> · **Date:** 2026-05-10
**Affected:** `lxml` ≤ 6.1.0 and `lxml_html_clean` ≤ 0.4.4 (latest stable)
**Confirmed against:** lxml 6.1.0 + lx…

CVE-2026-49825
GitHub-GHSA

HIGH
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
GHSA-wrq8-fcv5-8hvp
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The tailnet coordinator validates that an agent's `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinator forwards agent-supplied `AllowedIPs` verbatim to tunnel peers which install them into the WireGuard peer configuration.

### …

CVE-2026-55428
NVD

HIGH
CVE-2026-59195
CVE-2026-59195
pkg: pnpm pnpm

published: Jul 6, 2026

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under node_modules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml whose…
CWE: CWE-22
NVD

HIGH
CVE-2026-46591
CVE-2026-46591
pkg: apache camel

published: Jul 6, 2026

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component.

The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection throu…

CWE: CWE-943
NVD

HIGH
CVE-2026-12597
CVE-2026-12597
pkg: oauth

published: Jul 10, 2026

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array retur…
CWE: CWE-287
NVD

HIGH
CVE-2026-12595
CVE-2026-12595
pkg: oauth

published: Jul 10, 2026

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /user…
CWE: CWE-287
NVD

HIGH
CVE-2026-31985
CVE-2026-31985
pkg: tls

published: Jul 9, 2026

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Re…
CWE: CWE-671
NVD

HIGH
CVE-2026-54591
CVE-2026-54591
pkg: python

published: Jul 8, 2026

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../ tra…
CWE: CWE-22
GitHub-GHSA

HIGH
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
GHSA-6h3c-r723-7fx3
pkg: nl.nl-portal:taak
eco: maven
published: Jul 8, 2026
## Impact

In versions from 1.5.0 up to and including 3.0.0, any authenticated portal user could complete and tamper with another user's open task by submitting it on their behalf. The task submission endpoint accepted a task ID and a payload, but it never checked whether the task actually belonged …

CVE-2026-49464
NVD

HIGH
CVE-2026-54652
CVE-2026-54652
pkg: nginx

published: Jul 8, 2026

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and ena…
CWE: CWE-269, CWE-532, CWE-598, CWE-863
GitHub-GHSA

HIGH
@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
GHSA-7w99-5wm4-3g79
pkg: @better-auth/oauth-provider, better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their project depends on `@better-auth/oauth-provider` at a version `>= 1.6.0, < 1.6.11`, or uses the embedded plugin in `better-auth >= 1.4.8-beta.7, < 1.6.0`, or enables the legacy `oidc-provider` or `mcp` plugins from `be…

CVE-2026-53518
GitHub-GHSA

HIGH
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
GHSA-392p-2q2v-4372
pkg: @better-auth/oauth-provider, better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their project depends on `@better-auth/oauth-provider` at a version `>= 1.6.0, < 1.6.11`, or uses the embedded plugin in `better-auth >= 1.4.8-beta.7, < 1.6.0`.
– At least one OAuth client served by their application's autho…

CVE-2026-53517
NVD

HIGH
CVE-2026-13020
CVE-2026-13020
pkg: esri portal_for_arcgis, kubernetes kubernetes, linux linux_kernel

published: Jul 7, 2026

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an …
CWE: CWE-640
GitHub-GHSA

HIGH
Langroid: handle_message() executes user-supplied tool JSON without sender verification
GHSA-gjgq-w2m6-wr5q
pkg: langroid
eco: pip
published: Jul 6, 2026
## Summary

A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`.

## Details

`enable_message(…, use=False, handle=True)` only prevents the LLM from being instructed…

CVE-2026-54771
NVD

HIGH
CVE-2026-49297
CVE-2026-49297
pkg: apache apache-airflow-providers-google

published: Jul 6, 2026

Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (ty…
CWE: CWE-22
NVD

HIGH
CVE-2026-43865
CVE-2026-43865
pkg: apache camel

published: Jul 6, 2026

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component.

The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself – that is, when no user…

CWE: CWE-502
NVD

HIGH
CVE-2026-40859
CVE-2026-40859
pkg: apache camel

published: Jul 6, 2026

Deserialization of Untrusted Data vulnerability in Apache Camel.

The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter (VertxHttpHelper.deserialize…

CWE: CWE-502
NVD

HIGH
CVE-2026-12746
CVE-2026-12746
pkg: oauth

published: Jul 4, 2026

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter.

The authentication_url method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting …

CWE: CWE-352
NVD

HIGH
CVE-2026-12740
CVE-2026-12740
pkg: oauth

published: Jul 4, 2026

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter.

RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session (register_s…

CWE: CWE-352
NVD

HIGH
CVE-2025-71372
CVE-2025-71372
pkg: python

published: Jul 4, 2026

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling supply-…
CWE: CWE-502
NVD

HIGH
CVE-2026-28699
CVE-2026-28699
pkg: oauth

published: Jul 3, 2026

Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.
CWE: CWE-284, CWE-863
GitHub-GHSA

HIGH
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN
GHSA-9×82-rm84-c6x7
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview

Remote Code Execution (RCE) is possible via Velocity Templates used by DSpace for [COAR Notify/LDN messages](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126679/COAR+Notify). _This vulnerability impacts DSpace versions 8.0 <= 8.3, 9.0 <= 9.2._ The attacker MUST already have DSpace a…

CVE-2026-49832
NVD

HIGH
CVE-2026-22927
CVE-2026-22927
pkg: windows

published: Jul 8, 2026

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability.
CWE: CWE-22
GitHub-GHSA

HIGH
Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command
GHSA-798h-hpph-m24j
pkg: linuxfabrik-lib
eco: pip
published: Jul 6, 2026
### Summary
When a check plugin places user provided input inside a command which is passed to `shell_exec`, an attacker can abuse this to run arbitrary commands. This is mainly dangerous for plugins which are listed in the sudoers file, because this allows an attacker controlling the nagios user to…
CVE-2026-55426
GitHub-GHSA

HIGH
Open Babel has out-of-bounds write in MOPAC translationVectors[] (UNIT CELL TRANSLATION)
GHSA-55f6-pf8r-c2f4
pkg: openbabel
eco: pip
published: Jul 6, 2026
### Summary

A memory-safety vulnerability in Open Babel's MOPAC output parser
allowed an out-of-bounds write into the `translationVectors[]` array
when reading the "UNIT CELL TRANSLATION" block of a crafted input
file.

### Details

The MOPAC output reader stored translation vectors from the UNIT C…

CVE-2022-46292
NVD

HIGH
CVE-2026-33655
CVE-2026-33655
pkg: go

published: Jul 9, 2026

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/bl…
CWE: CWE-918
NVD

HIGH
CVE-2026-59216
CVE-2026-59216
pkg: python

published: Jul 9, 2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get_event_call delivered execute:python and execute:tool Socket.IO events to a client-supplied session_id after checking only that the session was connected, allowing authenticated users who learne…
CWE: CWE-94, CWE-200, CWE-639, CWE-862
GitHub-GHSA

HIGH
Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths
GHSA-52vm-mxx8-f227
pkg: phantom-audio
eco: pip
published: Jul 9, 2026
### Impact

In Phantom <= 1.3.0, when `PHANTOM_OUTPUT_DIR` was unset (the default), the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls (e.g. an AI agent driving the MCP interface) could **write or overwrite arbitrary files** the process user …

NVD

HIGH
CVE-2026-14373
CVE-2026-14373
pkg: docker

published: Jul 8, 2026

HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on t…
CWE: CWE-862
NVD

HIGH
CVE-2026-60002
CVE-2026-60002
pkg: openbsd openssh

published: Jul 8, 2026

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
CWE: CWE-416
GitHub-GHSA

HIGH
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
GHSA-4g5x-hcwm-82jw
pkg: github.com/zhenorzz/goploy
eco: go
published: Jul 7, 2026
> [ Click here to jump to the Simplified Chinese version (点击跳转到简体中文版本)](#goploy-系统任意文件读取)
# Goploy System Arbitrary File Read Vulnerability

## Basic Information
– **Vulnerability Name**: Goploy Endpoints Arbitrary File Read via Path Traversal
– **Vulnerability …

CVE-2026-53553
GitHub-GHSA

HIGH
Better Auth has stored XSS in the auth-server origin via javascript: redirect_uri in oidc-provider and mcp
GHSA-86j7-9j95-vpqj
pkg: better-auth, better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Check each condition. Users are affected when all of the first three hold.

– Their application enables the `oidc-provider` plugin or the `mcp` plugin from `better-auth/plugins`. The `mcp` plugin wraps the same provider and carries the same defect. Both are on the migration path …

GitHub-GHSA

HIGH
Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin
GHSA-fmh4-wcc4-5jm3
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `better-auth` with the `organization` plugin (`import { organization } from "better-auth/plugins/organization"`).
– Their application enables a sign-up surface that allows arbitrary unverified email re…

CVE-2026-53514
GitHub-GHSA

HIGH
New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs
GHSA-6qcr-qxgr-m7fv
pkg: github.com/QuantumNous/new-api
eco: go
published: Jul 7, 2026
## Summary

The default SSRF protection configuration did not apply IP filtering to hostnames. With `ApplyIPFilterForDomain` disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure n…

CVE-2026-33655
GitHub-GHSA

HIGH
Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps
GHSA-v54h-cp2w-9x4g
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`coder open app` opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the `$SESSION_TOKEN` placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler.

> **Note:** Practical explo…

CVE-2026-55431
GitHub-GHSA

HIGH
OpenRemote has Cross-Realm User Information Disclosure in UserResourceImpl
GHSA-xqr9-4wvv-gvch
pkg: io.openremote:openremote-manager
eco: maven
published: Jul 6, 2026
### Summary

A realm admin of tenant B can read the profile, client roles, and realm roles of any user in any other realm (including the master realm) by supplying the target user's UUID in the REST API path. Three read endpoints in UserResourceImpl check whether the caller holds the read:admin role…

CVE-2026-54641
NVD

HIGH
CVE-2026-9165
CVE-2026-9165
pkg: kubernetes

published: Jul 6, 2026

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central,…
CWE: CWE-400
GitHub-GHSA

HIGH
OpenRemote has an incomplete fix for CVE-2026-40882: XXE in KNXProtocol.startAssetImport() allows arbitrary file read via unprotected XMLInputFactory
GHSA-7v6w-c3f4-9wpq
pkg: io.openremote:openremote-agent
eco: maven
published: Jul 6, 2026
### Summary
The fix for CVE-2026-40882 addressed only the Velbus asset import handler. The KNX asset import handler (`KNXProtocol`) processes user-uploaded ETS project ZIP files through Saxon XSLT and `XMLInputFactory.newInstance()` with no XXE protection, allowing any authenticated user to read arb…
CVE-2026-54640
GitHub-GHSA

HIGH
Mistune: Potential DoS via quadratic-time parsing in parse_link_text
GHSA-qcq2-496w-v96p
pkg: mistune
eco: pip
published: Jul 9, 2026
### Summary
Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. A relatively small input consisting of repeated [ characters causes significant parsing slowdown.

### Affected component
mistune/inline_parser.py → **parse_link_text**

CVE-2026-49851
NVD

HIGH
CVE-2026-54695
CVE-2026-54695
pkg: python

published: Jul 9, 2026

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid fr…
CWE: CWE-862
NVD

HIGH
CVE-2026-13462
CVE-2026-13462
pkg: ssl

published: Jul 9, 2026

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
NVD

HIGH
CVE-2026-11404
CVE-2026-11404
pkg: tls

published: Jul 9, 2026

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthentica…
CWE: CWE-125
GitHub-GHSA

HIGH
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
GHSA-7cmj-v6x8-frvv
pkg: ca.uhn.hapi.fhir:org.hl7.fhir.dstu2, ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may, ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
eco: maven
published: Jul 9, 2026
# Summary
All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource …
CVE-2026-49485
GitHub-GHSA

HIGH
Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser
GHSA-836r-79rf-4m37
pkg: soupsieve
eco: pip
published: Jul 9, 2026
### Summary

The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the `VALUE` regex pattern in `css_parser.py` enters exponen…

CVE-2026-49477
GitHub-GHSA

HIGH
Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
GHSA-2wc2-fm75-p42x
pkg: soupsieve
eco: pip
published: Jul 9, 2026
### Summary

The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to `soupsieve.compile()` or Beautiful Soup's `.select()` / `.selec…

CVE-2026-49476
GitHub-GHSA

HIGH
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS
GHSA-387m-935m-c4vw
pkg: io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client
eco: maven
published: Jul 9, 2026
The Netty-based Micronaut HTTP Client does not impose a limit on HTTP redirections, potentially allowing an infinite redirect loop that could lead to a denial-of-service attack.

### Patches

The following versions are patched:

– For Micronaut 5, versions equal or greater than [5.0.1](https://gith…

NVD

HIGH
CVE-2026-54772
CVE-2026-54772
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tc…
CWE: CWE-400, CWE-835
NVD

HIGH
CVE-2026-54499
CVE-2026-54499
pkg: python

published: Jul 8, 2026

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(…, weights_only=True) but fall back to torch.load(…, weights_o…
CWE: CWE-502, CWE-676
NVD

HIGH
CVE-2026-15117
CVE-2026-15117
pkg: google chrome

published: Jul 8, 2026

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15111
CVE-2026-15111
pkg: google chrome

published: Jul 8, 2026

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-31309
CVE-2026-31309
pkg: node

published: Jul 8, 2026

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.
CWE: CWE-862
NVD

HIGH
CVE-2026-49866
CVE-2026-49866
pkg: node

published: Jul 8, 2026

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronously i…
CWE: CWE-770
NVD

HIGH
CVE-2026-59939
CVE-2026-59939
pkg: python

published: Jul 8, 2026

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small c…
CWE: CWE-409
NVD

HIGH
CVE-2026-55404
CVE-2026-55404
pkg: linux

published: Jul 8, 2026

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the –write-link, –write-url-link, and –write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpage_url or filename metadata without sufficient validation or escaping, allo…
CWE: CWE-74
NVD

HIGH
CVE-2026-59928
CVE-2026-59928
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block_parser.py and the ref_links environment dictionary handling, allowing denial of service throu…
CWE: CWE-407, CWE-1333
NVD

HIGH
CVE-2026-59925
CVE-2026-59925
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching close markers from eve…
CWE: CWE-407, CWE-1333, CWE-407
NVD

HIGH
CVE-2026-59922
CVE-2026-59922
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from each …
CWE: CWE-407, CWE-1333, CWE-407
NVD

HIGH
CVE-2026-59892
CVE-2026-59892
pkg: node

published: Jul 8, 2026

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx-* HTTP header values with decodeURIComponent() without handling decode errors, allowing an unauthenticated remote attacker to send a malformed …
CWE: CWE-248
NVD

HIGH
CVE-2026-10708
CVE-2026-10708
pkg: jwt

published: Jul 8, 2026

This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and t…
NVD

HIGH
CVE-2026-58656
CVE-2026-58656
pkg: jwt

published: Jul 8, 2026

Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: *, allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token fr…
CWE: CWE-598
NVD

HIGH
CVE-2026-14895
CVE-2026-14895
pkg: express

published: Jul 7, 2026

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service.

The trim and rtrim functions stripped trailing whitespace with s/\s*$//u. Because \s* matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex e…

CWE: CWE-1333
NVD

HIGH
CVE-2026-56811
CVE-2026-56811
pkg: phoenixframework phoenix

published: Jul 7, 2026

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix (Phoenix.Socket module) allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport (WebSocket or LongPoll).

This v…

CWE: CWE-770
NVD

HIGH
CVE-2026-55574
CVE-2026-55574
pkg: vllm vllm

published: Jul 6, 2026

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string…
CWE: CWE-1333
NVD

HIGH
CVE-2026-55380
CVE-2026-55380
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. Th…
CWE: CWE-789
NVD

HIGH
CVE-2026-55379
CVE-2026-55379
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow's documented decompression bomb pro…
CWE: CWE-789
NVD

HIGH
CVE-2026-54060
CVE-2026-54060
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving…
CWE: CWE-789
NVD

HIGH
CVE-2026-54059
CVE-2026-54059
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocat…
CWE: CWE-789
NVD

HIGH
CVE-2026-13698
CVE-2026-13698
pkg: openvpn openvpn

published: Jul 6, 2026

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service
CWE: CWE-401, CWE-770, CWE-401
NVD

HIGH
CVE-2026-54784
CVE-2026-54784
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishme…
CWE: CWE-311, CWE-523
NVD

HIGH
CVE-2026-54783
CVE-2026-54783
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with …
CWE: CWE-294, CWE-345, CWE-347
NVD

HIGH
CVE-2026-54781
CVE-2026-54781
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom c…
CWE: CWE-287, CWE-345
NVD

HIGH
CVE-2026-54774
CVE-2026-54774
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 S…
CWE: CWE-345, CWE-347
NVD

HIGH
CVE-2026-55436
CVE-2026-55436
pkg: coder coder

published: Jul 8, 2026

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned…
CWE: CWE-295
NVD

HIGH
CVE-2026-55076
CVE-2026-55076
pkg: coder coder

published: Jul 7, 2026

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string …
CWE: CWE-287, CWE-704
GitHub-GHSA

HIGH
Coder's AI Bridge Proxy skips TLS certificate verification in default configuration
GHSA-84rm-42xw-mx52
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned a secure transport when an upstream proxy was configured. In the default configuration (no upstream proxy), outbound HTTPS to the Coder access URL acc…

CVE-2026-55436
GitHub-GHSA

HIGH
Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass
GHSA-9r87-mvcw-x35f
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

Two flaws in Coder's OIDC login chained into account takeover: email-based user matching fell back to linking by email without checking for an existing link to a different IdP subject and the `email_verified` claim was only enforced when present as a boolean `false` so an absent or non-…

CVE-2026-55075
GitHub-GHSA

HIGH
Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking
GHSA-75vm-6w67-gwvp
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string `"false"`) or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-…

CVE-2026-55076
NVD

HIGH
CVE-2026-59214
CVE-2026-59214
pkg: python

published: Jul 9, 2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue auth…
CWE: CWE-79
GitHub-GHSA

HIGH
Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages
GHSA-vjm7-m4xh-7wrc
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
Manually modifying chat history allows setting the `embeds` property on a response message, the content of which is loaded into an iFrame with a sandbox that has `allow-scripts` and `allow-same-origin` set, ignoring the "iframe Sandbox Allow Same Origin" configuration. This enables store…
CVE-2026-26193
GitHub-GHSA

HIGH
Open WebUI vulnerable to Stored XSS via iFrame in citations model
GHSA-xc8p-9rr6-97r2
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
Manually modifying chat history allows setting the `html` property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponised document …
CVE-2026-26192
GitHub-GHSA

HIGH
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
GHSA-7cfm-pqrj-xgq7
pkg: 9router
eco: npm
published: Jul 6, 2026
## Summary

The 9router dashboard login rate limiter derives the client identity from the attacker-controlled `X-Forwarded-For` HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the `X-…

CVE-2026-55501
GitHub-GHSA

HIGH
chmod: –preserve-root bypassed by any path that resolves to root (e.g. /../)
GHSA-4c7q-4928-8445
pkg: uu_chmod
eco: rust
published: Jul 6, 2026
`Chmoder::chmod()` only compares the literal argument against `Path::new("/")`, so the `–preserve-root` guard is bypassed by any path that *resolves* to root — a symlink to `/` or simply `/../`.

“`
if self.recursive && self.preserve_root && file == Path::new("/") {
return Err(ChmodError::Pr…

CVE-2026-35338
NVD

HIGH
CVE-2026-14802
CVE-2026-14802
pkg: react

published: Jul 6, 2026

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The exploi…
CWE: CWE-77, CWE-78
NVD

HIGH
CVE-2026-59721
CVE-2026-59721
pkg: node

published: Jul 9, 2026

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into sen…
CWE: CWE-77, CWE-78, CWE-915
GitHub-GHSA

HIGH
Coder: User-admin role can reset owner account password
GHSA-29xf-69gq-m9jx
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The `PUT /api/v2/users/{user}/password` endpoint authorized only `ActionUpdatePersonal` and did not prevent a `user-admin` from resetting an `owner` account's password. It also did not require the current password when an admin reset another user's password.

> **Note:** Exploitation re…

CVE-2026-55077
NVD

HIGH
CVE-2026-59219
CVE-2026-59219
pkg: jwt

published: Jul 9, 2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_to…
CWE: CWE-613
NVD

HIGH
CVE-2026-47828
CVE-2026-47828
pkg: tls

published: Jul 9, 2026

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network attacker…
NVD

HIGH
CVE-2026-58583
CVE-2026-58583
pkg: windows

published: Jul 7, 2026

FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Window…
CWE: CWE-269
GitHub-GHSA

HIGH
mkfifo: permissions of an existing file are changed after FIFO creation fails
GHSA-pmf6-rcx4-v53v
pkg: uu_mkfifo
eco: rust
published: Jul 6, 2026
When `mkfifo()` fails (e.g. target already exists), the code shows an error but is missing a `continue;`, so it falls through to `fs::set_permissions` and changes the permissions of the pre-existing file to the default FIFO mode (`0o666` & umask -> `0644`).

“`
$ touch secret; chmod 000 secret
$ co…

CVE-2026-35341
GitHub-GHSA

HIGH
flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
GHSA-794r-5rp2-fpg8
pkg: flyto-core
eco: pip
published: Jul 6, 2026
## Summary

`flyto-core`'s SSRF protection (`validate_url_ssrf` / `is_private_ip` in `src/core/utils.py`) blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded `PRIVATE_IP_RANGES` list. That list contains only the *native* RFC 1918 …

CVE-2026-55787
NVD

HIGH
CVE-2026-59196
CVE-2026-59196
pkg: pnpm pnpm

published: Jul 6, 2026

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fixe…
CWE: CWE-22, CWE-73
GitHub-GHSA

HIGH
Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`
GHSA-9pmc-p236-855h
pkg: css_parser
eco: rubygems
published: Jul 9, 2026
## Summary

`CssParser::Parser#read_remote_file` (and therefore `load_uri!`, and the `@import`-following branch of `add_block!`) issues HTTP/HTTPS requests against any host, port and URI it is handed, with no scheme allowlist, no host / IP filtering, and no protection against link-local, loopback or…

CVE-2026-53727
GitHub-GHSA

HIGH
Note Mark: Path traversal via unsanitized book/note slug in migrate export (sibling of GHSA-g49p)
GHSA-rqrh-8wpv-x7hh
pkg: github.com/enchant97/note-mark/backend
eco: go
published: Jul 9, 2026
## Summary

Note Mark validates book and note `slug` values with the OpenAPI/huma tag `pattern:"[a-z0-9-]+"`. huma compiles this with `regexp.MustCompile(s.Pattern)` and tests it with `patternRe.MatchString(str)`, an UNANCHORED match. Because the pattern is not anchored (`^…$`), any string that me…

CVE-2026-50553
GitHub-GHSA

HIGH
ratex-parser panics on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice)
GHSA-4hgp-59h5-gvrj
pkg: ratex-parser
eco: rust
published: Jul 7, 2026
### Summary

The public parser entrypoint `ratex_parser::parse(&str)` panics on the **9-byte** input `\verbéxé` (i.e. `\verb` followed by the non-ASCII delimiter `é`). When handling a `\verb` command, the parser slices the verbatim argument with **byte** indices (`arg[1..arg.len() – 1]`); if the …

CVE-2026-53530
GitHub-GHSA

HIGH
uutils coreutils: cp/install/mv/ln –suffix alone does not enable backup mode (silent data loss vs GNU)
GHSA-fqf6-gxhh-2xhw
pkg: uucore
eco: rust
published: Jul 7, 2026
`determine_backup_mode` in `src/uucore/src/lib/features/backup_control.rs` only checks `–backup`/`-b` and returns `BackupMode::None` when only `–suffix` is given. GNU enables backup mode when `–suffix` is used alone (defaulting to existing/numbered, or `$VERSION_CONTROL`). Affects `cp`, `install`…
GitHub-GHSA

HIGH
Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions
GHSA-9f4f-jv96-8766
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary

A vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executed in the user's browser every time that chat transcript is opened, allowing attackers to retrieve the user's a…

CVE-2025-46719
GitHub-GHSA

HIGH
XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+
GHSA-qj4x-9g63-25g6
pkg: org.xwiki.platform:xwiki-platform-oldcore, org.xwiki.platform:xwiki-platform-oldcore
eco: maven
published: Jul 7, 2026
### Impact

With Jetty 12+ a user can craft a URL to access any resource the Jetty instance is allowed to access.

For example `http://[host]/xwiki/bin/skin/..%252f/..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd` allows downloading the content of the /etc/passwd file, provided Jetty is …

CVE-2026-34151
GitHub-GHSA

HIGH
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export
GHSA-cgfv-jrfp-2r7v
pkg: io.openremote:openremote-manager
eco: maven
published: Jul 6, 2026
## Summary

The datapoint export API builds a PostgreSQL crosstab export query by concatenating asset display names into raw SQL. An authenticated user who can create or rename an asset and then request a crosstab datapoint export can inject SQL through the asset name. The injected query output is s…

GitHub-GHSA

HIGH
Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)
GHSA-7jvp-hj45-2f2m
pkg: Scriban
eco: nuget
published: Jul 6, 2026
<!– obsidian –><h2 data-heading="Description">Description</h2>
<p>When a host pushes a CLR object into a Scriban <code>TemplateContext</code> via the standard, documented pattern —</p>
<pre><code class="language-csharp">var so = new ScriptObject();
so["user"] = currentUser; // direct CLR refer…
GitHub-GHSA

MEDIUM
CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
GHSA-q6h5-q3q6-f87x
pkg: github.com/cilium/cilium, github.com/cilium/cilium, github.com/cilium/cilium
eco: go
published: Jul 6, 2026
### Impact

Users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, which enables hijacking traffic to Services in any namespace, bypassing the namespace-scoping guarantees enforced by serviceMatcher.

In addition, deleting such a policy can …

CVE-2026-53935
NVD

MEDIUM
CVE-2026-55689
CVE-2026-55689
pkg: jwt

published: Jul 9, 2026

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated service…
CWE: CWE-287
NVD

MEDIUM
CVE-2026-59208
CVE-2026-59208
pkg: n8n n8n

published: Jul 9, 2026

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker w…
CWE: CWE-287, CWE-346, CWE-346
GitHub-GHSA

MEDIUM
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers
GHSA-q6gh-6v2r-hjv3
pkg: io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client
eco: maven
published: Jul 9, 2026
### Impact

> DefaultHttpClient follows redirects and forwards Authorization, Cookie, and Proxy-Authorization headers to redirect targets across domain boundaries. The blocklist only filters Host/Connection/TE/CT/CL.
> Additionally, no maximum redirect count exists, enabling infinite loop DoS.
> Aff…

GitHub-GHSA

MEDIUM
rm: –preserve-root bypassed via a symlink to / (string check instead of dev/inode)
GHSA-7cr3-h577-g38j
pkg: uu_rm
eco: rust
published: Jul 6, 2026
The `–preserve-root` check uses a path-string test (`path.has_root() && path.parent().is_none()`) rather than comparing device/inode. A symlink to `/` (e.g. `/tmp/rootlink -> /`) has a parent component, so it passes the check. GNU caches `/`'s dev/inode at startup and compares every traversed direc…
CVE-2026-35349
GitHub-GHSA

MEDIUM
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication)
GHSA-h444-6j9x-p8vh
pkg: uu_mv
eco: rust
published: Jul 6, 2026
When moving directories across filesystems, uutils `mv` dereferences symlinks inside the tree, copying their targets as real files/dirs instead of preserving the symlinks. GNU preserves symlinks by default. E.g. a `etc_link -> /etc` inside the source becomes a full copy of `/etc` at the destination.…
CVE-2026-35365
GitHub-GHSA

MEDIUM
Avo: Direct attachment upload endpoint lacks upload authorization and bypasses field-level upload policy
GHSA-pqpw-cvm4-8mv9
pkg: avo
eco: rubygems
published: Jul 9, 2026
### Summary

Avo's direct attachment upload endpoint lacks server-side upload authorization and bypasses the documented field-level upload policy methods such as `upload_{FIELD_ID}?`.

An authenticated Avo user who can reach the Avo attachment upload endpoint can replace or add attachment content, i…

CVE-2026-53769
NVD

MEDIUM
CVE-2026-59220
CVE-2026-59220
pkg: express

published: Jul 9, 2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed <$skillId|label> skill mentions with overlapping quantifiers, allowing an authenticat…
CWE: CWE-1333
GitHub-GHSA

MEDIUM
Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
GHSA-382c-vx95-w3p5
pkg: @jsonbored/gittensory-mcp
eco: npm
published: Jul 9, 2026
### Summary

`GET /v1/contributors/:login/profile` and the `gittensory_get_contributor_profile` MCP tool skip the contributor-scoped access check that every sibling endpoint enforces. Any authenticated session/API/MCP token holder can read any contributor's profile; for confirmed Gittensor miners t…

GitHub-GHSA

MEDIUM
pyLoad: Unbounded Memory Growth Leading to DoS and Potential DDoS in EventManager
GHSA-c2f9-4mc8-j656
pkg: pyload-ng
eco: pip
published: Jul 9, 2026
## Description:
The `EventManager` module in `pyload` manages a list of `Client` instances for subscribing to events. The addition of each unique `uuid` from the `get_events` API causes the creation of a `Client` instance that gets appended to the `clients` list. Although there is a `clean()` method…
CVE-2026-48987
NVD

MEDIUM
CVE-2026-54775
CVE-2026-54775
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpo…
CWE: CWE-248, CWE-754, CWE-755
NVD

MEDIUM
CVE-2026-15109
CVE-2026-15109
pkg: google chrome

published: Jul 8, 2026

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
NVD

MEDIUM
CVE-2026-54777
CVE-2026-54777
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListene…
CWE: CWE-367, CWE-665
GitHub-GHSA

MEDIUM
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
GHSA-qpm9-h556-mwxm
pkg: nl.nl-portal:documenten-api, nl.nl-portal:besluiten
eco: maven
published: Jul 8, 2026
## Impact

In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user:

– **Document content.** A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver …

CVE-2026-49463
GitHub-GHSA

MEDIUM
Waku: Cross-Origin CSRF on RSC Server Action Dispatch
GHSA-75w3-gmqx-993q
pkg: waku
eco: npm
published: Jul 8, 2026
## Summary

Waku's RSC request dispatcher invokes server actions without validating the request's `Origin` (or `Sec-Fetch-Site`) header. A cross-origin web attacker can therefore cause a victim browser to issue an authenticated `POST` to a registered server action endpoint using a CORS-safelisted co…

CVE-2026-49455
NVD

MEDIUM
CVE-2026-15154
CVE-2026-15154
pkg: express

published: Jul 8, 2026

A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,…
CWE: CWE-1333
NVD

MEDIUM
CVE-2026-60001
CVE-2026-60001
pkg: openbsd openssh

published: Jul 8, 2026

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
CWE: CWE-770
GitHub-GHSA

MEDIUM
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path
GHSA-q855-8rh5-jfgq
pkg: ha-mcp
eco: pip
published: Jul 7, 2026
### Summary

In add-on mode, the ha-mcp settings UI routes are mounted both under the MCP secret path **and** at the bare root of the published port (`:9583`), so Home Assistant ingress can serve the "Open Web UI" button. The root-mounted routes perform no authentication — no secret, no `Origin` c…

NVD

MEDIUM
CVE-2026-55490
CVE-2026-55490
pkg: linux

published: Jul 7, 2026

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows b…
CWE: CWE-191
GitHub-GHSA

MEDIUM
Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints
GHSA-f5vp-w269-392g
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory.

> **Note:** Exploitation requires authenticated access to the AI Bridge endpoints and the imp…

CVE-2026-55434
GitHub-GHSA

MEDIUM
Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service
GHSA-2mg2-p7r7-g27f
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`POST /api/v2/files` converts zip uploads to tar in memory via `CreateTarFromZip`, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer.

> **Note:** Exploitation requires authenticated file-upload access and…

CVE-2026-55078
GitHub-GHSA

MEDIUM
WeasyPrint has CSS Injection via Presentational Hints
GHSA-jhhc-3hcp-qhm5
pkg: weasyprint
eco: pip
published: Jul 6, 2026
### Summary
A CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input.

### Details
File: weasyprint/css/__init__…

CVE-2026-49452
GitHub-GHSA

MEDIUM
@better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators
GHSA-p2fr-6hmx-4528
pkg: @better-auth/oauth-provider
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following hold:

– Their application depends on `@better-auth/oauth-provider` on any stable `1.6.x` release (the stable line is not patched) or on a pre-release before `1.7.0-beta.4`.
– Their application either configures validAudiences` with mor…

NVD

MEDIUM
CVE-2026-12154
CVE-2026-12154
pkg: go

published: Jul 6, 2026

The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_id' shortcode attribute of the [fbrev] shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the Feed_Sh…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-15063
CVE-2026-15063
pkg: go

published: Jul 8, 2026

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the k…
CWE: CWE-306
NVD

MEDIUM
CVE-2026-15044
CVE-2026-15044
pkg: go

published: Jul 8, 2026

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the clu…
GitHub-GHSA

MEDIUM
install -D: symlink race in directory creation allows arbitrary file overwrite
GHSA-gwm6-q8ch-hcfr
pkg: uu_install
eco: rust
published: Jul 6, 2026
The `-D` path runs `fs::create_dir_all` on a pathname then later opens the destination via path-based `File::create`/`fs::copy`, neither anchored to a directory fd. Between the two, an attacker can replace a path component with a symlink, redirecting the write.

**Impact:** an attacker with concurre…

CVE-2026-35356
GitHub-GHSA

MEDIUM
install: TOCTOU symlink race (unlink-then-create without O_EXCL) allows arbitrary file overwrite
GHSA-239g-2685-54×3
pkg: uu_install
eco: rust
published: Jul 6, 2026
`copy_file` in `install/src/install.rs` removes the destination then recreates it by pathname via `File::create` / `fs::copy` without `O_EXCL`/`create_new`. Between the unlink and the recreate, a local attacker with write access to the destination directory can drop in a symlink and redirect the wri…
CVE-2026-35355
NVD

MEDIUM
CVE-2026-14784
CVE-2026-14784
pkg: docker

published: Jul 6, 2026

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptance.
CWE: CWE-264, CWE-265
NVD

MEDIUM
CVE-2026-14716
CVE-2026-14716
pkg: go

published: Jul 5, 2026

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched remote…
CWE: CWE-285, CWE-863
NVD

MEDIUM
CVE-2026-54778
CVE-2026-54778
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to an…
CWE: CWE-362, CWE-825
NVD

MEDIUM
CVE-2026-15128
CVE-2026-15128
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-79
NVD

MEDIUM
CVE-2026-15127
CVE-2026-15127
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-79
NVD

MEDIUM
CVE-2026-59929
CVE-2026-59929
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:, …
CWE: CWE-79, CWE-184
NVD

MEDIUM
CVE-2026-59926
CVE-2026-59926
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even …
CWE: CWE-79
NVD

MEDIUM
CVE-2026-59923
CVE-2026-59923
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version 3.…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-59890
CVE-2026-59890
pkg: python

published: Jul 8, 2026

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode …
CWE: CWE-176, CWE-697
GitHub-GHSA

MEDIUM
Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint
GHSA-hmj5-jm8h-h9fh
pkg: kiwitcms
eco: pip
published: Jul 6, 2026
### Summary

An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targ…

CVE-2026-54724
GitHub-GHSA

MEDIUM
GoBGP confederation validation panics on empty AS_PATH attribute
GHSA-frrj-87jh-2772
pkg: github.com/osrg/gobgp/v4
eco: go
published: Jul 9, 2026
Found through variant analysis based on `CVE-2026-41643`

## Summary
GoBGP accepts a zero-length AS_PATH during UPDATE decoding and later panics while validating that attribute for a confederation eBGP peer. The vulnerable path is in the BGP UPDATE validator: a malformed UPDATE that should be reject…

CVE-2026-49838
GitHub-GHSA

MEDIUM
GoBGP: BGP OPEN capability parser may read capability values outside declared CapLen boundaries
GHSA-gjrg-jjr3-56cm
pkg: github.com/osrg/gobgp/v4
eco: go
published: Jul 9, 2026
### Summary
GoBGP contains a BGP OPEN capability parsing issue where several concrete capability decoders may parse data from the full remaining capability buffer instead of the slice bounded by the declared capability length, `CapLen`.
A malformed BGP OPEN message can cause bytes from a fol…
CVE-2026-49837
GitHub-GHSA

MEDIUM
sigstore-go has a multi-log threshold bypass via single compromised log
GHSA-9vcr-p3rj-q5q6
pkg: github.com/sigstore/sigstore-go
eco: go
published: Jul 9, 2026
### Impact
_What kind of vulnerability is it? Who is impacted?_

A verifier configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1) expected defense-in-depth against the compromise of a single log instance. However, threshold counting counted verified witnesses per-entry or …

CVE-2026-49834
NVD

MEDIUM
CVE-2026-57022
CVE-2026-57022
pkg: ssl

published: Jul 9, 2026

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When an affected device initiates a TCP conne…

CWE: CWE-754
NVD

MEDIUM
CVE-2026-54779
CVE-2026-54779
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a capture…
CWE: CWE-294, CWE-613
NVD

MEDIUM
CVE-2026-54773
CVE-2026-54773
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and…
CWE: CWE-347
NVD

MEDIUM
CVE-2026-54590
CVE-2026-54590
pkg: python

published: Jul 8, 2026

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig._set_tokens that blocks /, , and .. before %u substitution in Aut…
CWE: CWE-22, CWE-639
NVD

MEDIUM
CVE-2026-58501
CVE-2026-58501
pkg: python

published: Jul 8, 2026

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed…
CWE: CWE-918
NVD

MEDIUM
CVE-2026-59924
CVE-2026-59924
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory whe…
CWE: CWE-22
NVD

MEDIUM
CVE-2026-59999
CVE-2026-59999
pkg: openbsd openssh

published: Jul 8, 2026

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
CWE: CWE-348
GitHub-GHSA

MEDIUM
Weblate SSRF: outbound URL guard misses some private ranges
GHSA-vmfc-9982-2m45
pkg: weblate
eco: pip
published: Jul 7, 2026
### Impact

Weblate's `VCS_RESTRICT_PRIVATE` did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions.

### Patches

* https://github.com/WeblateOrg/weblate/pull/19768

### Res…

CVE-2026-50127
GitHub-GHSA

MEDIUM
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
GHSA-6w3m-4hhp-775q
pkg: github.com/kedacore/keda/v2
eco: go
published: Jul 7, 2026
### Summary
`pkg/scalers/postgresql_scaler.go` builds libpq-style connection strings by concatenating `key=value` pairs separated by spaces. Each tenant-controllable field (`host`, `port`, `userName`, `dbName`, `sslmode`) is passed through `escapePostgreConnectionParameter`:
“`go
func escapePostgre…
CVE-2026-53572
NVD

MEDIUM
CVE-2026-54291
CVE-2026-54291
pkg: postgresql postgresql_jdbc_driver

published: Jul 6, 2026

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee…
CWE: CWE-636, CWE-757
GitHub-GHSA

MEDIUM
Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing
GHSA-5wg6-jmq2-53pw
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the un…

CVE-2026-55438
GitHub-GHSA

MEDIUM
Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access
GHSA-5g4w-3vw9-478w
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The workspace app proxy resolves the target app from `httpapi.RequestHost()` which prefers the `X-Forwarded-Host` header over the real `Host` header. No middleware strips `X-Forwarded-Host` before routing and the header is not browser-forbidden so client-side JavaScript can set it on `f…

CVE-2026-55430
GitHub-GHSA

MEDIUM
@aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)
GHSA-g84h-j7jj-x32p
pkg: @aborruso/ckan-mcp-server
eco: npm
published: Jul 7, 2026
### Summary
A known vulnerability CVE-2026-33060 indicated tools including ckan_package_search and sparql_query that accept a base_url parameter had the risk of making HTTP requests to arbitrary endpoints without restriction. A fix was applied to filter out ip addresses. However, a method to bypass …
CVE-2026-53509
GitHub-GHSA

MEDIUM
rm: 'rm -rf ./' (and ./// variants) silently deletes current directory contents, bypassing dot protection
GHSA-89p7-7cq3-hhr2
pkg: uu_rm
eco: rust
published: Jul 6, 2026
`rm -rf .` is correctly refused, but `clean_trailing_slashes` normalizes `.///` to `./` while `path_is_current_or_parent_directory` only matches `.`/`..` (and `/.`/`/..`), not `./` or `../`. So `rm -rf ./` recursively deletes the directory's contents and then prints a misleading `cannot remove './':…
CVE-2026-35363
NVD

MEDIUM
CVE-2026-14355
CVE-2026-14355
pkg: php php, debian debian_linux

published: Jul 3, 2026

In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length withou…
CWE: CWE-122
NVD

MEDIUM
CVE-2026-44918
CVE-2026-44918
pkg: node

published: Jul 10, 2026

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
CWE: CWE-862
NVD

MEDIUM
CVE-2026-15165
CVE-2026-15165
pkg: wireshark wireshark

published: Jul 8, 2026

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
CWE: CWE-122
GitHub-GHSA

MEDIUM
DSpace: Path Traversal is possible through LDN message generation
GHSA-9qm4-rh6w-pq5x
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview

A path traversal vulnerability is possible via the [COAR Notify / LDN](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126679/COAR+Notify) service in DSpace. _This vulnerability impacts DSpace versions 8.0 <= 8.3, 9.0 <= 9.2._ The attacker MUST already have DSpace administrator creden…

CVE-2026-49833
GitHub-GHSA

MEDIUM
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path
GHSA-v66x-68f2-pxf5
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview

The [Curation Task](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126845/Curation+Tasks) feature allows an output path to be used by the reporter (`-r` parameter), typically used to stream results and status of curation task operations. It is not restricted to any particular base pat…

CVE-2026-49831
NVD

MEDIUM
CVE-2026-44512
CVE-2026-44512
pkg: node

published: Jul 8, 2026

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an …
CWE: CWE-476
NVD

MEDIUM
CVE-2026-58468
CVE-2026-58468
pkg: node

published: Jul 7, 2026

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Attacke…
CWE: CWE-918
GitHub-GHSA

MEDIUM
ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
GHSA-hwpq-hmq9-wj77
pkg: onnx
eco: pip
published: Jul 7, 2026
### Summary

Null pointer dereference (SIGSEGV) in `Upsample_6_7::adapt_upsample_6_7()` (`onnx/version_converter/adapters/upsample_6_7.h:31`) when `convert_version()` processes a model with an Upsample node that has zero inputs. The adapter accesses `node->inputs()[0]->sizes()` without checking inpu…

CVE-2026-44512
NVD

MEDIUM
CVE-2026-50135
CVE-2026-50135
pkg: gohugo hugo

published: Jul 6, 2026

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made  RootMappingFs.statRoot  use  Stat  (follows symlinks) instead of  Lstat , so a direct  resources.Get  of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local m…
CWE: CWE-59
NVD

MEDIUM
CVE-2026-44362
CVE-2026-44362
pkg: trustedfirmware op-tee

published: Jul 6, 2026

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked…
CWE: CWE-285
GitHub-GHSA

MEDIUM
kill: 'kill -1' parsed as PID -1, sending SIGTERM to all processes (system crash / DoS)
GHSA-p6rv-2qpm-fwvg
pkg: uu_kill
eco: rust
published: Jul 6, 2026
`kill -1` is incorrectly parsed as a positional `pid = -1`; combined with the default SIGTERM this calls `kill(-1, SIGTERM)`, signaling nearly every process the caller can see. GNU `kill` recognizes `-1`/`-9` as signals and reports "not enough arguments".

“`
$ kill -1 # uutils: kill(-1, SIG…

CVE-2026-35369
GitHub-GHSA

MEDIUM
chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)
GHSA-4×34-chg5-mwjj
pkg: uu_chmod
eco: rust
published: Jul 6, 2026
In `Chmoder::chmod()` the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the *last* file processed:

“`
if self.recursive {
r = self.walk_dir_with_context(file, true); // overwrites r
} else {
r = self.chmod_file(file).and(r);
}
`…

CVE-2026-35339
NVD

MEDIUM
CVE-2026-40257
CVE-2026-40257
pkg: trustedfirmware op-tee

published: Jul 6, 2026

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error…
CWE: CWE-787
GitHub-GHSA

MEDIUM
Rattler vulnerable to package cache path traversal via conda package build string
GHSA-h672-p7h7-97v9
pkg: rattler_cache, py_rattler
eco: pip
published: Jul 9, 2026
`rattler_cache` and `py-rattler` were vulnerable to package-cache path traversal when handling package metadata from conda channels.

During cache materialization, the `ratter_cache` code used the package record `build` string as part of a cache key that was joined into a filesystem path. A maliciou…

CVE-2026-53956
NVD

MEDIUM
CVE-2026-60120
CVE-2026-60120
pkg: vue

published: Jul 9, 2026

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. The c…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-5005
CVE-2026-5005
pkg: go

published: Jul 9, 2026

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS.

This issue affects OKRs & Goals: from 28220 before 28398.

CWE: CWE-79
NVD

MEDIUM
CVE-2026-56359
CVE-2026-56359
pkg: n8n n8n

published: Jul 8, 2026

n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth authori…
CWE: CWE-79
GitHub-GHSA

MEDIUM
Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component
GHSA-7qw2-f75v-62f7
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The `AgentLogLine` dashboard component instantiated `ansi-to-html` without `escapeXML: true` and inserted the result via `dangerouslySetInnerHTML` so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters.

CVE-2026-55437
GitHub-GHSA

MEDIUM
Suspended Coder users retain access to AI Bridge LLM proxy endpoints
GHSA-wqxv-w64v-5wh6
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

AI Bridge proxy endpoints authenticate via `Server.IsAuthorized` in `coderd/aibridgedserver`, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended use…

CVE-2026-55435
GitHub-GHSA

MEDIUM
Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers
GHSA-jqj2-x4c5-jfxm
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The devcontainer recreate endpoint relied on route middleware that checked only `ActionRead` on the workspace and, unlike the sibling delete endpoint, performed no `ActionUpdate` check before triggering the destructive rebuild.

> **Note:** Exploitation requires an existing low-privileg…

CVE-2026-55433
GitHub-GHSA

MEDIUM
Coder's sub-agent app registration bypasses template port-sharing policy enforcement
GHSA-x9qq-2qh5-8rxf
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum.

> **Note:** Exploitation requires the ability to register sub-…

CVE-2026-55432
NVD

MEDIUM
CVE-2026-44342
CVE-2026-44342
pkg: oauth

published: Jul 9, 2026

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing …
CWE: CWE-352
NVD

MEDIUM
CVE-2026-59817
CVE-2026-59817
pkg: node

published: Jul 9, 2026

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing mo…
CWE: CWE-472, CWE-639
GitHub-GHSA

MEDIUM
Note Mark: Unauthenticated disclosure of soft-deleted note metadata via deleted=true on public books
GHSA-588f-fvcv-xhvf
pkg: github.com/enchant97/note-mark/backend
eco: go
published: Jul 9, 2026
Summary

GET /api/books/{bookID}/notes is an unauthenticated endpoint that accepts a "deleted" query parameter. When the request is ?deleted=true, the
service runs the query with Unscoped() (bypassing GORM's soft-delete scope) but keeps the read-authorization clause as "owner_id = ? OR is_public…

CVE-2026-50554
NVD

MEDIUM
CVE-2026-9027
CVE-2026-9027
pkg: go

published: Jul 9, 2026

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The `corvuspay_success_handler` function registers the REST endpoint `POST /wp-json/corvuspay/success/` wit…
CWE: CWE-347
GitHub-GHSA

MEDIUM
Trapster Community: Unauthenticated malformed DNS compression pointers crash per-packet honeypot handler
GHSA-mxwc-wh95-pw4g
pkg: trapster
eco: pip
published: Jul 8, 2026
## Summary

`trapster.libs.dns.decode_labels()` decodes DNS names from attacker-supplied UDP packets and recurses **once per RFC 1035 compression pointer** with **no cycle detection and no depth bound**. A single unauthenticated UDP datagram sent to the DNS honeypot drives the function past CPython'…

NVD

MEDIUM
CVE-2026-45045
CVE-2026-45045
pkg: express

published: Jul 8, 2026

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream serv…
CWE: CWE-290
NVD

MEDIUM
CVE-2026-44332
CVE-2026-44332
pkg: express

published: Jul 8, 2026

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username enum…
CWE: CWE-203
NVD

MEDIUM
CVE-2026-59927
CVE-2026-59927
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise RecursionErr…
CWE: CWE-674, CWE-755, CWE-674
NVD

MEDIUM
CVE-2026-59875
CVE-2026-59875
pkg: node

published: Jul 8, 2026

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is fix…
CWE: CWE-248
NVD

MEDIUM
CVE-2026-59871
CVE-2026-59871
pkg: node

published: Jul 8, 2026

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is…
CWE: CWE-704
GitHub-GHSA

MEDIUM
New API is vulnerable to CSRF through user email binding
GHSA-26v7-h57m-gh9m
pkg: github.com/QuantumNous/new-api
eco: go
published: Jul 7, 2026
## Summary

The email and WeChat account binding endpoints used GET requests for state-changing account operations. In deployments where session cookies could be sent on cross-site navigations, an attacker could trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth…

CVE-2026-44342
NVD

MEDIUM
CVE-2026-14631
CVE-2026-14631
pkg: webpack.js webpack-dev-server

published: Jul 3, 2026

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught exc…
CWE: CWE-20, CWE-248
GitHub-GHSA

MEDIUM
pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs
GHSA-m5x5-28jr-gpjj
pkg: pyload-ng
eco: pip
published: Jul 9, 2026
## Summary

`is_global_address` in [`src/pyload/core/utils/web/check.py`](https://github.com/pyload/pyload/blob/1b12dc7f348db8c144e0f39215680415e90ca4d2/src/pyload/core/utils/web/check.py) is the central guard against SSRF-style outbound connections in pyload-ng. It tests whether a given IP is "glob…

CVE-2026-48737
NVD

MEDIUM
CVE-2026-14362
CVE-2026-14362
pkg: node

published: Jul 8, 2026

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability (CVE-2026-14362) is fixe…
CWE: CWE-770
GitHub-GHSA

MEDIUM
Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service
GHSA-f962-qm93-mj4c
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`NewDataBuilder` in `provisionersdk/proto/dataupload.go` allocated a byte slice using the client-supplied `FileSize` from a `DataUpload` message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the `FileSize` value itself was unconstrained

### Impact

An authenticat…

CVE-2026-55079
NVD

MEDIUM
CVE-2026-53624
CVE-2026-53624
pkg: express

published: Jul 8, 2026

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol() for https instead of c.Scheme(). This issue is fix…
CWE: CWE-319
NVD

MEDIUM
CVE-2026-59998
CVE-2026-59998
pkg: openbsd openssh

published: Jul 8, 2026

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
CWE: CWE-573
GitHub-GHSA

MEDIUM
GoFiber never set HSTS header in helmet middleware due to incorrect protocol check
GHSA-gv83-gqw6-9j2c
pkg: github.com/gofiber/fiber
eco: go
published: Jul 6, 2026
### Summary

The `helmet` middleware in gofiber/fiber never sets the `Strict-Transport-Security` (HSTS) response header, even when `HSTSMaxAge` is explicitly configured, because the condition check at `helmet.go:67` uses `c.Protocol()` — which returns the HTTP protocol version string (e.g., `"HTTP…

CVE-2026-53624
NVD

MEDIUM
CVE-2026-14620
CVE-2026-14620
pkg: webpack.js webpack-dev-server

published: Jul 3, 2026

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any website …
CWE: CWE-352, CWE-749
NVD

MEDIUM
CVE-2026-46672
CVE-2026-46672
pkg: go

published: Jul 7, 2026

Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global –format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not neu…
CWE: CWE-1236
NVD

MEDIUM
CVE-2026-55798
CVE-2026-55798
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(…, shell=True), allowing shell metacharacters in the file path to injec…
CWE: CWE-78
NVD

MEDIUM
CVE-2026-54776
CVE-2026-54776
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching m…
CWE: CWE-306
GitHub-GHSA

MEDIUM
DSpace: ORE resource URI does not validate scheme for non-web resources
GHSA-c827-pw3m-67w7
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview

When ingesting an aggregated ORE resource by URI (using the [OAI-ORE Harvester](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379125906/OAI#OAI-OAI-PMH/OAI-OREHarvester(Client))), the ORE Ingestion Crosswalk does not validate the URI scheme. This may allow for local file inclusion via m…

CVE-2026-49830
GitHub-GHSA

MEDIUM
printenv: environment variables with invalid UTF-8 are silently skipped (evades inspection)
GHSA-p7h3-7q52-72w8
pkg: uu_printenv
eco: rust
published: Jul 6, 2026
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows ma…
CVE-2026-35366
GitHub-GHSA

MEDIUM
cp: -R reads device nodes as streams, destroying device semantics
GHSA-8vrf-r662-2w2v
pkg: uu_cp
eco: rust
published: Jul 6, 2026
The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are dest…
CVE-2026-35358
GitHub-GHSA

MEDIUM
comm: FIFO/pipe inputs are drained before comparison (data loss / hang)
GHSA-3wfc-mgpm-9rq6
pkg: uu_comm
eco: rust
published: Jul 6, 2026
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input path…
CVE-2026-35347
GitHub-GHSA

MEDIUM
id: groups= computed from real GID instead of effective GID
GHSA-47c7-qrm7-mqw7
pkg: uu_id
eco: rust
published: Jul 6, 2026
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely…
CVE-2026-35370
NVD

MEDIUM
CVE-2026-6440
CVE-2026-6440
pkg: oauth

published: Jul 10, 2026

The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset_credential() function, which handles the wp_ajax_goodmeet_…
CWE: CWE-352
NVD

MEDIUM
CVE-2026-4298
CVE-2026-4298
pkg: go

published: Jul 9, 2026

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plug…
CWE: CWE-862
NVD

MEDIUM
CVE-2026-15131
CVE-2026-15131
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-20
NVD

MEDIUM
CVE-2026-15130
CVE-2026-15130
pkg: google chrome

published: Jul 8, 2026

Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-602
NVD

MEDIUM
CVE-2026-15124
CVE-2026-15124
pkg: google chrome

published: Jul 8, 2026

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

MEDIUM
CVE-2026-15108
CVE-2026-15108
pkg: google chrome

published: Jul 8, 2026

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High)
CWE: CWE-190
NVD

MEDIUM
CVE-2026-59930
CVE-2026-59930
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with generated anchors and red…
CWE: CWE-345, CWE-1284
GitHub-GHSA

MEDIUM
Kite has an authenticated cluster RBAC bypass in /api/v1/overview
GHSA-gvhc-wv3v-7pf8
pkg: github.com/zxh326/kite
eco: go
published: Jul 7, 2026
## Summary

Authenticated Kite users with any role can request `/api/v1/overview` for a cluster that their roles do not permit by selecting that cluster with `x-cluster-name`. The overview route is registered before `middleware.RBACMiddleware()` and `GetOverview` only checks `len(user.Roles) > 0`, s…

CVE-2026-53487
NVD

MEDIUM
CVE-2026-46700
CVE-2026-46700
pkg: go

published: Jul 7, 2026

Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any au…
CWE: CWE-285
GitHub-GHSA

MEDIUM
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
GHSA-jgx9-jr5x-mvpv
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
There is a blind server side request forgery in the functionality that allows editing an image via a prompt. The affected function will perform a GET request on the URL provided by the user. There is no restriction on the domain of the provided URL allowing the local address space to be …
CVE-2026-34225
GitHub-GHSA

MEDIUM
OpenRemote read-only asset users can write predicted datapoints
GHSA-xj53-j257-hxvg
pkg: io.openremote:openremote-manager
eco: maven
published: Jul 6, 2026
# Summary

The predicted datapoint write endpoint allows users with only `read:assets` privileges to write predicted datapoints.

The endpoint:

“`text
PUT /api/{realm}/asset/predicted/{assetId}/{attributeName}
“`

accepts write requests from users lacking `write:assets`.

The implementation appea…

CVE-2026-49439
NVD

MEDIUM
CVE-2026-59997
CVE-2026-59997
pkg: openbsd openssh

published: Jul 8, 2026

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
CWE: CWE-1284
NVD

MEDIUM
CVE-2026-59996
CVE-2026-59996
pkg: openbsd openssh

published: Jul 8, 2026

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
CWE: CWE-23
NVD

MEDIUM
CVE-2026-59995
CVE-2026-59995
pkg: openbsd openssh

published: Jul 8, 2026

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
CWE: CWE-23
NVD

MEDIUM
CVE-2026-50179
CVE-2026-50179
pkg: go

published: Jul 7, 2026

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix neutral…
CWE: CWE-1236
NVD

MEDIUM
CVE-2026-14612
CVE-2026-14612
pkg: oauth

published: Jul 3, 2026

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be a…
CWE: CWE-787
NVD

MEDIUM
CVE-2026-56360
CVE-2026-56360
pkg: n8n n8n

published: Jul 8, 2026

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data.
CWE: CWE-290
GitHub-GHSA

MEDIUM
psd-tools vulnerable to arbitrary file write via smart-object filename
GHSA-2rmg-vrx8-9j2f
pkg: psd-tools
eco: pip
published: Jul 9, 2026
# psd-tools: arbitrary file write/read via smart-object path traversal

## Summary

In `psd-tools` (all releases exposing the `SmartObject` API through **v1.17.0**), `SmartObject.save()` writes an embedded smart object to a path taken verbatim from the PSD file. Because that name is attacker-control…

CVE-2026-49836
GitHub-GHSA

MEDIUM
OpenRun: Redirect URL validation bypass using  //host  paths leads to Open Redirect
GHSA-h5g6-xmh4-hc37
pkg: github.com/openrundev/openrun
eco: go
published: Jul 9, 2026
### Summary
The restrictions on redirect URLs in `openrun` can be bypassed by attackers, leading to open redirect attacks.

### Details

In the current project, the referrer header value is used for subsequent redirects, so there is currently a validation for this redirect value. The current validat…

CVE-2026-55252
GitHub-GHSA

MEDIUM
pypdf: Possible infinite loop when processing threads/articles in writer
GHSA-g9xf-7f8q-9mcj
pkg: pypdf
eco: pip
published: Jul 9, 2026
### Impact

An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer.

### Patches

This has been fixed in [pypdf==6.13.1](https://github.com/py-pdf/pypdf/releases/tag/6.13.1).

### Workarounds

If users…

CVE-2026-54651
GitHub-GHSA

MEDIUM
nebula-mesh: Host revocation is not durable – blocked/offboarded hosts can regain a valid certificate
GHSA-339v-266x-79xr
pkg: github.com/forgekeep/nebula-mesh
eco: go
published: Jul 9, 2026
## Summary

Two related authorization gaps let a host that should no longer be trusted obtain a fresh, valid Nebula certificate, because nebula-mgmt does not re-evaluate revocation/authorization state at certificate *issuance* time — only at poll time.

## 1. Blocklist not enforced at sign / re-en…

CVE-2026-53602
GitHub-GHSA

MEDIUM
pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small
GHSA-8f95-v3jq-cj86
pkg: pymonocypher
eco: pip
published: Jul 9, 2026
### Impact
The argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.

### Patches
Fixed in 4.0.2.8, which now verifies th…

CVE-2026-53720
GitHub-GHSA

MEDIUM
OneRingBuf has a Use After Free Vulnerability
GHSA-q95x-7g78-rccv
pkg: oneringbuf
eco: rust
published: Jul 8, 2026
Affected versions of `oneringbuf` exposed the obsolete `IntoRef::into_ref` method through the public `IntoRef` trait. For heap-backed ring buffers, this method returned a `DroppableRef` handle.

`DroppableRef` stored an owning raw pointer created from `Box::into_raw`. Its `Clone` implementation copi…

GitHub-GHSA

MEDIUM
async-tar PAX extension-header desync enables tar entry/content smuggling
GHSA-35rm-7j9c-2f7m
pkg: async-tar
eco: rust
published: Jul 8, 2026
## Summary

`async-tar` v0.6.0 mis-applies a buffered PAX `size` extension to an intermediary
extension header (a GNU longname `L`, a GNU longlink `K`, or a PAX `x`/`g`
header) instead of to the next *file* entry. POSIX requires a PAX extended-header
record set to describe the next file entry, never…

CVE-2026-53600
GitHub-GHSA

MEDIUM
oasdiff does not enforce –allow-external-refs=false on the git-revision load path (SSRF / local file read)
GHSA-2jcc-mxv7-p3f9
pkg: github.com/oasdiff/oasdiff
eco: go
published: Jul 7, 2026
## Summary

From **v1.13.2** through **v1.18.0**, oasdiff did not enforce `–allow-external-refs=false` (library: `openapi3.Loader.IsExternalRefsAllowed = false`) when loading a spec from a **git revision** (the `rev:path` form, e.g. `main:openapi.yaml`). External `$ref`s were resolved on that load …

CVE-2026-53508
GitHub-GHSA

MEDIUM
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
GHSA-f66q-9rf6-8795
pkg: Flask-Security-Too
eco: pip
published: Jul 7, 2026
### Summary

Flask-Security-Too 5.8.0 and 5.8.1 mark a session as reauthentication-fresh after processing a WebAuthn assertion whose proven credential belongs to a different user than the currently authenticated session user. The check that `GHSA-97r5-pg8x-p63p` added on the OAuth reauthentication p…

GitHub-GHSA

MEDIUM
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
GHSA-v3q9-hj7j-63hq
pkg: aiosmtplib
eco: pip
published: Jul 7, 2026
### Summary

`aiosmtplib`'s `SMTP.mail()`, `SMTP.rcpt()`, `SMTP.vrfy()` and `SMTP.expn()` send the caller-supplied email address to the server without rejecting embedded CR/LF (`\r\n`) bytes. An address that contains a CR/LF is written verbatim onto the SMTP control connection, so the bytes after th…

CVE-2026-53533
GitHub-GHSA

MEDIUM
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)
GHSA-4w5h-hx6r-28q7
pkg: ratex-parser
eco: rust
published: Jul 7, 2026
### Summary

RaTeX’s recursive-descent parser recurses one (or more) native stack frame per nesting level at `{`, `\left`, `\sqrt{`, `^{`, etc, with **no maximum depth limit**. A short, ~10 KB input of nested groups overflows the 8 MB main-thread stack and aborts the process. With `panic = "abort…

CVE-2026-53531
GitHub-GHSA

MEDIUM
netfoil has a domain name filter bypass via multiple questions
GHSA-59qp-cfj3-rp64
pkg: github.com/tinfoil-factory/netfoil
eco: go
published: Jul 7, 2026
### Summary
Potential bypass of domain name filter by crafting a DNS request with multiple questions, with the first question being legitimate.

### Impact
Depends on a local attackers ability to craft multiple questions and the remote DoH server supporting them.

GitHub-GHSA

MEDIUM
Open WebUI allows limited stored XSS vila uploaded html file
GHSA-8gh5-qqh8-hq3x
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
Low privileged users can upload HTML files which contain JavaScript code via the `/api/v1/files/` backend endpoint. This endpoint returns a file id, which can be used to open the file in the browser and trigger the JavaScript code in the user's browser. Under the default settings, files …
CVE-2025-46571
GitHub-GHSA

MEDIUM
Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile
GHSA-chwm-m7g7-685g
pkg: d7y.io/dragonfly/v2
eco: go
published: Jul 6, 2026
## Summary

The Dragonfly **scheduler**'s v1 gRPC service contains an unauthenticated Server-Side Request Forgery (SSRF). When a peer reports a successful download of a TINY task, the scheduler calls `Peer.DownloadTinyFile()` and issues an HTTP `GET` to a host and port taken verbatim from the attack…

CVE-2026-54637


Vulnerability Digest — June 29, 2026 · 80 Critical · 6 Exploited






Vulnerability Digest — Monday, June 29, 2026


Security Report

Monday, June 29, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
466
Critical
80
High
217
Actively Exploited
6
CISA-KEV6
NVD236
GitHub-GHSA224
Findings sorted by severity
CISA-KEV

CRITICAL
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
CVE-2026-12569
pkg: PTC Windchill and FlexPLM

published: Jun 25, 2026

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
CVE-2026-20230
pkg: Cisco Unified Communications Manager

published: Jun 25, 2026

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system tha…
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Lantronix EDS5000 Code Injection Vulnerability
CVE-2025-67038
pkg: Lantronix EDS5000

published: Jun 23, 2026

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Ubiquiti UniFi OS Improper Input Validation Vulnerability
CVE-2026-34910
pkg: Ubiquiti UniFi OS

published: Jun 23, 2026

Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Ubiquiti UniFi OS Path Traversal Vulnerability
CVE-2026-34909
pkg: Ubiquiti UniFi OS

published: Jun 23, 2026

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Ubiquiti UniFi OS Improper Access Control Vulnerability
CVE-2026-34908
pkg: Ubiquiti UniFi OS

published: Jun 23, 2026

Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
NVD

CRITICAL
CVE-2026-53576
CVE-2026-53576
pkg: docker

published: Jun 26, 2026

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addre…
CWE: CWE-94, CWE-288
GitHub-GHSA

CRITICAL
mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind
GHSA-73cv-556c-w3g6
pkg: mcp-pinot-server
eco: pip
published: Jun 26, 2026
## Resolution

Fixed in [v3.1.0](https://github.com/startreedata/mcp-pinot/releases/tag/v3.1.0), released 2026-05-25. The fix was merged in [PR #95](https://github.com/startreedata/mcp-pinot/pull/95) at commit [`1c7d3f9`](https://github.com/startreedata/mcp-pinot/commit/1c7d3f9cd384854bf72c127d230bd…

CVE-2026-49257
GitHub-GHSA

CRITICAL
golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement
GHSA-x527-x647-q7gg
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
CVE-2026-46595
NVD

CRITICAL
CVE-2026-53622
CVE-2026-53622
pkg: traefik traefik

published: Jun 23, 2026

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake sele…
CWE: CWE-288
NVD

CRITICAL
CVE-2026-48491
CVE-2026-48491
pkg: traefik traefik

published: Jun 23, 2026

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard …
CWE: CWE-288
GitHub-GHSA

CRITICAL
Budibase has nonymous NoSQL operator injection via published-app query templates
GHSA-8qv3-p479-cj62
pkg: @budibase/server
eco: npm
published: Jun 23, 2026
## Summary

`enrichContext` at `packages/server/src/sdk/workspace/queries/queries.ts:121-138` substitutes parameter values into the raw JSON body of a query, then `JSON.parse`s the result. The validator `validateQueryInputs` at `packages/server/src/api/controllers/query/index.ts:61-71` rejects only …

CVE-2026-54350
GitHub-GHSA

CRITICAL
Gogs has Path Traversal in organization name that results in RCE through Git hooks
GHSA-c39w-43gm-34h5
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary

Organization names containing path traversal sequences (`../`) are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem.
By creating nested struct…

CVE-2026-52813
NVD

CRITICAL
CVE-2026-10561
CVE-2026-10561
pkg: langflow langflow

published: Jun 22, 2026

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
CWE: CWE-94
NVD

CRITICAL
CVE-2026-58053
CVE-2026-58053
pkg: docker

published: Jun 28, 2026

Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as –pid=host, –cap-add, and –security-op…
CWE: CWE-269
GitHub-GHSA

CRITICAL
Nezha vulnerable to cross-tenant terminal/file-manager session hijack via WebSocket stream UUID without ownership check
GHSA-q6xx-5vr8-p898
pkg: github.com/nezhahq/nezha, github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
### Summary

In nezha **v1.14.13–v1.14.14** and **v2.0.0–v2.0.9**, the WebSocket endpoints `GET /ws/terminal/:id` and `GET /ws/file/:id` authenticate the caller only by the presence of a valid stream UUID, with no ownership check tying that UUID to the user who created the stream. Any authentica…

GitHub-GHSA

CRITICAL
deepstream is vulnerable to prototype pollution
GHSA-9v98-6g37-x9g6
pkg: @deepstream/server
eco: npm
published: Jun 26, 2026
### Impact
Prototype pollution in deepstream server v <=10.0.4. Potential privilege escalation from any authenticated user with write permission to any record.

### Patches
Yes, upgrade to v10.0.5

### Workarounds
Filter out all messages containing the path `__proto__`, `constructor`, `prototype`, *…

CVE-2026-49252
NVD

CRITICAL
CVE-2026-46386
CVE-2026-46386
pkg: docker

published: Jun 26, 2026

OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERWRITE_ME as the default Rails master key. Combined with cookies_serializer = :marshal, this gives any logged-in user a deterministic Marshal-d…
CWE: CWE-502, CWE-798, CWE-1188, CWE-1392
GitHub-GHSA

CRITICAL
Incus has an arbitrary file write on its client due to trusted image hash
GHSA-f6m5-xw2g-xc4x
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary

An arbitrary file write exists in the Incus client when a malicious image server returns a crafted `Incus-Image-Hash` header. This can lead to arbitrary command execution as root on the server.

### Details

– `cmd/incusd/images.go:611-684` handles `source.type=url` by HEADing the user…

CVE-2026-48769
GitHub-GHSA

CRITICAL
Incus has an argument injection in backup compression algorithm leading to AFW and ACE
GHSA-v6mj-8pf4-hhw4
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary

Improper validation of user-provided backup compression algorithm leads to argument injection in the constructed command line. This leads to an arbitrary file write on the host, possibly leading to arbitrary command execution.

### Details

Incus validates `compression_algorithm` by pa…

CVE-2026-48755
GitHub-GHSA

CRITICAL
Incus has an arbitrary file write via path traversal in S3 multipart upload
GHSA-ccjc-4qc3-jxqc
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
## Summary

The S3 protocol upload endpoint is vulnerable to path traversal and allows creation of arbitrary files on the host. This behavior could lead to arbitrary command execution.

In `internal/server/storage/s3/local/multipart.go`, user-controlled upload ID is appended to the uploads directory…

CVE-2026-48753
GitHub-GHSA

CRITICAL
Incus has arbitrary file read+write on host via templates/ symlink in malicious image
GHSA-vxp5-584q-c479
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary

A specially crafted image or instance backup can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution.

### Details

For container images, `internal/server/storage/utils.go` calls `archive.Unpack(imageFile, destPath, …)`. The ta…

CVE-2026-48752
GitHub-GHSA

CRITICAL
Incus has a restricted project bypass leading to arbitrary command execution
GHSA-48q5-w887-33wv
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary

Instance snapshots ignore the `restricted.containers.lowlevel=block` setting; allowing for arbitrary command execution on the Incus server by abusing lowlevel hooks such as `raw.lxc` and `raw.qemu`.

### Details

Instance snapshots ignore the `restricted.containers.lowlevel=block` sett…

CVE-2026-48751
GitHub-GHSA

CRITICAL
Incus has an arbitrary file write on host via `exec-output` symlink in crafted image
GHSA-73hr-m85f-64v9
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary

The `record-output` parameter of the `/instances/$name/exec` endpoint stores the output of the command in the `exec-output` directory of the instance. If `exec-output` is a symlink, file named `exec_UUID.stdout` and `exec_UUID.stderr` can be written to an arbitrary location where the `.…

CVE-2026-48750
GitHub-GHSA

CRITICAL
Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image
GHSA-2q3f-q5pq-g8wv
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary

A specially crafted image can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution.

### Details

Incus validates an image as soon as it sees a normal `metadata.yaml` and a `rootfs/` entry, but full extraction can later process a …

CVE-2026-48749
GitHub-GHSA

CRITICAL
Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise
GHSA-v2wp-frmc-5q3v
pkg: lemur
eco: pip
published: Jun 25, 2026
<!– obsidian –><h1 data-heading="Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acme_url SSRF and creator-equality IDOR">Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acme_url SSR…
CVE-2026-55166
NVD

CRITICAL
CVE-2026-55454
CVE-2026-55454
pkg: appsmith appsmith

published: Jun 24, 2026

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by docker-co…
CWE: CWE-749, CWE-1188
NVD

CRITICAL
CVE-2026-54305
CVE-2026-54305
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticate…
CWE: CWE-200, CWE-284
NVD

CRITICAL
CVE-2026-44791
CVE-2026-44791
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulne…
CWE: CWE-1321
NVD

CRITICAL
CVE-2026-44789
CVE-2026-44789
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques thi…
CWE: CWE-1321
GitHub-GHSA

CRITICAL
Gogs vulnerable to RCE via git rebase –exec argument injection in pull request merge
GHSA-qf6p-p7ww-cwr9
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
# Gogs: RCE via `git rebase –exec` Argument Injection in PR Merge

## Summary

Gogs allows authenticated users to achieve Remote Code Execution (RCE) on the server by creating a pull request with a specially crafted branch name that injects the `–exec` flag into the `git rebase` command during the…

CVE-2026-52806
NVD

CRITICAL
CVE-2026-54310
CVE-2026-54310
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the con…
CWE: CWE-89
GitHub-GHSA

CRITICAL
xwiki-pro-macros has remote code execution from page title and content via excerpt-include macro
GHSA-w56x-9778-rppx
pkg: com.xwiki.pro:xwiki-pro-macros
eco: maven
published: Jun 22, 2026
### Summary
The excerpt-include macro does not properly escape the title of the included page and executes the content of the excerpt with the macro's rights. Therefore, it is vulnerable to XWiki syntax injection via the included page's title and content, allowing remote code execution for any user …
CVE-2026-44179
GitHub-GHSA

CRITICAL
Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder
GHSA-44hj-4m45-frj3
pkg: fluentd
eco: rubygems
published: Jun 26, 2026
Fluentd allows dynamically constructing file paths using the `${tag}` placeholder.
It was discovered that validation for this placeholder was insufficient.

If a Fluentd instance is configured to receive logs from untrusted sources and uses the `${tag}` placeholder in file configurations (such as th…

CVE-2026-44024
NVD

CRITICAL
CVE-2026-0685
CVE-2026-0685
pkg: express

published: Jun 26, 2026

Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
NVD

CRITICAL
CVE-2026-48930
CVE-2026-48930
pkg: nodejs node.js

published: Jun 26, 2026

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.

This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

CWE: CWE-284
NVD

CRITICAL
CVE-2026-7531
CVE-2026-7531
pkg: wolfssl wolfssl

published: Jun 25, 2026

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.
CWE: CWE-416
NVD

CRITICAL
CVE-2026-52955
CVE-2026-52955
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix potential out-of-bounds access in crush_decode()

A message of type CEPH_MSG_OSD_MAP containing a crush map with at least
one bucket has two fields holding the bucket algorithm. If the values
in these two fields differ…

NVD

CRITICAL
CVE-2026-56121
CVE-2026-56121
pkg: python

published: Jun 24, 2026

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from ba…
CWE: CWE-502
NVD

CRITICAL
CVE-2026-52931
CVE-2026-52931
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: tp_meter: avoid use of uninit sender vars

batadv_tp_recv_ack() and batadv_tp_stop() are only valid for tp_vars in the
BATADV_TP_SENDER role. When called with a BATADV_TP_RECEIVER role, it
proceeds to read sender-only m…

NVD

CRITICAL
CVE-2026-52924
CVE-2026-52924
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

sctp: purge outqueue on stale COOKIE-ECHO handling

sctp_stream_update() is only invoked when the association is moved into
COOKIE_WAIT during association setup/reconfiguration. In this path, the
outbound stream scheduler state (st…

NVD

CRITICAL
CVE-2026-52914
CVE-2026-52914
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: fix fragment reassembly length accounting

batman-adv keeps a running payload length for queued fragments and uses it
to validate a fragment chain before reassembly.

That accounting currently allows the accumulated fra…

NVD

CRITICAL
CVE-2026-53753
CVE-2026-53753
pkg: python

published: Jun 23, 2026

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (gi_frame, f_back, f_builtins) d…
CWE: CWE-94, CWE-913
GitHub-GHSA

CRITICAL
motionEye: LFI → pass‑the‑hash admin → unsafe restore → unauth action exec (RCE)
GHSA-qxvg-h7q2-hcxh
pkg: motioneye
eco: pip
published: Jun 23, 2026
## Summary
A multi‑stage chain in motionEye leads to remote code execution. The chain combines:

1. **Arbitrary file read (LFI)** via the picture download endpoint for **local motion cameras** using absolute paths.
2. **Pass‑the‑hash admin auth** due to accepting request signatures computed wi…

NVD

CRITICAL
CVE-2026-56315
CVE-2026-56315
pkg: python

published: Jun 23, 2026

picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocke…
CWE: CWE-184
NVD

CRITICAL
CVE-2026-12866
CVE-2026-12866
pkg: express

published: Jun 23, 2026

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into …
CWE: CWE-94, CWE-94
NVD

CRITICAL
CVE-2026-33646
CVE-2026-33646
pkg: python

published: Jun 26, 2026

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not su…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-13032
CVE-2026-13032
pkg: google chrome, google android

published: Jun 24, 2026

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-13028
CVE-2026-13028
pkg: google chrome, google android

published: Jun 24, 2026

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-11807
CVE-2026-11807
pkg: oauth

published: Jun 23, 2026

A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive pla…
CWE: CWE-862, CWE-862
NVD

CRITICAL
CVE-2026-55447
CVE-2026-55447
pkg: langflow langflow

published: Jun 23, 2026

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to the …
CWE: CWE-61, CWE-200
NVD

CRITICAL
CVE-2026-48519
CVE-2026-48519
pkg: langflow langflow

published: Jun 23, 2026

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessin…
CWE: CWE-94
GitHub-GHSA

CRITICAL
Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload
GHSA-w7mq-r738-x278
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Summary

`POST /api/pwa/process-zip` at `packages/server/src/api/routes/static.ts:24` accepts a builder-uploaded `.zip`, extracts it with `extract-zip@2.0.1` into a temp directory, then for each entry listed in `icons.json` validates the icon path, opens it, and streams the bytes into MinIO. The …

CVE-2026-54352
GitHub-GHSA

CRITICAL
Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)
GHSA-fjj5-v948-whjj
pkg: mise
eco: rust
published: Jun 22, 2026
## Summary

Mise processes `.tool-versions` files through the Tera template engine during parsing, with the `exec()` function registered, enabling arbitrary command execution. Unlike `.mise.toml` files, `.tool-versions` files are **not subject to trust verification** in non-paranoid mode. This means…

CVE-2026-33646
GitHub-GHSA

CRITICAL
OpenAM has pre-auth Reflected XSS in OAuth2 / OIDC response_mode=form_post via state parameter (FormPostResponse.ftl)
GHSA-fq9h-c788-fx73
pkg: org.openidentityplatform.openam:openam-oauth2
eco: maven
published: Jun 22, 2026
### Summary

The OAuth 2.0 / OpenID Connect authorization endpoint does not sufficiently sanitize certain user-supplied parameters before incorporating them into the HTML response generated for the `form_post` response mode. This may allow an attacker to inject content into the rendered page in the …

CVE-2026-44203
GitHub-GHSA

CRITICAL
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
GHSA-5c25-7vpj-9mqh
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
### Summary
`fallbackToFrontend` in the dashboard's `NoRoute` handler treats any URL whose **raw string** starts with `/dashboard` as an admin-frontend asset request. The check uses `strings.HasPrefix`, not a path-segment match, so the input `/dashboard../data/config.yaml` is accepted; `strings.Trim…
CVE-2026-53519
GitHub-GHSA

CRITICAL
golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status
GHSA-5cgq-3rg8-m6cv
pkg: golang.org/x/crypto/ssh/knownhosts
eco: go
published: Jun 25, 2026
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
CVE-2026-42508
GitHub-GHSA

CRITICAL
golang.org/x/crypto/ssh vulnerable to infinite loop on large channel writes
GHSA-rm3j-f69w-wqmq
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.
CVE-2026-39834
GitHub-GHSA

CRITICAL
golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed
GHSA-89gr-r52h-f8rx
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, …
CVE-2026-39831
GitHub-GHSA

CRITICAL
golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses
GHSA-vgwf-h737-ff37
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
CVE-2026-39830
GitHub-GHSA

CRITICAL
golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys
GHSA-f5wc-c3c7-36mc
pkg: golang.org/x/crypto/ssh/agent
eco: go
published: Jun 25, 2026
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all cons…
CVE-2026-39832
GitHub-GHSA

CRITICAL
golang.org/x/crypto/ssh/agent doesn't enforce invoking key constraints
GHSA-jppx-rxg9-jmrx
pkg: golang.org/x/crypto/ssh/agent
eco: go
published: Jun 25, 2026
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsuppo…
CVE-2026-39833
GitHub-GHSA

CRITICAL
i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string
GHSA-2933-q333-qg83
pkg: i18next-fs-backend
eco: npm
published: Jun 25, 2026
### Impact

`i18next-fs-backend` ≤ 2.6.5, when used to persist missing translation keys (e.g. via `i18next-http-middleware`'s `missingKeyHandler` exposed to untrusted input), is vulnerable to prototype pollution via crafted missing-key strings.

`Backend.writeFile()` splits each queued missing-key…

CVE-2026-48713
GitHub-GHSA

CRITICAL
i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names
GHSA-f49m-vf83-692w
pkg: i18next-http-middleware
eco: npm
published: Jun 25, 2026
### Impact

`i18next-http-middleware` ≤ 3.9.6's `missingKeyHandler` blocked the literal request-body keys `__proto__`, `constructor`, and `prototype` (added in 3.9.3, see GHSA-5fgg-jcpf-8jjw), but did not reject dotted variants such as `"__proto__.polluted"`. Downstream backends that split the mis…

CVE-2026-48714
NVD

CRITICAL
CVE-2026-45689
CVE-2026-45689
pkg: oauth

published: Jun 24, 2026

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with Mongo…
CWE: CWE-943
GitHub-GHSA

CRITICAL
scimPatch vulnerable to prototype pollution via unfiltered keys in patch
GHSA-9m6g-wc8r-q59c
pkg: scim-patch
eco: npm
published: Jun 22, 2026
## Summary

`scim-patch` performs prototype pollution when applying a SCIM PATCH operation whose `value` object contains a key like `"__proto__.someProp"`. After one such patch,
`Object.prototype.someProp` is set process-wide, affecting every plain object in the Node process.

Any service that calls…

CVE-2026-48170
NVD

CRITICAL
CVE-2026-12628
CVE-2026-12628
pkg: ibm storage_protect

published: Jun 22, 2026

IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a …
CWE: CWE-798
NVD

CRITICAL
CVE-2026-54636
CVE-2026-54636
pkg: dokku dokku

published: Jun 26, 2026

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters – including, but not limited to, > or ; – can break out of the Docker container and exe…
CWE: CWE-78
NVD

CRITICAL
CVE-2026-45408
CVE-2026-45408
pkg: dokku dokku

published: Jun 26, 2026

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc (<<…
CWE: CWE-78
NVD

CRITICAL
CVE-2026-45406
CVE-2026-45406
pkg: dokku dokku

published: Jun 26, 2026

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename containin…
CWE: CWE-95
NVD

CRITICAL
CVE-2026-45405
CVE-2026-45405
pkg: dokku dokku

published: Jun 26, 2026

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent e…
CWE: CWE-59
NVD

CRITICAL
CVE-2026-12249
CVE-2026-12249
pkg: tls

published: Jun 22, 2026

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py), ADSys utilizes a plai…
CWE: CWE-348
GitHub-GHSA

CRITICAL
semantic-router exposed to compromised litellm wheel (CVE-2026-42208) via unbounded transitive pin
GHSA-98×5-vq43-vc5p
pkg: semantic-router
eco: pip
published: Jun 26, 2026
## Impact
semantic-router versions 0.1.8 through 0.1.14 declare `litellm>=1.61.3` with no upper bound. During the window in which `litellm==1.82.8` was the latest release on PyPI, a fresh install of any affected semantic-router version could resolve to that compromised wheel.

The malicious `litellm…

GitHub-GHSA

CRITICAL
Backpropagate: backprop ui –auth and backprop ui –share do not enforce authentication
GHSA-f65r-h4g3-3h9h
pkg: backpropagate, @mcptoolshop/backpropagate
eco: npm
published: Jun 26, 2026
## Summary

In `backpropagate >= 1.1.0`, the optional Reflex web UI (`pip install backpropagate[ui]`, launched via `backprop ui`) exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push.

The CLI accepts two op…

CVE-2026-48797
GitHub-GHSA

CRITICAL
OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints
GHSA-p462-xxwx-pqf4
pkg: org.openidentityplatform.openam:openam-federation-library
eco: maven
published: Jun 24, 2026
## Summary

**Description**

An Improper Authorization (CWE-285) issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm Discovery branch. This i…

CVE-2026-45052
GitHub-GHSA

CRITICAL
OpenAM: Pre-auth RCE via Java Deserialization in WebAuthn Authenticator Storage
GHSA-6c99-87fr-6q7r
pkg: org.openidentityplatform.openam:openam-auth-webauthn
eco: maven
published: Jun 24, 2026
## Summary

**Description**

A deserialization of untrusted data vulnerability (CWE-502) exists in OpenAM's WebAuthn authentication module. Under certain conditions, this may allow an attacker to achieve arbitrary code execution in the context of the application server. This affects OpenAM Community…

CVE-2026-45051
GitHub-GHSA

CRITICAL
motionEye Partial Authentication Bypass: Unauthenticated Admin Credential Theft via Path Traversal
GHSA-phv5-334h-mxcw
pkg: motioneye
eco: pip
published: Jun 23, 2026
# Partial Authentication Bypass: Unauthenticated Admin Credential Theft via Path Traversal

### Summary

Myself and others have reported several RCE vulnerabilities to this project. However, due to the nature of the app, these are largely not of all that much value, as there is built-in functionalit…

GitHub-GHSA

CRITICAL
Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym
GHSA-89mr-xqfv-758m
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
Summary

`(*Repository).UploadRepoFiles` checks for symlinks only on the **leaf** of the upload target (`osx.IsSymlink(targetPath)`). The siblings `UpdateRepoFile`, `DeleteRepoFile`, and `GetDiffPreview` use `hasSymlinkInPath`, which lstats every component — `UploadRepoFiles` is the lone outlier. …

CVE-2026-52811
GitHub-GHSA

CRITICAL
OpenDJ Pre-Auth RCE via Java Deserialization in JMX RMI
GHSA-43×2-g84q-fmqx
pkg: org.openidentityplatform.opendj:opendj-server-legacy
eco: maven
published: Jun 22, 2026
## Summary

**Description**

A Deserialization of Untrusted Data (CWE-502) issue in OpenDJ's JMX RMI connector allows an unauthenticated remote attacker to deserialize arbitrary Java objects on the server. The vulnerability exists because the platform reads and processes attacker-controlled bytes pr…

CVE-2026-46495
GitHub-GHSA

CRITICAL
motionEye: Authentication possible via password hash
GHSA-r3cw-c95m-wfh9
pkg: motioneye
eco: pip
published: Jun 22, 2026
### Summary
An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to…
CVE-2026-46488
GitHub-GHSA

HIGH
Gogs has Stored XSS in `.ipynb` Preview
GHSA-jq8v-rmf6-65jw
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
# Summary

Although `.ipynb` previews are sanitized on the server side via `/-/api/sanitize_ipynb`, the inserted content is **re-rendered on the client side without sanitization** using `marked()` on elements with the `.nb-markdown-cell` class. During this process, links containing schemes such as `…

CVE-2026-52798
GitHub-GHSA

HIGH
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes
GHSA-w466-c33r-3gjp
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
<!– maintainer-action:start –>
## Maintainer Action Plan

This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.

– Advisory: `CAND-PNPM-063` / `GHSA…

CVE-2026-55698
GitHub-GHSA

HIGH
pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement
GHSA-hwx4-2j3j-g496
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary

pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can cause `pnpm install – ignore-scripts` to replace…

CVE-2026-50016
GitHub-GHSA

HIGH
Nebula Mesh: Web UI lacks ownership checks, enabling cross-operator access to hosts and networks (read, block, delete)
GHSA-c6v2-3ffm-vcmc
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 26, 2026
## Summary

The web UI (`/ui/*`) does not apply the per-operator CA scoping the JSON API received for GHSA-598g-h2vc-h5vg. Any authenticated non-admin operator (for example, one created via self-registration or OIDC) can access resources belonging to other operators.

## Impact

A non-admin operator…

CVE-2026-49258
NVD

HIGH
CVE-2026-56767
CVE-2026-56767
pkg: oauth

published: Jun 25, 2026

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute ot…
CWE: CWE-862
GitHub-GHSA

HIGH
Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission
GHSA-qcqw-jwxc-2hqg
pkg: lemur
eco: pip
published: Jun 25, 2026
## Summary

`StrictRolePermission` and `AuthorityCreatorPermission` in `lemur/auth/permissions.py` call `flask_principal.Permission.__init__()` with zero `Need`s when their config flags are unset. Both flags defaulted to `False` in code prior to the fix, so this was the state of any Lemur install th…

CVE-2026-48508
NVD

HIGH
CVE-2026-9155
CVE-2026-9155
pkg: gnu sed, linux linux_kernel

published: Jun 25, 2026

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.
CWE: CWE-78
NVD

HIGH
CVE-2026-13038
CVE-2026-13038
pkg: google chrome, microsoft windows

published: Jun 24, 2026

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-13036
CVE-2026-13036
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416, CWE-416
NVD

HIGH
CVE-2026-13035
CVE-2026-13035
pkg: google chrome, apple macos

published: Jun 24, 2026

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-13033
CVE-2026-13033
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-125, CWE-125, CWE-787
NVD

HIGH
CVE-2026-13031
CVE-2026-13031
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-13027
CVE-2026-13027
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-13026
CVE-2026-13026
pkg: google chrome, apple macos

published: Jun 24, 2026

Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-52952
CVE-2026-52952
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset

In __iommu_group_set_domain_internal(), concurrent domain attachments are
rejected when any device in the group is recovering. This is necessary to
fence concurr…

NVD

HIGH
CVE-2026-52934
CVE-2026-52934
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: tvlv: reject oversized TVLV packets

batadv_tvlv_container_ogm_append() builds a TVLV packet section from
the tvlv.container_list. The total size of this section is computed by
batadv_tvlv_container_list_size(), which s…

NVD

HIGH
CVE-2026-52918
CVE-2026-52918
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: serialize accept_q access

bt_sock_poll() walks the accept queue without synchronization, while
child teardown can unlink the same socket and drop its last reference.
The unsynchronized accept queue walk has existed sinc…

NVD

HIGH
CVE-2026-54639
CVE-2026-54639
pkg: node

published: Jun 24, 2026

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire…
CWE: CWE-1321
NVD

HIGH
CVE-2026-56115
CVE-2026-56115
pkg: dhcpcd_project dhcpcd

published: Jun 23, 2026

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fai…
CWE: CWE-862
NVD

HIGH
CVE-2026-44790
CVE-2026-44790
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading …
CWE: CWE-88
GitHub-GHSA

HIGH
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
GHSA-pwx3-qcgw-vh7h
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary

In **Gogs 0.14.1**, organization team member management can be performed via **GET requests without CSRF protection**.
If a victim who is an **organization owner** is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be added to the **Owners** team. A…

CVE-2026-52800
NVD

HIGH
CVE-2026-54232
CVE-2026-54232
pkg: vllm vllm

published: Jun 22, 2026

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using –extra-index-url, but the p…
CWE: CWE-427
NVD

HIGH
CVE-2026-49241
CVE-2026-49241
pkg: angular angular_language_service

published: Jun 22, 2026

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace configurations (.vsco…
CWE: CWE-79, CWE-94, CWE-427, CWE-494
NVD

HIGH
CVE-2026-56425
CVE-2026-56425
pkg: misp-project misp

published: Jun 22, 2026

The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol.

The application used the PHP session identifier (session_id()) as the OAuth …

CWE: CWE-384
NVD

HIGH
CVE-2026-54099
CVE-2026-54099
pkg: windows

published: Jun 22, 2026

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A co…
CWE: CWE-269
NVD

HIGH
CVE-2026-55069
CVE-2026-55069
pkg: kubernetes

published: Jun 26, 2026

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computation s…
CWE: CWE-916
GitHub-GHSA

HIGH
Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft
GHSA-g2f5-gjr4-qjvm
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
# Migration URL validation bypass via HTTP redirect to blocked internal endpoints

## Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but `git clone –mirror` follows HT…

CVE-2026-52805
NVD

HIGH
CVE-2026-55441
CVE-2026-55441
pkg: python

published: Jun 26, 2026

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (mise-tasks/, .mise/t…
CWE: CWE-78, CWE-94, CWE-732
NVD

HIGH
CVE-2026-54762
CVE-2026-54762
pkg: traefik traefik

published: Jun 23, 2026

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.in…
CWE: CWE-636, CWE-693
NVD

HIGH
CVE-2026-53755
CVE-2026-53755
pkg: docker

published: Jun 23, 2026

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it,…
CWE: CWE-918
GitHub-GHSA

HIGH
Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository
GHSA-77g9-363w-rccq
pkg: mise
eco: rust
published: Jun 23, 2026
### Summary

mise's trust feature gates config files (`mise.toml`, `.tool-versions`) through `trust_check`, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (`mise-tasks/`, `.mise/tasks/`, …) but no config file, mise falls back to the defau…

CVE-2026-55441
NVD

HIGH
CVE-2026-55602
CVE-2026-55602
pkg: chimurai http-proxy-middleware

published: Jun 22, 2026

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request met…
CWE: CWE-20, CWE-187
NVD

HIGH
CVE-2026-54008
CVE-2026-54008
pkg: openwebui open_webui

published: Jun 23, 2026

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::_process_picture_url calls validate_url(picture_url) on the initial URL only, then invokes aiohttp.ClientSession.get(picture_url, …) without allow_r…
CWE: CWE-918
GitHub-GHSA

HIGH
OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC
GHSA-vvhj-w2jq-263q
pkg: org.openidentityplatform.openam:openam-core
eco: maven
published: Jun 23, 2026
## Summary

Description

An insufficient authorization (CWE-285) and information exposure (CWE-200) issue in OpenAM's session management endpoint allows a low-privileged authenticated user to retrieve active session credentials belonging to other users, including those with higher privileges. This a…

CVE-2026-45048
NVD

HIGH
CVE-2026-49444
CVE-2026-49444
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability …
CWE: CWE-20
NVD

HIGH
CVE-2026-54312
CVE-2026-54312
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype process-wid…
CWE: CWE-1321
GitHub-GHSA

HIGH
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation
GHSA-gfq7-5x4g-3xhf
pkg: @budibase/backend-core
eco: npm
published: Jun 22, 2026
Summary

Authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding.

The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connection later performs a separate DNS lookup through node-fetc…

CVE-2026-54353
GitHub-GHSA

HIGH
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
GHSA-4q6h-8p4v-67vq
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Summary

`fetchToken` in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the `blacklist.isBlacklisted` check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no scheme or host restriction. Alice, a builder, poin…

CVE-2026-48153
GitHub-GHSA

HIGH
Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types
GHSA-c8q4-9h32-2ww8
pkg: io.spinnaker.rosco:rosco-core, io.spinnaker.orca:orca-core, io.spinnaker.rosco:rosco-core
eco: maven
published: Jun 22, 2026
### Impact
There's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing:
* CloudFormation deployments
* CloudFoundry Baking

The usage of a non-safe constructor use allows arbitrary loading of Java classes leading to RCE.

### Patches
2…

CVE-2026-44795
NVD

HIGH
CVE-2026-47267
CVE-2026-47267
pkg: go

published: Jun 24, 2026

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This vulnerability is …
CWE: CWE-918
NVD

HIGH
CVE-2026-13025
CVE-2026-13025
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-52920
CVE-2026-52920
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_policy: fix strict mode inbound policy matching

match_policy_in() walks sec_path entries from the last transform to the
first one, but strict policy matching needs to consume info->pol[] in
the same forward order as …

GitHub-GHSA

HIGH
OpenAM Unauthenticated Session Hijacking via Information Exposure in CDCServlet
GHSA-r9pv-5rpp-vm8g
pkg: org.openidentityplatform.openam:openam-federation
eco: maven
published: Jun 23, 2026
## Summary

**Description**

An Information Exposure Through Sent Data (CWE-201) issue in OpenAM's Cross-Domain Single Sign-On (CDSSO) servlet allows a logged-in user's raw OpenAM session token to be POSTed to an attacker-controlled URL. This impacts OpenAM Community Edition through version 16.0.6. …

CVE-2026-45049
NVD

HIGH
CVE-2026-50574
CVE-2026-50574
pkg: yt-dlp_project yt-dlp

published: Jun 23, 2026

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream), yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windo…
CWE: CWE-74
GitHub-GHSA

HIGH
@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens
GHSA-cq9c-6w48-qmfg
pkg: @actual-app/sync-server
eco: npm
published: Jun 22, 2026
### Summary

In OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity. Existing Actual session tokens for the disabled user remain valid, so the user can continue calling authenticated server endpoints after an administrator has disabled the account.

### Details…

CVE-2026-49229
NVD

HIGH
CVE-2026-54100
CVE-2026-54100
pkg: windows

published: Jun 22, 2026

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WI…
CWE: CWE-295
GitHub-GHSA

HIGH
pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config
GHSA-qrv3-253h-g69c
pkg: pnpm, pnpm
eco: npm
published: Jun 27, 2026
## Summary

`pnpm` accepts package names from the env lockfile `configDependencies` section and uses those names directly when creating config dependency symlinks under `node_modules/.pnpm-config`.

A malicious repository can commit a crafted `pnpm-lock.yaml` whose env-lockfile document contains a t…

NVD

HIGH
CVE-2026-52783
CVE-2026-52783
pkg: oauth

published: Jun 26, 2026

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth access_token plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, repopulated continuously by an…
CWE: CWE-313
GitHub-GHSA

HIGH
Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing
GHSA-4c8j-mgm4-qqvp
pkg: github.com/umputun/remark42
eco: go
published: Jun 26, 2026
### Summary
The remark42 image proxy fetches an arbitrary remote URL and re-serves the response from remark42's own origin. The download path decides whether the fetched resource is an image by looking only at the `Content-Type` header the remote server claims — it never inspects the actual bytes.…
CVE-2026-48788
NVD

HIGH
CVE-2026-53268
CVE-2026-53268
pkg: tls

published: Jun 25, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack_irc: fix possible out-of-bounds read

When parsing fails after we've matched the command string we
should bail out instead of trying to match a different command.

This helper should be deprecated, given preval…

NVD

HIGH
CVE-2026-56351
CVE-2026-56351
pkg: n8n n8n

published: Jun 24, 2026

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply speciall…
CWE: CWE-89
GitHub-GHSA

HIGH
Algernon: Host header path traversal in –domain mode reads files and runs Lua from parent dir
GHSA-jc3j-x6pg-4hmv
pkg: github.com/xyproto/algernon
eco: go
published: Jun 23, 2026
### Summary

When algernon is started with `–domain` (or `–letsencrypt`, which silently turns on `–domain` at `engine/flags.go:372`), the request handler resolves the served directory by joining the configured `–dir` with the value of the client-supplied `Host` header. The join is performed by `…

CVE-2026-48126
GitHub-GHSA

HIGH
Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
GHSA-rgvg-3wpc-h44p
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Summary

The webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in `externalTrigger()` allows an attacker to overwrite the internal `appId` property by including it in the webhook …

CVE-2026-54351
GitHub-GHSA

HIGH
gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host
GHSA-4gxv-p5g5-j7w7
pkg: go.senan.xyz/gonic
eco: go
published: Jun 26, 2026
## Summary

A logic error in `ServeCreateOrUpdatePlaylist` allows **any authenticated Subsonic user** (including non-admin) to write playlist M3U content to an attacker-controlled absolute filesystem path on the gonic host, and to create intermediate directories with `0o777` permissions.

The bug is…

CVE-2026-49340
GitHub-GHSA

HIGH
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call
GHSA-2r68-g678-7qr3
pkg: mcp-memory-service
eco: pip
published: Jun 26, 2026
## Summary

The HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only OAuth client can call `store_memory` and `delete_memory` through MCP even though the corresponding REST e…

CVE-2026-49291
NVD

HIGH
CVE-2026-11800
CVE-2026-11800
pkg: jwt

published: Jun 25, 2026

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to im…
CWE: CWE-347
NVD

HIGH
CVE-2025-71340
CVE-2025-71340
pkg: python

published: Jun 25, 2026

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attack…
CWE: CWE-502
GitHub-GHSA

HIGH
jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
GHSA-rmj7-2vxq-3g9f
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
`BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray()` allowlists any array type based only on `clazz.isArray()`, without validating the array's component (element) type against the configured allowlist. A PTV built with `allowIfSubTypeIsArray()` plus an explicit concrete-type al…
CVE-2026-54513
GitHub-GHSA

HIGH
jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation
GHSA-j3rv-43j4-c7qm
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
`jackson-databind`'s `PolymorphicTypeValidator` (PTV) is the primary safety mechanism guarding polymorphic deserialization. When polymorphic typing is enabled and a type identifier contains generic parameters (i.e. the type ID string contains `<`), `DatabindContext._resolveAndValidateGeneric()` vali…
CVE-2026-54512
NVD

HIGH
CVE-2026-52845
CVE-2026-52845
pkg: caddyserver caddy

published: Jun 23, 2026

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through php_fastcgi, Caddy normalizes HTTP headers int…
CWE: CWE-287, CWE-290, CWE-444
NVD

HIGH
CVE-2026-49402
CVE-2026-49402
pkg: deno deno, microsoft windows

published: Jun 23, 2026

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:child_process implementation provided an escapeShellArg() helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e…
CWE: CWE-78
NVD

HIGH
CVE-2026-45135
CVE-2026-45135
pkg: caddyserver caddy

published: Jun 23, 2026

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaw…
CWE: CWE-20, CWE-176, CWE-178
NVD

HIGH
CVE-2026-45732
CVE-2026-45732
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an …
CWE: CWE-639
GitHub-GHSA

HIGH
Gogs has the ability to import local repositories via Mirror Settings
GHSA-wv27-2vqp-j7g5
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary
The Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function.

### Details
Here is the function implementa…

CVE-2026-52801
NVD

HIGH
CVE-2025-71339
CVE-2025-71339
pkg: python

published: Jun 22, 2026

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation.
CWE: CWE-502
NVD

HIGH
CVE-2026-55388
CVE-2026-55388
pkg: node

published: Jun 22, 2026

piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When …
CWE: CWE-94, CWE-1321
NVD

HIGH
CVE-2026-54030
CVE-2026-54030
pkg: oauth

published: Jun 25, 2026

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata (RFC 9728) matches the configured MCP server URL, allowing a malicious MCP server to s…
CWE: CWE-346
NVD

HIGH
CVE-2026-23879
CVE-2026-23879
pkg: python

published: Jun 24, 2026

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious sy…
CWE: CWE-59
NVD

HIGH
CVE-2026-57456
CVE-2026-57456
pkg: vim vim

published: Jun 25, 2026

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dic…
CWE: CWE-94
NVD

HIGH
CVE-2026-46733
CVE-2026-46733
pkg: windows

published: Jun 25, 2026

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CWE: CWE-284
NVD

HIGH
CVE-2026-53267
CVE-2026-53267
pkg: express

published: Jun 25, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: bail out on template ct in get eval

I noticed this issue while looking at a historic syzbot report [1].

A rule like the one below is enough to trigger the bug:

table ip t {
chain pre {

NVD

HIGH
CVE-2026-53194
CVE-2026-53194
pkg: python

published: Jun 25, 2026

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: kl5kusb105: fix bulk-out buffer overflow

klsi_105_prepare_write_buffer() is called by the generic write path
with the bulk-out buffer and its size (bulk_out_size, 64 bytes). It
stores a two-byte length header at the s…

NVD

HIGH
CVE-2026-13037
CVE-2026-13037
pkg: google chrome, google android

published: Jun 24, 2026

Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-53094
CVE-2026-53094
pkg: go

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix stale offload->prog pointer after constant blinding

When a dev-bound-only BPF program (BPF_F_XDP_DEV_BOUND_ONLY) undergoes
JIT compilation with constant blinding enabled (bpf_jit_harden >= 2),
bpf_jit_blind_constants() cl…

NVD

HIGH
CVE-2026-53090
CVE-2026-53090
pkg: go

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix ld_{abs,ind} failure path analysis in subprogs

Usage of ld_{abs,ind} instructions got extended into subprogs some time
ago via commit 09b28d76eac4 ("bpf: Add abnormal return checks."). These
are only allowed in subprogram…

NVD

HIGH
CVE-2026-52975
CVE-2026-52975
pkg: go

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

bonding: 3ad: implement proper RCU rules for port->aggregator

syzbot found a data-race in bond_3ad_get_active_agg_info /
bond_3ad_state_machine_handler [1] which hints at lack of proper
RCU implementation.

Add __rcu qualifier to …

NVD

HIGH
CVE-2026-52951
CVE-2026-52951
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/dma-buf: handle empty bo and UAF races

There look to be some nasty races here when triggering the
invalidate_mappings hook:

1) We do xe_bo_alloc() followed by the attach, before the actual full bo
init step in xe_dma_bu…

NVD

HIGH
CVE-2026-52950
CVE-2026-52950
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/dma-buf: fix UAF with retry loop

Retry doesn't work here, since bo will be freed on error, leading to
UAF. However, now that we do the alloc & init before the attach, we can
now combine this as one unit and have the init do…

NVD

HIGH
CVE-2026-52947
CVE-2026-52947
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove

In qrtr_port_remove(), the socket reference count is decremented via
__sock_put() before the port is removed from the qrtr_ports XArray and
before the RCU gr…

NVD

HIGH
CVE-2026-52943
CVE-2026-52943
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

net: skbuff: fix missing zerocopy reference in pskb_carve helpers

pskb_carve_inside_header() and pskb_carve_inside_nonlinear() both copy
the old skb_shared_info header into a new buffer via memcpy(), which
includes the destructor_…

NVD

HIGH
CVE-2026-52935
CVE-2026-52935
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

xfrm: espintcp: do not reuse an in-progress partial send

espintcp keeps a single in-flight transmit in ctx->partial.
Before building a new sk_msg, espintcp_sendmsg() first tries to flush
that state through espintcp_push_msgs().

F…

NVD

HIGH
CVE-2026-52933
CVE-2026-52933
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

io_uring/poll: fix signed comparison in io_poll_get_ownership()

io_poll_get_ownership() uses a signed comparison to check whether
poll_refs has reached the threshold for the slowpath:

if (unlikely(atomic_read(&req->poll_refs)…

NVD

HIGH
CVE-2026-52927
CVE-2026-52927
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ebtables: fix OOB read in compat_mtw_from_user

Luxiao Xu says:

The function compat_mtw_from_user() converts ebtables extensions from
32-bit user structures to kernel native structures. However, it lacks
proper valid…

NVD

HIGH
CVE-2026-52923
CVE-2026-52923
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

ipc: limit next_id allocation to the valid ID range

The checkpoint/restore sysctl path can request the next SysV IPC id
through ids->next_id. ipc_idr_alloc() currently forwards that request to
idr_alloc() with an open-ended upper…

NVD

HIGH
CVE-2026-52919
CVE-2026-52919
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: fix tp_meter counter underflow during shutdown

batadv_tp_sender_shutdown() unconditionally decrements the "sending"
atomic counter. If multiple paths (e.g. timeout, user cancel, and
normal finish) call this function, t…

NVD

HIGH
CVE-2026-52912
CVE-2026-52912
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_queue: hold bridge skb->dev while queued

br_pass_frame_up() rewrites skb->dev from the ingress port to the bridge
master before queueing bridge LOCAL_IN packets. NFQUEUE only holds
references on state.in/out and brid…

GitHub-GHSA

HIGH
Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration
GHSA-3vwc-qwhc-3mj7
pkg: glances
eco: pip
published: Jun 23, 2026
### Summary

The `secure_popen()` function in `glances/secure.py` interprets `>` (file redirection), `|` (pipe), and `&&` (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command.

When Application …

CVE-2026-53925
GitHub-GHSA

HIGH
Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution
GHSA-9837-48hr-q32j
pkg: glances
eco: pip
published: Jun 22, 2026
### Summary

`glances/outdated.py` uses `pickle.load()` to read a version-check cache file stored at a predictable, world-accessible path (`~/.cache/glances/glances-version.db` or `$XDG_CACHE_HOME/glances/glances-version.db`). No integrity check, signature verification, or format validation is perfo…

CVE-2026-46607
GitHub-GHSA

HIGH
Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py
GHSA-v5r2-qh84-fjx5
pkg: glances
eco: pip
published: Jun 22, 2026
### Summary

The Glances KVM/QEMU monitoring engine (`glances/plugins/vms/engines/virsh.py`) passes VM domain names, read directly from `virsh list –all` output, into f-string command templates that are processed by `secure_popen()`. `secure_popen()` is explicitly designed to interpret `&&`, `|`, a…

CVE-2026-46606
NVD

HIGH
CVE-2026-49984
CVE-2026-49984
pkg: windows

published: Jun 26, 2026

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past th…
CWE: CWE-22, CWE-180, CWE-200
NVD

HIGH
CVE-2026-8665
CVE-2026-8665
pkg: express

published: Jun 25, 2026

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.
CWE: CWE-78
NVD

HIGH
CVE-2026-8592
CVE-2026-8592
pkg: express

published: Jun 25, 2026

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.
CWE: CWE-78
NVD

HIGH
CVE-2026-33235
CVE-2026-33235
pkg: express

published: Jun 24, 2026

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service (DoS) attack. While the backend implements a SandboxedEnvironment to prevent unaut…
CWE: CWE-400
NVD

HIGH
CVE-2026-54699
CVE-2026-54699
pkg: windows

published: Jun 24, 2026

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows comm…
CWE: CWE-78, CWE-116
NVD

HIGH
CVE-2026-54018
CVE-2026-54018
pkg: openwebui open_webui

published: Jun 23, 2026

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on…
CWE: CWE-918
NVD

HIGH
CVE-2026-54304
CVE-2026-54304
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operat…
CWE: CWE-200
NVD

HIGH
CVE-2026-49465
CVE-2026-49465
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push oper…
CWE: CWE-22
NVD

HIGH
CVE-2026-54313
CVE-2026-54313
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintend…
CWE: CWE-89
NVD

HIGH
CVE-2026-54311
CVE-2026-54311
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on t…
CWE: CWE-488
NVD

HIGH
CVE-2026-56268
CVE-2026-56268
pkg: flowiseai flowise

published: Jun 22, 2026

Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted (the default), the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace t…
CWE: CWE-863
GitHub-GHSA

HIGH
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
GHSA-ffm6-vvph-g5f5
pkg: pycti
eco: pip
published: Jun 22, 2026
### Summary
The OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration (allowAbsoluteUrls: true). This allows attackers to craft requests to arbitrary endpoints, including internal services, because Axio…
CVE-2026-21887
NVD

HIGH
CVE-2026-11998
CVE-2026-11998
pkg: express

published: Jun 24, 2026

A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session.

SCE's purpose is to ensure that only trusted or safe values are used in certain sec…

CWE: CWE-791
GitHub-GHSA

HIGH
pnpm: Repository-controlled configDependencies can select a pacquet native install engine
GHSA-gj8w-mvpf-x27x
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
<!– maintainer-action:start –>
## Maintainer Action Plan

This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.

– Advisory: `CAND-PNPM-097` / `GHSA…

CVE-2026-55697
GitHub-GHSA

HIGH
pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle
GHSA-5wx6-mg75-v57r
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary

Keep build approval for opaque dependency sources byte-exact for GHSA-5wx6-mg75-v57r / CAND-PNPM-123.

Merged upstream commit `bf1b731ee6` fixed the original name-only approval bypass by making build policy consume the resolved dependency identity. One collision remained: the generic pee…

CVE-2026-55487
GitHub-GHSA

HIGH
js-toml vulnerable to CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals
GHSA-wp3c-266w-4qfq
pkg: js-toml
eco: npm
published: Jun 26, 2026
## Summary

`js-toml` versions up to and including **1.1.0** parse hexadecimal / octal / binary integer literals via a hand-written `parseBigInt` loop that multiplies a `BigInt` accumulator by the radix once per input digit. Each iteration performs a `BigInt * BigInt` operation on an accumulator tha…

CVE-2026-49293
GitHub-GHSA

HIGH
better-helperjs Vulnerable to Directory Traversal via String Prefix Bypass in Static Server
GHSA-3p34-w4f6-5xh2
pkg: better-helperjs
eco: npm
published: Jun 26, 2026
## Summary
A directory traversal vulnerability exists in the production static file server of `better-helperjs` (`<= 3.0.5`). Attackers can read arbitrary files located in adjacent directory structures that share the same string prefix as the intended static root directory.

## Details
The framework…

GitHub-GHSA

HIGH
Muhammara has a NULL pointer dereference in LZWDecode filter when DecodeParms omits EarlyChange key
GHSA-fhp4-pr5j-46m5
pkg: muhammara
eco: npm
published: Jun 26, 2026
## Summary

A NULL pointer dereference vulnerability exists in `PDFParser::CreateFilterForStream()` when processing a PDF stream with `/Filter /LZWDecode` and a `/DecodeParms` dictionary that does not contain the `EarlyChange` key. This causes an access violation (0xC0000005) and crashes the process…

GitHub-GHSA

HIGH
python-socketio: Binary attachment accumulation can cause denial of service
GHSA-5w7q-77mv-v69f
pkg: python-socketio
eco: pip
published: Jun 26, 2026
### Impact
The python-socketio server stores binary `EVENT` and `ACK` messages in memory while it waits to receive their binary attachments. Once all the attachments are received, these messages are then processed. An attacker can submit a binary message and intentionally omit sending one or more of…
CVE-2026-48804
GitHub-GHSA

HIGH
python-engineio has unbound thread allocation that can cause denial of service
GHSA-cgwc-pv48-fhj5
pkg: python-engineio
eco: pip
published: Jun 26, 2026
### Impact
An attacker can cause the creation of unnecessary background threads in the python-engineio server by exploiting the heartbeat mechanism, which launches a thread when a new connection is received, and when the client sends a PONG packet.

Note: this issue primarily affects synchronous ser…

CVE-2026-48802
GitHub-GHSA

HIGH
python-engineio has possible denial of service due to maximum payload size sometimes not being enforced
GHSA-m9gh-vj53-gvh9
pkg: python-engineio
eco: pip
published: Jun 26, 2026
### Impact
There are two specific configurations of the python-engineio server in which the size of incoming messages is not checked before the messages are loaded into memory. An attacker can take advantage of these to cause unnecessary memory allocations in the python-engineio server. The two case…
CVE-2026-48809
GitHub-GHSA

HIGH
Hysteria: http large header with sniff cause server DoS
GHSA-jqc5-2p7q-fqfc
pkg: github.com/apernet/hysteria
eco: go
published: Jun 26, 2026
### Summary

Sending an excessively large header by an attacker could lead to a server-side DoS attack.

### Details
The current sniff implementation does not explicitly specify the upper limit for HTTP headers. Attackers can continuously send excessively large headers without including \r\n\r\n, le…

GitHub-GHSA

HIGH
Hysteria vulnerable to server crash when max_datagram_frame_size very small
GHSA-qh5x-rfwf-rvfv
pkg: github.com/apernet/hysteria
eco: go
published: Jun 26, 2026
### Summary

An authenticated client can crash the Hysteria server by advertising a very small QUIC `max_datagram_frame_size` and then triggering a UDP response from the server. When the server tries to send the UDP response back via QUIC DATAGRAM, quic-go returns `DatagramTooLargeError`. The server…

GitHub-GHSA

HIGH
Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
GHSA-j9cw-hwqf-85w7
pkg: fluentd
eco: rubygems
published: Jun 26, 2026
Fluentd's `in_http` and `in_forward` plugins support receiving gzip-compressed data.
While Fluentd correctly enforces size limits on the incoming compressed payloads (e.g., via `body_size_limit` or `chunk_size_limit`), it was discovered that there is no limit enforced on the size of the decompressed…
CVE-2026-44160
GitHub-GHSA

HIGH
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
GHSA-pr7j-96cj-549h
pkg: fluentd
eco: rubygems
published: Jun 26, 2026
Fluentd's Monitor Agent plugin (`in_monitor_agent`) exposes internal metrics and plugin information via a REST API.
It was discovered that the API response (`/api/plugins.json` and related endpoints) unintentionally includes internal instance variables of loaded plugins.

If any plugins store sensit…

CVE-2026-44025
NVD

HIGH
CVE-2026-49486
CVE-2026-49486
pkg: apache apache-airflow-providers-ftp

published: Jun 26, 2026

The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using `FTPSHook` or `FTPSFileTransmitOperator` to move files ove…
CWE: CWE-319
GitHub-GHSA

HIGH
golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS
GHSA-w879-237q-wc7r
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key…
CVE-2026-39829
NVD

HIGH
CVE-2026-6331
CVE-2026-6331
pkg: wolfssl wolfssl

published: Jun 25, 2026

HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated ta…
CWE: CWE-347
GitHub-GHSA

HIGH
golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic
GHSA-q4h4-gmj2-qvw2
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
CVE-2026-46597
GitHub-GHSA

HIGH
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop
GHSA-g22q-f7gc-5jhr
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
An incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash.
CVE-2026-53461
GitHub-GHSA

HIGH
ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition
GHSA-q62c-h75r-2xhc
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
A missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition.

## Credit
Aisle Research (Ze Sheng, Dmitrijs Trizna, Luigino Camastra, Guido Vranken)

CVE-2026-53460
GitHub-GHSA

HIGH
ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions
GHSA-8pj9-6897-74xc
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operations.
CVE-2026-49218
GitHub-GHSA

HIGH
Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic
GHSA-47q9-m4ww-924m
pkg: github.com/sigstore/rekor
eco: go
published: Jun 25, 2026
## Description

The `Package.Unmarshal()` function in `pkg/types/alpine/apk.go` decompresses the signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. The existing `max_apk_metadata_size` check (default 1MB) is only applied to individu…

CVE-2026-48702
NVD

HIGH
CVE-2026-55958
CVE-2026-55958
pkg: wolfssl wolfssl

published: Jun 25, 2026

Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1…
CWE: CWE-393, CWE-787, CWE-787
NVD

HIGH
CVE-2026-11310
CVE-2026-11310
pkg: wolfssl wolfssl

published: Jun 25, 2026

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with –enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certific…
CWE: CWE-295
GitHub-GHSA

HIGH
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth
GHSA-vh6j-jc39-fggf
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

`MessagePackReader.TrySkip()` recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses `MessagePackSecurity.MaximumObjectGraphDepth`, the library's documented protection against deeply nested object graph…

CVE-2026-48506
NVD

HIGH
CVE-2026-55961
CVE-2026-55961
pkg: wolfssl wolfssl

published: Jun 25, 2026

wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when …
CWE: CWE-347
NVD

HIGH
CVE-2026-11999
CVE-2026-11999
pkg: wolfssl wolfssl

published: Jun 25, 2026

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with –enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical…
CWE: CWE-295
GitHub-GHSA

HIGH
OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing
GHSA-386j-6m86-78f9
pkg: org.openidentityplatform.openam:openam-radius
eco: maven
published: Jun 25, 2026
## Summary

**Description**

An Improper Verification of Cryptographic Signature (CWE-347) issue in OpenAM's RADIUS authentication module allows an unauthenticated network attacker to spoof an Access-Accept response and obtain an OpenAM session for any RADIUS username, without knowing the configured…

CVE-2026-46560
NVD

HIGH
CVE-2026-54841
CVE-2026-54841
pkg: vite

published: Jun 25, 2026

Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.
CWE: CWE-201
NVD

HIGH
CVE-2026-12490
CVE-2026-12490
pkg: nlnetlabs nsd

published: Jun 25, 2026

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular …
CWE: CWE-284, CWE-306
NVD

HIGH
CVE-2026-12245
CVE-2026-12245
pkg: nlnetlabs nsd

published: Jun 25, 2026

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
CWE: CWE-416
NVD

HIGH
CVE-2026-52794
CVE-2026-52794
pkg: sentry sentry

published: Jun 24, 2026

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportion…
CWE: CWE-1333
NVD

HIGH
CVE-2026-13029
CVE-2026-13029
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-44017
CVE-2026-44017
pkg: docling docling

published: Jun 24, 2026

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise …
CWE: CWE-22
GitHub-GHSA

HIGH
OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination
GHSA-7fq5-7wr8-rjwj
pkg: github.com/OliveTin/OliveTin
eco: go
published: Jun 24, 2026
## Summary

OliveTin's template engine uses a **single shared `text/template.Template` instance** (`tpl` package-level variable in `service/internal/tpl/templates.go`) across all goroutines. Every action execution calls `tpl.Parse(source)` followed by `t.Execute()` on this shared instance with no sy…

CVE-2026-48708
NVD

HIGH
CVE-2026-52974
CVE-2026-52974
pkg: tls

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

net: tls: fix strparser anchor skb leak on offload RX setup failure

When tls_set_device_offload_rx() fails at tls_dev_add(), the error path
calls tls_sw_free_resources_rx() to clean up the SW context that was
initialized by tls_se…

NVD

HIGH
CVE-2026-52957
CVE-2026-52957
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix potential null-ptr-deref in decode_choose_args()

A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself
contains a CRUSH map. When decoding this CRUSH map in crush_decode(), an
array of max_buckets CRUSH b…

NVD

HIGH
CVE-2026-52956
CVE-2026-52956
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()

In __ceph_x_decrypt(), a part of the buffer p is interpreted as a
ceph_x_encrypt_header, and the magic field of this struct is accessed.
This happens without any gu…

NVD

HIGH
CVE-2026-52954
CVE-2026-52954
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

libceph: handle rbtree insertion error in decode_choose_args()

A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself
contains a CRUSH map. The received CRUSH map may optionally contain
choose_args that get decoded in …

NVD

HIGH
CVE-2026-52946
CVE-2026-52946
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling

A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in
send_sigio() and send_sigurg() when a process group receives a signal.

When FASYNC is configured for a …

NVD

HIGH
CVE-2026-52945
CVE-2026-52945
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

Revert "wireguard: device: enable threaded NAPI"

This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is
commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream.

We have had three independent production user report…

NVD

HIGH
CVE-2026-56270
CVE-2026-56270
pkg: flowiseai flowise

published: Jun 24, 2026

Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organization…
CWE: CWE-306
NVD

HIGH
CVE-2026-52932
CVE-2026-52932
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

xfrm: ipcomp: Free destination pages on acomp errors

Move the out_free_req label up by a couple of lines so that the
allocated dst SG list gets freed on error as well as success.

NVD

HIGH
CVE-2026-52929
CVE-2026-52929
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

sctp: stream: fully roll back denied add-stream state

When ADD_OUT_STREAMS is denied, SCTP only shrinks the queued chunks and
then lowers outcnt. That leaves removed stream metadata behind, so a
later re-add can reuse a stale ext …

NVD

HIGH
CVE-2026-52922
CVE-2026-52922
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: dat: handle forward allocation error

batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb
for each DHT candidate, but does not check the return value before passing
it to batadv_send_skb_prepare_un…

NVD

HIGH
CVE-2026-50193
CVE-2026-50193
pkg: fasterxml jackson-databind

published: Jun 23, 2026

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if (and only if) the service reads deeply nested (1000s of levels) JSON as JsonNod…
CWE: CWE-400
NVD

HIGH
CVE-2026-53754
CVE-2026-53754
pkg: docker

published: Jun 23, 2026

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach i…
CWE: CWE-918
NVD

HIGH
CVE-2026-52844
CVE-2026-52844
pkg: tls

published: Jun 23, 2026

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/*, but file_server later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy pat…
CWE: CWE-22, CWE-284
NVD

HIGH
CVE-2025-61025
CVE-2025-61025
pkg: ssl

published: Jun 23, 2026

An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CWE: CWE-89, CWE-400
NVD

HIGH
CVE-2026-54314
CVE-2026-54314
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webho…
CWE: CWE-409
NVD

HIGH
CVE-2023-54365
CVE-2023-54365
pkg: go

published: Jun 23, 2026

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 stre…
CWE: CWE-400
GitHub-GHSA

HIGH
Gogs Missing Authorization in Attachment Download
GHSA-p9f5-h3rx-j5qw
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
## Summary

In Gogs 0.14.1, `GET /attachments/:uuid` returns the raw attachment file **without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository**.
In a test environment with `REQUIRE_SIGNIN_VIEW = false`, we confirmed that **an unauthenti…

CVE-2026-52799
NVD

HIGH
CVE-2026-41523
CVE-2026-41523
pkg: vllm vllm

published: Jun 22, 2026

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM…
CWE: CWE-94, CWE-617
NVD

HIGH
CVE-2026-55603
CVE-2026-55603
pkg: chimurai http-proxy-middleware

published: Jun 22, 2026

http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with ha…
CWE: CWE-93
GitHub-GHSA

HIGH
ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)
GHSA-95pq-hr8p-f5g7
pkg: comfyui-manager
eco: pip
published: Jun 22, 2026
### Impact

An **Unprotected Alternate Channel (CWE-420)** vulnerability was discovered in ComfyUI-Manager versions prior to 3.38.

#### Vulnerability Details

In affected versions, ComfyUI-Manager stored its configuration in the `user/default/ComfyUI-Manager/` directory, which was accessible via Co…

CVE-2025-67303
NVD

HIGH
CVE-2026-54293
CVE-2026-54293
pkg: nltk nltk

published: Jun 22, 2026

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load() in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments …
CWE: CWE-22
NVD

HIGH
CVE-2026-53779
CVE-2026-53779
pkg: windows

published: Jun 22, 2026

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with percent-encoded backslashes (%5C) that bypass the path.Clean() sanitization in handler/router.go. At…
CWE: CWE-22
NVD

HIGH
CVE-2026-54280
CVE-2026-54280
pkg: aiohttp aiohttp

published: Jun 22, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause resour…
CWE: CWE-404
NVD

HIGH
CVE-2026-54279
CVE-2026-54279
pkg: aiohttp aiohttp

published: Jun 22, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save() and then restored later with CookieJar.load() lose their host-only status. This vulnerability is fixed in 3.14.1.
CWE: CWE-665
NVD

HIGH
CVE-2026-54278
CVE-2026-54278
pkg: aiohttp aiohttp

published: Jun 22, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be decompre…
CWE: CWE-409
NVD

HIGH
CVE-2026-54275
CVE-2026-54275
pkg: aiohttp aiohttp

published: Jun 22, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request server_hostname param…
CWE: CWE-297
NVD

HIGH
CVE-2026-54274
CVE-2026-54274
pkg: aiohttp aiohttp

published: Jun 22, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1.
CWE: CWE-770
NVD

HIGH
CVE-2026-54273
CVE-2026-54273
pkg: aiohttp aiohttp

published: Jun 22, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This vulne…
CWE: CWE-770
NVD

HIGH
CVE-2026-53571
CVE-2026-53571
pkg: vitejs vite, voidzero vite\+, microsoft windows

published: Jun 22, 2026

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as …
CWE: CWE-22, CWE-200
NVD

HIGH
CVE-2026-53539
CVE-2026-53539
pkg: fastapiexpert python-multipart

published: Jun 22, 2026

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead did…
CWE: CWE-400, CWE-407
NVD

HIGH
CVE-2026-50269
CVE-2026-50269
pkg: aiohttp aiohttp

published: Jun 22, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing user-co…
CWE: CWE-93, CWE-113
NVD

HIGH
CVE-2026-48712
CVE-2026-48712
pkg: protobufjs_project protobufjs

published: Jun 22, 2026

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject() conversion and the custom google.protobuf.Any JSON conversi…
CWE: CWE-674
NVD

HIGH
CVE-2026-54268
CVE-2026-54268
pkg: angularjs angularjs

published: Jun 22, 2026

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service (DoS) vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, …
CWE: CWE-400, CWE-1333
GitHub-GHSA

HIGH
Hysteria has an authenticated UDP ACL bypass that enables localhost and private-network UDP SSRF
GHSA-vgrc-hq28-p3xp
pkg: github.com/apernet/hysteria/core/v2
eco: go
published: Jun 26, 2026
## Summary

Hysteria's UDP relay treats the destination address as packet-scoped, but ACL and outbound policy are applied only once when a new UDP session is created. After an authenticated client opens a UDP session using an allowed first destination, later packets in the same `Session ID` can be s…

NVD

HIGH
CVE-2026-55759
CVE-2026-55759
pkg: jwt

published: Jun 24, 2026

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted regardless…
CWE: CWE-287, CWE-294
NVD

HIGH
CVE-2026-49440
CVE-2026-49440
pkg: deno deno

published: Jun 23, 2026

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test a…
CWE: CWE-325
NVD

HIGH
CVE-2026-44726
CVE-2026-44726
pkg: deno deno

published: Jun 23, 2026

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When `autoSelectFamily was enabled and the first address-family attempt fai…
CWE: CWE-319
GitHub-GHSA

HIGH
Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
GHSA-jj36-r9w3-3pfh
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
The application server exposes an unauthenticated endpoint that generates S3 `PutObject` presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builder…
CVE-2026-50136
GitHub-GHSA

HIGH
Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)
GHSA-87qc-fj39-wccr
pkg: glances
eco: pip
published: Jun 22, 2026
### Summary

The Glances XML-RPC server (`glances -s`) introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE 2026-33533. However, the implementation silently falls back to `Access-Control-Allow-Origin: *` whenever `cors_origins` contains more than one entry. An operat…

CVE-2026-46608
GitHub-GHSA

HIGH
pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)
GHSA-rxhj-4m44-96r4
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary

pnpm's patch application pipeline (`@pnpm/patch-package`) performs no path validation on file paths extracted from `.patch` files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or delete arbitrary files on the filesystem du…

CVE-2026-50015
NVD

HIGH
CVE-2026-13201
CVE-2026-13201
pkg: kubernetes

published: Jun 24, 2026

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel de…
CWE: CWE-61
NVD

HIGH
CVE-2026-54328
CVE-2026-54328
pkg: linux

published: Jun 23, 2026

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary directo…
CWE: CWE-379
GitHub-GHSA

HIGH
Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
GHSA-v7j5-vc4m-723w
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Title

**Chat Identity Link Hijacking — Attacker Can Silently Map Their Slack/Discord Identity to Any Authenticated Budibase User's Account**

## Severity

**High** — CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N = **7.3**

## Affected Product

– **Product:** Budibase
– **Version:** 3.37.2 (i…

CVE-2026-50132
GitHub-GHSA

HIGH
Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
GHSA-72f5-rr8c-r6gr
pkg: fluentd
eco: rubygems
published: Jun 26, 2026
The `out_http` output plugin allows the use of placeholders (such as `${tag}`) in the `endpoint` configuration parameter.
It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests m…
CVE-2026-44161
NVD

HIGH
CVE-2026-50189
CVE-2026-50189
pkg: appsmith appsmith

published: Jun 24, 2026

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/* on the public ingress. Combined with the APPSMIT…
CWE: CWE-183, CWE-918
NVD

HIGH
CVE-2026-54308
CVE-2026-54308
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execu…
CWE: CWE-290
GitHub-GHSA

HIGH
pnpm: `patch-remove` could delete project-selected files outside the patches directory
GHSA-72r4-9c5j-mj57
pkg: pnpm, pnpm
eco: npm
published: Jun 27, 2026
## Summary

The `patch-remove` deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm.

A crafted patch entry could resolve outside the configured patches directory and cause `pnpm patch-remove` to delete an arbitrary reachable file. This patch validates the c…

GitHub-GHSA

HIGH
pnpm: Hoisted install imports lockfile alias outside node_modules
GHSA-fr4h-3cph-29xv
pkg: pnpm, pnpm
eco: npm
published: Jun 27, 2026
## Summary

The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet.

A crafted lockfile alias could be joined directly under a hoisted `node_modules` directory. Traversal aliases could escape that directory, while reserved aliase…

GitHub-GHSA

HIGH
pnpm: `stage download` writes outside its destination directory via manifest name/version traversal
GHSA-v23m-ccfg-pq9h
pkg: pnpm
eco: npm
published: Jun 26, 2026
## Summary

The staged-tarball filename traversal reported as GHSA-v23m-ccfg-pq9h / CAND-PNPM-038 is fixed on `main` by [pnpm/pnpm#12303](https://github.com/pnpm/pnpm/pull/12303), merged as `65443f4bdf1f0db9c8c7dc58fee25252607e9234`.

Before the fix, `pnpm stage download` derived a local filename fr…

CVE-2026-55700
GitHub-GHSA

HIGH
Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)
GHSA-hmgp-w9jm-vp95
pkg: go.senan.xyz/gonic
eco: go
published: Jun 26, 2026
## Summary

In gonic, the Subsonic API endpoints `/rest/deletePlaylist.view` and `/rest/getPlaylist.view` perform no per-resource authorization. Once authenticated as *any* user (admin or not), an attacker can:

1. **Delete any playlist owned by any other user** (including admin) by passing its `id`…

CVE-2026-49338
GitHub-GHSA

HIGH
gonic: Path Traversal in playlist `id` bypasses ownership check, enabling any user to read/delete other users' playlists
GHSA-2fp4-5v5c-4448
pkg: go.senan.xyz/gonic
eco: go
published: Jun 26, 2026
## Summary

The maintainer's recent fix in [`6dd71e6a3c966867ef8c900d359a7df75789f410`](https://github.com/sentriz/gonic/commit/6dd71e6) (`fix(subsonic): enforce playlist ownership on getPlaylist/deletePlaylist`) added an ownership check based on `playlist.UserID`. However, `playlist.UserID` is deri…

CVE-2026-49339
GitHub-GHSA

HIGH
amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads()
GHSA-g697-2xrc-gc46
pkg: amazon-braket-sdk
eco: pip
published: Jun 25, 2026
**Summary**
Amazon Braket SDK is an open-source Python library for interacting with the Amazon Braket quantum computing service, including managing hybrid quantum jobs and retrieving job results. An issue exists where, under certain circumstances, a remote authenticated user with S3 write access to …
CVE-2026-9291
NVD

HIGH
CVE-2026-9154
CVE-2026-9154
pkg: gnu sed, linux linux_kernel

published: Jun 25, 2026

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.
CWE: CWE-22
NVD

HIGH
CVE-2026-53040
CVE-2026-53040
pkg: go

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: validate bg_bits during freefrag scan

[BUG]
A crafted filesystem can trigger an out-of-bounds bitmap walk when
OCFS2_IOC_INFO is issued with OCFS2_INFO_FL_NON_COHERENT.

BUG: KASAN: use-after-free in instrument_atomic_read …

NVD

HIGH
CVE-2026-52988
CVE-2026-52988
pkg: go

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase

Publish new hooks in the list into the basechain/flowtable using
splice_list_rcu() to ensure netlink dump list traversal via rcu is safe
while concurrent r…

NVD

HIGH
CVE-2026-52953
CVE-2026-52953
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Fix oops due to out of scope access

Below oops triggers when kill QEMU process:

Oops: general protection fault, probably for non-canonical address 0x7fffffff844eaaa7: 0000 [#1] SMP NOPTI
Call Trace:
<TASK>
d…

NVD

HIGH
CVE-2026-52942
CVE-2026-52942
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_log: validate MAC header was set before dumping it

The fallback path of dump_mac_header() guards the MAC header access
only with "skb->mac_header != skb->network_header", without checking
skb_mac_header_was_set(). Wh…

NVD

HIGH
CVE-2026-52917
CVE-2026-52917
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

sctp: diag: reject stale associations in dump_one path

The SCTP exact sock_diag lookup can hold a transport reference, block on
lock_sock(sk), and then resume after sctp_association_free() has marked
the association dead and freed…

NVD

HIGH
CVE-2026-52915
CVE-2026-52915
pkg: linux

published: Jun 24, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_hbh: reject oversized option lists

struct ip6t_opts stores at most IP6T_OPTS_OPTSNR option descriptors,
but hbh_mt6_check() does not reject larger optsnr values supplied from
userspace.

Validate optsnr in the rule…

NVD

HIGH
CVE-2026-54761
CVE-2026-54761
pkg: traefik traefik

published: Jun 23, 2026

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple (WRR) backendRefs, Traefik evaluates the allowlist…
CWE: CWE-284, CWE-863
NVD

HIGH
CVE-2026-54318
CVE-2026-54318
pkg: home-assistant home_assistant_companion

published: Jun 23, 2026

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services LocationResul…
CWE: CWE-926
GitHub-GHSA

HIGH
Gogs's write-level collaborators can mutate admin-only repository settings via API
GHSA-268j-37xf-pp52
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary

Three API endpoints — `PATCH /api/v1/repos/:owner/:repo/issue-tracker`, `PATCH /api/v1/repos/:owner/:repo/wiki`, and `POST /api/v1/repos/:owner/:repo/mirror-sync` — are gated by `reqRepoWriter()` rather than `reqRepoAdmin()`. The equivalent operations in the web UI sit behind `reqRep…

CVE-2026-52808
NVD

HIGH
CVE-2026-56275
CVE-2026-56275
pkg: flowiseai flowise

published: Jun 23, 2026

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud metadata…
CWE: CWE-918
GitHub-GHSA

HIGH
Blnk has an API key authorization bypass in owner and scope enforcement
GHSA-wcr3-9x4c-f5gj
pkg: github.com/blnkfinance/blnk
eco: go
published: Jun 26, 2026
Blnk API key endpoints had an authorization issue that allowed non-master API keys to perform key-management actions outside their intended authorization boundary.

In affected versions, API key operations trusted caller-controlled request values for owner and scope decisions. As a result, a non-mas…

GitHub-GHSA

HIGH
Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication
GHSA-4hf8-5mjm-rfgq
pkg: line-desktop-mcp
eco: npm
published: Jun 26, 2026
# Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication

## Summary

`line-desktop-mcp` supports a `–http-mode` Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to `0.0.0.0` and exposes the MCP `/mcp` endpoint without an MCP-la…

CVE-2026-49357
GitHub-GHSA

HIGH
LinkifyIt#match scan loop has quadratic algorithmic complexity
GHSA-22p9-wv53-3rq4
pkg: linkify-it
eco: npm
published: Jun 26, 2026
## Summary

`LinkifyIt.prototype.match` — the package's primary public API — has **O(N²) algorithmic complexity** for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchore…

CVE-2026-48801
GitHub-GHSA

HIGH
OpenAM Account Takeover via Unverified Password Change in OAuth2 Module
GHSA-gf57-4mp6-m85x
pkg: org.openidentityplatform.openam:openam-auth-oauth2
eco: maven
published: Jun 26, 2026
## Summary

**Description**

An Unverified Password Change (CWE-620) and Use of Weak Credentials (CWE-1391) issue in OpenAM's OAuth2 authentication module silently rewrites a local user's password to the literal string of their username on OAuth2 re-login of an existing account. The default ldapServ…

CVE-2026-46623
GitHub-GHSA

HIGH
OpenAM Authentication Bypass via MSISDN LDAP Injection
GHSA-xq73-fvmr-jvmm
pkg: org.openidentityplatform.openam:openam-auth-msisdn
eco: maven
published: Jun 26, 2026
## Summary

**Description**

An LDAP Injection (CWE-90) vulnerability in the MSISDN authentication module allows an unauthenticated, remote attacker to obtain an arbitrary OpenAM session without a password in the default trusted gateway configuration. This impacts OpenAM Community Edition through ve…

CVE-2026-46619
GitHub-GHSA

HIGH
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows
GHSA-382j-8mxh-c7x2
pkg: MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

`MessagePackReader.ReadDateTime()` can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed `tokenSize` includes the extension body length from the wire and is used in a `stackalloc` operation b…

CVE-2026-48502
GitHub-GHSA

HIGH
chi's RealIP Middleware allows IP spoofing via unvalidated X-Forwarded-For header
GHSA-rjr7-jggh-pgcp
pkg: github.com/go-chi/chi/middleware, github.com/go-chi/chi/v2/middleware, github.com/go-chi/chi/v3/middleware
eco: go
published: Jun 25, 2026
### Summary
realip middleware in go-chi/chi trusts headers like x-forwarded-for without checking them, so attackers can fake their ip and bypass rate limits or access controls

### Details

the vuln is in middleware/realip.go , the realIP() function pulls IPs straight from client headers and replace…

GitHub-GHSA

HIGH
chi Middleware Vulnerable to Potential IP Spoofing via `X-Forwarded-For` Header in `Request.RemoteAddr` Resolution
GHSA-9g5q-2w5x-hmxf
pkg: github.com/go-chi/chi/middleware, github.com/go-chi/chi/v2/middleware, github.com/go-chi/chi/v3/middleware
eco: go
published: Jun 25, 2026
### Summary
The vulnerability allows the `Request.RemoteAddr` to be spoofed when determining the request source IP via the `X-Forwarded-For` header. This could result in misidentification of the request source and potentially compromise access control and logging integrity.

### Details
Currently, t…

GitHub-GHSA

HIGH
OpenAM Arbitrary OAuth Token Minting via Push Registration
GHSA-cj8f-2fhf-826r
pkg: org.openidentityplatform.openam:openam-oauth2
eco: maven
published: Jun 25, 2026
## Summary

**Description**

An Authorization Bypass Through User-Controlled Key (CWE-639) exists in OpenAM's stateful OAuth2 token-read path. Under certain conditions, this may allow an attacker to forge OAuth2 bearer tokens and OIDC ID tokens with arbitrary subject, client, realm, and scope. This …

CVE-2026-46498
GitHub-GHSA

HIGH
OpenAM has Unsafe Java Deserialization via SNS
GHSA-pp89-732f-3g8q
pkg: org.openidentityplatform.openam:openam-push-notification
eco: maven
published: Jun 25, 2026
## Summary

**Description**

A Deserialization of Untrusted Data (CWE-502) issue exists in OpenAM's Push Notification SNS callback resource. The REST route that handles SNS push messages is mounted with anonymous access and, when a supplied message identifier has expired from the in-memory dispatche…

CVE-2026-45794
GitHub-GHSA

HIGH
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
GHSA-rw9q-97r9-8gvh
pkg: motioneye
eco: pip
published: Jun 23, 2026
### Summary

mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem.

The affected handlers accept a user-controlled filename parameter and construct filesystem paths using `os.path.join()`. When an a…

CVE-2026-55488
GitHub-GHSA

HIGH
OctoPrint has possible file exfiltration via query parameters on upload endpoints
GHSA-j4h9-pm27-4rfw
pkg: OctoPrint, OctoPrint
eco: pip
published: Jun 23, 2026
### Impact

OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then c…

CVE-2026-54134
GitHub-GHSA

HIGH
Gogs: LFS dedupe path leaks private repo content across tenants
GHSA-6p9m-q3jp-47h4
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
Summary

Git LFS storage is content-addressed by OID alone (`<LFS-root>/<oid[0]>/<oid[1]>/<oid>`) but per-repo authorization lives in the `lfs_object` table keyed `(repo_id, oid)`. `serveUpload` skips re-uploading when the OID file already exists on disk and inserts a new `(repo_id, oid)` row pointi…

CVE-2026-52812
GitHub-GHSA

HIGH
Gogs allows users to write to readonly repositories using receive-pack + service=git-upload-pack confusion
GHSA-wmfg-5p4h-5fw3
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary

Git smart HTTP authorizes `POST …/git-receive-pack` using the client-supplied service query string (so `?service=git-upload-pack` is evaluated as read access) while routing still runs git receive-pack, allowing push where only read should be allowed.

### Details

Gogs' Git Smart HTTP…

CVE-2026-52810
GitHub-GHSA

HIGH
Gogs has DOM-based XSS via Milestone Name on New Issue Page
GHSA-vcm5-gvmp-78mp
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary
The fix for GHSA-vgjm-2cpf-4g7c (DOM-based XSS via milestone selection) was only applied to `templates/repo/issue/view_content.tmpl` but not to `templates/repo/issue/new_form.tmpl`. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issu…
CVE-2026-52807
GitHub-GHSA

HIGH
Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
GHSA-35c4-rvc8-frhm
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Summary

The Budibase server route `POST /api/attachments/:datasourceId/url` ([`packages/server/src/api/routes/static.ts`](https://github.com/Budibase/budibase/blob/56d2a984/packages/server/src/api/routes/static.ts)) is registered with **only** the `recaptcha` middleware. There is no `authorized(…

CVE-2026-50137
GitHub-GHSA

HIGH
skillctl: argument injection, path traversal in –dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
GHSA-74p7-6h78-gw8p
pkg: skillctl
eco: rust
published: Jun 22, 2026
## Impact

Following the path-safety patches in [GHSA-wx3m-whqv-xv47](https://github.com/umanio-agency/skillctl/security/advisories/GHSA-wx3m-whqv-xv47) (v0.1.2), a comprehensive multi-angle audit surfaced five further vulnerabilities, now patched in v0.1.3:

1. **`source_sha` argument injection in …

GitHub-GHSA

HIGH
OpenAM has LDAP Injection via `_queryId` Parameter
GHSA-2vg8-q4c2-5cw3
pkg: org.openidentityplatform.openam:openam-core-rest
eco: maven
published: Jun 22, 2026
OpenAM (Open Identity Platform) is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under `/json/{realm}/users`. In `IdentityResourceV1.queryCollection()`, the HTTP query parameter `_queryId` is passed to …
CVE-2026-41573
GitHub-GHSA

HIGH
Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers
GHSA-w6j9-vw59-27wv
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
## Summary

When `ENABLE_REVERSE_PROXY_AUTHENTICATION` is enabled, Gogs accepts the configured authentication header (default: `X-WEBAUTH-USER`) directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can reach the Gogs servi…

CVE-2026-25119
GitHub-GHSA

MEDIUM
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps
GHSA-2×83-8g95-xh59
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

`ExpandoObjectFormatter.Deserialize` populates `System.Dynamic.ExpandoObject` by calling `IDictionary<string, object>.Add` for each map entry. `ExpandoObject` internally maintains member names in array-like structures, so inserting many distinct keys can require repeated linear scans and…

CVE-2026-48511
GitHub-GHSA

MEDIUM
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths
GHSA-v72x-2h86-7f8m
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

When MessagePack-CSharp decompresses `Lz4Block` or `Lz4BlockArray` payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed data is valid or that the declared expansion is reasonable.

A small…

CVE-2026-48510
NVD

MEDIUM
CVE-2026-47693
CVE-2026-47693
pkg: go

published: Jun 23, 2026

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizi…
CWE: CWE-1236
GitHub-GHSA

MEDIUM
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection
GHSA-9rc6-8cjv-rcvx
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
## 1. Description

The `getRedirectURL` function in `oauth2.go:22-29` constructs the OAuth2 callback URL by concatenating the request's `Host` header with a fixed path, with **zero validation** of the Host header:

“`go
func getRedirectURL(c *gin.Context) string {
scheme := "http://"
refere…

CVE-2026-53523
GitHub-GHSA

MEDIUM
pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field
GHSA-q6j5-fjx5-2mc3
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary

pnpm's tarball extraction worker skips integrity verification when the `integrity` field is absent from the lockfile resolution. If an attacker can both modify `pnpm-lock.yaml` to remove the `integrity:` field and cause the referenced registry URL to serve altered package content, `pnpm …

CVE-2026-50021
GitHub-GHSA

MEDIUM
pnpm: Unsafe default behavior breaks integrity check
GHSA-54hh-g5mx-jqcp
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
While it is unclear whether this should be classified as a vulnerability, it is being reported through this channel because the current behavior may represent an unsafe default.

## Summary

`pnpm install` in non-frozen mode can accept new remote package content after detecting that the downloaded t…

CVE-2026-50573
GitHub-GHSA

MEDIUM
regclient may leak authentication credentials to external blob stores
GHSA-qvqc-4c52-x6qp
pkg: github.com/regclient/regclient
eco: go
published: Jun 26, 2026
Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs.

## Example attack

A malicious registry serves an OCI image ma…

CVE-2026-49349
GitHub-GHSA

MEDIUM
pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)
GHSA-cg7w-rg45-pc59
pkg: pydantic-ai-slim, pydantic-ai, pydantic-ai
eco: pip
published: Jun 26, 2026
## Summary

When an application using Pydantic AI opts a URL into `force_download='allow-local'` (which disables the default block on private/internal IPs) **and runs on a network that routes the affected IPv6 transition forms (NAT64- or ISATAP-configured networks)**, the cloud-metadata blocklist co…

CVE-2026-48782
NVD

MEDIUM
CVE-2026-47775
CVE-2026-47775
pkg: oauth

published: Jun 26, 2026

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-CBC without an authentication tag (no HMAC, no AEAD). The /callback endpoint returns HTTP 302 on suc…
CWE: CWE-209, CWE-327
GitHub-GHSA

MEDIUM
LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading
GHSA-fjqc-hq36-qh5p
pkg: langgraph-checkpoint
eco: pip
published: Jun 25, 2026
## Summary

LangGraph's `JsonPlusSerializer` can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the application expects, which could in…

CVE-2026-48775
GitHub-GHSA

MEDIUM
Gogs's password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES
GHSA-5c3f-6486-3g7g
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary

Password-reset tokens are generated using `conf.Auth.ActivateCodeLives` (the account-activation lifetime), not `conf.Auth.ResetPasswordCodeLives`. The token lifetime is baked into the token itself at generation time and is re-extracted from the token at verification time, making `RESET_P…

CVE-2026-52809
NVD

MEDIUM
CVE-2026-56109
CVE-2026-56109
pkg: linux

published: Jun 22, 2026

The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_d…
CWE: CWE-415
GitHub-GHSA

MEDIUM
pnpm: Reserved bin name deletes PNPM_HOME during global remove
GHSA-4gxm-v5v7-fqc4
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
<details>
<summary>Maintainer Action Plan</summary>

## Maintainer Action Plan

This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.

– Advisory: `CA…

CVE-2026-55699
GitHub-GHSA

MEDIUM
pnpm: Repository config can expand victim environment secrets into registry requests before scripts run
GHSA-3qhv-2rgh-x77r
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
<!– maintainer-action:start –>
## Maintainer Action Plan

This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.

– Advisory: `CAND-PNPM-122` / `GHSA…

CVE-2026-55180
GitHub-GHSA

MEDIUM
Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS
GHSA-jg62-j5h6-8mpq
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
## 1. Description

The Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents:

– `POST /api/v1/terminal` → `createTerminal()` (terminal.go:27-67)
– `POST /api/v1/file` → `createFM()` (fm.go:28-67)

Both call `rpc.NezhaHandlerSingleton.CreateStream(str…

CVE-2026-53522
GitHub-GHSA

MEDIUM
Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing
GHSA-x6fg-52vr-hj4w
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
### Summary
An authenticated non-admin user who owns any server can create or update a NAT profile whose `domain` is equal to the dashboard's own HTTP Host (for example, `dashboard.example:8008`). The dashboard's top-level HTTP/gRPC multiplexer checks `NATShared.GetNATConfigByDomain(r.Host)` before …
CVE-2026-53520
NVD

MEDIUM
CVE-2026-48618
CVE-2026-48618
pkg: nodejs node.js

published: Jun 26, 2026

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.

This can lead to confidentiality impact or bypass of the intended security boundary under affec…

CWE: CWE-176
NVD

MEDIUM
CVE-2026-55962
CVE-2026-55962
pkg: wolfssl wolfssl

published: Jun 25, 2026

TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, bu…
CWE: CWE-287
GitHub-GHSA

MEDIUM
golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS
GHSA-qpw4-5×99-6vjp
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for gar…
CVE-2026-39827
NVD

MEDIUM
CVE-2026-54092
CVE-2026-54092
pkg: docker

published: Jun 25, 2026

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testin…
CWE: CWE-400, CWE-1284
GitHub-GHSA

MEDIUM
FileBrowser: Missing Rate Limiting on Authentication Endpoint Enables Brute Force Attacks
GHSA-r4v7-6wcg-ghj5
pkg: github.com/gtsteffaniak/filebrowser
eco: go
published: Jun 25, 2026
### Summary
The `/api/auth/login` endpoint does not implement rate limiting, account lockout, or progressive backoff for repeated authentication failures. As a result, an attacker can perform unlimited login attempts against the endpoint. When combined with the username enumeration timing vulnerabil…
NVD

MEDIUM
CVE-2026-6091
CVE-2026-6091
pkg: wolfssl wolfssl

published: Jun 25, 2026

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibili…
CWE: CWE-295
NVD

MEDIUM
CVE-2026-9153
CVE-2026-9153
pkg: gnu sed, linux linux_kernel

published: Jun 25, 2026

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.
CWE: CWE-22, CWE-200, CWE-22
NVD

MEDIUM
CVE-2026-13022
CVE-2026-13022
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
GitHub-GHSA

MEDIUM
jackson-databind has a @JsonView bypass for unwrapped creator parameters
GHSA-rcqc-6cw3-h962
pkg: com.fasterxml.jackson.core:jackson-databind, tools.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
`UnwrappedPropertyHandler.processUnwrappedCreatorProperties()` replays buffered JSON into creator parameters but never consults `prop.visibleInView(activeView)`. The normal property-based creator path gates creator properties on the active view, but this unwrapped-creator replay path bypa…
CVE-2026-54518
NVD

MEDIUM
CVE-2026-54019
CVE-2026-54019
pkg: openwebui open_webui

published: Jun 23, 2026

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as legacy/ephe…
CWE: CWE-862, CWE-943
NVD

MEDIUM
CVE-2026-49411
CVE-2026-49411
pkg: deno deno

published: Jun 23, 2026

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address (for …
CWE: CWE-284
NVD

MEDIUM
CVE-2026-54235
CVE-2026-54235
pkg: vllm vllm

published: Jun 22, 2026

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and pro…
CWE: CWE-1287
GitHub-GHSA

MEDIUM
zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
GHSA-qc2x-6f54-m6h9
pkg: zeroconf
eco: pip
published: Jun 22, 2026
### Impact

`_read_character_string` and `_read_string` in `src/zeroconf/_protocol/incoming.py` sliced `self.data[self.offset : self.offset + length]` and advanced `self.offset` by the declared `length` without checking it against `self._data_len`. Python's slice silently returns fewer bytes when th…

CVE-2026-48487
NVD

MEDIUM
CVE-2026-54911
CVE-2026-54911
pkg: ultrajson_project ultrajson

published: Jun 22, 2026

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into diffe…
CWE: CWE-20
NVD

MEDIUM
CVE-2026-39904
CVE-2026-39904
pkg: go

published: Jun 22, 2026

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate() function in models/attachment.go processes Office documents as ZIP…
CWE: CWE-770
GitHub-GHSA

MEDIUM
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
GHSA-g9fx-5r4h-pcw3
pkg: motioneye
eco: pip
published: Jun 22, 2026
### Summary

motionEye v0.43.1 (latest stable) is vulnerable to path traversal in the picture and movie API endpoints, like `/picture/{id}/preview/{filename}`. Neither the API handlers, nor the `mediafiles.py` functions like `get_media_preview()` check for `..` sequences in the filename parameter, e…

CVE-2026-31978
GitHub-GHSA

MEDIUM
OpenCTI May Bypass Introspection Restriction
GHSA-4mvw-j8r9-xcgc
pkg: pycti
eco: pip
published: Jun 22, 2026
### Summary

The regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query.

### Details

GraphQL Queries in OpenCTI can be validated using the `secureIntrospectionPlugin`.

### Impact
Bypassing t…

CVE-2024-37155
GitHub-GHSA

MEDIUM
Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context
GHSA-39g2-8×68-pmx8
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
## Summary

`PATCH /server/{id}` accepts and persists nonexistent `ddns_profiles` IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in th…

CVE-2026-53521
GitHub-GHSA

MEDIUM
pnpm: Git Fetch Argument Injection via Lockfile resolution.commit
GHSA-p4xf-rf54-rj3x
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary

pnpm passes the lockfile-controlled git `resolution.commit` value to `git fetch` without a `–` separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option suc…

CVE-2026-50014
GitHub-GHSA

MEDIUM
nono-py has proxy-only network fallback bypass on older Linux kernels
GHSA-72w7-mf9g-733p
pkg: nono-py
eco: pip
published: Jun 26, 2026
## Summary

On Linux kernels that do not support Landlock network rules, `nono_py.sandboxed_exec()` could run `CapabilitySet.proxy_only(proxy)` without supervising the seccomp-notify proxy-only fallback returned by the Rust core.

In that configuration, a sandboxed child process could remove `HTTP_P…

NVD

MEDIUM
CVE-2026-9620
CVE-2026-9620
pkg: express

published: Jun 24, 2026

The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field() and loop() functions, which extract the raw src attribute value …
CWE: CWE-79
NVD

MEDIUM
CVE-2026-54306
CVE-2026-54306
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal v…
CWE: CWE-1321
NVD

MEDIUM
CVE-2026-55448
CVE-2026-55448
pkg: python

published: Jun 26, 2026

mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a repo…
CWE: CWE-78
GitHub-GHSA

MEDIUM
golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions
GHSA-45gg-vh54-h5m9
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now…
CVE-2026-39828
GitHub-GHSA

MEDIUM
Lemur Privilege Escalation: Non-admin role members can rewrite role membership via PUT /api/1/roles/<id>
GHSA-x3vf-mgxj-7785
pkg: lemur
eco: pip
published: Jun 25, 2026
## Summary

The `PUT /api/1/roles/<id>` handler in `lemur/roles/views.py` gates only on `RoleMemberPermission(role_id).can()`, which is satisfied for any user who is already a member of the target role. The handler then passes `data["users"]` and `data["name"]` directly to `service.update()`, permi…

CVE-2026-55163
GitHub-GHSA

MEDIUM
Lemur: Crafted CRL/OCSP URLs in uploaded certificates lead to post-authentication SSRF
GHSA-54vg-pfh7-jq95
pkg: lemur
eco: pip
published: Jun 25, 2026
## Summary

When verifying an uploaded certificate, `lemur/certificates/verify.py` extracts the CRL Distribution Point URL and the OCSP responder URL directly from the certificate's extensions and issues outbound requests to those URLs without scheme restriction or destination allow-listing. An aut…

CVE-2026-55162
GitHub-GHSA

MEDIUM
Mise's local credential_command executes untrusted config
GHSA-29hf-rm4x-xxph
pkg: mise
eco: rust
published: Jun 23, 2026
### Summary

`mise` loads `github.credential_command` from local project config before any trust decision, then executes that value with `sh -c` when resolving a GitHub token. An attacker who can place a `.mise.toml` in a repository can execute arbitrary shell commands when the victim runs a GitHub-…

CVE-2026-55448
GitHub-GHSA

MEDIUM
Build breakout using malicious Containerfile and Git Smart HTTP server or GitHub release tar archive
GHSA-49p4-px3h-rq49
pkg: github.com/containers/buildah
eco: go
published: Jun 22, 2026
### Impact

When processing a build contexts or `add`/`copy` instructions, a malicious server serving a Git repository or a tar archive file can cause files outside of the build context directory to be included in the build context or copied into the build.

### Patches

Fixed in Buildah 1.44 and 1.…

CVE-2026-44517
GitHub-GHSA

MEDIUM
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image
GHSA-44cp-c3ww-9rv5
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 26, 2026
An crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder.
CVE-2026-53465
GitHub-GHSA

MEDIUM
opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent
GHSA-f2r5-5m7w-p5cx
pkg: go.opentelemetry.io/ebpf-profiler
eco: go
published: Jun 23, 2026
### Summary

An unprivileged process can easily trigger the `processPIDEvents` goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the `openat2` syscall forever and the profiler can no longer work properly, it is a denial of …

CVE-2026-48496
GitHub-GHSA

MEDIUM
Dosage Vulnerable to Stored Cross-Site Scripting (XSS) in HTML/RSS Output Handlers
GHSA-75mw-h36v-2jv7
pkg: dosage
eco: pip
published: Jun 26, 2026
## Summary

The HTML and RSS output handlers in `dosagelib/events.py` write user-controlled content (comic text and page URLs) directly into generated files without proper HTML escaping. When a user scrapes a malicious webcomic and opens the generated HTML/RSS file, attacker-controlled JavaScript ca…

GitHub-GHSA

MEDIUM
justhtml: to_markdown() code-span blank-line breakout enables XSS
GHSA-jf6w-2mvx-633j
pkg: justhtml
eco: pip
published: Jun 25, 2026
# justhtml: to_markdown() code-span blank-line breakout enables XSS

### Summary

In `justhtml` 0.9.0 through 1.21.0, `to_markdown()` renders `<code>` text (and `<pre>` text inside a link) as an inline Markdown code span whose only protection is backtick-fence length. A blank line (`\n\n`) in that t…

GitHub-GHSA

MEDIUM
OpenTofu: Provider cache installation follows root-module-controlled package directory symlink and writes outside the working tree
GHSA-wcmj-x466-56mm
pkg: github.com/opentofu/opentofu, github.com/opentofu/opentofu
eco: go
published: Jun 23, 2026
## Summary

If a symlink already exists under the `.terraform/providers` directory where a provider package needs to be installed, `tofu init` would follow that symlink and install the new package content into it.

If an attacker can coerce an operator into running `tofu init` in a directory whose c…

NVD

MEDIUM
CVE-2026-50019
CVE-2026-50019
pkg: yt-dlp_project yt-dlp

published: Jun 23, 2026

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file download s…
CWE: CWE-200
NVD

MEDIUM
CVE-2026-56697
CVE-2026-56697
pkg: nuxt nuxt

published: Jun 22, 2026

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect use…
CWE: CWE-601
NVD

MEDIUM
CVE-2026-56326
CVE-2026-56326
pkg: nuxt nuxt

published: Jun 22, 2026

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to redire…
CWE: CWE-601
NVD

MEDIUM
CVE-2026-44889
CVE-2026-44889
pkg: pylonsproject webob

published: Jun 22, 2026

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit strips …
CWE: CWE-601
GitHub-GHSA

MEDIUM
GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion
GHSA-pjp5-fpmr-3349
pkg: github.com/github/github-mcp-server
eco: go
published: Jun 25, 2026
### Summary

When running in HTTP mode with –lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL q…

CVE-2026-48529
NVD

MEDIUM
CVE-2026-48090
CVE-2026-48090
pkg: oauth

published: Jun 26, 2026

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late AsyncClie…
CWE: CWE-416
GitHub-GHSA

MEDIUM
ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails
GHSA-px7q-ggqj-hcf2
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 26, 2026
When an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash.
CVE-2026-53462
GitHub-GHSA

MEDIUM
ImageMagick has a Heap Buffer Over-Write in MAT decoder on 32-bit systems
GHSA-4v89-6mgq-6rgc
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
A missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems.
CVE-2026-48994
NVD

MEDIUM
CVE-2026-54323
CVE-2026-54323
pkg: tls

published: Jun 23, 2026

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header…
CWE: CWE-295
NVD

MEDIUM
CVE-2026-55568
CVE-2026-55568
pkg: guzzlephp guzzle

published: Jun 23, 2026

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPT_PROXYUSERPWD…
CWE: CWE-311, CWE-319, CWE-636
NVD

MEDIUM
CVE-2026-54286
CVE-2026-54286
pkg: windows

published: Jun 22, 2026

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash (%5C) in the request path decodes to \, which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as admin\…
CWE: CWE-22
NVD

MEDIUM
CVE-2026-54250
CVE-2026-54250
pkg: kubernetes

published: Jun 25, 2026

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to arbitr…
CWE: CWE-22
NVD

MEDIUM
CVE-2026-53944
CVE-2026-53944
pkg: go

published: Jun 24, 2026

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in 6.21.1…
CWE: CWE-184, CWE-918
NVD

MEDIUM
CVE-2026-13543
CVE-2026-13543
pkg: oauth

published: Jun 29, 2026

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to launc…
CWE: CWE-287
NVD

MEDIUM
CVE-2026-13524
CVE-2026-13524
pkg: oauth

published: Jun 29, 2026

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The a…
CWE: CWE-266, CWE-285
GitHub-GHSA

MEDIUM
turso-cli persists Turso platform JWT with world-readable (0o644) file permissions
GHSA-57f6-pvx8-hwj6
pkg: github.com/tursodatabase/turso-cli
eco: go
published: Jun 26, 2026
### Summary

`turso-cli` persists the user's Turso platform JWT to `settings.json` using Viper's default `configPermissions` of `0o644`, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, whi…

CVE-2026-48790
NVD

MEDIUM
CVE-2026-54557
CVE-2026-54557
pkg: python

published: Jun 26, 2026

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink p…
CWE: CWE-22
GitHub-GHSA

MEDIUM
ImageMagick: Policy Bypass can read disallowed files via symlink
GHSA-xcjm-wqff-m669
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink.
CVE-2026-49219
GitHub-GHSA

MEDIUM
ImageMagick Vulnerable to Stack Overflow in its MVG Decoder
GHSA-h36c-3666-h489
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
A crafted MVG file could result in a stack overflow due to a missing depth or visited-set check.
CVE-2026-48734
GitHub-GHSA

MEDIUM
ImageMagick has a Heap Buffer Underwrite in the Floyd-Steinberg depth dithering method
GHSA-2hhq-c99x-492r
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
When using an image with mask the Floyd-Steinberg dithering method will cause a negative heap buffer over-write.
CVE-2026-48724
GitHub-GHSA

MEDIUM
nextflow auth login command has incorrect default permissions
GHSA-92qf-fcph-v5wr
pkg: io.nextflow:nextflow, io.nextflow:nextflow
eco: maven
published: Jun 25, 2026
### Impact

`nextflow auth login` persists Seqera Platform OIDC tokens to `${NXF_HOME:-~/.nextflow}/seqera-auth.config`. The file is created via Java NIO without specifying file permissions, so under the default `umask 022` it lands at mode `0644` (world-readable).

On a multi-user POSIX host — ty…

CVE-2026-48722
NVD

MEDIUM
CVE-2026-12163
CVE-2026-12163
pkg: fortra file_integrity_monitoring

published: Jun 23, 2026

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration field…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-11819
CVE-2026-11819
pkg: windows

published: Jun 23, 2026

Module: plugins/modules/keyring_info.py

CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it directly into result["passphrase"] with no output sup…

CWE: CWE-532
NVD

MEDIUM
CVE-2026-49406
CVE-2026-49406
pkg: deno deno

published: Jun 23, 2026

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode (nodeModulesDir: "manual"), the module resolver did not validate that a package's resolved entrypoint stayed within its node_modules/<pkg>/ directory. A malicious package.json whose main field…
CWE: CWE-22
GitHub-GHSA

MEDIUM
mise HTTP backend uses raw version path for install symlink destination
GHSA-f94h-j2qg-fxw3
pkg: mise
eco: rust
published: Jun 23, 2026
## Summary

The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an abs…

CVE-2026-54557
NVD

MEDIUM
CVE-2026-56301
CVE-2026-56301
pkg: nuxt nuxt

published: Jun 23, 2026

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit th…
CWE: CWE-276
GitHub-GHSA

MEDIUM
motionEye's World-Readable Configuration File Exposes Admin Password Hash
GHSA-rhgp-6wq6-9j67
pkg: motioneye
eco: pip
published: Jun 22, 2026
# Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye

## Summary

motionEye v0.43.1 and prior versions create the configuration file `/etc/motioneye/motion.conf` with `644` permissions (`-rw-r–r–`), making it readable by any local user on the system. This…

CVE-2026-32315
NVD

MEDIUM
CVE-2026-53655
CVE-2026-53655
pkg: isaacs tar

published: Jun 22, 2026

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides) to the next header entry of any type, including intermediary metadata headers such as a GNU long-name (L) or long-link (K) entry. Per POSIX pax, a PAX e…
CWE: CWE-436
NVD

MEDIUM
CVE-2026-29509
CVE-2026-29509
pkg: python

published: Jun 26, 2026

Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Python before 3.12, where the is_within_directory() helper uses os.path.commonprefix() for character-level string comparison instead of path-level comparison,…
CWE: CWE-22
GitHub-GHSA

MEDIUM
@sigstore/core has DSSE payloadType type-binding failure
GHSA-jfc7-64v2-mr8c
pkg: @sigstore/core
eco: npm
published: Jun 26, 2026
### Impact
The `preAuthEncoding` function in `@sigstore/core` uses Node.js `'ascii'` encoding when converting the PAE (Pre-Authentication Encoding) string to bytes. This allows `payloadType` to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE…
CVE-2026-48758
NVD

MEDIUM
CVE-2026-56823
CVE-2026-56823
pkg: oauth

published: Jun 26, 2026

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /api/integrations/webhooks/{webhook_id}/ping` endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the aut…
CWE: CWE-284, CWE-639
NVD

MEDIUM
CVE-2026-56358
CVE-2026-56358
pkg: n8n n8n

published: Jun 24, 2026

n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can inje…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-45692
CVE-2026-45692
pkg: caddyserver caddy

published: Jun 23, 2026

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different config…
CWE: CWE-187, CWE-863
NVD

MEDIUM
CVE-2026-54301
CVE-2026-54301
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content…
CWE: CWE-79
GitHub-GHSA

MEDIUM
Gogs has an Open Redirect via redirect_to
GHSA-xxhq-69mf-w8cr
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary
An open redirect vulnerability exists in Gogs where attacker-controlled `redirect_to` parameters can bypass validation, allowing redirection to arbitrary external sites.

### Details
All redirects in Gogs that are validated via the `IsSameSite` function are vulnerable:
“`go
func IsSame…

CVE-2026-52802
NVD

MEDIUM
CVE-2026-54303
CVE-2026-54303
pkg: n8n n8n

published: Jun 23, 2026

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user vis…
CWE: CWE-79
GitHub-GHSA

MEDIUM
devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs
GHSA-hvqh-jw65-wcpq
pkg: devbridge-autocomplete
eco: npm
published: Jun 22, 2026
### Summary

The default `formatGroup` and `formatResult` functions in `devbridge-autocomplete` concatenate values into HTML without escaping, allowing XSS when an attacker controls (or can taint) the suggestion data source.

### Details

**1. `formatGroup` — `category` is interpolated raw.**

`sr…

NVD

MEDIUM
CVE-2026-41479
CVE-2026-41479
pkg: authlib authlib

published: Jun 22, 2026

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response_type and supplies an attacker-controlled redirect_uri. The …
CWE: CWE-601
GitHub-GHSA

MEDIUM
js-toml has silent type confusion via falsy-primitive duplicate-key bypass
GHSA-m34p-749j-x6m6
pkg: js-toml
eco: npm
published: Jun 26, 2026
### Summary

`js-toml`'s interpreter checks whether a key already exists in a parser-built container with `if (object[key])` instead of `if (key in object)`. When the prior value is a falsy primitive — `false`, `0`, `0n`, `0.0`, `-0`, or `""` — the duplicate-key branch is skipped and the value i…

CVE-2026-50029
GitHub-GHSA

MEDIUM
YARD static cache reads raw traversal paths before router sanitization
GHSA-pxcc-8665-phx8
pkg: yard
eco: rubygems
published: Jun 26, 2026
### Summary
YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as `/../yard-cache-secret.html` is joined against that root and can return a readable sibling `.html` file outside the intended s…
CVE-2026-49342
GitHub-GHSA

MEDIUM
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization
GHSA-wphv-vfrh-23q5
pkg: joserfc
eco: pip
published: Jun 26, 2026
# RFC7797 b64=false JWS payloads bypass JWSRegistry payload-size limits during deserialization

## Summary

Testing revealed that `joserfc` accepts oversized RFC7797 `b64=false` JWS payloads without applying `JWSRegistry.max_payload_length`.

The normal JWS compact and flattened JSON paths reject pa…

CVE-2026-48990
GitHub-GHSA

MEDIUM
fluent-plugin-opentelemetry Has Denial of Service (DoS) via Large Payloads and Decompression Bombs in `in_opentelemetry`
GHSA-2jc5-xhx8-qj6h
pkg: fluent-plugin-opentelemetry
eco: rubygems
published: Jun 26, 2026
The `fluent-plugin-opentelemetry` plugin (specifically the `in_opentelemetry` HTTP input) lacked strict size limits on incoming requests.
It was discovered that the plugin read the entire request body and decompressed payloads into memory without enforcing maximum size thresholds.

If the OpenTeleme…

CVE-2026-44163
GitHub-GHSA

MEDIUM
golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow
GHSA-78mq-xcr3-xm33
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.
CVE-2026-39835
GitHub-GHSA

MEDIUM
golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic
GHSA-9m57-25v3-79×9
pkg: golang.org/x/crypto/ssh/agent
eco: go
published: Jun 25, 2026
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.
CVE-2026-46598
NVD

MEDIUM
CVE-2026-55964
CVE-2026-55964
pkg: wolfssl wolfssl

published: Jun 25, 2026

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs (WOLFSSL_TEMP_CA) added while building a certificate path were previously exemp…
CWE: CWE-295
GitHub-GHSA

MEDIUM
opentelemetry_sdk has unbounded memory allocation in W3C Baggage propagation
GHSA-w9wp-h8wv-79jx
pkg: opentelemetry_sdk
eco: rust
published: Jun 25, 2026
## Summary

`BaggagePropagator::extract_with_context` in `opentelemetry_sdk` did not enforce the W3C Baggage size limits before parsing an inbound `baggage` header. A large attacker-controlled header could cause unnecessary CPU work and short-lived heap allocations while parsing entries that would l…

CVE-2026-48504
NVD

MEDIUM
CVE-2026-57437
CVE-2026-57437
pkg: nokogiri nokogiri

published: Jun 25, 2026

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could…
CWE: CWE-416
NVD

MEDIUM
CVE-2026-13030
CVE-2026-13030
pkg: google chrome, google android

published: Jun 24, 2026

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
NVD

MEDIUM
CVE-2026-13023
CVE-2026-13023
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
GitHub-GHSA

MEDIUM
jackson-databind has @JsonView bypass for setterless creator properties
GHSA-5hh8-q8hv-fr38
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, tools.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
In `BeanDeserializer._deserializeUsingPropertyBased`, the active-view (`@JsonView`) filter was applied only to creator properties; the regular property-buffering branch performed no `prop.visibleInView(activeView)` check. A change making `SetterlessProperty.isMerging()` return `true` rout…
CVE-2026-54517
GitHub-GHSA

MEDIUM
jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields
GHSA-9fxm-vc8v-hj55
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, tools.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
`POJOPropertiesCollector._renameProperties()` allows a property with `@JsonProperty("renamed")` on the getter and `@JsonIgnore` on the setter to be renamed rather than dropped. With `MapperFeature.INFER_PROPERTY_MUTATORS` enabled (default), the private backing field is retained; during de…
CVE-2026-54516
GitHub-GHSA

MEDIUM
jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties
GHSA-5jmj-h7xm-6q6v
pkg: com.fasterxml.jackson.core:jackson-databind, tools.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
In `BeanDeserializerBase.createContextual()`, per-property `@JsonIgnoreProperties` exclusions are applied by `_handleByNameInclusion()`, producing a `contextual` deserializer whose `BeanPropertyMap` has the ignored properties removed. The subsequent per-property case-insensitivity block (…
CVE-2026-54515
GitHub-GHSA

MEDIUM
jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)
GHSA-hgj6-7826-r7m5
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
`JDKFromStringDeserializer` constructed `InetSocketAddress` with `new InetSocketAddress(host, port)`, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an `InetSocketAddress` field issues a…
CVE-2026-54514
GitHub-GHSA

MEDIUM
motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution
GHSA-j67x-q29f-qcvv
pkg: motioneye
eco: pip
published: Jun 23, 2026
## Summary

The `ActionHandler.post()` method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts (PTZ controls, alarm triggers, etc.).

## Vulnerability Details

**File…

CVE-2026-55863
NVD

MEDIUM
CVE-2026-56762
CVE-2026-56762
pkg: node

published: Jun 23, 2026

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters (e.g. \r or \n) when an application passes a user-controlled cookie name. This can produce malformed Set-Cooki…
CWE: CWE-20
GitHub-GHSA

MEDIUM
Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
GHSA-w856-8p3r-p338
pkg: glances
eco: pip
published: Jun 22, 2026
### Summary

The Glances XML-RPC server (`glances -s`, implemented in `glances/server.py`) does not validate the HTTP `Host` header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 (patched in 4.5.2) added `TrustedHostMiddleware` to the REST/WebUI server; the MCP server has had equiv…

CVE-2026-46611
NVD

MEDIUM
CVE-2026-54300
CVE-2026-54300
pkg: express

published: Jun 22, 2026

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro's canonical matcher. A si…
CWE: CWE-918
NVD

MEDIUM
CVE-2026-53550
CVE-2026-53550
pkg: nodeca js-yaml

published: Jun 22, 2026

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing (<<) by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can blo…
CWE: CWE-407
GitHub-GHSA

MEDIUM
nono-py's policy JSON accepts unknown security fields
GHSA-m8j6-rc5x-wv36
pkg: nono-py
eco: pip
published: Jun 26, 2026
### Summary

nono-py policy handling could fail open in two ways. First, resolving a policy-derived `ProxyConfig` did not automatically enforce `CapabilitySet.proxy_only`, allowing sandboxed children to bypass a resolved domain allowlist by using direct network access. Second, policy JSON accepted u…

GitHub-GHSA

MEDIUM
nono-py vulnerable to authorization bypass / policy confusion
GHSA-9j7f-3r4p-pwh6
pkg: nono-py
eco: pip
published: Jun 26, 2026
The python API made a restrictive-looking configuration unsafe by default. A caller could configure only reverse-
proxy credential routes, put the child in CapabilitySet.proxy_only, and reasonably expect network access to be limited
to those routes. Instead, because empty allowed_hosts meant allow-a…
NVD

MEDIUM
CVE-2026-49983
CVE-2026-49983
pkg: node

published: Jun 23, 2026

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with –deny-env, or restrict it to a specific allowlist with –allow-env=FOO,BAR. The expectation is that a program running without env permission cannot chan…
CWE: CWE-863
NVD

MEDIUM
CVE-2026-58057
CVE-2026-58057
pkg: windows

published: Jun 28, 2026

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom…
CWE: CWE-178
NVD

MEDIUM
CVE-2026-48770
CVE-2026-48770
pkg: windows

published: Jun 26, 2026

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYDATA_FULL_CMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded NUL-termi…
CWE: CWE-125
GitHub-GHSA

MEDIUM
Pterodactyl Wings: Chmod operation can be used to change permissions of files outside of the server container
GHSA-rhq6-9rgh-v45c
pkg: github.com/pterodactyl/wings
eco: go
published: Jun 26, 2026
In `wings/internal/ufs/fs_unix.go` (line 92-94), this function is defined and is used to change permissions of files in the server:

“`go
func (fs *UnixFS) fchmodat(op string, dirfd int, name string, mode FileMode) error {
return ensurePathError(unix.Fchmodat(dirfd, name, uint32(mode), 0), op, n…

NVD

MEDIUM
CVE-2026-45407
CVE-2026-45407
pkg: dokku dokku

published: Jun 26, 2026

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user who …
CWE: CWE-522
NVD

MEDIUM
CVE-2026-55655
CVE-2026-55655
pkg: openbsd openssh, redhat enterprise_linux

published: Jun 23, 2026

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can c…
CWE: CWE-923
GitHub-GHSA

MEDIUM
Lemur user-update path stores plaintext passwords
GHSA-q437-g7fv-2jvv
pkg: lemur
eco: pip
published: Jun 25, 2026
## Summary

`lemur.users.service.update()` writes a user's new password as plaintext to the `users.password` column. The `User` model wires bcrypt hashing to SQLAlchemy's `before_insert` event but registers no equivalent listener for `before_update`, and `service.update()` does not call `user.hash_p…

CVE-2026-55164
NVD

MEDIUM
CVE-2025-64719
CVE-2025-64719
pkg: go

published: Jun 24, 2026

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusabl…
CWE: CWE-20
GitHub-GHSA

MEDIUM
Gogs has a Denial of Service in repository/wiki file listing web pages
GHSA-3qq3-668m-v9mj
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
### Summary
A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki.

### Details
The issue …

CVE-2025-64719
GitHub-GHSA

MEDIUM
Apptainer has incorrect path matching for 'limit container paths' directive
GHSA-cr2j-534f-mf3g
pkg: github.com/apptainer/apptainer
eco: go
published: Jun 26, 2026
### Impact

The `limit container paths directive` in `apptainer.conf` is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed.

For e…

CVE-2026-48785
GitHub-GHSA

MEDIUM
Lemur: JWT verifier honors attacker-supplied alg, enabling ATO
GHSA-r9gp-7f88-9r54
pkg: lemur
eco: pip
published: Jun 25, 2026
<!– obsidian –><h1 data-heading="Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap; chain-dependent ATO with secret disclosure">Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap; chain-dependent ATO wit…
CVE-2026-55165
NVD

MEDIUM
CVE-2026-57289
CVE-2026-57289
pkg: jenkins bitbucket_push_and_pull_request

published: Jun 24, 2026

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to captu…
CWE: CWE-295
GitHub-GHSA

MEDIUM
ImageMagick has an Infinite Loop in subimage-search with crafted image
GHSA-5v62-8fq6-cp9m
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
An infinite loop in the subimage-search operation can happen when using a crafted image.
CVE-2026-48733
NVD

MEDIUM
CVE-2026-13034
CVE-2026-13034
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-346
GitHub-GHSA

MEDIUM
Flask-Security has an Open Redirect issue
GHSA-w2j7-f3c6-g8cw
pkg: Flask-Security
eco: pip
published: Jun 23, 2026
# Open Redirect in Flask-Security

## Summary

`flask_security.utils.validate_redirect_url()` can allow an attacker-controlled redirect URL when subdomain redirects are enabled.

The bypass uses a backslash inside the URL authority/host:

“`text
http://evil.com\.whitelist.com
http://evil.com%5C.whi…

NVD

MEDIUM
CVE-2026-56269
CVE-2026-56269
pkg: flowiseai flowise

published: Jun 24, 2026

Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key …
CWE: CWE-798
GitHub-GHSA

MEDIUM
@actual-app/cli `–format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper
GHSA-7gh7-258j-4mpq
pkg: @actual-app/cli
eco: npm
published: Jun 22, 2026
## Summary

`@actual-app/cli` ships a hand-rolled CSV serializer in `packages/cli/src/output.ts` (used whenever the global `–format csv` option is passed) whose `escapeCsv` helper only handles RFC 4180 delimiter/quote/newline escaping. It does **not** neutralize the standard CSV formula-injection p…

CVE-2026-46672
GitHub-GHSA

MEDIUM
Fleet DM Vulnerable to Cross-Team Policy Data Exposure via Global Policy Read Endpoint
GHSA-gm7f-v959-fr2g
pkg: github.com/fleetdm/fleet/v4
eco: go
published: Jun 26, 2026
## Summary

The global policy read endpoint (`GET /api/latest/fleet/policies/{policy_id}`) performs authorization against an empty `fleet.Policy{}` struct with nil TeamID, then fetches any policy by ID from the database without verifying the fetched policy actually belongs to the global scope. This …

CVE-2026-41262
GitHub-GHSA

MEDIUM
ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments
GHSA-p9rq-q46c-g4x6
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 26, 2026
When passing incorrect arguments in the distort operation a null pointer deference will occur.
CVE-2026-53463
NVD

MEDIUM
CVE-2026-48934
CVE-2026-48934
pkg: nodejs node.js

published: Jun 26, 2026

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.

This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

NVD

MEDIUM
CVE-2026-13021
CVE-2026-13021
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-346
NVD

MEDIUM
CVE-2026-48789
CVE-2026-48789
pkg: windows

published: Jun 24, 2026

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared pa…
CWE: CWE-22
GitHub-GHSA

MEDIUM
OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering
GHSA-prj9-97mp-mwh2
pkg: github.com/OliveTin/OliveTin
eco: go
published: Jun 24, 2026
### Description

The `filterToDefinedArgumentsOnly` function in the executor is intended to discard any arguments not explicitly defined in the action's configuration. However, a special case allows any argument whose name starts with `ot_` to bypass this filter. While two system arguments (`ot_exec…

CVE-2026-53541
NVD

MEDIUM
CVE-2026-46548
CVE-2026-46548
pkg: axios

published: Jun 23, 2026

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins (Slack, Discord, Mattermost, Teams) because httpAgent / httpsAgent were passed as part of the request body rather tha…
CWE: CWE-918
NVD

MEDIUM
CVE-2026-55653
CVE-2026-55653
pkg: openbsd openssh, redhat hardened_images, redhat openshift_container_platform

published: Jun 23, 2026

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX g…
CWE: CWE-415
GitHub-GHSA

MEDIUM
@actual-app/sync-server's missing authorization on GET /secret/:name allows non-admin OpenID users to enumerate admin-configured bank-sync secrets
GHSA-3f62-qv96-4p78
pkg: @actual-app/sync-server
eco: npm
published: Jun 22, 2026
## Summary

In `@actual-app/sync-server`, the `GET /secret/:name` endpoint (`app-secrets.js:53`) checks only that the caller has a valid session — it does not verify the caller is an admin. The sibling `POST /secret/` handler does enforce an admin check in OpenID mode, exposing an authorization as…

CVE-2026-46700
GitHub-GHSA

MEDIUM
LangGraph SDK has unsafe URL path construction
GHSA-w39p-vh2g-g8g5
pkg: langgraph-sdk
eco: pip
published: Jun 25, 2026
## Summary

`langgraph-sdk` constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to ad…

CVE-2026-48776
NVD

MEDIUM
CVE-2026-13024
CVE-2026-13024
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 24, 2026

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

MEDIUM
CVE-2026-52846
CVE-2026-52846
pkg: tls

published: Jun 23, 2026

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as <<>img src=x onerror=alert()>, can bypass the tag-stripping logic, potentially leaving dang…
CWE: CWE-116
GitHub-GHSA

MEDIUM
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
GHSA-xqjm-27pc-rvwm
pkg: @actual-app/web
eco: npm
published: Jun 22, 2026
## Summary

`exportToCSV` and `exportQueryToCSV` in `packages/loot-core/src/server/transactions/export/export-to-csv.ts` pass user-controlled `Payee`, `Notes`, `Account`, and `Category` strings to `csv-stringify` with no `cast` callback and no formula-prefix neutralization. Strings that begin with `…

CVE-2026-50179
GitHub-GHSA

MEDIUM
ImageMagick: Memory Leak in wand option parser when providing invalid arguments
GHSA-j989-f892-2335
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 26, 2026
When providing invalid options to the wand option parser a small memory leak will occur.
CVE-2026-53464
NVD

MEDIUM
CVE-2026-56357
CVE-2026-56357
pkg: n8n n8n

published: Jun 22, 2026

n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhook e…
CWE: CWE-290
GitHub-GHSA

MEDIUM
runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations
GHSA-xjvp-4fhw-gc47
pkg: github.com/opencontainers/runc, github.com/opencontainers/runc, github.com/opencontainers/runc
eco: go
published: Jun 22, 2026
### Impact
When setting up the container rootfs, `setupPtmx` and `setupDevSymlinks` call `os.Remove` and `os.Symlink` with a `filepath.Join` string which allow an image with `/dev` as a symlink to trick runc into deleting files called `ptmx` on the host or creating a hardcoded set of symlinks with s…
CVE-2026-41579
GitHub-GHSA

MEDIUM
Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API
GHSA-ww5p-j6cj-6mqq
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
### Summary

The `GET /api/v1/ddns` and `GET /api/v1/notification` endpoints return full resource objects including plaintext third-party API credentials — Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram webhook URLs with embedded bot tokens, and Authorization header values …

GitHub-GHSA

MEDIUM
pnpm binds unscoped user-level npm auth credentials to a repository-selected registry
GHSA-cjhr-43r9-cfmw
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary

pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local `.npmrc` file.

In the reproduced case, the user's npm config contains a default registry and an unscoped `_authToken`. The repository does not provide a token-bearing auth line. I…

CVE-2026-50017
GitHub-GHSA

MEDIUM
@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter
GHSA-396q-4vc8-28×9
pkg: @microsoft/kiota-http-fetchlibrary
eco: npm
published: Jun 26, 2026
### Summary

`@microsoft/kiota-http-fetchlibrary`'s `RedirectHandler` is documented as stripping `Authorization` and `Cookie` from cross-origin redirect targets, but the default `scrubSensitiveHeaders` callback in `RedirectHandlerOptions` uses case-sensitive property deletion (`delete headers.Author…

CVE-2026-49336
GitHub-GHSA

MEDIUM
pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile
GHSA-hg3w-7f8c-63hp
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
### Summary

A malicious `codeload.github.com` server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile.

### Details

The lockfile does not store the hash of the dependencies from https://codeload.github.com

This means that if this server was compromised or a …

CVE-2026-48995
GitHub-GHSA

MEDIUM
Cargo crates in third party registries can override the cached source of other crates
GHSA-jq42-7mfv-hm57
pkg: cargo
eco: rust
published: Jun 26, 2026
The Rust Security Response Team was notified that Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry.

This vulnerability is tracked as CVE-2026-5223. The s…

CVE-2026-5223
GitHub-GHSA

MEDIUM
Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)
GHSA-6q7j-xr26-3h2c
pkg: Scriban
eco: nuget
published: Jun 26, 2026
### Summary

The `ExpressionDepthLimit` parser guard in Scriban does not actually stop parsing — it only logs a non-fatal error and lets recursive descent continue. As a result, a template containing a deeply nested expression (parentheses, array initializers, object initializers, or unary operato…

GitHub-GHSA

MEDIUM
Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx
GHSA-q6rr-fm2g-g5x8
pkg: Scriban
eco: nuget
published: Jun 26, 2026
### Summary

The array multiplication operator (`array * integer`) in Scriban allocates a result whose size is the product of the attacker-controlled integer and the array length, with **no `LoopLimit` / `LimitToString` check and no overflow-safe arithmetic**. A ~40-byte template forces a multi-giga…

GitHub-GHSA

MEDIUM
@cyclonedx/cdxgen: Maven project scanning may allow shell command injection through repository-controlled module paths
GHSA-5vwr-qchf-q4pf
pkg: @cyclonedx/cdxgen
eco: npm
published: Jun 26, 2026
## Summary

A command injection vulnerability existed in the Maven scanning flow of cdxgen before version 12.4.3.

When cdxgen scanned an attacker-controlled Maven project, repository-controlled paths could be used in the Maven command construction. In affected versions, some Maven invocations were …

GitHub-GHSA

MEDIUM
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
GHSA-qhmf-xw27-6rqr
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

MessagePack-CSharp's typeless deserialization includes `MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed(Type)` as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generi…

CVE-2026-48517
GitHub-GHSA

MEDIUM
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings
GHSA-q2h6-ghwm-5qm8
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

`InterfaceLookupFormatter<TKey,TElement>` constructs an internal `Dictionary<TKey, IGrouping<TKey,TElement>>` with the default equality comparer instead of the security-aware comparer supplied by `options.Security.GetEqualityComparer<TKey>()`.

Other hash-based collection formatters use …

CVE-2026-48516
GitHub-GHSA

MEDIUM
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
GHSA-cxmj-83gh-fp49
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate `T[,]`, `T[,,]`, or `T[,,,]` before validating that the dimension product matches the encoded element count.

The formatter reads a guarded element array header, but allo…

CVE-2026-48515
GitHub-GHSA

MEDIUM
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length
GHSA-w567-gjr2-hm5j
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

`UnsafeBlitFormatterBase<T>.Deserialize` reads an attacker-controlled `byteLength` from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining payload bytes.

The outer extension header is bounded by available…

CVE-2026-48514
GitHub-GHSA

MEDIUM
MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement
GHSA-wfr3-xj75-pfwh
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

Runtime-generated union deserializers emitted by `DynamicUnionResolver` do not call `MessagePackSecurity.DepthStep(ref reader)` and do not decrement `reader.Depth` around recursive deserialization and skip paths.

This means union deserialization does not consistently participate in the …

CVE-2026-48513
GitHub-GHSA

MEDIUM
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement
GHSA-cj9g-3mj2-g8vv
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack deserialization.

Three related issues are covered by this advisory:

1. `Me…

CVE-2026-48512
GitHub-GHSA

MEDIUM
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies
GHSA-2f33-pr97-265q
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary

The parameterless `MessagePackInputFormatter()` constructor uses default serializer options, which resolve to `MessagePackSerializerOptions.Standard` with `MessagePackSecurity.TrustedData`. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust …

CVE-2026-48509
GitHub-GHSA

MEDIUM
chi Has an IP Spoofing Vulnerability in `middleware.RealIP`
GHSA-3fxj-6jh8-hvhx
pkg: github.com/go-chi/chi/v5/middleware
eco: go
published: Jun 25, 2026
## Summary
The `RealIP` middleware in `go-chi/chi` is vulnerable to IP spoofing because it blindly trusts the first (leftmost) element of the `X-Forwarded-For` HTTP header. This allows a remote attacker to bypass IP-based access control lists (ACLs) and rate-limiting mechanisms by providing a spoofe…
GitHub-GHSA

MEDIUM
@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write
GHSA-4vp2-6q8c-pvq2
pkg: @anthropic-ai/claude-code
eco: npm
published: Jun 25, 2026
The Claude Code `/copy` command wrote responses to a hardcoded, predictable path (`/tmp/claude/response.md`) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user…
CVE-2026-46406
GitHub-GHSA

MEDIUM
OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation
GHSA-r6fj-869h-4f6q
pkg: io.netty.incubator:netty-incubator-codec-ohttp
eco: maven
published: Jun 23, 2026
The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversary (the OHTTP relay itself, or any MITM on the relay↔gateway or relay↔client transport) can forward a …
CVE-2026-48480
GitHub-GHSA

MEDIUM
jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()
GHSA-3wrr-7qpf-2prh
pkg: com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
### Impact

Potential Denial-of-Service when attacker sends deeply nested JSON if (and only if) service:

1. Reads deeply nested (1000s of levels) JSON as `JsonNode` (ObjectMapper.readTree())
2. Writes out same (or modifided) node using `JsonNode.toString()`

which can consume significant amount of …

CVE-2026-50193
GitHub-GHSA

MEDIUM
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
GHSA-3w28-36p9-w929
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary

The Jupyter Notebook (ipynb) sanitizer endpoint at `POST /-/api/sanitize_ipynb` allows arbitrary `data:` URIs without proper restrictions, potentially leading to Cross-Site Scripting (XSS). The endpoint uses `bluemonday.UGCPolicy()` with `p.AllowURLSchemes("data")` which permits all data…

CVE-2026-52816
GitHub-GHSA

MEDIUM
OctoPrint has XSS in its Suppressed Command Notifications
GHSA-p6qx-ghxm-389h
pkg: OctoPrint, OctoPrint
eco: pip
published: Jun 23, 2026
### Impact

OctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer.

An attacker who successfully convinces a victim to…

CVE-2026-35163
GitHub-GHSA

MEDIUM
Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API
GHSA-744x-3838-5r56
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary

Gogs has an unauthenticated information disclosure vulnerability. The `GET /api/v1/orgs/:orgname/teams` endpoint at `internal/route/api/v1/org_team.go:8` returns all teams for any organization without requiring authentication. The route group at `internal/route/api/v1/api.go:380-385` lac…

CVE-2026-52815
GitHub-GHSA

MEDIUM
Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
GHSA-xp79-5mx3-jx52
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service (DoS) attack. The application accepts inbound TCP connections and passes them to `golang.org/x/crypto/ssh.NewServerConn` inside a new goroutine without enforcing any read/write deadlines on the underlyi…
CVE-2026-52814
GitHub-GHSA

MEDIUM
Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation
GHSA-4565-r4x7-hg8j
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary

A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the `ChangeCollaborationAccessMode` function.

## Vulnerable Code

In `internal/database/repo_collaboration.go`, line 129:

“`go
func (r *Repository) ChangeCollaborat…

CVE-2026-52804
GitHub-GHSA

MEDIUM
nebula-mesh's stores enrollment tokens unhashed in SQLite
GHSA-ghmh-jhmj-wcmf
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 22, 2026
`internal/store/sqlite.go:1177,1192,1221,1245` — the `enrollment_tokens.token` column holds the raw UUID token. `ConsumeToken` does `WHERE token = ?` against the raw string. Compare with `operator_api_keys.key_hash`, which is SHA-256 hex (constructed in `internal/api/middleware.go:51-53`).

## Aff…

GitHub-GHSA

MEDIUM
Gogs has SSRF in webhook deliveries
GHSA-c4v7-xg93-qf8g
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
### Summary
The fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs.

This was already communicated in the initial report but it looks like the…

CVE-2026-47267
GitHub-GHSA

MEDIUM
OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice`
GHSA-c556-q2mh-477v
pkg: org.openidentityplatform.openam:openam-core
eco: maven
published: Jun 22, 2026
OpenAM (Open Identity Platform) is an open-source Identity and Access Management (IAM) platform derived from ForgeRock OpenAM, providing SSO, OAuth2, SAML, and OpenID Connect capabilities. It is widely deployed in enterprise environments as a central authentication gateway.

The `/sessionservice` en…

CVE-2026-44202


Vulnerability Digest — June 22, 2026 · 46 Critical · 2 Exploited






Vulnerability Digest — Monday, June 22, 2026


Security Report

Monday, June 22, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
335
Critical
46
High
161
Actively Exploited
2
CISA-KEV2
GitHub-GHSA333
Findings sorted by severity
CISA-KEV

CRITICAL
Splunk Enterprise Missing Authentication for Critical Function Vulnerability
CVE-2026-20253
pkg: Splunk Enterprise

published: Jun 18, 2026

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Widget Factory Joomla Content Editor Improper Access Control Vulnerability
CVE-2026-48907
pkg: Widget Factory Joomla Content Editor

published: Jun 16, 2026

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
GitHub-GHSA

CRITICAL
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
GHSA-xjr9-gg9q-jx3v
pkg: CoreWCF.Primitives, CoreWCF.Primitives
eco: nuget
published: Jun 19, 2026
### Impact
Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0.

#### Preconditions
Relying-party service is hosted with WSFederationHttpB…

CVE-2026-54782
GitHub-GHSA

CRITICAL
Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args
GHSA-r253-r9jw-qg44
pkg: crawl4ai
eco: pip
published: Jun 18, 2026
### Summary

The Docker API server accepted a request-supplied `browser_config.extra_args`, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command (`–utility-cmd-prefix`, `–renderer-cmd-prefix`, `–gpu-launcher`, `–bro…

GitHub-GHSA

CRITICAL
Duplicate Advisory: PickleScan's pkgutil.resolve_name has a universal blocklist bypass
GHSA-82fg-2r99-h7v6
pkg: picklescan
eco: pip
published: Jun 17, 2026
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-vvpj-8cmc-gx39. This link is maintained to preserve external references.

### Original Description
picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist …

GitHub-GHSA

CRITICAL
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
GHSA-qrpv-q767-xqq2
pkg: langflow
eco: pip
published: Jun 19, 2026
## Summary

Insecure Direct Object Reference (IDOR) vulnerability in `/api/v1/responses` endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.

## Details

The vulnerability exists in the `get_flow_by_id_or_endpoint…

CVE-2026-55255
GitHub-GHSA

CRITICAL
Network-AI: Improper Neutralization of Special Elements used in an OS Command
GHSA-qw6v-5fcf-5666
pkg: network-ai
eco: npm
published: Jun 19, 2026
## Summary

The agent sandbox gates shell commands behind an allowlist (`SandboxPolicy.isCommandAllowed`), which THREAT_MODEL.md calls the main control against a compromised agent (Adversary 3.2). The allowlist glob-matches the whole command string, but `ShellExecutor` runs that string through `/bin…

CVE-2026-54051
GitHub-GHSA

CRITICAL
npm PraisonAI codeMode sandbox escape via Function constructor
GHSA-vmmj-pfw7-fjwp
pkg: praisonai
eco: npm
published: Jun 18, 2026
## Summary

The published npm package `praisonai` exports a TypeScript built-in tool named `codeMode`. The package describes this tool as executing code in a sandboxed environment, marks its capability as `sandbox: true`, and registers it through the public tools facade.

The implementation does not…

GitHub-GHSA

CRITICAL
gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)
GHSA-4h5r-5jm8-jxjm
pkg: gemini-mcp-tool
eco: npm
published: Jun 18, 2026
Untrusted prompt input could reach the Gemini CLI @file parser, allowing read/exfiltration of arbitrary local files (@/etc/passwd, @~/.ssh/id_rsa, @../../secret). On Windows, unquoted cmd.exe metacharacters could break out into OS command injection.

Fix (1.1.6): removed the broken shell:false doubl…

CVE-2026-0755
GitHub-GHSA

CRITICAL
python-statemachine SCXML <data expr> Eval Injection
GHSA-v4jc-pm6r-3vj8
pkg: python-statemachine
eco: pip
published: Jun 18, 2026
### Summary

python-statemachine 3.1.2 evaluates `<data expr="…">` attributes in SCXML documents using Python's `eval()`. Any application that passes attacker-controlled SCXML content to `SCXMLProcessor` is vulnerable to arbitrary code execution in the context of the hosting process.

### Details

CVE-2026-47103
GitHub-GHSA

CRITICAL
praisonai-platform: default JWT signing secret 'dev-secret-change-me' enables token forgery
GHSA-cwj8-7gp2-ggcw
pkg: praisonai-platform
eco: pip
published: Jun 18, 2026
# praisonai-platform: default JWT signing secret `dev-secret-change-me`

**Researcher:** Kai Aizen — SnailSploit (@SnailSploit), Adversarial & Offensive Security Research
**Target:** https://github.com/MervinPraison/PraisonAI

**Package:** `praisonai-platform` on PyPI
**Latest version (and ve…

GitHub-GHSA

CRITICAL
praisonai-platform 0.1.4 still boots on the hardcoded JWT secret dev-secret-change-me (default-open production guard)
GHSA-f38v-77qj-h4jq
pkg: praisonai-platform
eco: pip
published: Jun 18, 2026
– Affected: praisonai-platform (PyPI) <= 0.1.4 — including 0.1.4, the version GHSA-3qg8-5g3r-79v5 declares as the patch; main HEAD 8acf77c531e624c46d3d61dcae37e9942e90972c is also affected. File src/praisonai-platform/praisonai_platform/services/auth_service.py

– CWE: CWE-1188 (Insecure Default I…

GitHub-GHSA

CRITICAL
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
GHSA-j4f3-55×4-r6q2
pkg: praisonai
eco: npm
published: Jun 18, 2026
## Summary

The published npm package `praisonai` exports a TypeScript `MCPServer` that can expose tools, resources, and prompts over an HTTP JSON-RPC transport with:

“`ts
await server.start({ port: 3000 });
“`

The HTTP transport has no authentication or authorization path. `MCPServerConfig` doe…

GitHub-GHSA

CRITICAL
PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
GHSA-p69m-4f92-2v84
pkg: praisonai
eco: npm
published: Jun 18, 2026
## Summary

The `codeMode` tool in `src/praisonai-ts/src/tools/builtins/code-mode.ts` uses `new Function()` with a `with(sandbox)` pattern to execute LLM-generated code. The blocklist-based "sandbox" can be trivially bypassed via `Function('return this')()` to recover the global object, followed by …

GitHub-GHSA

CRITICAL
PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
GHSA-p75f-6fp4-p57w
pkg: praisonai
eco: pip
published: Jun 18, 2026
# Unauthenticated PraisonAI UI MCP connect endpoint executes attacker-chosen local commands

## Summary

PraisonAI v4.6.48 exposes the PraisonAIUI MCP client management API through the default UI host apps without authentication. A remote unauthenticated client can send `POST /api/mcp/connect` with …

GitHub-GHSA

CRITICAL
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
GHSA-892r-p3jq-jp24
pkg: praisonai
eco: pip
published: Jun 18, 2026
# AgentOS remains unauthenticated after GHSA-pm96 patched version and allows remote agent invocation

## Summary

PraisonAI's `AgentOS` FastAPI deployment surface remains unauthenticated in
current main and in releases after the published patched version for
`GHSA-pm96-6xpr-978x` / `CVE-2026-40151`.…

GitHub-GHSA

CRITICAL
PraisonAI AgentTeam.launch exposes unauthenticated remote agent listing and invocation endpoints
GHSA-x8cv-xmq7-p8xp
pkg: praisonaiagents
eco: pip
published: Jun 18, 2026
# PraisonAI `AgentTeam.launch()` exposes unauthenticated remote agent invocation endpoints

## Summary

PraisonAI's documented Python `AgentTeam.launch()` / `Agents.launch()` HTTP server starts externally reachable agent invocation endpoints without any authentication enforcement.

The current imple…

GitHub-GHSA

CRITICAL
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
GHSA-fq2m-6wqh-x44g
pkg: praisonai
eco: pip
published: Jun 18, 2026
# praisonai: Jobs API exposes agent-execution endpoints with no authentication

**Researcher:** Kai Aizen — SnailSploit (@SnailSploit), Adversarial & Offensive Security Research
**Target:** https://github.com/MervinPraison/PraisonAI

**Package:** `praisonai` on PyPI
**Affected version (empir…

GitHub-GHSA

CRITICAL
praisonai: recipe serve auth middleware silently disables itself when no secret is set
GHSA-j4hj-7hfh-g2f4
pkg: praisonai
eco: pip
published: Jun 18, 2026
# praisonai: `recipe serve` authentication middleware silently disables itself when no secret is set

**Researcher:** Kai Aizen — SnailSploit (@SnailSploit), Adversarial & Offensive Security Research
**Target:** https://github.com/MervinPraison/PraisonAI

**Package:** `praisonai` on PyPI
**Ve…

GitHub-GHSA

CRITICAL
PraisonAI: Unauthenticated RCE via Jobs API + Approval Bypass
GHSA-4869-x4pr-q22x
pkg: praisonai, praisonaiagents
eco: pip
published: Jun 18, 2026
# Unauthenticated Remote Code Execution via Jobs API and Approval Bypass in PraisonAI

## Summary

An unauthenticated attacker can execute arbitrary OS commands on any server running
the PraisonAI Jobs API by submitting a crafted workflow YAML. The attack chains two
weaknesses: the `/api/v1/runs` …

GitHub-GHSA

CRITICAL
PraisonAI: MCP SSE transport binds 0.0.0.0 with no authentication and no Origin validation; bundled SecurityConfig is never wired in
GHSA-x227-pf99-vffg
pkg: praisonaiagents
eco: pip
published: Jun 18, 2026
The MCP SSE server started via ToolsMCPServer.run_sse() / launch_tools_mcp_server(transport="sse")
binds to 0.0.0.0 by default and builds its Starlette application with no authentication middleware
and no Origin-header validation. The module mcp/mcp_security.py provides exactly the needed controls
(…
GitHub-GHSA

CRITICAL
Duplicate Advisory: picklescan missing detection by simple obfuscation of a `builtins.eval` call
GHSA-j6c9-qvp8-699f
pkg: picklescan
eco: pip
published: Jun 17, 2026
## Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9m3x-qqw2-h32h. This link is maintained to preserve external references.

## Original Description
picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to exec…

GitHub-GHSA

CRITICAL
Duplicate Advisory: PickleScan's profile.run blocklist mismatch allows exec() bypass
GHSA-4mpj-78p6-rj59
pkg: picklescan
eco: pip
published: Jun 17, 2026
## Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-7wx9-6375-f5wh. This link is maintained to preserve external references.

## Original Description
picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-l…

GitHub-GHSA

CRITICAL
Duplicate Advisory: Picklescan vulnerable to Arbitrary File Writing
GHSA-rmpp-8wf5-xx5q
pkg: picklescan
eco: pip
published: Jun 17, 2026
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m273-6v24-x4m4. This link is maintained to preserve external references.

### Original Description
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the d…

GitHub-GHSA

CRITICAL
Duplicate Advisory: Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
GHSA-5rph-q42j-36j9
pkg: picklescan
eco: pip
published: Jun 17, 2026
## Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9gvj-pp9x-gcfr. This link is maintained to preserve external references.

## Original Description

picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOB…

GitHub-GHSA

CRITICAL
Duplicate Advisory: Picklescan does not block ctypes
GHSA-7f79-rvx6-vxc4
pkg: picklescan
eco: pip
published: Jun 17, 2026
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-4675-36f9-wf6r. This link is maintained to preserve external references.

### Original Description
picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution …

GitHub-GHSA

CRITICAL
Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure
GHSA-r989-cjhx-3v49
pkg: org.apache.dolphinscheduler:dolphinscheduler-api
eco: maven
published: Jun 17, 2026
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

CVE-2026-32966
GitHub-GHSA

CRITICAL
Rclone: Unauthenticated command execution in `rclone rcd –rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
GHSA-qw24-gh76-8rvv
pkg: github.com/rclone/rclone
eco: go
published: Jun 16, 2026
## Summary

`rclone rcd –rc-serve` accepts unauthenticated `GET` and `HEAD` requests to paths of the form:

“`text
/[remote:path]/object
“`

The `remote` value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute loca…

CVE-2026-49980
GitHub-GHSA

CRITICAL
OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
GHSA-h3m5-97jq-qjrf
pkg: io.openremote:openremote-manager
eco: maven
published: Jun 19, 2026
### Summary
OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct
Object Reference (IDOR) in the bulk alarm deletion endpoint. An
authenticated user in any realm can delete alarms belonging to other
realms (tenants) by supplying arbitrary alarm IDs. The vulnerability
exists because the …
GitHub-GHSA

CRITICAL
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
GHSA-ccv6-r384-xp75
pkg: langflow
eco: pip
published: Jun 19, 2026
### Summary
All components based on `BaseFileComponent` are vulnerable to the following vulnerability:
1. Docling (`DoclingInlineComponent`)
2. Docling Serve (`DoclingRemoteComponent`)
3. Read File (`FileComponent`)
4. NVIDIA Retriever Extraction (`NvidiaIngestComponent`)
5. Video File (`VideoFileCo…
CVE-2026-55447
GitHub-GHSA

CRITICAL
Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCE
GHSA-2jq4-q6vv-4cp3
pkg: crawl4ai
eco: pip
published: Jun 18, 2026
### Summary

When the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path (e.g. `/etc/cron.d/evil`) or `../` traversal escaped the downloads directory, giv…

GitHub-GHSA

CRITICAL
netlicensing-mcp: REST Path Traversal Bypasses Token Redaction
GHSA-hxpf-9xvq-wph8
pkg: netlicensing-mcp
eco: pip
published: Jun 18, 2026
## REST Path Traversal Bypasses Token Redaction in netlicensing-mcp

### Summary

The `netlicensing_get_product` MCP tool in `netlicensing-mcp` interpolates a caller-controlled `product_number` argument directly into a REST URL path without any validation. Passing `../token` as the product number ca…

GitHub-GHSA

CRITICAL
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
GHSA-8fq9-273g-6mrg
pkg: avo, avo
eco: rubygems
published: Jun 17, 2026
## Summary

A critical missing authorization flaw exists in Avo's association attach workflow. The UI and `GET /resources/:resource/:id/:related/new` path can check `attach_<association>?`, but the actual write endpoint, `POST /resources/:resource/:id/:related`, does not run the same authorization c…

CVE-2026-55518
GitHub-GHSA

CRITICAL
npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
GHSA-9752-mhqh-h34f
pkg: praisonai
eco: npm
published: Jun 18, 2026
## Summary

The published npm package `praisonai` ships a TypeScript `AgentOS` HTTP server that defaults to `host: "0.0.0.0"` and registers sensitive agent routes without any authentication or authorization middleware.

When a developer starts `AgentOS`, a network attacker who can reach the service …

GitHub-GHSA

CRITICAL
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
GHSA-x223-p2gf-v735
pkg: langflow
eco: pip
published: Jun 17, 2026
### Summary
Unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow.

This can lead to space exhaustion on the server.

In adition, in the response, the absolute path of the uploaded file is reported …

CVE-2026-55450
GitHub-GHSA

CRITICAL
Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests
GHSA-r78r-rwrf-rjwp
pkg: network-ai
eco: npm
published: Jun 19, 2026
## Advisory / Disclosure

# Network-AI — CVE-2026-46701 fix is incomplete: the "Empty Default Secret" unauth path survives

**Target:** Jovancoding/Network-AI (npm `network-ai`), **latest v5.7.1**
**Status:** the advisory ("Unauthenticated Cross-Origin MCP Tool Invocation via Empty
Default Secret"…

CVE-2026-48814
GitHub-GHSA

CRITICAL
PraisonAI: Arbitrary File Read/Write via `multiedit` Tool Without Path Validation
GHSA-29w3-p9w9-wc47
pkg: praisonai
eco: pip
published: Jun 18, 2026
## Summary

The `multiedit` tool in `src/praisonai/praisonai/tools/multiedit.py` allows LLM-controlled arbitrary file read and write without any path validation, workspace boundary check, or protected path guard. This enables an attacker who can influence agent tool arguments (via crafted prompts, u…

GitHub-GHSA

CRITICAL
Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
GHSA-85g9-8j9g-p486
pkg: org.apache.dolphinscheduler:dolphinscheduler-api
eco: maven
published: Jun 17, 2026
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

CVE-2026-32967
GitHub-GHSA

CRITICAL
Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag
GHSA-wfqx-gjrf-g28r
pkg: github.com/crossplane/crossplane/v2, github.com/crossplane/crossplane/v2, github.com/crossplane/crossplane
eco: go
published: Jun 19, 2026
## Summary

Crossplane allows package signature verification to be configured via the `ImageConfig` mechanism. When enabled, the package manager uses cosign to verify that packages are correctly signed before pulling and installing them.

When a package is installed using a tag reference (e.g., a se…

GitHub-GHSA

CRITICAL
DotVVM: Missing authorization in AuthorizeActionFilter
GHSA-c8qj-jx8j-fg2w
pkg: DotVVM, DotVVM, DotVVM
eco: nuget
published: Jun 19, 2026
### Impact

All users of the `AuthorizeActionFilter` class are affected. The `AuthorizeActionFilter` simply does nothing, no “hacking” is needed to bypass the filter.

### Patches

DotVVM 4.3.15, 4.2.11 and 5.0.0-preview09 fix this.

### Workarounds

As a workaround, you can use the `AuthorizeAt…

GitHub-GHSA

CRITICAL
Tilt: Missing authentication on the network-exposed Tilt HUD server
GHSA-c73q-8xxr-rgqm
pkg: github.com/tilt-dev/tilt
eco: go
published: Jun 19, 2026
## Summary
The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state inclu…
CVE-2026-55884
GitHub-GHSA

CRITICAL
@acastellon/auth: Authentication bypass via spoofable headers in validateToken()
GHSA-gfj5-979r-92pw
pkg: @acastellon/auth
eco: npm
published: Jun 18, 2026
@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken() through spoofable auth-user and Host request headers.

The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get('host').startsWith(getHostName()).…

GitHub-GHSA

CRITICAL
googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
GHSA-8fcc-w5hv-4gxv
pkg: github.com/googleapis/mcp-toolbox
eco: go
published: Jun 18, 2026
An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox.

When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the toolbox decodes the response into an introspectResp struct where…

CVE-2026-11717
GitHub-GHSA

CRITICAL
googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
GHSA-wcpr-6g7x-p44r
pkg: github.com/googleapis/mcp-toolbox
eco: go
published: Jun 18, 2026
An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox.

When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), it decodes the response into an introspectResp struct. However, t…

CVE-2026-11718
GitHub-GHSA

CRITICAL
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
GHSA-fcw5-x6j4-ccmp
pkg: jupyter-server
eco: pip
published: Jun 18, 2026
The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`.

Combined with `nbconvert.HTMLExporter`'s default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data …

CVE-2026-44727
GitHub-GHSA

CRITICAL
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory
GHSA-2f55-g35j-5jmf
pkg: ca.uhn.hapi.fhir:org.hl7.fhir.utilities
eco: maven
published: Jun 17, 2026
### Summary

`org.hl7.fhir.utilities.XsltUtilities` exposes two parallel families of XSLT
transform helpers. The `transform(…)` overloads obtain their
`TransformerFactory` from the project's hardened helper
`XMLUtil.newXXEProtectedTransformerFactory()` (which sets
`ACCESS_EXTERNAL_DTD=""` and `ACC…

CVE-2026-55471
GitHub-GHSA

HIGH
Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-parameter interpolation into execSync
GHSA-vcv2-r9jh-99m5
pkg: agentic-flow
eco: npm
published: Jun 19, 2026
## Summary

`agentic-flow` versions `<= 2.0.13` MCP server tools interpolated attacker-influenceable tool parameters (e.g. `agent`, `task`, `name`, `language`, `agentdb` arguments) directly into shell command strings passed to `execSync()`. A malicious value reaching any of the affected MCP tools co…

GitHub-GHSA

HIGH
CedarJava has policy injection vulnerability
GHSA-qmch-v2q9-wg4p
pkg: com.cedarpolicy:cedar-java, com.cedarpolicy:cedar-java, com.cedarpolicy:cedar-java
eco: maven
published: Jun 19, 2026
### Summary

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow policy injection.

### Impact

**Cedar-expression injection via unescaped `toCedarExpr()`**

The …

CVE-2026-55773
GitHub-GHSA

HIGH
CedarJava has type confusion vulnerability
GHSA-93g4-m6xv-cmvr
pkg: com.cedarpolicy:cedar-java, com.cedarpolicy:cedar-java, com.cedarpolicy:cedar-java
eco: maven
published: Jun 19, 2026
### Summary

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow type confusion across the Java-Rust FFI boundary.

### Impact

**Record-to-Entity type confusion …

CVE-2026-55772
GitHub-GHSA

HIGH
Duplicate Advisory: PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling
GHSA-fwh2-95jw-g4j6
pkg: praisonai
eco: pip
published: Jun 19, 2026
## Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-766v-q9x3-g744. This link is maintained to preserve external references.

## Original Description
PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize ag…

GitHub-GHSA

HIGH
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable
GHSA-6jcq-6546-qrrw
pkg: praisonai
eco: pip
published: Jun 18, 2026
## Summary

`praisonai.sandbox.SandlockSandbox` is documented and implemented as the kernel-enforced sandbox backend for untrusted code. Its `SandboxConfig.native()` path lets callers configure allowed filesystem paths and `network=False`.

On systems where the optional `sandlock` module imports but…

GitHub-GHSA

HIGH
PraisonAI: Server-Side Request Forgery (SSRF) in SearxNG / search_web tools via attacker-controlled searxng_url parameter
GHSA-4pcv-mg8v-vrgf
pkg: praisonaiagents
eco: pip
published: Jun 18, 2026
### Summary
A Server-Side Request Forgery (SSRF) vulnerability in the SearxNG / `search_web` search tools allows an attacker to make the server perform requests to arbitrary internal endpoints and read the responses back. The `searxng_url` argument is passed directly to `requests.get()` with no vali…
GitHub-GHSA

HIGH
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
GHSA-5jv7-2mjm-h6qj
pkg: praisonai
eco: npm
published: Jun 18, 2026
## Summary

The published npm package `praisonai` ships `dist/tools/utility-tools.js`, which exports a `shell(command)` helper described in source as:

“`text
Execute shell command (safe version – read-only commands)
“`

The helper attempts to enforce a safe read-only command allowlist by checking…

GitHub-GHSA

HIGH
npm PraisonAI AgentLoop onToolCall approval runs after tool execution
GHSA-h2w2-v7j6-xqm4
pkg: praisonai
eco: npm
published: Jun 18, 2026
## Summary

The published npm package `praisonai` exports `createAgentLoop()`, whose `onToolCall` callback is documented and exampled as an approval hook. The implementation calls PraisonAI's `generateText()` wrapper with the caller's executable tools first, receives `toolResults`, and only then cal…

GitHub-GHSA

HIGH
npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
GHSA-vjv9-7m7j-h833
pkg: praisonai
eco: npm
published: Jun 18, 2026
## Summary

The published npm package `praisonai` exports `SandboxExecutor`, `CommandValidator`, and `sandboxExec` as "safe command execution with restrictions." When `allowedCommands` is configured, `CommandValidator` checks only the first whitespace-delimited token of the command string. `SandboxE…

GitHub-GHSA

HIGH
PraisonAI: Compute-bridged file tools allow shell command injection
GHSA-w6h2-fr4q-xvxv
pkg: praisonai
eco: pip
published: Jun 18, 2026
# Compute-bridged file tools allow shell command injection

## Summary

`LocalManagedAgent` / `SandboxedAgent` compute bridging wraps
`read_file`, `list_files`, and `write_file` when a compute provider is
attached. The bridge converts those file operations into shell command strings
using raw path a…

GitHub-GHSA

HIGH
PraisonAI: HTTPApproval dashboard renders tool arguments as raw HTML, allowing approval-page XSS to approve dangerous tools
GHSA-63v4-w882-g4x2
pkg: praisonai
eco: pip
published: Jun 18, 2026
# HTTPApproval dashboard renders tool arguments as raw HTML, allowing approval-page XSS to approve dangerous tools

## Summary

`praisonai.bots.HTTPApproval` renders pending tool approval arguments directly
into the approval dashboard HTML. An attacker-controlled tool argument can
inject JavaScript …

GitHub-GHSA

HIGH
PraisonAI DiscordApproval accepts unrelated channel messages as dangerous-tool approvals
GHSA-8579-rgg5-ph2m
pkg: praisonai
eco: pip
published: Jun 18, 2026
# DiscordApproval accepts unrelated channel messages as dangerous-tool approvals

## Summary

`praisonai.bots.DiscordApproval` approves a pending dangerous tool call when it
sees any later non-bot message in the configured Discord channel whose text is
classified as approval, such as `yes`.

The dec…

GitHub-GHSA

HIGH
OpenClaw: Pairing-scoped device session could restore revoked node token authority
GHSA-q99w-vh6v-q3v7
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

In affected releases, a surviving pairing-scoped session for a device could re-establish node token authority after that node token had been revoked. Revocation should require the device to lose that authority unless it is approved again through the normal pairing flow.

This issue affe…

CVE-2026-53843
GitHub-GHSA

HIGH
Duplicate Advisory: Picklescan Bypasses Unsafe Globals Check using pty.spawn
GHSA-5gp7-4733-2w2v
pkg: picklescan
eco: pip
published: Jun 17, 2026
## Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-hgrh-qx5j-jfwx. This link is maintained to preserve external references.

## Original Description

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attacker…

GitHub-GHSA

HIGH
Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer
GHSA-9cpj-qc93-vw8v
pkg: code.gitea.io/gitea
eco: go
published: Jun 17, 2026
## Summary

Me again.

Gitea's built-in 3D file viewer (powered by Online3DViewer) is vulnerable to stored cross-site scripting (XSS) through crafted `.gltf` files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name an…

CVE-2026-28737
GitHub-GHSA

HIGH
Blocky DNSSEC validation bypass and validation-cache scope pollution
GHSA-x845-2f78-7v36
pkg: github.com/0xERR0R/blocky
eco: go
published: Jun 19, 2026
## Summary

Blocky accepts and caches forged DNS answers while `dnssec.validate: true` is enabled. The issue has two related exploit paths:

1. **Basic DNSSEC validation bypass.** If an untrusted upstream returns an unsigned positive answer for a DNSSEC-signed public domain, Blocky classifies the re…

GitHub-GHSA

HIGH
agent-coderag: Gradle Wrapper Execution During Dependency Discovery Enables Arbitrary Code Execution
GHSA-wg5p-8h9p-3mr7
pkg: agent-coderag
eco: pip
published: Jun 19, 2026
## Gradle Wrapper Execution During Dependency Discovery Enables Arbitrary Code Execution

### Summary

`agent-coderag` unconditionally executes a repository-controlled `gradlew` script during its default `sync` dependency-discovery flow. An attacker who can induce a victim to index a malicious Gradl…

GitHub-GHSA

HIGH
Crawl4AI: Unauthenticated SSRF on the Docker server streaming crawl path (/crawl/stream)
GHSA-wm69-2pc3-rmmf
pkg: crawl4ai
eco: pip
published: Jun 18, 2026
### Summary

The Docker API server applied its SSRF destination check (`validate_url_destination`) on the non-streaming `/crawl` path but not on the streaming path. `handle_stream_crawl_request` passed seed URLs straight to the crawler with no destination validation. A remote, unauthenticated client…

GitHub-GHSA

HIGH
PraisonAI: Webhook signature verification skipped (fail-open) when secret unset, allowing forged inbound webhooks (WhatsApp & Linear bots)
GHSA-x92v-rpx6-p6cw
pkg: praisonai
eco: pip
published: Jun 18, 2026
The WhatsApp and Linear bot adapters verify the inbound webhook HMAC signature only
when a secret is configured. When the secret environment variable is unset — the
default on a fresh install and common in development — verification is skipped entirely
and the webhook body is parsed and dispatch…
GitHub-GHSA

HIGH
PraisonAI LinearBot processes unsigned webhooks when LINEAR_WEBHOOK_SECRET is missing
GHSA-fc26-m9pf-v56q
pkg: praisonai
eco: pip
published: Jun 18, 2026
# PraisonAI LinearBot processes unsigned webhooks when `LINEAR_WEBHOOK_SECRET` is missing

## Summary

PraisonAI's LinearBot starts a public webhook listener on `0.0.0.0` and treats
`LINEAR_WEBHOOK_SECRET` as optional. When the secret is absent, startup only logs
a warning and `_handle_webhook()` sk…

GitHub-GHSA

HIGH
praisonaiagents: SSRF guard validates literal IPs only and never resolves DNS
GHSA-vxgj-xg5c-p4h7
pkg: praisonaiagents
eco: pip
published: Jun 18, 2026
# praisonaiagents: SSRF guard validates literal IPs only and never resolves DNS

**Researcher:** Kai Aizen — SnailSploit (@SnailSploit), Adversarial & Offensive Security Research
**Target:** https://github.com/MervinPraison/PraisonAI
**Weakness:** CWE-918 Server-Side Request Forgery (SSRF).

GitHub-GHSA

HIGH
Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo
GHSA-mm7c-rhg6-qr4r
pkg: code.gitea.io/gitea
eco: go
published: Jun 16, 2026
## Summary

Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks.

## Vulnerability

Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs:

1. The web UI PR-creat…

CVE-2026-26231
GitHub-GHSA

HIGH
Gogs: Overwriting critical files results in a denial of service
GHSA-pm6v-2h4w-4rp2
pkg: gogs.io/gogs
eco: go
published: Jun 16, 2026
**Vulnerability type:** Path Traversal
**Impact:** DoS
**Exploitation prerequisite:** authorized user
**Description:** As an authorized user, an intruder can dictate the value which is passed to the `git diff` command which, together with bypassing the filtering of the passed value, allows the user …
CVE-2026-52797
GitHub-GHSA

HIGH
budibase: Database Connector SQL Injections in PostgreSQL, MS SQL, and MySQL
GHSA-qqf5-x7mj-v43p
pkg: budibase
eco: npm
published: Jun 18, 2026
### Summary
This advisory covers three distinct SQL Injection vulnerabilities within Budibase's database connectors (PostgreSQL, Microsoft SQL Server, and MySQL). Because user-controlled schema and table configurations are interpolated directly into raw SQL queries without proper escaping or paramet…
GitHub-GHSA

HIGH
pdfkit: Path traversal in from_string
GHSA-9g3x-6×24-vf9f
pkg: pdfkit
eco: pip
published: Jun 17, 2026
In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files.
CVE-2025-26240
GitHub-GHSA

HIGH
PraisonAI Slack app_mention bypasses configured user/channel authorization
GHSA-qvpf-j64c-jmhr
pkg: praisonai
eco: pip
published: Jun 18, 2026
# PraisonAI Slack `app_mention` bypasses configured user/channel authorization

## Summary

PraisonAI's Slack bot applies its configured `allowed_users`,
`allowed_channels`, and unknown-user pairing policy in the normal Slack
`message` event handler, but not in the adjacent Slack `app_mention` event…

GitHub-GHSA

HIGH
PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools
GHSA-vmf9-xx9w-86wx
pkg: praisonaiagents, praisonai
eco: pip
published: Jun 18, 2026
# PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools

## Summary

`praisonaiagents.mcp.ToolsMCPServer.run_sse()` builds a Starlette MCP
HTTP+SSE server around `mcp.server.sse.SseServerTransport`. The server exposes
`/sse` and `/messages/`, but it …

GitHub-GHSA

HIGH
appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)
GHSA-x975-rgx4-5fh4
pkg: appium-mcp
eco: npm
published: Jun 19, 2026
## Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)

### Summary

`appium-mcp`'s `createLocatorGeneratorUI` function interpolates attacker-controlled element attributes — `text`, `content-desc`, `resource-id`, and locator selector values — directly into an HTML template l…

GitHub-GHSA

HIGH
EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id
GHSA-c795-2g9c-j48m
pkg: everos
eco: pip
published: Jun 19, 2026
EverOS versions 1.0.0 and earlier are vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint. The per-message sender_id field was not validated as a path-safe identifier (unlike app_id / project_id, which already enforced this). During user-memory extraction, sender_id is use…
GitHub-GHSA

HIGH
PraisonAI: PRAISONAI_CALL_AUTH=disabled environment variable unconditionally disables authentication
GHSA-8ccj-p46r-jwqq
pkg: praisonai
eco: pip
published: Jun 18, 2026
### Summary
Setting `PRAISONAI_CALL_AUTH=disabled` completely disables all authentication on the `/api/v1/agents/{id}/invoke` endpoint. This bypass is advertised in the application's own error messages, making it likely to appear in production Docker and Compose configurations.

### Details

“`pyth…

GitHub-GHSA

HIGH
npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
GHSA-4qq2-2j2x-x62c
pkg: praisonai
eco: npm
published: Jun 18, 2026
## Summary

The published npm package `praisonai` exports an `MCPSecurity` helper described in source as:

“`text
MCP Security – Authentication, authorization, and rate limiting
Provides security policies for MCP servers.
“`

Its `AuthMethod` type advertises five authentication methods:

“`ts
exp…

GitHub-GHSA

HIGH
PraisonAI recipe serve Typer command bypasses the non-localhost authentication guard
GHSA-5qw8-f2g9-ff29
pkg: praisonai
eco: pip
published: Jun 18, 2026
# PraisonAI `recipe serve` Typer command bypasses the non-localhost authentication guard

## Summary

PraisonAI's installed console entrypoint is Typer-first. In current releases,
the `recipe` command is registered in the Typer app and
`praisonai recipe serve` dispatches to the deprecated Typer comm…

GitHub-GHSA

HIGH
OpenClaw: Discord allowFrom could bind to mutable display names
GHSA-cw4q-gqg5-g38h
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Discord allowFrom could bind to mutable display names. In affected versions, a Discord account able to change display or global name metadata could match a policy entry through mutable display metadata.

This advisory is scoped to the named feature and configuration. It does not change …

CVE-2026-53849
GitHub-GHSA

HIGH
OpenClaw: Zalo allowFrom could bind to mutable display names
GHSA-8c59-hr4w-qg69
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Zalo allowFrom could bind to mutable display names. In affected versions, a Zalo friend or contact with mutable display metadata could match a policy entry through mutable display metadata.

This advisory is scoped to the named feature and configuration. It does not change OpenClaw's tr…

CVE-2026-53857
GitHub-GHSA

HIGH
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
GHSA-5cj2-3jr2-5h77
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Shell positional parameters could weaken strict inline-eval checks. In affected versions, a command request that combines allowlisted tools with shell positional arguments could place inline-eval content in a shell carrier not covered by the strict check.

This advisory is scoped to the…

CVE-2026-53855
GitHub-GHSA

HIGH
PraisonAI: IMAP Command Injection via Unsanitized Email Search Parameters
GHSA-c969-5x3p-vq3v
pkg: praisonaiagents
eco: pip
published: Jun 18, 2026
## Summary

The email search tool in `src/praisonai-agents/praisonaiagents/tools/email_tools.py` constructs IMAP SEARCH commands by interpolating LLM-controlled parameters (from_addr, subject, query) directly into IMAP protocol strings using f-string formatting with double-quote delimiters. An attac…

GitHub-GHSA

HIGH
PraisonAI GitHub template cache path traversal allows outside-cache file write and directory deletion
GHSA-f44v-7qgw-9gh9
pkg: praisonai
eco: pip
published: Jun 18, 2026
## Summary

PraisonAI's template loader accepts GitHub template URIs with refs, for example
`github:owner/repo/template@v1.0.0`. The resolver stores the user-controlled
template path and ref verbatim, and the cache layer later joins those values into
`~/.praison/cache/templates/github/<owner>/<repo>…

GitHub-GHSA

HIGH
PraisonAI: Missing ownership check on DELETE endpoints allows members to delete others' content in Platform API
GHSA-rh39-9c67-59mh
pkg: praisonai-platform
eco: pip
published: Jun 18, 2026
### Summary
A workspace member can permanently delete any resource — projects, agents, issues, labels, issue dependencies, and issue-label attachments — created by the workspace owner or other members. All six content DELETE endpoints enforce workspace membership but perform no ownership or role…
GitHub-GHSA

HIGH
piscina: Prototype Pollution Gadget → RCE via inherited options.filename
GHSA-x9g3-xrwr-cwfg
pkg: piscina, piscina, piscina
eco: npm
published: Jun 18, 2026
## Summary

`piscina`'s constructor and `run()` paths read the `filename` option via plain member access:

“`js
// dist/index.js line 92 (constructor)
const filename = options.filename
? (0, common_1.maybeFileURLToPath)(options.filename)
: null;
this.options = { …kDefaultOptions, …options, …

CVE-2026-55388
GitHub-GHSA

HIGH
OpenClaw: Shell inline-command parsing could miss an allowlist check
GHSA-f397-5vjw-v2c2
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Shell inline-command parsing could miss an allowlist check. In affected versions, a command request using shell inline-command forms could route an inline command through a parser case that did not receive the expected allowlist decision.

This advisory is scoped to the named feature an…

CVE-2026-53866
GitHub-GHSA

HIGH
OpenClaw: Host environment sanitizer missed two Node.js control variables
GHSA-ccwh-wwpp-6wg5
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Host environment sanitizer missed two Node.js control variables. In affected versions, a lower-trust env source such as a workspace `.env`, tool env override, or skill env block could pass Node.js control variables through the shared sanitizer.

This advisory is scoped to the named feat…

CVE-2026-53864
GitHub-GHSA

HIGH
Gitea: Public-only tokens bypass private-resource restrictions on `/api/v1/user` self routes
GHSA-wrr5-99h5-gq57
pkg: code.gitea.io/gitea
eco: go
published: Jun 17, 2026
## Summary

Many authenticated self routes under `/api/v1/user/…` do not enforce the `public-only` token restriction. As a result, a token or OAuth grant marked `public-only`, but otherwise carrying the route-required read/write scope category, can access or modify private account resources throug…

CVE-2026-24791
GitHub-GHSA

HIGH
Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration
GHSA-fhx7-m96w-mv29
pkg: code.gitea.io/gitea
eco: go
published: Jun 17, 2026
## Summary

The API endpoint `POST /api/v1/repos/{owner}/{repo}/forks` only checks `IsOrgMember()` when a user forks a repository into an organization, but does not check `CanCreateOrgRepo()`. The web UI fork handler correctly checks both. This allows a read-only organization member — in a team wi…

CVE-2026-22555
GitHub-GHSA

HIGH
Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authentication
GHSA-9r5x-wg6m-x2rc
pkg: code.gitea.io/gitea
eco: go
published: Jun 16, 2026
### Summary

Gitea fails to enforce OAuth2 access token scopes when the token is submitted via HTTP Basic authentication instead of a Bearer token. An OAuth2 application granted only `read:user` can use the same token as `Authorization: Basic base64(<token>:x-oauth-basic)` and perform write actions,…

CVE-2026-28699
GitHub-GHSA

HIGH
Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens
GHSA-cc8w-r4qh-3v65
pkg: code.gitea.io/gitea
eco: go
published: Jun 16, 2026
### Summary
Gitea v1.26.1 enforces repository-scoped access-token permissions on repository operations. In the Git Smart HTTP path, however, this check runs only when the token is presented via HTTP Basic authentication — `CheckRepoScopedToken()` returns early unless `ctx.IsBasicAuth` is true — …
CVE-2026-28744
GitHub-GHSA

HIGH
Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`
GHSA-f59h-q822-g45g
pkg: github.com/caddyserver/caddy/v2, github.com/caddyserver/caddy
eco: go
published: Jun 16, 2026
### Summary

`forward_auth copy_headers` deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through `php_fastcgi`, Caddy normalizes HTTP headers into CGI variables by replacing `-` with `_`.

This lets a client se…

CVE-2026-52845
GitHub-GHSA

HIGH
Deno: Command Injection via spawnSync & spawn on Windows
GHSA-7xh3-mhg9-jcw8
pkg: deno
eco: rust
published: Jun 16, 2026
## Summary

Deno's `node:child_process` implementation provided an `escapeShellArg()` helper used when callers passed `shell: true` to `spawn` / `spawnSync` / `exec` and friends. On Windows, the helper failed to quote arguments that contained `cmd.exe` metacharacters such as `&`, `|`, `<`, `>`, `^`,…

CVE-2026-49402
GitHub-GHSA

HIGH
py7zr: Arbitrary File Write Vulnerability
GHSA-q6rc-2cgv-63h7
pkg: py7zr
eco: pip
published: Jun 19, 2026
### Summary
There exists an **arbitrary file write vulnerability** in `py7zr` (1.1.0, latest), which allows symbolic links to be recreated outside the destination directory via crafted malicious symbolic link chains. When using `extractall` to extract an archive, the library restores these symbolic …
CVE-2026-23879
GitHub-GHSA

HIGH
Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`
GHSA-mw9r-p8xp-wx96
pkg: io.strimzi:strimzi
eco: maven
published: Jun 18, 2026
### Impact

Having the Topic and User operators to watch different namespaces than the one where the Kafka cluster is deployed, is a fully documented feature.

When the `watchedNamespace` field is used within the Topic or User operator (as part of the `Kafka.spec.entityOperator` field), the Cluster …

CVE-2026-55225
GitHub-GHSA

HIGH
VCR.py: Arbitrary code execution via unsafe YAML deserialization of cassette files
GHSA-rpj2-4hq8-938g
pkg: vcrpy
eco: pip
published: Jun 19, 2026
### Summary

vcrpy deserializes YAML cassette files with PyYAML's object-constructing loader (`yaml.CLoader` / `yaml.Loader`) instead of the safe loader (`yaml.CSafeLoader` / `yaml.SafeLoader`). A cassette containing a `!!python/object/apply:` (or similar) tag therefore executes arbitrary Python cod…

GitHub-GHSA

HIGH
@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels
GHSA-4936-9hrh-qqpw
pkg: @tinacms/cli
eco: npm
published: Jun 19, 2026
## Description

### Summary

`@tinacms/cli` contains a Remote Code Execution vulnerability in its
Forestry-to-Tina migration command. The internal helper `addVariablesToCode`
unquotes any value matching the marker `"__TINA_INTERNAL__:::(.*?):::"`
inside the stringified collection JSON. User-supplied…

CVE-2026-54074
GitHub-GHSA

HIGH
PraisonAI recipe workflow policy can be bypassed by declaring and YAML-approving dangerous tools outside TEMPLATE.yaml
GHSA-7qw2-w5rc-37×2
pkg: praisonai
eco: pip
published: Jun 18, 2026
## Summary

PraisonAI recipe execution has a dangerous-tool policy that is supposed to block default-denied tools unless the caller explicitly passes `allow_dangerous_tools=True`. That policy only checks tools declared in `TEMPLATE.yaml` `requires.tools`.

For steps-based recipes, the actual executi…

GitHub-GHSA

HIGH
PraisonAI recipe.run_stream skips dangerous-tool policy enforcement
GHSA-v847-hxxw-3pxg
pkg: praisonai
eco: pip
published: Jun 18, 2026
# PraisonAI `recipe.run_stream()` skips dangerous-tool policy enforcement

## Summary

PraisonAI recipe execution blocks default-denied dangerous tools unless the
caller explicitly passes `allow_dangerous_tools=True`. The normal `recipe.run()`
path enforces this with `_check_tool_policy()`. The stre…

GitHub-GHSA

HIGH
SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter
GHSA-cc8f-fcx3-gpjr
pkg: surrealdb
eco: rust
published: Jun 19, 2026
SurrealDB's full-text search lets you define a text analyzer whose `mapper` filter loads a term-mapping file from disk (`DEFINE ANALYZER … FILTERS mapper('<path>')`). A database user with the `EDITOR` or `OWNER` role could point that filter at any file the SurrealDB process can read and have its c…
GitHub-GHSA

HIGH
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
GHSA-f4xh-w4cj-qxq8
pkg: langsmith
eco: pip
published: Jun 19, 2026
# Summary

An attacker who can send an HTTP request to a server running the LangSmith SDK's `TracingMiddleware` can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deplo…

GitHub-GHSA

HIGH
Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
GHSA-qxvm-pcfm-qc39
pkg: github.com/daytonaio/daytona
eco: go
published: Jun 16, 2026
### Summary
Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An authenticated user who o…
CVE-2026-54322
GitHub-GHSA

HIGH
Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN
GHSA-x84v-g949-293w
pkg: homeassistant
eco: pip
published: Jun 19, 2026
### Summary

The Konnected integration registers an HTTP endpoint, `KonnectedView` (`homeassistant/components/konnected/__init__.py`), that is marked as **not requiring authentication** (`requires_auth = False`). A comment next to that line says auth is instead handled "via the access token from con…

CVE-2026-54317
GitHub-GHSA

HIGH
npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients
GHSA-gqmf-56h7-rrpf
pkg: praisonai
eco: npm
published: Jun 18, 2026
## Summary

The published npm package `praisonai` exports a TypeScript `SandboxExecutor` with a `network-isolated` mode. The CLI lists that mode as:

“`text
network-isolated No network access (proxy blocked)
“`

The implementation does not create a network namespace, firewall rule, socket filter,…

GitHub-GHSA

HIGH
LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
GHSA-2mfg-cc43-9pcj
pkg: dev.langchain4j:langchain4j-mariadb, dev.langchain4j:langchain4j-mariadb, dev.langchain4j:langchain4j-mariadb
eco: maven
published: Jun 17, 2026
### Summary
The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating
filter **keys** (and, in MariaDB, string **values**) directly into the query without adequate
escaping. A crafted metadata key in `EmbeddingSearchRequest.filter()` can break out of its SQL
context…
CVE-2026-55405
GitHub-GHSA

HIGH
MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error
GHSA-6v7p-g79w-8964
pkg: msgpack
eco: pip
published: Jun 19, 2026
### Impact

If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV.

If the Unpacker is used repeatedly to unpack untrusted input from external sources, it may be vulnerable to a DoS attack.

### Patches

v1.2.1

### Workarounds

Users should create a new Unpacke…

GitHub-GHSA

HIGH
SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read`
GHSA-xcqx-9jf5-w339
pkg: mcp-searxng
eco: npm
published: Jun 19, 2026
## Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read`

### Summary

The `web_url_read` MCP tool in mcp-searxng enforces its 5 MiB response-size limit exclusively by inspecting the `Content-Length` header of a preliminary HEAD request. When a server omits `Content-Length` — a st…

GitHub-GHSA

HIGH
Langflow: Unauthenticated DoS through multipart form boundary file upload
GHSA-qwqc-p3q8-wcg9
pkg: langflow
eco: pip
published: Jun 19, 2026
### Summary
An attacker can send a `/api/v1/files/upload/` request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time.

### Details
https://github.com/langflow-ai/langflow/blob/v1.0.…

CVE-2026-55446
GitHub-GHSA

HIGH
Ultimate Sitemap Parser (USP): XML Entity Expansion (Billion Laughs) DoS in XMLSitemapParser
GHSA-p5wc-9w9r-m232
pkg: ultimate-sitemap-parser
eco: pip
published: Jun 19, 2026
## XML Entity Expansion (Billion Laughs) DoS in XMLSitemapParser

### Summary

`ultimate-sitemap-parser` version 1.8.0 and earlier parse attacker-controlled XML content using Python's `xml.parsers.expat` without any restriction on DTD declarations or recursive entity references. An attacker who can …

GitHub-GHSA

HIGH
Ultimate Sitemap Parser (USP): Gzip Decompression Bomb Bypasses Sitemap Size Limit
GHSA-8823-qg2x-pv9f
pkg: ultimate-sitemap-parser
eco: pip
published: Jun 19, 2026
## Gzip Decompression Bomb Bypasses Sitemap Size Limit

### Summary

`ultimate-sitemap-parser` enforces a 100 MiB size limit on sitemap responses, but applies it only to the **compressed** bytes received over the network. When a `.gz` sitemap is fetched, `usp/helpers.py:239` calls `gzip_lib.decompre…

GitHub-GHSA

HIGH
flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key
GHSA-hp36-v28f-w3r4
pkg: flat-to-nested
eco: npm
published: Jun 19, 2026
### Summary
`convert()` builds the nested tree by using each flat record's `id` and `parent` field values directly as object keys, with no guard against `__proto__` / `constructor` / `prototype`. A record whose `parent` is the string `"__proto__"` makes `temp[parent]` resolve to `Object.prototype`…
CVE-2026-55091
GitHub-GHSA

HIGH
CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake
GHSA-p86g-xrr2-pf7c
pkg: CoreWCF.NetFramingBase, CoreWCF.NetFramingBase
eco: nuget
published: Jun 19, 2026
### Impact
An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted.

#### Preconditions
An attacker being able to reach a service which is exposing an endpoint using one of NetTcpBinding, NetNamedP…

CVE-2026-54772
GitHub-GHSA

HIGH
Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input
GHSA-3m6q-jj5j-38c9
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj::Doc#each_child`, when invoked recursively over a deeply nested JSON
document, overflows a fixed-size stack buffer and aborts the process. This is a
denial of service reachable from untrusted JSON.

### Details

Two-step chain in `ext/oj/fast.c`:

1. **`doc_each_child` (~line 1501)*…

CVE-2026-54592
GitHub-GHSA

HIGH
Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders
GHSA-v5jw-96jm-7h2c
pkg: stanza
eco: pip
published: Jun 19, 2026
### Summary

Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using `torch.load(…, weights_only=True)`, but automatically falls back to the fully unsafe `torch.load(…, weights_only=False)` when the safe load raises `pickle.UnpicklingError`. Because the `UnpicklingError` condition i…

CVE-2026-54499
GitHub-GHSA

HIGH
Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
GHSA-98m9-hrrm-r99r
pkg: faraday
eco: rubygems
published: Jun 19, 2026
# Uncontrolled Recursion in NestedParamsEncoder Allows Stack Exhaustion DoS via Deeply Nested Query Parameters

## Summary

`Faraday::NestedParamsEncoder`, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth.

A crafte…

CVE-2026-54297
GitHub-GHSA

HIGH
AlchemyCMS: Unauthenticated nested page API leaks restricted & unpublished content
GHSA-mqq5-j7w8-2hgh
pkg: alchemy_cms, alchemy_cms, alchemy_cms
eco: rubygems
published: Jun 19, 2026
# Unauthenticated nested page API leaks restricted & unpublished content

– **Location:** `app/controllers/alchemy/api/pages_controller.rb:28` (`Api::PagesController#nested`)
– **Affected version:** Alchemy CMS 8.3.0.dev (Rails 8.1.3)

## Description

The unauthenticated `GET /api/pages/nested` endp…

GitHub-GHSA

HIGH
OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL
GHSA-q7j3-v8qv-22vq
pkg: github.com/opentofu/opentofu, github.com/opentofu/opentofu
eco: go
published: Jun 19, 2026
### Impact
Possible data exposure.
#### Summary
While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read.
This might allow disclosure of confidential information.

#### Details
OpenTofu relies on [go-getter](https://github.com/ha…

GitHub-GHSA

HIGH
undici WebSocket client vulnerable to denial of service via fragment count bypass
GHSA-vxpw-j846-p89q
pkg: undici, undici, undici
eco: npm
published: Jun 19, 2026
## Impact

The undici WebSocket client enforces `maxPayloadSize` on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-siz…

CVE-2026-12151
GitHub-GHSA

HIGH
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
GHSA-hm92-r4w5-c3mj
pkg: undici, undici
eco: npm
published: Jun 19, 2026
## Impact

When using `Socks5ProxyAgent`, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.

This c…

CVE-2026-6734
GitHub-GHSA

HIGH
Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID
GHSA-j8cv-x86q-rj85
pkg: pipecat-ai
eco: pip
published: Jun 18, 2026
## Development Runner Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID

### Summary

The pipecat development runner registers a `/ws` WebSocket endpoint for telephony testing that accepts connections without any authentication. An unauthenticated remote att…

CVE-2026-54695
GitHub-GHSA

HIGH
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
GHSA-38rv-x7px-6hhq
pkg: undici
eco: npm
published: Jun 18, 2026
## Impact

The undici WebSocket client enforces `maxPayloadSize` per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, caus…

CVE-2026-9675
GitHub-GHSA

HIGH
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
GHSA-jxcw-qp4h-6jfq
pkg: praisonai
eco: pip
published: Jun 18, 2026
## Summary

The published A2U advisory `GHSA-f292-66h9-fpmf` says unauthenticated A2U event streaming was fixed in `praisonai` `4.5.115`. Current head still exposes the same A2U subscription and event routes without authentication when the operator starts the documented CLI entrypoint:

“`text
prai…

GitHub-GHSA

HIGH
PraisonAI: Arbitrary File Read via `@file:` Mention Path Traversal
GHSA-2rcg-mm5h-xchx
pkg: praisonaiagents
eco: pip
published: Jun 18, 2026
## Summary

The MentionsParser in `src/praisonai-agents/praisonaiagents/tools/mentions.py` processes `@file:` mentions in agent prompts by reading arbitrary files from the filesystem. When a file path is not found relative to the workspace, the parser falls back to using the path as an absolute path…

GitHub-GHSA

HIGH
PraisonAI: Unauthenticated Local File Inclusion via agent_file path in PraisonAI Jobs API
GHSA-p4pj-vh7h-6cqh
pkg: praisonai
eco: pip
published: Jun 18, 2026
### Summary
An unauthenticated attacker can read arbitrary files on the server by supplying an absolute filesystem path in the `agent_file` field of the Jobs API. The field has no path validation, no allowlist, and no authentication is required to submit jobs.

### Details
The `agent_file` field in …

GitHub-GHSA

HIGH
PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage
GHSA-j7qx-p75m-wp7g
pkg: praisonai
eco: pip
published: Jun 18, 2026
# PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage

## Summary

PraisonAI's Dynamic Context Discovery feature exposes artifact helper tools
through `ctx.get_tools()`:

“`python
ctx = setup_dynamic_context()

agent = Agent(
instructions="You are a data …

GitHub-GHSA

HIGH
PraisonAI Dynamic Context history and terminal tools read files outside configured storage via path traversal
GHSA-22cj-m4wf-fv2c
pkg: praisonai
eco: pip
published: Jun 18, 2026
# PraisonAI Dynamic Context history and terminal tools read files outside configured storage via path traversal

## Summary

PraisonAI's Dynamic Context module provides filesystem-backed history and
terminal-log storage. The SDK reference describes the module as providing:

– artifact storage for to…

GitHub-GHSA

HIGH
JLine3 Telnet server: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables
GHSA-47qp-hqvx-6r3f
pkg: org.jline:jline-remote-telnet
eco: maven
published: Jun 18, 2026
### Summary

The JLine3 Telnet server (`remote-telnet` module) does not limit the number of
environment variables a client may inject via the Telnet NEW-ENVIRON option. An
unauthenticated attacker can flood the server with a large number of unique
variable pairs before sending the terminating IAC SE…

GitHub-GHSA

HIGH
JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry
GHSA-2r2c-cx56-8933
pkg: org.jline:jline-remote-telnet
eco: maven
published: Jun 18, 2026
### Summary

The JLine3 Telnet server (`remote-telnet` module) does not apply an upper bound to
terminal dimensions received via the Telnet NAWS (Negotiate About Window Size) option.
An unauthenticated remote attacker can send a NAWS subnegotiation advertising a
65535×65535 terminal and repeatedly …

GitHub-GHSA

HIGH
http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`
GHSA-gcq2-9pq2-cxqm
pkg: http-proxy-middleware, http-proxy-middleware
eco: npm
published: Jun 18, 2026
## Summary
`fixRequestBody()` is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the **outgoing** `Content-Type` is `multipart/form-data`, it rebuilds the body with `handlerFormDataBodyData()`, which interpolates each `req.body` key and…
CVE-2026-55603
GitHub-GHSA

HIGH
Gotenberg: SSRF via LibreOffice document processing
GHSA-2mrg-35hw-x3x9
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: Jun 18, 2026
**Summary**

Server-Side Request Forgery (SSRF) vulnerability affecting the `/forms/libreoffice/convert` endpoint in Gotenberg v8.33.0 running with the default configuration.

By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resour…

CVE-2026-55229
GitHub-GHSA

HIGH
Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation
GHSA-4pqm-j46f-795x
pkg: hermes-agent
eco: pip
published: Jun 17, 2026
Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling atta…
CVE-2026-53869
GitHub-GHSA

HIGH
HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS
GHSA-fxj4-p9xp-37v5
pkg: ca.uhn.hapi.fhir:org.hl7.fhir.dstu2, ca.uhn.hapi.fhir:org.hl7.fhir.convertors, ca.uhn.hapi.fhir:org.hl7.fhir.validation
eco: maven
published: Jun 17, 2026
## Summary
The fix for CVE-2026-45367 added `RegexTimeout` protection to the `matches()` function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In `org.hl7.fhir.dstu2`, `replaceMatches()` was updated while `matches()` at line 2462 still calls the raw `String.…
CVE-2026-55470
GitHub-GHSA

HIGH
handlebars.java FileTemplateLoader Path Traversal
GHSA-r4gv-qr8j-p3pg
pkg: com.github.jknack:handlebars
eco: maven
published: Jun 17, 2026
### Impact
Any application that passes user-controlled input to Handlebars.compile() using a FileTemplateLoader (or ClassPathTemplateLoader) is vulnerable to arbitrary file read. This is a realistic attack surface for web applications that use template names from URL path parameters, request paramet…
CVE-2026-55760
GitHub-GHSA

HIGH
Duplicate Advisory: picklescan has Arbitrary file read using `io.FileIO`
GHSA-5v23-73v4-w2fp
pkg: picklescan
eco: pip
published: Jun 17, 2026
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-9726-w42j-3qjr. This link is maintained to preserve external references.

### Original Description
picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attac…

GitHub-GHSA

HIGH
Multer vulnerable to Denial of Service via deeply nested field names
GHSA-72gw-mp4g-v24j
pkg: multer, multer
eco: npm
published: Jun 17, 2026
### Impact

Multer is vulnerable to a Denial of Service (DoS) via deeply nested field names in multipart form data. The `append-field` dependency parses bracket notation in field names (e.g., `a[b][c]`) with no limit on nesting depth, allowing an attacker to force allocation of deeply nested object …

CVE-2026-5079
GitHub-GHSA

HIGH
Caddy: Windows `file_server` path authorization bypass via encoded backslash
GHSA-qrp7-cvwr-j2c6
pkg: github.com/caddyserver/caddy/v2, github.com/caddyserver/caddy
eco: go
published: Jun 16, 2026
### Summary

On Windows, Caddy `path` matchers treat `/private\secret.txt` as outside `/private/*`, but `file_server` later resolves the same request path as `private\secret.txt` on disk.

An unauthenticated remote client can request `/private%5csecret.txt` and bypass Caddy path-scoped auth/deny rou…

CVE-2026-52844
GitHub-GHSA

HIGH
Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length
GHSA-5w86-c3rq-vjj7
pkg: io.netty:netty-codec-redis, io.netty:netty-codec-redis
eco: maven
published: Jun 15, 2026
### Summary
RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken from the wire before the corresponding child messages exist. A small malicious header can claim a huge initial capacity.

### Details

CVE-2026-50011
GitHub-GHSA

HIGH
Netty: Wrapping plain trust manager silently disables hostname verification
GHSA-c653-97m9-rcg9
pkg: io.netty:netty-handler, io.netty:netty-handler
eco: maven
published: Jun 15, 2026
SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrusted(chain, authType, SSLEngine) by discarding the SSLEngine and calling the 2-…
CVE-2026-50010
GitHub-GHSA

HIGH
Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion
GHSA-4grm-h2qv-h6w6
pkg: io.netty:netty-codec-http3
eco: maven
published: Jun 15, 2026
### Summary
A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error.

### Details
The vulnerability exists in `io.netty.handler.codec.http3.QpackDecoder#shouldWaitForDynamicTableUpdates`:

If a client sends a…

CVE-2026-48748
GitHub-GHSA

HIGH
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability
GHSA-f8h2-vmm9-qhj6
pkg: Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-x64
eco: nuget
published: Jun 15, 2026
## Executive summary

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core SignalR and Blazor Server. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service v…

CVE-2026-45591
GitHub-GHSA

HIGH
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
GHSA-2288-8h3r-cqgg
pkg: CoreWCF.Primitives
eco: nuget
published: Jun 19, 2026
### Impact
When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent WS‑SecureConversation traffic that …
CVE-2026-54784
GitHub-GHSA

HIGH
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
GHSA-gqv6-pwcg-87r8
pkg: CoreWCF.Primitives, CoreWCF.Primitives
eco: nuget
published: Jun 19, 2026
### Impact
The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securi…
CVE-2026-54783
GitHub-GHSA

HIGH
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
GHSA-48pq-2xq3-c2m4
pkg: CoreWCF.Primitives, CoreWCF.Primitives
eco: nuget
published: Jun 19, 2026
### Impact
The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes:
– Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo (issuer bug…
CVE-2026-54781
GitHub-GHSA

HIGH
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
GHSA-rpj7-hr7h-w6p9
pkg: CoreWCF.Primitives, CoreWCF.Primitives
eco: nuget
published: Jun 19, 2026
### Impact
When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped.

#### Preconditions
The service is configured to authenticate using SAML tokens and an out of band token resolver (commonly the IssuerToke…

CVE-2026-54774
GitHub-GHSA

HIGH
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
GHSA-vmh5-mc38-953g
pkg: undici, undici
eco: npm
published: Jun 18, 2026
## Impact

undici's `ProxyAgent` silently drops the `requestTls` option when configured with a SOCKS5 proxy URI (`socks5://` or `socks://`). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured `ca`, `cert`, `key`, `rejectUnauthoriz…

CVE-2026-9697
GitHub-GHSA

HIGH
ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)
GHSA-xqxv-4jc2-x56x
pkg: github.com/zitadel/zitadel
eco: go
published: Jun 18, 2026
### Summary

Zitadel's OAuth2 / OIDC `CodeExchange` and `RefreshToken` implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization…

CVE-2026-55672
GitHub-GHSA

HIGH
Deno: Miller-Rabin Primality Test Allows Zero Rounds
GHSA-9xg4-qhm4-g43w
pkg: deno
eco: rust
published: Jun 16, 2026
## Summary

`node:crypto.checkPrime(candidate[, options][, callback])` and `crypto.checkPrimeSync(candidate[, options])` ran no Miller-Rabin rounds at all when the caller left `options.checks` at its default of `0`. In that mode, the only test applied to the candidate was trial division by the prime…

CVE-2026-49440
GitHub-GHSA

HIGH
Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()
GHSA-6rfw-mq36-jm8h
pkg: bedrock-agentcore
eco: pip
published: Jun 19, 2026
### Summary
The AWS Bedrock AgentCore Python SDK (bedrock-agentcore) is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the install_packages() method of the Code Interpreter client where crafted package name arguments can by…
CVE-2026-12530
GitHub-GHSA

HIGH
PraisonAI Code agent tools fail open without a workspace boundary
GHSA-gcq3-mfvh-3×25
pkg: praisonai
eco: pip
published: Jun 18, 2026
# PraisonAI Code agent tools fail open without a workspace boundary

## Summary

PraisonAI Code's agent-compatible `CODE_TOOLS` wrappers keep a global workspace root initialized to `None`. If an application uses `CODE_TOOLS`, `code_read_file`, `code_search_replace`, or `code_apply_diff` before calli…

GitHub-GHSA

HIGH
PraisonAI: Jobs webhook SSRF protection bypass via DNS rebinding
GHSA-rjvw-7vvw-549v
pkg: praisonai
eco: pip
published: Jun 18, 2026
# Jobs webhook SSRF protection bypass via DNS rebinding

## Summary

PraisonAI's Async Jobs API validates `webhook_url` when a job request is parsed
and again when the internal `Job` object is constructed. That validation blocks
direct loopback/private targets, but it is not bound to the later netwo…

GitHub-GHSA

HIGH
@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing
GHSA-h5x8-xp6m-x6q4
pkg: @jhb.software/payload-cloudinary-plugin
eco: npm
published: Jun 19, 2026
## Arbitrary Cloudinary API Parameter Signing in @jhb.software/payload-cloudinary-plugin

### Summary

`@jhb.software/payload-cloudinary-plugin` v0.3.4 exposes a server-side signing endpoint (`POST /api/cloudinary-generate-signature`) that passes attacker-supplied `paramsToSign` directly to `cloudin…

GitHub-GHSA

HIGH
SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read`
GHSA-mrvx-jmjw-vggc
pkg: mcp-searxng
eco: npm
published: Jun 19, 2026
## DNS-resolved Private Hostname SSRF in `web_url_read`

### Summary

The `web_url_read` MCP tool in `mcp-searxng` is vulnerable to Server-Side Request Forgery (SSRF) via DNS rebinding bypass. The `assertUrlAllowed()` function at `src/url-reader.ts:85-93` validates only the syntactic hostname string…

GitHub-GHSA

HIGH
Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning
GHSA-2fmp-9rvw-hc96
pkg: network-ai
eco: npm
published: Jun 19, 2026
### Summary
`EnvironmentManager.listBackups()` reads each backup's `_manifest.json` and trusts the manifest's `path` field. `EnvironmentManager.pruneBackups()` later passes that trusted `entry.path` directly to `rmSync(entry.path, { recursive: true, force: true })`.

An attacker who can place or mod…

GitHub-GHSA

HIGH
jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories
GHSA-436q-jwfr-rm2h
pkg: jupyterlab-git
eco: pip
published: Jun 19, 2026
## Summary

`jupyterlab-git` 0.53.0 (latest, 2026-04-30) uses `fnmatch.fnmatchcase()` in `GitHandler.prepare()` (`jupyterlab_git/handlers.py:91`) to enforce the admin-configured `excluded_paths` security control. Because `fnmatchcase` is unconditionally case-sensitive, an authenticated user on a cas…

CVE-2026-54528
GitHub-GHSA

HIGH
OpenClaw: Workspace-derived service PATH could influence trash command selection
GHSA-rx78-29qr-5hq8
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Workspace-derived service PATH could influence trash command selection. In affected versions, a workspace-derived environment path could select an unintended `trash` executable during maintenance.

This advisory is scoped to the named feature and configuration. It does not change OpenCl…

CVE-2026-53865
GitHub-GHSA

HIGH
OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots
GHSA-wc84-j36w-pw4x
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. In affected versions, a workspace `.env` in a repository opened by a trusted operator could set `STATE_DIRECTORY` before runtime dependency root resolution.

This advisory is scoped to the named feature and…

CVE-2026-53858
GitHub-GHSA

HIGH
OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install
GHSA-24vr-rprv-67rf
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Workspace .env npm_execpath could influence bundled runtime dependency install. In affected versions, a workspace `.env` in a repository opened by a trusted operator could override the package-manager executable path used by the install helper.

This advisory is scoped to the named feat…

CVE-2026-53846
GitHub-GHSA

HIGH
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
GHSA-v2ww-5rh7-2h5v
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

OpenClaw's exec allowlist supported optional `argPattern` entries to restrict the arguments accepted for an allowlisted executable. In affected releases, Linux and macOS gateways skipped `argPattern` checks and treated a matching executable path as sufficient to satisfy the allowlist.

CVE-2026-53853
GitHub-GHSA

HIGH
Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message
GHSA-p6gq-j5cr-w38f
pkg: nodemailer
eco: npm
published: Jun 18, 2026
# Message-level `raw` option bypasses `disableFileAccess` / `disableUrlAccess`, enabling arbitrary file read and full-response SSRF in the sent message

– **Target:** nodemailer/nodemailer, npm `nodemailer` **v9.0.0** (HEAD `4e58450eb490e5097a74b2b2cce35a8d9e21856e`)
– **Verdict:** CONFIRMED (local …

GitHub-GHSA

HIGH
OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution
GHSA-fq9j-vw4w-fr6v
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution. In affected versions, a workspace `.env` in a repository opened by a trusted operator could influence which Python runtime `gcloud` used through `CLOUDSDK_PYTHON`.

This advisory is scoped to the named feature …

CVE-2026-53842
GitHub-GHSA

HIGH
OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin
GHSA-rjxq-qqhf-8hwh
pkg: openclaw
eco: npm
published: Jun 17, 2026
### Summary

OpenClaw supports remote MCP Streamable HTTP servers with operator-configured custom headers. In affected releases, those headers could be forwarded when the MCP endpoint responded with a cross-origin redirect.

This issue is limited to configured MCP Streamable HTTP servers that use cu…

CVE-2026-53840
GitHub-GHSA

HIGH
Daytona: Public sandbox previews remain accessible for up to one hour after being made private
GHSA-ww63-pv5x-vfc8
pkg: github.com/daytonaio/daytona
eco: go
published: Jun 16, 2026
### Summary
Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed.

### Impact
When a sandbox owner changed a previe…

CVE-2026-54321
GitHub-GHSA

HIGH
Anki's local HTTP server does not sufficiently validate requests
GHSA-869j-r97x-hx2g
pkg: aqt
eco: pip
published: Jun 19, 2026
## Summary

Anki launches a local HTTP server to serve media files and web pages for parts of its interface. The server fails to validate requests in the following ways:
1. No sufficient validation of the Origin header.
2. Some endpoints are vulnerable to path traversal attacks.

This allows malicio…

GitHub-GHSA

HIGH
Lokka: Azure Resource Manager URL path validation issue
GHSA-g2gw-q38m-vjfc
pkg: @merill/lokka
eco: npm
published: Jun 19, 2026
Lokka versions prior to 2.1.2 constructed Azure Resource Manager request URLs using direct string concatenation with user-controlled path input. Specially crafted path values could alter URL authority parsing and cause Azure Resource Manager bearer tokens to be sent to an unintended host. Version 2.…
GitHub-GHSA

HIGH
Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests
GHSA-v3f4-w7r7-v3hm
pkg: @zenalexa/unicli
eco: npm
published: Jun 19, 2026
## Impact

Uni-CLI versions before 0.225.2 exposed the legacy JSON-RPC-over-HTTP MCP transport on loopback without validating browser Origin headers before routing requests. A malicious web page could send a CORS simple POST request, such as text/plain, to the local /mcp endpoint and deliver a JSON-…

GitHub-GHSA

HIGH
stigmem-node: decay sweep expires and counts facts across all tenants (cross-tenant BOLA)
GHSA-6gqw-jqv7-v88m
pkg: stigmem-node
eco: pip
published: Jun 19, 2026
### Summary
On a multi-tenant stigmem node, a caller holding a `write` credential for **one** tenant can run a decay sweep that acts on **every** tenant's facts. The candidate-selection queries in `lifecycle/decay.py` (`_select_ttl_candidates`, `_select_confidence_candidates`) carried no `tenant_id`…
GitHub-GHSA

HIGH
stistigmem-node: quarantine review surface exposes and mutates other tenants' quarantined facts (cross-tenant BOLA)
GHSA-xhv3-q4xx-349r
pkg: stigmem-node
eco: pip
published: Jun 19, 2026
### Summary
On a multi-tenant stigmem node, a tenant administrator could list, read, and **admit or reject** quarantined facts belonging to **other** tenants. The list/count queries and `_get_quarantined_fact` in `routes/quarantine.py` lacked an `f.tenant_id = identity.tenant_id` predicate, and the …
GitHub-GHSA

HIGH
stigmem-node: RTBF tombstones are mis-attributed and suppress reads tenant-blind (cross-tenant BOLA)
GHSA-x26h-xmv8-gxf7
pkg: stigmem-node
eco: pip
published: Jun 19, 2026
### Summary
On a multi-tenant stigmem node, RTBF (right-to-be-forgotten) tombstones were mis-scoped two ways. (1) `issue_tombstone` defaulted the tenant to `"default"` instead of the caller's tenant, so tombstones could be written to the wrong tenant. (2) The read-suppression path — `_get_tombston…
GitHub-GHSA

HIGH
Gogs: XSS in .ipynb files renderer due to outdated notebookjs
GHSA-6vxv-wg6j-5qwp
pkg: gogs.io/gogs
eco: go
published: Jun 19, 2026
### Summary

Gogs renders Jupyter notebook files (`.ipynb`) using [jsvine/notebookjs](https://github.com/jsvine/notebookjs), but the version is outdated, missing patches for known XSS vulnerabilities.

### Details

Gogs uses version 0.4.2 of notebookjs to render Jupyter notebook files:

https://gith…

GitHub-GHSA

HIGH
http4k: `HmacSha256.hash` (despite the `Hmac` naming) computed a plain unkeyed digest; clarified by deprecation in favour of `Sha256.hash` / `Sha256.hmac`
GHSA-m4w9-hjfw-vwj4
pkg: org.http4k:http4k-core
eco: maven
published: Jun 19, 2026
### Impact

The `HmacSha256` class contained two functions:
– `hash(payload)` — a plain unkeyed SHA-256 digest. The `Hmac` prefix in the class name was misleading; this function has no key parameter, so it could never have been an HMAC.
– `hmacSHA256(key, data)` — a properly keyed HMAC-SHA256.

GitHub-GHSA

HIGH
TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover
GHSA-g5qx-h5f3-mp2f
pkg: tinacms, @tinacms/app
eco: npm
published: Jun 19, 2026
TinaCMS registers window message listeners — the useTina overlay handler, the OAuth authentication popup handler, and the admin↔preview iframe GraphQL reducer — that act on event.data without verifying event.origin or event.source, and post messages using non-specific target origins. A page th…
CVE-2026-55660
GitHub-GHSA

HIGH
@cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized –workspace Argument
GHSA-v75r-vx73-82pj
pkg: @cyclonedx/cyclonedx-npm
eco: npm
published: Jun 19, 2026
## Summary
A command injection vulnerability exists in `@cyclonedx/cyclonedx-npm` when the CLI is invoked with the `–workspace <value>` option while the environment variable `npm_execpath` is unset or empty.
User‑supplied `–workspace` values are passed to a subshell without proper sanitization…
CVE-2026-55849
GitHub-GHSA

HIGH
Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
GHSA-h8w8-99g7-qmvj
pkg: concurrent-ruby
eco: rubygems
published: Jun 19, 2026
### Summary
`Concurrent::AtomicReference#update` can enter a permanent busy retry loop when the current value is `Float::NAN`.

The issue is caused by the interaction between:
– `AtomicReference#update`, which retries until `compare_and_set(old_value, new_value)` succeeds.
– Numeric `compare_and_set…

CVE-2026-54904
GitHub-GHSA

HIGH
Oj: Integer Overflow in Oj.load 2GB String Handling
GHSA-475m-ph3x-64gp
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj.load` is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in `buf_append_string` (`buf.h:61`) converts the string length to a large negative `size_t`, causing `memcpy` to copy an astronomically large amount of data out of bounds. This cr…

CVE-2026-54903
GitHub-GHSA

HIGH
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
GHSA-m578-w5vf-rfcm
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj::Parser` in SAJ mode does not protect cached object keys (≥ 35 bytes) from garbage collection. A Ruby callback that triggers GC inside `hash_end` can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALU…

CVE-2026-54902
GitHub-GHSA

HIGH
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
GHSA-vwm4-62gf-x745
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj::Parser` in usual mode does not mark `array_class` and `hash_class` references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent `parse` call dereferences t…

CVE-2026-54901
GitHub-GHSA

HIGH
Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling
GHSA-9cv6-qcjw-4grx
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj::Parser#parse` in usual mode with `create_id` enabled is vulnerable to heap corruption via a negative-size `memcpy`. When a JSON object key is exactly 65,535 bytes long, an integer truncation in `form_attr` (`usual.c:63`) converts the length to `-1` before passing it to `memcpy`. Th…

CVE-2026-54900
GitHub-GHSA

HIGH
Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening (DNS-rebinding, request-body limits, read-only reads, default network exposure)
GHSA-v52w-28xh-v562
pkg: kozou, @kozou/api, @kozou/mcp
eco: npm
published: Jun 19, 2026
Kozou compiles a PostgreSQL schema into an Admin UI, a REST API, and an MCP server. Several hardening gaps in the bundled HTTP surfaces and the scaffolded dev stack are fixed in **1.8.1**.

## Issues

1. **MCP HTTP server lacked DNS-rebinding protection.** The Streamable HTTP transport is unauthenti…

GitHub-GHSA

HIGH
Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
GHSA-q2gm-54r6-8fwm
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj::Parser#parse` is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw `const byte *` pointer into the Ruby string's internal buffer. If a callback (e.g. `hash_start`) resizes the string — for example b…

CVE-2026-54898
GitHub-GHSA

HIGH
Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close
GHSA-9ppp-w3g4-fh4q
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls `doc.close` or `d.close`, the document's heap memory is freed while the C iterator is still running. When control returns from the bloc…

CVE-2026-54897
GitHub-GHSA

HIGH
Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
GHSA-35w3-pjm6-wj95
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj.dump` in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large `:indent` value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With `indent: 5000`, the a…

CVE-2026-54896
GitHub-GHSA

HIGH
jupyterlab-git extension: Stored XSS leading to RCE
GHSA-f962-v9hr-pfg5
pkg: jupyterlab-git, jupyterlab-git-core, @jupyterlab/git
eco: npm
published: Jun 19, 2026
Overview

Amazon Web Services (AWS) Security has identified a stored cross-site scripting (XSS) issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution (RCE). The issue exists in the PlainTextDiff.ts component, where the createHeader() method passes Git filenames dir…

CVE-2026-54527
GitHub-GHSA

HIGH
containerd CRI checkpoint restore CDI annotation smuggling
GHSA-33vj-92qq-66hc
pkg: github.com/containerd/containerd/v2, github.com/containerd/containerd/v2, github.com/containerd/containerd/v2
eco: go
published: Jun 19, 2026
### Impact

containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint arc…

CVE-2026-53492
GitHub-GHSA

HIGH
Arbitrary host CRI log file read via symlink following in CRI checkpoint restore
GHSA-rgh6-rfwx-v388
pkg: github.com/containerd/containerd/v2, github.com/containerd/containerd/v2, github.com/containerd/containerd/v2
eco: go
published: Jun 19, 2026
### Impact
A bug was found in containerd where the CRI plugin restores `container.log` from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via `kubectl logs`.

### Patches
This bug has been fixed in the following containerd versions…

CVE-2026-53489
GitHub-GHSA

HIGH
containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
GHSA-xhf5-7wjv-pqxp
pkg: github.com/containerd/containerd, github.com/containerd/containerd/v2, github.com/containerd/containerd/v2
eco: go
published: Jun 19, 2026
### Impact
A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations.
CVE-2026-53488
GitHub-GHSA

HIGH
Oj: Stack Buffer Overflow in Oj.dump via Large Indent
GHSA-3v45-f3vh-wg7m
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `dump.h` calls `memset(indent_str, ' ', (size_t)opts->indent)` without validating the size. When `opts->indent` is set to `INT_MAX` (2,147,483,647), the `…

CVE-2026-54502
GitHub-GHSA

HIGH
Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle
GHSA-2cw7-v8ff-p88r
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

Disabling `symbol_keys` on a reused `Oj::Parser` instance triggers a heap use-after-free. When `symbol_keys` is toggled from `true` to `false`, `opt_symbol_keys_set` frees the internal key cache (`cache_free`) but does not clear the pointer. The next `parse` call reads from the freed ca…

CVE-2026-54899
GitHub-GHSA

HIGH
Hugo: security.http.urls deny rules bypassed by alternate IPv4 encodings (SSRF)
GHSA-r46f-3rpw-hxrv
pkg: github.com/gohugoio/hugo
eco: go
published: Jun 19, 2026
### Impact

The default `security.http.urls` policy denies requests to loopback, internal,
and cloud-metadata IPv4 literals (e.g. `http://127.0.0.1/`,
`http://169.254.169.254/`). The deny rule only matched dotted-decimal notation,
so alternate IPv4 encodings of the same addresses — integer…

GitHub-GHSA

HIGH
ouroboros-ai: Incomplete fix of CVE-2026-47211: untrusted project .env can still reach RCE via omitted execution-routing keys
GHSA-jv2h-4p9v-wf5w
pkg: ouroboros-ai
eco: pip
published: Jun 19, 2026
### Impact
The CVE-2026-47211 fix (0.39.0) added `_UNTRUSTED_ENV_DENYLIST` to stop an untrusted project-directory `.env` from redirecting execution. The denylist was incomplete — several execution-routing keys of the same RCE class were omitted, so a malicious cloned repo can still reach arbitrary…
GitHub-GHSA

HIGH
ReDoS in DotVVM routing
GHSA-c2g3-c4gc-w5wg
pkg: DotVVM, DotVVM, DotVVM
eco: nuget
published: Jun 19, 2026
### Impact

This impacts users which use multiple unconstrained route parameters not separated by a `/`. For instance, the following code is vulnerable:
“`
var route = new DotvvmRoute("edit/{a}-{b}-{c}/done", null, "testpage", null, null, configuration);

var adversarialInput = "edit/" + new string…

GitHub-GHSA

HIGH
parse-server: Denial of service via exponential-time processing of deeply nested query operators
GHSA-cgxm-vr2f-6fj8
pkg: parse-server, parse-server
eco: npm
published: Jun 19, 2026
### Impact

Parse Server is vulnerable to denial of service. A remote attacker can send a single, small query (~1 KB) containing deeply nested query condition operators. Parse Server processes the nested structure with exponential time complexity, which blocks the Node.js event loop and makes the se…

GitHub-GHSA

HIGH
Tilt: Cross-site WebSocket hijacking of the Tilt HUD stream
GHSA-6m68-r693-78qx
pkg: github.com/tilt-dev/tilt
eco: go
published: Jun 19, 2026
## Summary
The Tilt HUD WebSocket (`/ws/view`) is gated by a CSRF token, but the token is served by an unauthenticated endpoint and the upgrader accepts any client that omits an `Origin` header. When the HUD is network-exposed, an attacker can open the HUD stream and read the developer's session sta…
CVE-2026-55883
GitHub-GHSA

HIGH
Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server
GHSA-p749-9w62-w533
pkg: github.com/tilt-dev/tilt
eco: go
published: Jun 19, 2026
## Summary
The Tilt HUD server mounts Go's `net/http/pprof` handlers under `/debug` with no access control. When the HUD is network-exposed, an attacker can read process memory — including session and apiserver tokens — and hold the process under profiling.

## Details
A blank import of `net/htt…

CVE-2026-55882
GitHub-GHSA

HIGH
[Eclipse Theia] Indirect Prompt Injection via Auto-Loaded Workspace Prompt Template Files in AI Chat
GHSA-m973-pr9r-hp2w
pkg: @theia/ai-chat-ui, @theia/ai-chat, @theia/ai-claude-code
eco: npm
published: Jun 18, 2026
In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspac…
CVE-2026-46580
GitHub-GHSA

HIGH
[Eclipse Theia] Arbitrary Command Execution via Untrusted Workspace Task Definitions
GHSA-g9jw-92q7-g7fj
pkg: @theia/debug, @theia/task, @theia/workspace
eco: npm
published: Jun 18, 2026
In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrar…
CVE-2026-44691
GitHub-GHSA

HIGH
[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat
GHSA-3jww-hxqj-wfq2
pkg: @theia/ai-chat-ui, @theia/ai-chat, @theia/ai-claude-code
eco: npm
published: Jun 18, 2026
In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed by…
CVE-2026-44688
GitHub-GHSA

HIGH
AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator's Claude Code session (bridge-wake)
GHSA-fq4x-789w-jg5h
pkg: @agenticmail/core, @agenticmail/claudecode, @agenticmail/codex
eco: npm
published: Jun 18, 2026
## Summary
Two inbound-mail handlers act on a privileged effect without verifying that the sender is the operator, while a sibling handler in the same repo does. The higher-impact one: any external email routed to the bridge inbox causes the dispatcher to resume the operator's Claude Code session wi…
GitHub-GHSA

HIGH
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
GHSA-hjwc-26pj-v3pm
pkg: @agenticmail/api
eco: npm
published: Jun 18, 2026
## Summary

A low-privileged authenticated AgenticMail agent can enumerate another agent's pending/claimed tasks by supplying the target agent name to `GET /api/agenticmail/tasks/pending?assignee=<name>`. The returned task objects include the task IDs and payloads. The same task IDs can then be used…

GitHub-GHSA

HIGH
MCP Toolbox for Databases: authenticated authorization bypass
GHSA-5gf6-gc35-xjpc
pkg: github.com/googleapis/mcp-toolbox
eco: go
published: Jun 18, 2026
An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers.

While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol version…

CVE-2026-11719
GitHub-GHSA

HIGH
Heimdall: Forwarded Header Injection via Unsanitized Host Header in Proxy Mode
GHSA-4jgr-pg2m-m988
pkg: github.com/dadrus/heimdall
eco: go
published: Jun 18, 2026
### Summary

When Heimdall operates in proxy mode, it constructs the `Forwarded` HTTP header after executing the matched rule pipeline by inserting the incoming request's `Host` header value directly into the header string without sanitizing commas or semicolons. This allows an attacker to inject ad…

GitHub-GHSA

HIGH
Heimdall: IP Spoofing via Unvalidated Forwarding Headers
GHSA-38×9-25wx-7fg2
pkg: https://github.com/dadrus/heimdall
eco: go
published: Jun 18, 2026
### Summary

When the `trusted_proxies` option is configured, heimdall extracts client IP addresses from the `Forwarded` (`for=` parameter) and `X-Forwarded-For` headers and exposes them as `Request.ClientIPAddresses` to the rule pipeline. However, extracted values are not validated to be syntactica…

GitHub-GHSA

HIGH
Karate Mock Server RCE via embedded expression evaluation of request-derived data
GHSA-2c85-rfcc-g74j
pkg: io.karatelabs:karate-core
eco: maven
published: Jun 18, 2026
### Summary

Karate Mock Server can execute embedded expressions found in attacker-controlled HTTP request data when a Mock Server feature assigns request-derived values such as `request`, `requestHeaders`, or `requestParams` to variables.

In affected scenarios, an unauthenticated remote attacker c…

GitHub-GHSA

HIGH
Docker MCP Gateway: Argument injection via OCI image label YAML
GHSA-r2xf-7jw5-pjg6
pkg: github.com/docker/mcp-gateway
eco: go
published: Jun 18, 2026
## Summary

A maliciously crafted OCI image label can inject arbitrary arguments into the `docker run` command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via `docker://`, or that the victim's catalog pulls a snapshot from, can mount the host fil…

CVE-2026-55887
GitHub-GHSA

HIGH
Duplicate Advisory: Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
GHSA-cc5p-54×3-hcf8
pkg: picklescan
eco: pip
published: Jun 17, 2026
## Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-97f8-7cmv-76j2. This link is maintained to preserve external references.

## Original Description
picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attac…

GitHub-GHSA

HIGH
Apache Shiro: LDAP DN Injection in DefaultLdapRealm
GHSA-x96m-rh44-vgv8
pkg: org.apache.shiro:shiro-core, org.apache.shiro:shiro-core
eco: maven
published: Jun 17, 2026
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate the…
CVE-2026-49268
GitHub-GHSA

HIGH
Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts
GHSA-9cr8-q42q-g8m7
pkg: Traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik
eco: go
published: Jun 16, 2026
## Summary

There is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact, c…

CVE-2026-53622
GitHub-GHSA

HIGH
Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass
GHSA-5r4w-85f3-pw66
pkg: Traefik
eco: go
published: Jun 16, 2026
## Summary

There is a high severity vulnerability in Traefik's domain-fronting protection (`SNICheck`) that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router `TLSOptions`. When a router uses a wildcard host rule such as `Host(`*.example.com`)` with stricter TLS …

CVE-2026-48491
GitHub-GHSA

MEDIUM
OpenBao: LDAPi ldaputil (wrong escape func)
GHSA-6mwx-4547-5vc9
pkg: github.com/openbao/openbao, github.com/openbao/openbao
eco: go
published: Jun 19, 2026
## 1. Description

### Component

`sdk/helper/ldaputil/client.go` — the shared LDAP utility library used by both the LDAP authentication backend and OpenLDAP secrets engine to construct LDAP search filters and bind DNs.

### Root Cause

The LDAP utility contains a **function selection error** that…

CVE-2026-55770
GitHub-GHSA

MEDIUM
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
GHSA-jr33-mw75-7j8f
pkg: dbt-mcp
eco: pip
published: Jun 19, 2026
## Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens

### Summary

The local OAuth helper FastAPI server bundled with `dbt-mcp` exposes the `GET /dbt_platform_context` endpoint without any form of authentication or host-origin validation. After a user completes the OAuth login flow ag…

CVE-2026-55837
GitHub-GHSA

MEDIUM
OpenFGA: OIDC audience validation skipped when –authn-oidc-audience is unset
GHSA-hcxc-wf8j-23hv
pkg: github.com/openfga/openfga
eco: go
published: Jun 19, 2026
## Description

OpenFGA's OIDC authenticator skipped JWT audience (`aud`) validation when no audience was configured.
In deployments where one identity provider issues tokens for multiple services,
a token minted for an unrelated service could authenticate to OpenFGA.

## Preconditions

This applies…

CVE-2026-55689
GitHub-GHSA

MEDIUM
Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability
GHSA-7q4v-2mr6-5gpx
pkg: Microsoft.NETCore.App.Runtime.linux-x64, Microsoft.NETCore.App.Runtime.linux-x64, Microsoft.NETCore.App.Runtime.linux-x64
eco: nuget
published: Jun 16, 2026
## Executive Summary

Microsoft is releasing this security advisory to provide information about a vulnerability in System.Formats.Tar. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A tampering vulnerability exists in the `…

CVE-2026-45491
GitHub-GHSA

MEDIUM
OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags
GHSA-c226-q6fx-6j6c
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

macOS Swift exec allowlist missed combined POSIX inline flags. In affected versions, a command request using combined POSIX inline-command flags could miss inline-command content expressed through combined flags.

This advisory is scoped to the named feature and configuration. It does n…

CVE-2026-53861
GitHub-GHSA

MEDIUM
SurrealDB: Denial of Service via deep operator chains
GHSA-jv2j-mqmw-xvv5
pkg: surrealdb
eco: rust
published: Jun 19, 2026
An authenticated user could crash a SurrealDB server with a single query containing a long chain of operators.

Such a query — for example `RETURN 1 + 1 + 1 + …` with tens of thousands of terms — is parsed into an expression tree one level deep per operator. Because the chain is flat and the p…

GitHub-GHSA

MEDIUM
Anki: User scripts in iframes have access to the internal Anki API
GHSA-cw6h-ffmh-x6vh
pkg: aqt
eco: pip
published: Jun 19, 2026
## Summary

Anki's webview-based pages communicate with the Rust backend using an internal localhost API. Anki implements measures to prevent user scripts run in the reviewer/editor from accessing this API (https://github.com/ankitects/anki/pull/3925) but it inadvertently allows access to scripts in…

GitHub-GHSA

MEDIUM
Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory
GHSA-jvcm-f35g-w78p
pkg: network-ai
eco: npm
published: Jun 19, 2026
### Summary
`AgentRuntime` promises scoped file access under a configured sandbox `basePath`, but its path containment checks use raw string prefix tests. A sandbox base such as `/tmp/network-ai-sandbox` also matches a sibling path such as `/tmp/network-ai-sandbox_evil/secret.txt`.

An agent/user th…

GitHub-GHSA

MEDIUM
OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types
GHSA-8w8f-r2xv-4q4j
pkg: github.com/openbao/openbao, github.com/openbao/openbao
eco: go
published: Jun 19, 2026
On OpenBao 2.5.4 and 2.5.2(and likely earlier versions also), an authenticated caller with write access to `transit/keys/*` can crash the OpenBao server by issuing a single key-creation request that combines an asymmetric `type` (`rsa-*`, `ecdsa-*`, `ed25519`)
with `derived: true`. The server return…
CVE-2026-55776
GitHub-GHSA

MEDIUM
UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
GHSA-3j69-69wj-xqx2
pkg: ujson
eco: pip
published: Jun 19, 2026
### Summary
`ujson.dumps()` (or `ujson.dump()` or `ujson.encode()`) have a `reject_bytes=False` option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass an…
CVE-2026-54911
GitHub-GHSA

MEDIUM
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
GHSA-6jj2-4q5c-x8g6
pkg: CoreWCF.NetNamedPipe, CoreWCF.NetNamedPipe
eco: nuget
published: Jun 19, 2026
### Impact
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this…
CVE-2026-54777
GitHub-GHSA

MEDIUM
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
GHSA-m744-jhq9-ppw6
pkg: CoreWCF.Kafka, CoreWCF.Kafka
eco: nuget
published: Jun 19, 2026
### Impact
A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic.

#### Preconditions
The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits anonymous publishes, n…

CVE-2026-54775
GitHub-GHSA

MEDIUM
OpenClaw: memory-wiki shared search could miss session visibility checks
GHSA-72fw-cqh5-f324
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

memory-wiki shared search could miss session visibility checks. In affected versions, a caller able to search shared memory could skip the session visibility guard on the affected search path.

This advisory is scoped to the named feature and configuration. It does not change OpenClaw's…

CVE-2026-53844
GitHub-GHSA

MEDIUM
OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently
GHSA-gxg4-2rrr-jhc7
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Hostname checks could treat trailing-dot hosts inconsistently. In affected versions, a request path that accepts model- or workspace-derived URLs could present the same hostname with a trailing dot and avoid a blocklist comparison.

This advisory is scoped to the named feature and confi…

CVE-2026-53859
GitHub-GHSA

MEDIUM
NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)
GHSA-jr45-52cw-69h5
pkg: nl.nl-portal:documenten-api
eco: maven
published: Jun 18, 2026
## Summary

A previous advisory (CVE-2026-49463 / GHSA-qpm9-h556-mwxm) reported that any logged-in user could download any document by its identifier, and stated this was fixed in 3.0.1. For the document-content part that fix was **incomplete**: documents remained downloadable by any authenticated u…

CVE-2026-54683
GitHub-GHSA

MEDIUM
BBOT: Arbitrary File Write in postman_download Module
GHSA-m54h-vhf9-3w3m
pkg: bbot
eco: pip
published: Jun 18, 2026
The `postman_download` module uses the workspace `name` field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attack…
CVE-2026-12568
GitHub-GHSA

MEDIUM
PraisonAI: execute_code sandbox bypass: str.format C-level attribute access reads every blocklisted dunder
GHSA-pv2j-rghr-v5r9
pkg: praisonaiagents
eco: pip
published: Jun 18, 2026
## Summary

The `execute_code` tool's subprocess sandbox advertises a three-layer defense (AST validation, text-pattern blocklist, restricted `__builtins__`). In **sandbox mode** (the default) only two layers are active — the text-pattern blocklist is skipped — and both remaining layers are bypa…

GitHub-GHSA

MEDIUM
PraisonAI: SpiderTools redirect-target SSRF protection bypass
GHSA-6h9p-93hq-q7h6
pkg: praisonaiagents
eco: pip
published: Jun 18, 2026
# SpiderTools redirect-target SSRF protection bypass

## Summary

`SpiderTools.scrape_page()` validates the initial URL and rejects direct
loopback, private, link-local, metadata, and internal hostnames. It then calls
`requests.Session.get()` without disabling automatic redirects or validating
redir…

GitHub-GHSA

MEDIUM
Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.
GHSA-694g-j8pj-cjj5
pkg: org.apache.dolphinscheduler:dolphinscheduler-api
eco: maven
published: Jun 17, 2026
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

CVE-2026-47340
GitHub-GHSA

MEDIUM
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.
GHSA-wv7f-c794-82v6
pkg: org.apache.dolphinscheduler:dolphinscheduler-api
eco: maven
published: Jun 17, 2026
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.

This issue affects Apache DolphinScheduler versions prior to 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes this issue.

CVE-2026-42357
GitHub-GHSA

MEDIUM
Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
GHSA-qwxf-2m7m-2m3x
pkg: github.com/daytonaio/daytona
eco: go
published: Jun 17, 2026
### Summary
A cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events.

### Impact
The notification gateway's JWT handshake joined …

CVE-2026-54324
GitHub-GHSA

MEDIUM
Deno: Node TCPWrap numeric hostname aliases bypass –deny-net resolved-IP deny checks
GHSA-v8fw-85r8-5m23
pkg: deno
eco: rust
published: Jun 16, 2026
## Summary

Deno's network permission model is designed so that `–deny-net` rules apply to the **resolved IP address** of a destination, not just the literal string supplied by the caller. That means `–deny-net=127.0.0.1` (or `–deny-net=127.0.0.0/8`) is expected to block any attempt to reach loop…

CVE-2026-49411
GitHub-GHSA

MEDIUM
Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read
GHSA-82cg-3hv7-74gc
pkg: io.qameta.allure:allure-commandline
eco: maven
published: Jun 19, 2026
## Summary

The built-in HTTP server started by `allure serve` and `allure open` is vulnerable to path traversal. The server resolves request URI paths directly against the report directory without normalizing or validating that the resolved path stays within the report directory. An attacker who ca…

CVE-2026-55846
GitHub-GHSA

MEDIUM
CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
GHSA-q6v9-43v5-jv9q
pkg: CoreWCF.UnixDomainSocket, CoreWCF.UnixDomainSocket
eco: nuget
published: Jun 19, 2026
### Impact
Race condition in POSIX peer identity resolution may attribute one connection’s identity to another (getpwuid/getgrgid non-reentrant) and may crash the host process under contention.

### Patches
Fixed in CoreWCF v1.8.1 and v1.9.1

### Workarounds
Restrict UDS filesystem permissions so …

CVE-2026-54778
GitHub-GHSA

MEDIUM
Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data
GHSA-48×2-6pr9-2jjf
pkg: network-ai
eco: npm
published: Jun 19, 2026
### Summary
`EnvironmentManager.restore(env, backupId)` computes the backup path with `join(envDir, '.backups', backupId)` and only checks that this path exists. It does not resolve the result or verify that it remains under `data/<env>/.backups`.

A caller can pass a traversal backup ID such as `..…

GitHub-GHSA

MEDIUM
Langflow: Logout button does not clear session
GHSA-7hw8-6q6r-4276
pkg: langflow
eco: pip
published: Jun 19, 2026
### Summary
The logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in.

### Details
Not in auto login mode. Hosted on localhost. `access_token_lf` remains present in both Local Storage and Cookies. `refresh_token_lf` remains present in Coo…

CVE-2026-55423
GitHub-GHSA

MEDIUM
Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering
GHSA-gx93-m64w-5m6h
pkg: io.qameta.allure:allure-generator
eco: maven
published: Jun 19, 2026
## Summary

The `ansi.js` Handlebars helper in allure-generator passes user-controlled `statusMessage` and `statusTrace` values from test result files through the `ansi-to-html` library and wraps the output in Handlebars `SafeString` without HTML escaping. Since `ansi-to-html` does not escape HTML e…

CVE-2026-55847
GitHub-GHSA

MEDIUM
tract: Arbitrary file read via unsanitized ONNX external_data `location` (path traversal) on model load in tract-onnx
GHSA-h668-6x6g-f8r5
pkg: tract-onnx, tract-onnx, tract-onnx
eco: rust
published: Jun 19, 2026
### Summary

`tract` (the `tract-onnx` crate) resolves an ONNX tensor's external-data `location` by joining it onto the model directory **without any sanitization**. Because `location` comes from the (untrusted) `.onnx` file, a malicious model can make `tract` open and read an **arbitrary local file…

CVE-2026-55832
GitHub-GHSA

MEDIUM
OpenClaw: Exported session HTML could keep unsafe markdown links
GHSA-w9hf-3pp7-pvxv
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Exported session HTML could keep unsafe markdown links. In affected versions, content rendered into an exported session could preserve unsafe `javascript:` or `data:` links in generated HTML.

This advisory is scoped to the named feature and configuration. It does not change OpenClaw's …

CVE-2026-53841
GitHub-GHSA

MEDIUM
tract-nnef: integer overflow in NNEF `.dat` tensor parser yields an out-of-bounds read on model load
GHSA-x5mv-8wgw-29hg
pkg: tract-nnef, tract-nnef, tract-nnef
eco: rust
published: Jun 18, 2026
– **Component:** `tract-nnef` (`nnef/src/tensors.rs::read_tensor`) + `tract-data` (`data/src/tensor.rs`)
– **Affected versions:** `< 0.21.16`, `0.22.0`–`0.22.2`, `0.23.0`–`0.23.1` — the dense `DatLoader` path was unguarded across all three release lines; patched in 0.21.16 / 0.22.2 / 0.23.1
– …
CVE-2026-55093
GitHub-GHSA

MEDIUM
marimo contains a reflected cross-site scripting vulnerability in the notebook page
GHSA-8m59-7xv8-735h
pkg: marimo
eco: pip
published: Jun 18, 2026
marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal. Atta…
CVE-2026-54386
GitHub-GHSA

MEDIUM
OpenStack Horizon RC file generation does not escape special characters in project names
GHSA-6wrm-x65g-hr4p
pkg: horizon
eco: pip
published: Jun 17, 2026
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability.
CVE-2026-55748
GitHub-GHSA

MEDIUM
Zeep: Server-Side Request Forgery (SSRF)
GHSA-4cc2-g9w2-fhf6
pkg: zeep
eco: pip
published: Jun 19, 2026
## Summary

When parsing a WSDL or XSD document, python-zeep follows transitive references — xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution — and will fetch http/https URLs found in those references. The Settings.forbid_external option, intended to disable this transitive r…

GitHub-GHSA

MEDIUM
Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions
GHSA-mxjx-28vx-xjjj
pkg: network-ai
eco: npm
published: Jun 19, 2026
## Summary

`network-ai`'s `ApprovalInbox` (`lib/approval-inbox.ts`) is a shipped, exported, documented feature — *"a web-accessible approval queue with REST API … and SSE streaming"* (SECURITY.md). It is the network surface of the **human-in-the-loop Approval Gate**, which `ApprovalGate` uses t…

GitHub-GHSA

MEDIUM
CoreWCF: SAML token replay protection is inoperative
GHSA-9jr3-rj99-8jq3
pkg: CoreWCF.Primitives, CoreWCF.Primitives
eco: nuget
published: Jun 19, 2026
### Impact
When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused.

### Patches
Fixed in CoreWCF v1.8.1 and v1.9.1

### Workarounds
Provide your own implementation of `ITokenReplayCache` with the correct behavior.

CVE-2026-54779
GitHub-GHSA

MEDIUM
CoreWCF: WS-Security signature substitution via document-wide Signature lookup
GHSA-jc6x-rj79-w4mx
pkg: CoreWCF.Primitives, CoreWCF.Primitives
eco: nuget
published: Jun 19, 2026
### Impact
An unauthenticated remote attacker who can place a SOAP header lexically before `wsse:Security` can embed a `ds:Signature` of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header.

#### Precondit…

CVE-2026-54773
GitHub-GHSA

MEDIUM
TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)
GHSA-9ggv-8w38-r7pm
pkg: typeorm
eco: npm
published: Jun 19, 2026
### Impact

Blind SQL injection vulnerability in `UpdateQueryBuilder` and `SoftDeleteQueryBuilder` affecting MySQL and MariaDB users.

`UpdateQueryBuilder` and `SoftDeleteQueryBuilder` (including their `addOrderBy` variants) do not validate the `order` parameter against an allowlist of permitted val…

GitHub-GHSA

MEDIUM
undici vulnerable to HTTP header injection via Set-Cookie percent-decoding
GHSA-p88m-4jfj-68fv
pkg: undici, undici, undici
eco: npm
published: Jun 19, 2026
## Impact

undici's cookie parser in `parseSetCookie` percent-decodes cookie values via `qsUnescape`, turning encoded sequences like `%0D%0A`, `%00`, `%3B`, and `%3D` into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either.

Applications th…

CVE-2026-9679
GitHub-GHSA

MEDIUM
undici vulnerable to cross-user information disclosure via shared cache whitespace bypass
GHSA-pr7r-676h-xcf6
pkg: undici, undici
eco: npm
published: Jun 18, 2026
## Impact

Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream `Cache-Control` header uses whitespace-padded qualified `private` or `no-cache` field names such as `private=" authorization"` or `no-cache="\tauthorization"`. The parser preserves the surround…

CVE-2026-9678
GitHub-GHSA

MEDIUM
Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms
GHSA-w4mc-hhc6-xp28
pkg: github.com/axllent/mailpit
eco: go
published: Jun 19, 2026
## Summary

The remediation shipped in mailpit v1.29.2 for [GHSA-mpf7-p9x7-96r3](https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3) (CVE-2026-27808) is incomplete. The `tools.IsInternalIP` deny-list relies on Go's stdlib classification helpers (`IsLoopback`, `IsPrivate`, `Is…

CVE-2026-55187
GitHub-GHSA

MEDIUM
Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints
GHSA-q59x-jc9f-gfqf
pkg: signalk-server
eco: npm
published: Jun 18, 2026
### Summary
signalk-server versions up to and including 2.27.0 contain a Server-Side Request Forgery (SSRF) vulnerability in three administrative endpoints used for remote Signal K server connection management. The `makeRemoteRequest()` function accepts attacker-controlled `host`, `port`, `useTLS`, …
CVE-2026-55591
GitHub-GHSA

MEDIUM
Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected
GHSA-gwxr-7h77-7777
pkg: github.com/projectcapsule/capsule
eco: go
published: Jun 17, 2026
### Summary
Capsule v0.13.2 webhook rules contain `namespace/finalize` (singular) instead of `namespaces/finalize` (plural). K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent.

### Details
PUT to `/api/v1/namespaces/<ns>/finalize` has resource=namespaces (plural). The singu…

CVE-2026-55636
GitHub-GHSA

MEDIUM
Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions
GHSA-mh64-ph39-mrc9
pkg: quiche
eco: rust
published: Jun 19, 2026
### Impact

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions.

The `quiche_connection_id_iter_next` and `quiche_conn_retired_scid_next` functions would return a pointer to a `ConnectionId` to the applications via function arguments, but t…

CVE-2026-11941
GitHub-GHSA

MEDIUM
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
GHSA-wvrh-2f4m-924v
pkg: ChatterBot
eco: pip
published: Jun 19, 2026
## Summary

ChatterBot's `UbuntuCorpusTrainer.extract()` uses a predictable, home-rooted output directory (`~/ubuntu_data/ubuntu_dialogs`) with a check-then-create pattern (`if not os.path.exists: os.makedirs`) followed by `tar.extractall(path=self.data_path)`. A local attacker who pre-plants a syml…

GitHub-GHSA

MEDIUM
Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups
GHSA-6x2m-p4xp-wg22
pkg: network-ai
eco: npm
published: Jun 19, 2026
### Summary
`EnvironmentManager.backup()` recursively collects files using `_collectBackupFiles()`. `_collectBackupFiles()` uses `statSync(full)`, which follows symlinks. If `data/<env>` contains a symlink to a directory outside the environment root, backup recursion follows the symlink and copies e…
GitHub-GHSA

MEDIUM
Duplicate Advisory: PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands
GHSA-x44p-gg67-52fc
pkg: praisonai
eco: pip
published: Jun 19, 2026
## Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-ffp3-3562-8cv3. This link is maintained to preserve external references.

## Original Description
PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowin…

GitHub-GHSA

MEDIUM
OpenClaw: Config recovery could restore openclaw.json with broad file permissions
GHSA-rwp6-7w3q-75fq
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Config recovery could restore openclaw.json with broad file permissions. In affected versions, a local recovery path after configuration repair could leave the restored config file more readable than intended.

This advisory is scoped to the named feature and configuration. It does not …

CVE-2026-53856
GitHub-GHSA

MEDIUM
Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644)
GHSA-99f9-j8r3-p853
pkg: hermes-agent
eco: pip
published: Jun 17, 2026
Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including con…
CVE-2026-53870
GitHub-GHSA

MEDIUM
Deno: BYONM module resolution allows `package.json` main path traversal to bypass `–allow-read` restrictions
GHSA-968w-xfqw-vp9q
pkg: deno
eco: rust
published: Jun 16, 2026
## Summary

When Deno was run in BYONM mode (`nodeModulesDir: "manual"`), the module resolver did not validate that a package's resolved entrypoint stayed within its `node_modules/<pkg>/` directory. A malicious `package.json` whose `main` field contained `..` segments was able to resolve to an arbit…

CVE-2026-49406
GitHub-GHSA

MEDIUM
Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator
GHSA-r427-j2h7-wv3m
pkg: io.strimzi:strimzi
eco: maven
published: Jun 18, 2026
### Impact

When only the Topic or only the User operators are deployed as part of the Entity Operator in the `Kafka` custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding to both operators. Th…

CVE-2026-55226
GitHub-GHSA

MEDIUM
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
GHSA-4xgf-cpjx-pc3j
pkg: pydantic-settings
eco: pip
published: Jun 19, 2026
### Summary

`NestedSecretsSettingsSource` reads secret values from files in a configured `secrets_dir`. When `secrets_nested_subdir=True`, a directory entry inside `secrets_dir` that is a symbolic link pointing **outside** `secrets_dir` is followed, so files outside the configured directory are rea…

GitHub-GHSA

MEDIUM
Oj: intern.c form_attr (uninitialized stack read)
GHSA-fm7p-mprw-wjm9
pkg: oj
eco: rubygems
published: Jun 19, 2026
### Summary

`Oj.load` in `:object` mode reads uninitialized stack memory (and, for long
keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes
or longer. The interned bytes can surface to the caller, disclosing process
stack memory.

### Details

In `ext/oj/intern.c`, `form_at…

CVE-2026-54500
GitHub-GHSA

MEDIUM
DotVVM: Unrestricted file upload
GHSA-2rm3-333w-xvc4
pkg: DotVVM, DotVVM, DotVVM
eco: nuget
published: Jun 19, 2026
### Impact

All users of DotVVM with configured file upload storage are affected.

DotVVM allows anyone to upload files to the application, potentially causing denial of service by filling the disk.

### Patches

Since version 4.3.15, 4.2.11 and 5.0.0-preview09, DotVVM requires all file upload requ…

GitHub-GHSA

MEDIUM
NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)
GHSA-xm3x-9cfw-jhx4
pkg: nl.nl-portal:form
eco: maven
published: Jun 19, 2026
## Summary

The public GraphQL resolvers `getFormDefinitionByObjectenApiUrl(url)` and the deprecated `getFormDefinitionById(id)` fetch a caller-supplied URL using the **privileged Objecten-API token**. Because the `/graphql` endpoint is `permitAll()` and these resolvers do not declare a `CommonGroun…

CVE-2026-55414
GitHub-GHSA

MEDIUM
ts-deepmerge: Prototype Method Override leads to DoS
GHSA-87mf-gv2c-c62c
pkg: ts-deepmerge
eco: npm
published: Jun 19, 2026
Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken ��…
CVE-2026-12644
GitHub-GHSA

MEDIUM
OpenClaw: Slack reaction events could ignore reaction notification settings
GHSA-fcvx-5cxc-v5p8
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Slack reaction events could ignore reaction notification settings. In affected versions, a Slack reaction event delivered to the configured app could enter the agent pipeline even when reaction notifications were disabled.

This advisory is scoped to the named feature and configuration.…

CVE-2026-53851
GitHub-GHSA

MEDIUM
opentelemetry-collector-contrib sentryexporter: Path traversal in Sentry exporter via attacker-controlled service.name reaches privileged Sentry API endpoints with operator bearer token
GHSA-4jvg-4jfx-fmhc
pkg: github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter
eco: go
published: Jun 18, 2026
Summary

The Sentry exporter constructs Sentry API URLs by interpolating the span's service.name resource attribute into the URL path without validation. Because
service.name is controlled by remote OTLP senders and the operator-configured bearer token is attached to ever…

CVE-2026-47256
GitHub-GHSA

MEDIUM
BBOT: Path traversal (Zip-Slip) in unarchive module – incomplete fix for CVE-2025-10284
GHSA-3vgw-585j-4m45
pkg: bbot
eco: pip
published: Jun 18, 2026
The `unarchive` internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools (e.g. GNU tar) which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extracti…
CVE-2026-12565
GitHub-GHSA

MEDIUM
Podman: WORKDIR symlink traversal vulnerability
GHSA-q6r4-3wmg-fwcq
pkg: github.com/containers/podman/v5, github.com/containers/podman/v4, github.com/containers/podman/v3
eco: go
published: Jun 18, 2026
### Summary

Running a malicous container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree dur…

CVE-2026-55686
GitHub-GHSA

MEDIUM
webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
GHSA-mx8g-39q3-5c79
pkg: webpack-dev-server
eco: npm
published: Jun 17, 2026
### Impact

When a user-configured proxy on `webpack-dev-server` has a broad context (e.g. `/`) and `ws: true`, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and `Origin` header to the backend, bypasses the dev server's Ho…

CVE-2026-9595
GitHub-GHSA

MEDIUM
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads
GHSA-3p4h-7m6x-2hcm
pkg: multer, multer
eco: npm
published: Jun 17, 2026
### Impact

A vulnerability in Multer allows an attacker to trigger a Denial of Service (DoS) by aborting or sending malformed multipart uploads, causing orphaned partial files to accumulate on disk when using diskStorage.

### Patches

Users should upgrade to `2.2.0`, `3.0.0-alpha.2` or higher

###…

CVE-2026-5038
GitHub-GHSA

MEDIUM
Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature
GHSA-563q-j3cm-6jxm
pkg: io.netty:netty-codec-http2, io.netty:netty-codec-http2
eco: maven
published: Jun 15, 2026
### Summary

Netty HTTP/2 max header size handling produces attack similar to HTTP/2 Rapid Reset.

### Details

There is a setting in the http2 specification called `SETTINGS_MAX_HEADER_LIST_SIZE`. According to[ the RFC](https://www.rfc-editor.org/rfc/rfc9113.html#name-defined-settings): “This adv…

CVE-2026-50560
GitHub-GHSA

MEDIUM
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
GHSA-hvcg-qmg6-jm4c
pkg: io.netty:netty-codec-http, io.netty:netty-codec-http
eco: maven
published: Jun 15, 2026
## Summary

Before reading the first request-line, `HttpObjectDecoder` skips every byte for which
`Character.isISOControl(b)` is `true` (0x00–0x1F and 0x7F) as well as all whitespace.
RFC 9112 §2.2 only asks servers to ignore **empty CRLF lines** preceding the request-line —
a carefully scoped …

CVE-2026-50020
GitHub-GHSA

MEDIUM
Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
GHSA-8xpq-cjcf-3wh9
pkg: deno
eco: rust
published: Jun 16, 2026
## Summary

Deno's permission system enforces filesystem and execution restrictions by
comparing the requested path against the path supplied to `–deny-read`,
`–deny-write`, `–deny-run`, or `–deny-ffi`. On macOS, that comparison was
done at the raw-byte level while the APFS filesystem treats dif…

CVE-2026-49401
GitHub-GHSA

MEDIUM
Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access
GHSA-4c8g-jvcx-v4hv
pkg: deno
eco: rust
published: Jun 16, 2026
## Summary

In Deno, environment access is gated by the `env` permission. You can deny it
with `–deny-env`, or restrict it to a specific allowlist with
`–allow-env=FOO,BAR`. The expectation is that a program running without `env`
permission cannot change `process.env`.

`process.loadEnvFile()` (th…

CVE-2026-49983
GitHub-GHSA

MEDIUM
Deno: WebSocket API sandbox bypass via missing post-DNS check
GHSA-83pc-3rw9-qpwj
pkg: deno
eco: rust
published: Jun 16, 2026
## Summary

When a WebSocket connection was opened, Deno checked the destination hostname
against `–deny-net` rules but did not re-check the IP addresses that hostname
resolved to. An attacker-controlled script could use a specially crafted domain
name that passes the hostname check yet resolves to…

CVE-2026-49860
GitHub-GHSA

MEDIUM
Deno: `fetch()` API sandbox bypass via missing DNS resolution check
GHSA-cpgj-f7g3-2pp2
pkg: deno
eco: rust
published: Jun 16, 2026
## Summary

When `fetch()` was called, Deno checked the destination hostname against
`–deny-net` rules but did not re-check the IP addresses that hostname
resolved to. An attacker-controlled script could use a specially crafted domain
name that passes the hostname check yet resolves to a denied IP,…

CVE-2026-49859
GitHub-GHSA

MEDIUM
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
GHSA-wh3w-v6gj-fqh2
pkg: org.apache.dolphinscheduler:dolphinscheduler-api
eco: maven
published: Jun 17, 2026
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

This issue affects Apache DolphinScheduler versions prior to 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes this issue.

CVE-2026-41280
GitHub-GHSA

MEDIUM
NCalc: Denial of Service via Unbounded and Non-Terminating Factorial Evaluation
GHSA-3w5p-95mh-gq75
pkg: NCalc.Core, NCalcSync
eco: nuget
published: Jun 18, 2026
### Impact

A denial-of-service (DoS) vulnerability exists in the factorial operator implementation of NCalc. Specially crafted expressions containing extremely large factorial operands can trigger excessive CPU consumption or cause evaluation to enter a non-terminating loop due to integer overflow …

CVE-2026-55254
GitHub-GHSA

MEDIUM
Netty: QUIC stateless reset token material exposed through header-visible connection IDs
GHSA-cq4q-cv5g-r8q5
pkg: io.netty:netty-codec-classes-quic
eco: maven
published: Jun 15, 2026
### Summary
Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers …
CVE-2026-50009
GitHub-GHSA

MEDIUM
Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure
GHSA-wwf9-7jrc-rv4q
pkg: @outerbase/studio
eco: npm
published: Jun 19, 2026
## Summary

A Stored Cross-Site Scripting (XSS) issue previously existed in the Text Widget in Board of Outerbase Studio where unsanitized HTML could be rendered using `dangerouslySetInnerHTML`

### Steps to Reproduce

1. Create a new dashboard.
2. Add a **Text widget**.
3. Insert the following payl…

CVE-2026-55650
GitHub-GHSA

MEDIUM
CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade
GHSA-wjpq-6766-7f5j
pkg: CoreWCF.UnixDomainSocket, CoreWCF.UnixDomainSocket
eco: nuget
published: Jun 19, 2026
### Impact
A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type (UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity) does not require the client to perform the application/unixposix…
CVE-2026-54776
GitHub-GHSA

MEDIUM
SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals
GHSA-hv6h-hc26-q48p
pkg: surrealdb
eco: rust
published: Jun 19, 2026
A record user could read field values hidden from them by field-level SELECT permissions by reaching the records through a graph-edge (`->`) or back-reference (`<~`) traversal instead of a direct `SELECT`.

When a table was readable at the table level but carried a field hidden by a field-level perm…

GitHub-GHSA

MEDIUM
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field
GHSA-h4h3-3rfj-x6fq
pkg: surrealdb
eco: rust
published: Jun 19, 2026
A field can be hidden from a user with a field-level SELECT permission (`DEFINE FIELD code ON secret PERMISSIONS FOR select WHERE owner = $auth.id`). When that field is indexed, a record user who cannot read it could still recover the relative ordering of its values across every record by issuing `O…
GitHub-GHSA

MEDIUM
praisonai-platform: Authorization Bypass Through User-Controlled Key
GHSA-2fjj-qqg8-fg7x
pkg: praisonai-platform
eco: pip
published: Jun 18, 2026
## Summary

The issue create and update endpoints in `praisonai-platform` accept a `project_id` in the request body and persist it without validating that the project belongs to the URL workspace. A user who is a member of workspace `W_B` (and has no access to workspace `W_A`) can create issues that…

GitHub-GHSA

MEDIUM
PraisonAI: Unauthenticated Event Injection via SSE `/publish` Endpoint
GHSA-35w5-pcw4-jx94
pkg: praisonaiagents
eco: pip
published: Jun 18, 2026
## Summary

The SSE (Server-Sent Events) server in `src/praisonai-agents/praisonaiagents/server/server.py` exposes a `/publish` endpoint that broadcasts arbitrary messages to all connected clients without any authentication. The `ServerConfig` dataclass (line 24) defines an `auth_token` field, but t…

GitHub-GHSA

MEDIUM
Deno: Denial of service via non-ASCII bytes in WebSocket response headers
GHSA-x2qc-cmh9-f4hf
pkg: deno
eco: rust
published: Jun 17, 2026
## Summary

A Deno program that opens a client `WebSocket` connection could be crashed by
the remote server. While handling the WebSocket handshake response, Deno parsed
the `Sec-WebSocket-Protocol` and `Sec-WebSocket-Extensions` response headers in
a way that assumed their bytes were always printab…

CVE-2026-55517
GitHub-GHSA

MEDIUM
katello: missing repository authorization in content_uploads exposes cross-product content existence
GHSA-c43c-rf7g-5xpg
pkg: katello
eco: rubygems
published: Jun 17, 2026
A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage…
CVE-2026-12515
GitHub-GHSA

MEDIUM
Gitea: Missing repository-unit authorization on issue-template API endpoints
GHSA-3fwp-p5rj-2pxf
pkg: code.gitea.io/gitea
eco: go
published: Jun 16, 2026
## Summary

Three Gitea API endpoints — `GET /repos/{owner}/{repo}/issue_templates`,
`GET /repos/{owner}/{repo}/issue_config` and `GET /repos/{owner}/{repo}/issue_config/validate`
— read files from the repository's **Code** default branch (`.gitea/ISSUE_TEMPLATE/*`
and `issue_config.yaml`) and r…

CVE-2026-27783
GitHub-GHSA

MEDIUM
Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw
GHSA-8629-vc8r-5p58
pkg: code.gitea.io/gitea
eco: go
published: Jun 16, 2026
## Summary

Two related issues in the token public-only scope enforcement introduced by PR #32204 (CVE-2025-68941 fix). A public-only scoped API token can access private organization data.

## Issue 1: /user/orgs missing checkTokenPublicOnly()

`routers/api/v1/api.go` line 1599:
“`go
m.Get("/user/o…

CVE-2026-25714
GitHub-GHSA

MEDIUM
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
GHSA-fjv8-j4p5-cr9m
pkg: github.com/daytonaio/daytona
eco: go
published: Jun 18, 2026
## Summary
A sandbox volume reference (`volumeId`, which may also be a volume name) was forwarded to the
runner and used to build the host bind-mount source path without confinement. A reference
containing path-traversal sequences could in principle resolve the mount source outside the
intended per-…
CVE-2026-54319
GitHub-GHSA

MEDIUM
ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider
GHSA-g5h5-m4hm-xjrr
pkg: github.com/zitadel/zitadel
eco: go
published: Jun 18, 2026
### Summary

An authentication bypass vulnerability was discovered in ZITADEL's external JWT Identity Provider (IdP) implementation.

When validating JSON Web Tokens (JWTs) from an external provider, ZITADEL properly checks the token's cryptographic signature and issuer (`iss`), but it fails to vali…

CVE-2026-55669
GitHub-GHSA

MEDIUM
ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider
GHSA-wxg7-w2v3-w38g
pkg: github.com/zitadel/zitadel
eco: go
published: Jun 18, 2026
### Summary

Two closely related token lifecycle validation vulnerabilities were discovered in ZITADEL's external JWT Identity Provider (IdP) implementation.

Specifically, within the validation pipeline:

* **Missing Expiration (`exp`) Enforcement:** If an incoming JWT omits the `exp` claim entirel…

GitHub-GHSA

MEDIUM
Caddy: stripHTML template function bypass
GHSA-vcc4-2c75-vc9v
pkg: github.com/caddyserver/caddy/v2, github.com/caddyserver/caddy
eco: go
published: Jun 16, 2026
### Summary
Caddy’s `stripHTML` template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as `<<>img src=x onerror=alert()>`, can bypass the tag-stripping logic, potentially leaving dangerous content in the output if it is later rendered as HTML. This …
CVE-2026-52846
GitHub-GHSA

MEDIUM
SurrealDB: SSRF via JWKS URL — Redirect Following in JWT Key Fetch
GHSA-h5rg-8p7f-47g2
pkg: surrealdb
eco: rust
published: Jun 19, 2026
SurrealDB fetches the JWKS document for a JWT or record access method using a bare `reqwest` client that follows HTTP redirects by default. The network capability check in `core/src/iam/jwks.rs` (`check_capabilities_url`) is applied only to the originally configured URL; redirect targets are not re-…
GitHub-GHSA

MEDIUM
MCPVault: PathFilter restricted directories (.git/.obsidian/node_modules) only denied at vault root, not nested
GHSA-9c83-rr99-vfwj
pkg: @bitbonsai/mcpvault
eco: npm
published: Jun 19, 2026
PathFilter's deny-list glob patterns are anchored, so `.git`, `.obsidian`, and `node_modules` were only blocked at the vault root. Nested copies inside the vault (e.g. `tools/cli/node_modules/…`, `tools/somerepo/.git/config`, a nested `.obsidian/`) were fully traversable via isAllowed/isAllowedFor…
GitHub-GHSA

MEDIUM
py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()
GHSA-h4gh-22qq-72r7
pkg: py7zr
eco: pip
published: Jun 19, 2026
### Summary

PackInfo._read() uses an O(n^2) cumulative sum pattern where
numstreams is read directly from the archive header. A crafted .7z
archive with a large numstreams value causes excessive CPU consumption
during SevenZipFile.__init__() — no extraction is needed. A 50 KB
archive tak…

CVE-2026-55206
GitHub-GHSA

MEDIUM
py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size
GHSA-gjrg-mpp7-g774
pkg: py7zr
eco: pip
published: Jun 19, 2026
py7zr's `Worker.decompress()` extracts archive entries without tracking total decompressed size. A crafted `.7z` file can exhaust disk or memory before the extraction completes.

Measured: 15.6 KB archive → 100 MB output (6,556:1 ratio).

**Proof of concept:**

“`python
import py7zr, tempfile, os…

CVE-2026-55195
GitHub-GHSA

MEDIUM
Open Redirect Bypass in miniflux-v2
GHSA-m999-j542-5w3r
pkg: miniflux.app/v2
eco: go
published: Jun 19, 2026
### Summary
The URL restrictions in `miniflux-v2` can be bypassed by attackers, leading to an open redirect vulnerability.

### Details

Normally, the redirect URL needs to be validated using `IsRelativePath`.

<img width="1728" height="1386" alt="QQ20260526-175356-26-1" src="https://github.com/user…

CVE-2026-55185
GitHub-GHSA

MEDIUM
http4k: `ServerFilters.DigestAuth` / `DigestAuthProvider` defaulted to an always-true nonce verifier, disabling replay protection in default deployments
GHSA-c7jm-38gq-h67h
pkg: org.http4k:http4k-security-digest, org.http4k:http4k-security-digest, org.http4k:http4k-security-digest
eco: maven
published: Jun 19, 2026
### Impact

`ServerFilters.DigestAuth` and the underlying `DigestAuthProvider` both defaulted their `nonceVerifier` parameter to `{ true }` — i.e. every nonce was accepted regardless of value, age, or prior use. Any deployment using the default configuration had **no replay protection** on Digest …

GitHub-GHSA

MEDIUM
http4k: BasicCookieStorage` (renamed `InsecureCookieStorage`) did not enforce RFC 6265 cookie scoping; new `DefaultCookieStorage` is now the default
GHSA-pr33-38xx-6r26
pkg: org.http4k:http4k-core, org.http4k:http4k-core, org.http4k:http4k-core
eco: maven
published: Jun 19, 2026
### Impact

The previous `BasicCookieStorage` did not enforce RFC 6265 scoping rules around cookie domain, path, and `Secure` attribute. A client using a single storage instance to talk to multiple origins could have cookies leak across domains, or have `Secure` cookies sent over plain HTTP — the …

GitHub-GHSA

MEDIUM
http4k: `reverseProxy()` defaulted to substring (`Contains`) matching on `Host`; tightened to `Exact`
GHSA-jrpc-7vxp-69p6
pkg: org.http4k:http4k-core, org.http4k:http4k-core, org.http4k:http4k-core
eco: maven
published: Jun 19, 2026
### Impact

`reverseProxy()` and `reverseProxyRouting()` matched configured vhosts by substring on the `Host` header (`Contains` matcher) by default. The intended use of these functions in http4k is **outbound dispatch** (e.g. matching AWS service subdomains, per the `Contains` docstring) and **test…

GitHub-GHSA

MEDIUM
Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails
GHSA-4mr2-fg2p-w63c
pkg: github.com/traefik/traefik/v3
eco: go
published: Jun 19, 2026
## Summary

There is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported `nginx.ingress.kubernetes.io/auth-type` and `auth-secret` annotations, but th…

CVE-2026-54762
GitHub-GHSA

MEDIUM
go.qbee.io/transport: Symlink-chain path traversal in tar extraction (one level outside destination)
GHSA-f9m7-vc86-p6jj
pkg: go.qbee.io/transport
eco: go
published: Jun 19, 2026
### Impact

The go.qbee.io/transport library is affected by a symlink-chain path traversal vulnerability in its extractTar routine. The library's path validation is strictly lexical and fails to account for on-disk symlinks created earlier in the extraction process. Consequently, a crafted tar archi…

CVE-2026-55828
GitHub-GHSA

MEDIUM
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName
GHSA-fcw4-wwqm-m8cf
pkg: github.com/grafana/grafana-operator/v5, github.com/grafana/grafana-operator
eco: go
published: Jun 19, 2026
We have released version 5.24.0 of the Grafana Operator. This patch includes a MODERATE severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.

### Summary

The Grafana Operator supports loading dashboards & library panels using the jsonnet data templ…

CVE-2026-11769
GitHub-GHSA

MEDIUM
Python Liquid: Infinite loop when parsing malformed `{% case %}` tags
GHSA-vq2f-vcc9-j8mv
pkg: python-liquid
eco: pip
published: Jun 19, 2026
### Impact
Given a malformed `{% case %}` tag without associated `{% when %}` or `{% else %}` block, and no terminating `{% endcase %}` tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack.

### Patches
T…

CVE-2026-55865
GitHub-GHSA

MEDIUM
containerd: CRI checkpoint import allows local image tag poisoning
GHSA-cvxm-645q-p574
pkg: github.com/containerd/containerd/v2, github.com/containerd/containerd/v2, github.com/containerd/containerd/v2
eco: go
published: Jun 19, 2026
## Impact
containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious im…
CVE-2026-50195
GitHub-GHSA

MEDIUM
parse-server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL
GHSA-wmwx-jr2p-4j4r
pkg: parse-server, parse-server
eco: npm
published: Jun 19, 2026
### Impact

A relation query using the `$relatedTo` operator could read the membership of a `Relation` field even when that field was hidden from the requesting client by `protectedFields`, and even when the object owning the relation was not readable by the client under its ACL or class-level permi…

CVE-2026-53726
GitHub-GHSA

MEDIUM
parse-server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied
GHSA-75v4-m273-5j49
pkg: parse-server
eco: npm
published: Jun 19, 2026
### Impact

Apps that enable MFA and deny `get` on the `_User` class via Class-Level Permissions could expose sensitive user data through the `/login` and `/verifyPassword` endpoints.

These endpoints re-fetch the user through the access-controlled query pipeline (CLP, `protectedFields`, auth-adapte…

CVE-2026-53725
GitHub-GHSA

MEDIUM
parse-server: Server option routeAllowList is bypassable through batch sub-requests
GHSA-p84r-h6rx-f2xr
pkg: parse-server
eco: npm
published: Jun 19, 2026
### Impact

The `routeAllowList` server option restricts external client access to a configured list of REST API routes. The check is only enforced as Express middleware against the outer HTTP request URL, so the `/batch` handler dispatches each sub-request to the internal router without re-running …

CVE-2026-50008
GitHub-GHSA

MEDIUM
containerd image-triggered runtime DoS via unbounded group parsing
GHSA-jpcc-p29g-p8mq
pkg: github.com/containerd/containerd/v2, github.com/containerd/containerd, github.com/containerd/containerd/v2
eco: go
published: Jun 19, 2026
### Impact
A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unav…
CVE-2026-47262
GitHub-GHSA

MEDIUM
Hugo: Symlink confinement bypass in os.ReadFile
GHSA-c3wq-j5vh-68rc
pkg: github.com/gohugoio/hugo
eco: go
published: Jun 19, 2026
**Affected versions:** v0.123.0 through v0.163.0. Earlier versions are not affected.
**Fixed in:** v0.163.1.
**Severity:** Medium. Requires the attacker to be able to place (or convince a site author to place) a symlink inside a mounted directory — for example, inside a locally-vendored theme unde…
GitHub-GHSA

MEDIUM
Hugo: XSS via unescaped code-fence language in default code block renderer
GHSA-q76j-gcg9-vxc6
pkg: github.com/gohugoio/hugo
eco: go
published: Jun 19, 2026
Hugo's default code-block renderer wrote the Markdown code-fence language / info-string into the `<code class="language-…" data-lang="…">` wrapper without HTML escaping. A fence info-string containing a quote and a `<script>` payload breaks out of the attribute and injects a live script element.…
GitHub-GHSA

MEDIUM
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
GHSA-5prr-v3j2-97mh
pkg: nokogiri
eco: rubygems
published: Jun 19, 2026
### Summary

`Nokogiri::XML::NodeSet#[]` (and its alias `#slice`) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is…

GitHub-GHSA

MEDIUM
JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol
GHSA-vmhf-c436-hxj4
pkg: jupyterlab
eco: pip
published: Jun 19, 2026
A malicious PyPI package can place a `javascript:` URL in its `[project.urls]` metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab or…
GitHub-GHSA

MEDIUM
Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind
GHSA-2h46-9x5w-4wf7
pkg: github.com/entireio/cli
eco: go
published: Jun 19, 2026
### Impact

A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes `entire session resume` or `entire checkpoint rewind` to write attacker-controlled transcript data outside of the expected ses…

GitHub-GHSA

MEDIUM
Canonical MicroCeph: path traversal issue in the remote-import AP
GHSA-xg3j-c7q4-f9ph
pkg: github.com/canonical/microceph/microceph
eco: go
published: Jun 19, 2026
Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/mic…
CVE-2026-10720
GitHub-GHSA

MEDIUM
OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
GHSA-4hpg-mp64-x7xq
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Internal/webchat command auth could inherit ownerAllowFrom wildcard state. In affected versions, a sender on an affected internal or webchat path could inherit wildcard ownerAllowFrom state across channel boundaries.

This advisory is scoped to the named feature and configuration. It do…

CVE-2026-53854
GitHub-GHSA

MEDIUM
OpenClaw: Focus command could miss controlScope enforcement
GHSA-mpc8-jxjh-qpgh
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Focus command could miss controlScope enforcement. In affected versions, a caller able to trigger the focus command could run the command without enforcing the expected control scope.

This advisory is scoped to the named feature and configuration. It does not change OpenClaw's trusted-…

CVE-2026-53850
GitHub-GHSA

MEDIUM
OpenClaw: Active Memory write scope could mutate global config
GHSA-x629-46cc-7xgw
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Active Memory write scope could mutate global config. In affected versions, a Gateway caller with `operator.write` access to the affected command could change global configuration without requiring `operator.admin`.

This advisory is scoped to the named feature and configuration. It doe…

CVE-2026-53847
GitHub-GHSA

MEDIUM
[Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat
GHSA-qwjm-9c66-w4q4
pkg: @theia/ai-chat-ui, @theia/ai-chat, @theia/ai-claude-code
eco: npm
published: Jun 18, 2026
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encod…
CVE-2026-22551
GitHub-GHSA

MEDIUM
Armeria: External Control of File Name or Path in xDS SDS DataSource
GHSA-hgw6-8c77-v4gq
pkg: com.linecorp.armeria:armeria-xds
eco: maven
published: Jun 18, 2026
## External Control of File Name or Path in xDS SDS DataSource

### Summary

`DataSourceStream` in the `:xds` module resolves control-plane-supplied `filename` and `environment_variable` fields from SDS Secret resources without any allow-list or base-directory confinement. A semi-trusted or compromi…

CVE-2026-11752
GitHub-GHSA

MEDIUM
opentelemetry-collector-contrib: githubreceiver silently ignores configured required_headers authentication
GHSA-w5cv-pw74-4rxc
pkg: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/githubreceiver
eco: go
published: Jun 18, 2026
## githubreceiver Silently Ignores Configured required_headers Authentication

### Summary

The githubreceiver webhook handler does not enforce the `required_headers` configuration. Headers are validated at startup (config rejects empty keys/values) but never checked on incoming requests. This follo…

CVE-2026-55701
GitHub-GHSA

MEDIUM
MCPVault: PathFilter restricted-directory deny-list bypass via case and trailing dot/space equivalence
GHSA-j99q-93c9-h869
pkg: @bitbonsai/mcpvault
eco: npm
published: Jun 18, 2026
On case-insensitive filesystems (macOS, Windows), PathFilter compiled its deny-list patterns case-sensitively and matched the path verbatim, so names like `.Git/config`, `.GIT/config`, or `.oBsIdIaN/secrets.md` slipped past the `.git`/`.obsidian`/`node_modules` restriction while the OS opened the re…
GitHub-GHSA

MEDIUM
pypdf: Missing stream length values ignore defined limits
GHSA-jm82-fx9c-mx94
pkg: pypdf
eco: pip
published: Jun 18, 2026
### Impact

An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as `MAX_DECLARED_STREAM_LENGTH` is sometimes ignored. This requires parsing a content stream without a `/Length` value.

### Patches
This has been fixed in [pypdf==6.13.3](https://github.com/py-pdf…

GitHub-GHSA

MEDIUM
DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
GHSA-cmwh-pvxp-8882
pkg: dompurify
eco: npm
published: Jun 18, 2026
## Summary

DOMPurify 3.4.7 shipped a security fix ("permanent hook pollution") that makes a registered `uponSanitizeAttribute` hook's mutation of `data.allowedAttributes` **non-persistent** — so allowing an attribute for one element does not leak into later `sanitize()` calls. The fix clones `ALL…

GitHub-GHSA

MEDIUM
TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes
GHSA-2vcc-5v34-9jc8
pkg: tinacms, @tinacms/mdx
eco: npm
published: Jun 18, 2026
TinaCMS rich-text parsing and the default link/image renderers did not sanitize the `url` field on Slate link/image nodes. Content containing `javascript:` or `data:text/html` URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is rendered into `href`/`src`…
CVE-2026-55661
GitHub-GHSA

MEDIUM
Hydro: Insufficient session expiration when recreating sessions
GHSA-94jp-7776-qj6q
pkg: hydrooj
eco: npm
published: Jun 18, 2026
### Impact

Hydro contains an insufficient session expiration vulnerability in its session recreation logic. When a session is recreated, including during logout or other session renewal flows, Hydro creates a new session token but does not delete the previous server-side session token.

As a result…

CVE-2026-55617
GitHub-GHSA

MEDIUM
http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass
GHSA-64mm-vxmg-q3vj
pkg: http-proxy-middleware, http-proxy-middleware
eco: npm
published: Jun 18, 2026
# Summary

`http-proxy-middleware` documents `router` proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted `Host` header that is only a superstring match for a co…

CVE-2026-55602
GitHub-GHSA

MEDIUM
jodit: Prototype pollution in Jodit via Jodit.modules.Helpers.set()
GHSA-vpmm-x3fm-qr5c
pkg: jodit
eco: npm
published: Jun 18, 2026
### Summary
`Jodit.modules.Helpers.set(chain, value, obj)` walks the dot-separated `chain`, creating and following each path segment, without filtering prototype-mutating keys. A chain that begins with (or contains) `__proto__`, `constructor`, or `prototype` lets the final assignment reach and mutat…
CVE-2026-55886
GitHub-GHSA

MEDIUM
OpenClaw: Tool group policy callers could accept unvalidated group IDs
GHSA-985f-72mj-8gf7
pkg: openclaw
eco: npm
published: Jun 18, 2026
### Summary

Tool group policy callers could accept unvalidated group IDs. In affected versions, a caller that can supply a group id to the affected policy resolver could resolve policy for an unvalidated group id.

This advisory is scoped to the named feature and configuration. It does not change O…

CVE-2026-53863
GitHub-GHSA

MEDIUM
Gitea: Open Redirect via redirect_to
GHSA-j5r2-4c8j-xc3m
pkg: github.com/go-gitea/gitea
eco: go
published: Jun 17, 2026
### Details

Despite the validation within `urlIsRelative` in `modules/httplib/url.go`, an open redirect is still possible due to usage of directory traversal sequences plus a back-slash in the "redirect_to" parameter.

### PoC

When a user uses this URL to login:

`https://gitea.com/user/login?redi…

CVE-2026-25779
GitHub-GHSA

MEDIUM
Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
GHSA-fg94-h982-f3mm
pkg: @anthropic-ai/claude-code
eco: npm
published: Jun 17, 2026
Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to –allowedTools restrictions. An attacker able to inject untrus…
CVE-2026-54316
GitHub-GHSA

MEDIUM
Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
GHSA-3g6v-2r68-prfc
pkg: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2, github.com/traefik/traefik
eco: go
published: Jun 17, 2026
## Summary

There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the `crossProviderNamespaces` allowlist. For `HTTPRoute` rules that declare multiple (WRR) backendRefs, Traefik evaluates the allowlist against the target `backendRef.namespace` instead of the route…

CVE-2026-54761
GitHub-GHSA

MEDIUM
Gitea: Token scope bypass on web archive download endpoint
GHSA-cr4g-f395-h25h
pkg: code.gitea.io/gitea
eco: go
published: Jun 16, 2026
## Summary

PR #37698 added checkDownloadTokenScope to /raw/*, /media/*, and attachment download web endpoints. The /archive/* endpoint (repo.Download in routers/web/repo/repo.go:372) was not included in the fix. This endpoint accepts OAuth2 tokens via webAuth.AllowOAuth2 (registered at routers/web/…

CVE-2026-20706
GitHub-GHSA

MEDIUM
Hugo: Symlink confinement bypass in resources.Get
GHSA-fw87-fv5r-9fpw
pkg: github.com/gohugoio/hugo
eco: go
published: Jun 16, 2026
**Commit:** [f8b5fa09a6](https://github.com/gohugoio/hugo/commit/f8b5fa09a6) — _Fix prevention of direct symlink reads in resources.Get_
**Affected versions:** v0.123.0 through v0.161.1. Earlier versions are not affected.
**Fixed in:** v0.162.0.
**Severity:** Medium. Requires the attacker to be ab…
CVE-2026-50135
GitHub-GHSA

MEDIUM
Hugo: security.http.urls allow-list bypass via HTTP redirects
GHSA-vxgm-5rmg-5w8g
pkg: github.com/gohugoio/hugo
eco: go
published: Jun 16, 2026
**Commit:** [86fbb0f7a8](https://github.com/gohugoio/hugo/commit/86fbb0f7a8) — _security: Validate redirects against security.http.urls_
**Affected versions:** v0.91.0 (when `security.http.urls` was introduced) through v0.161.1.
**Fixed in:** v0.162.0.
**Severity:** Only relevant for sites that re…
CVE-2026-50134
GitHub-GHSA

MEDIUM
Hugo: XSS via text/html content files
GHSA-c54g-xjwj-8g82
pkg: github.com/gohugoio/hugo
eco: go
published: Jun 16, 2026
**Commit:** [e41a06447d](https://github.com/gohugoio/hugo/commit/e41a06447d) — _Disallow HTML content by default_
**Affected versions:** all Hugo versions prior to v0.162.0.
**Fixed in:** v0.162.0.
**Severity:** Low to Medium, depending on threat model. Not an issue if you fully trust every file u…
CVE-2026-50133


Vulnerability Digest — June 15, 2026 · 54 Critical · 5 Exploited






Vulnerability Digest — Monday, June 15, 2026


Security Report

Monday, June 15, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
366
Critical
54
High
210
Actively Exploited
5
CISA-KEV5
NVD239
GitHub-GHSA122
Findings sorted by severity
CISA-KEV

CRITICAL
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
CVE-2026-35273
pkg: Oracle PeopleSoft Enterprise PeopleTools

published: Jun 12, 2026

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Ivanti Sentry OS Command Injection Vulnerability
CVE-2026-10520
pkg: Ivanti Sentry

published: Jun 11, 2026

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged stat…
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
CVE-2026-11645
pkg: Google Chromium V8

published: Jun 9, 2026

Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Ed…
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
CVE-2026-7473
pkg: Arista Extensible Operating System

published: Jun 9, 2026

Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
CVE-2026-20245
pkg: Cisco Catalyst SD-WAN Manager

published: Jun 9, 2026

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NVD

CRITICAL
CVE-2026-47208
CVE-2026-47208
pkg: node

published: Jun 12, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4.
CWE: CWE-913
NVD

CRITICAL
CVE-2026-47140
CVE-2026-47140
pkg: node

published: Jun 12, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach host-si…
CWE: CWE-693
NVD

CRITICAL
CVE-2026-47137
CVE-2026-47137
pkg: node

published: Jun 12, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality (options.require === false), which is t…
CWE: CWE-913
NVD

CRITICAL
CVE-2026-47131
CVE-2026-47131
pkg: node

published: Jun 12, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), and Node.js's ERR_INVALID_ARG_TYPE Error, the host's TypeError constructor can be obtained, whic…
CWE: CWE-913
NVD

CRITICAL
CVE-2026-49261
CVE-2026-49261
pkg: node

published: Jun 11, 2026

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node. This is fixed in 1…
CWE: CWE-78
NVD

CRITICAL
CVE-2026-50566
CVE-2026-50566
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability contain…
CWE: CWE-250, CWE-269
NVD

CRITICAL
CVE-2026-50564
CVE-2026-50564
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for r…
CWE: CWE-269, CWE-284, CWE-693
NVD

CRITICAL
CVE-2026-50563
CVE-2026-50563
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built…
CWE: CWE-269, CWE-284
NVD

CRITICAL
CVE-2026-50545
CVE-2026-50545
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fiel…
CWE: CWE-269, CWE-284, CWE-693
NVD

CRITICAL
CVE-2026-45558
CVE-2026-45558
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option field that is not vali…
CWE: CWE-20, CWE-77, CWE-78, CWE-94
NVD

CRITICAL
CVE-2026-45556
CVE-2026-45556
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to config_mod.master_slave_upload_and_restart(…) as the de…
CWE: CWE-20, CWE-22, CWE-73, CWE-78
NVD

CRITICAL
CVE-2026-45552
CVE-2026-45552
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → @jwt_required() (app/routes/install/routes.py:36-39). The individual endpoints install_exporter, install_waf, install_geoip,…
CWE: CWE-639, CWE-862, CWE-863
GitHub-GHSA

CRITICAL
nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation
GHSA-598g-h2vc-h5vg
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 8, 2026
The `/api/v1/*` route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at `internal/api/hosts.go:384`: *"API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer."*

The Web UI gates state-changing rou…

CVE-2026-47724
NVD

CRITICAL
CVE-2026-46442
CVE-2026-46442
pkg: flowiseai flowise

published: Jun 8, 2026

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When E2B_APIKE…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-54133
CVE-2026-54133
pkg: express

published: Jun 12, 2026

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when `JmesPath\CompilerRuntime` is used with an a…
CWE: CWE-20, CWE-94, CWE-116
NVD

CRITICAL
CVE-2026-47210
CVE-2026-47210
pkg: node

published: Jun 12, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending). …
CWE: CWE-913
NVD

CRITICAL
CVE-2026-48611
CVE-2026-48611
pkg: oauth

published: Jun 12, 2026

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
CWE: CWE-287
NVD

CRITICAL
CVE-2026-11561
CVE-2026-11561
pkg: express

published: Jun 11, 2026

Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.

This issue affects Apinizer: from 2026.04.0 before 2026.04.6.

CWE: CWE-917
NVD

CRITICAL
CVE-2026-46614
CVE-2026-46614
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/<name> and /fission-function/<ns>/<name> — for every Fun…
CWE: CWE-284, CWE-862
NVD

CRITICAL
CVE-2026-36721
CVE-2026-36721
pkg: jwt

published: Jun 9, 2026

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
CWE: CWE-347
NVD

CRITICAL
CVE-2026-52778
CVE-2026-52778
pkg: express

published: Jun 8, 2026

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passing…
CWE: CWE-94, CWE-1333
NVD

CRITICAL
CVE-2026-46289
CVE-2026-46289
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

lib/scatterlist: fix length calculations in extract_kvec_to_sg

Patch series "Fix bugs in extract_iter_to_sg()", v3.

Fix bugs in the kvec and user variants of extract_iter_to_sg. This series
is growing due to useful remarks made …

NVD

CRITICAL
CVE-2026-39910
CVE-2026-39910
pkg: oauth

published: Jun 8, 2026

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT servers…
CWE: CWE-862
NVD

CRITICAL
CVE-2026-44631
CVE-2026-44631
pkg: apache http_server

published: Jun 8, 2026

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.

CWE: CWE-124
NVD

CRITICAL
CVE-2026-46703
CVE-2026-46703
pkg: docker

published: Jun 10, 2026

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in …
CWE: CWE-22
NVD

CRITICAL
CVE-2026-53474
CVE-2026-53474
pkg: kubernetes

published: Jun 10, 2026

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Inj…
CWE: CWE-89
NVD

CRITICAL
CVE-2026-42904
CVE-2026-42904
pkg: microsoft windows_10_21h2, microsoft windows_10_22h2, microsoft windows_11_23h2

published: Jun 9, 2026

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CWE: CWE-122
NVD

CRITICAL
CVE-2026-11671
CVE-2026-11671
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-11659
CVE-2026-11659
pkg: google chrome, linux linux_kernel

published: Jun 9, 2026

Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

CRITICAL
CVE-2026-11654
CVE-2026-11654
pkg: google chrome, apple macos

published: Jun 9, 2026

Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-11651
CVE-2026-11651
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-11638
CVE-2026-11638
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-11634
CVE-2026-11634
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-50090
CVE-2026-50090
pkg: oauth

published: Jun 12, 2026

The Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/authorize) is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R…
CWE: CWE-1289
NVD

CRITICAL
CVE-2026-46316
CVE-2026-46316
pkg: linux

published: Jun 9, 2026

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry

vgic_its_invalidate_cache() walks the per-ITS translation cache with
xa_for_each() and drops the cache's reference on each entry with
vgic_put_ir…

NVD

CRITICAL
CVE-2026-50083
CVE-2026-50083
pkg: oauth

published: Jun 12, 2026

The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical). When combined with CVE-2026-50082, CVE-5008…
CWE: CWE-798
NVD

CRITICAL
CVE-2026-9648
CVE-2026-9648
pkg: tls

published: Jun 11, 2026

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to imperson…
GitHub-GHSA

CRITICAL
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
GHSA-9gw6-46qc-99vr
pkg: meta-ads-mcp
eco: pip
published: Jun 11, 2026
# Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

| Field | Value |
| —————- | —– |
| Repository | pipeboard-co/meta-ads-mcp |
| Affected version | ≤ 1.0.101 (commit 496c988 ~ 7d14226); Versions 1.0.102–1.0.105 lack git tags, so patch statu…

CVE-2026-48039
NVD

CRITICAL
CVE-2026-45550
CVE-2026-45550
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() — which validates that the caller has some group, not that the target c…
CWE: CWE-639, CWE-862, CWE-863
GitHub-GHSA

CRITICAL
Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery
GHSA-mqq6-462x-jxmm
pkg: github.com/dhax/go-base
eco: go
published: Jun 10, 2026
## Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation

### Affected Component
– `github.com/dhax/go-base` — Go REST API boilerplate (go-chi/jwtauth/v5, Viper, PostgreSQL/Bun)
– 1,685 stars on GitHub

### Vulnerability Locations

| File | Line | Role |
|——|——|——|
| `dev…

CVE-2026-48031
NVD

CRITICAL
CVE-2026-36727
CVE-2026-36727
pkg: jwt

published: Jun 9, 2026

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
CWE: CWE-287
NVD

CRITICAL
CVE-2026-34182
CVE-2026-34182
pkg: openssl

published: Jun 9, 2026

Issue Summary: Cryptographic Message Services (CMS) processing fails to perform
sufficient input validation on the cipher and tag length fields of
AuthEnvelopedData containers, leading to various potential compromises.

Impact Summary: Attackers making use of these vulnerabilities may achieve
key-eq…

CWE: CWE-354
GitHub-GHSA

CRITICAL
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
GHSA-6xp4-cf37-ppjh
pkg: @budibase/server
eco: npm
published: Jun 12, 2026
## Summary

`/api/public/v1/roles/assign` is guarded by the `builderOrAdmin` middleware, which passes any user who is a builder for the app id in the `x-budibase-app-id` header. That check admits both global builders and workspace-scoped builders (`builder.apps` set but `builder.global` unset). The …

CVE-2026-48150
NVD

CRITICAL
CVE-2026-41005
CVE-2026-41005
pkg: oauth

published: Jun 11, 2026

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to fa…
CWE: CWE-347
GitHub-GHSA

CRITICAL
Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin
GHSA-hrj8-hjv8-mgwc
pkg: github.com/julien040/anyquery/plugins/chrome, github.com/julien040/anyquery/plugins/brave, github.com/julien040/anyquery/plugins/edge
eco: go
published: Jun 8, 2026
# AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin

| Field | Value |
| —————- | —– |
| Repository | julien040/anyquery |
| Affected version | 0.4.4 (commit 0abd460) |
| Vulnerability | CWE-94 — Improper Control of Generation of Code |
| Seve…

CVE-2026-47252
NVD

CRITICAL
CVE-2026-11393
CVE-2026-11393
pkg: python

published: Jun 8, 2026

Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another u…
CWE: CWE-94
GitHub-GHSA

CRITICAL
shell-quote quote() does not escape newlines in object .op values
GHSA-w7jw-789q-3m8p
pkg: shell-quote
eco: npm
published: Jun 9, 2026
### Summary

`shell-quote`'s `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (`\n`, `\r`, U+2028, U+2029). A line ter…

CVE-2026-9277
GitHub-GHSA

CRITICAL
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
GHSA-qvv5-jq5g-4cgg
pkg: baileys, @whiskeysockets/baileys, baileys
eco: npm
published: Jun 10, 2026
### Impact
Any baileys session under the latest version (< 7.0.0-rc12, and < 6.7.22) can be sent a malicious payload via the placeholderResendMessage and trigger a fake `messages.upsert` event with a **fake message key and payload**. This allows anyone to spoof messages. The same exploit also allows…
CVE-2026-48063
GitHub-GHSA

CRITICAL
Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.
GHSA-q42j-x8rq-pjg6
pkg: cordova-plugin-inappbrowser
eco: npm
published: Jun 8, 2026
## Summary

The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`CDVWKInAppBrowser.m:560–574`). Any web content loaded inside the InAppBrowser can fire any pending C…

CVE-2026-47430
NVD

HIGH
CVE-2026-46519
CVE-2026-46519
pkg: kubernetes

published: Jun 11, 2026

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as access controls for restricting whi…
CWE: CWE-863
GitHub-GHSA

HIGH
OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri
GHSA-4×76-22×2-rx8v
pkg: @openzeppelin/wizard
eco: npm
published: Jun 11, 2026
## Summary

The OpenZeppelin Contracts Wizard generated Hardhat (`test/test.ts`) and Foundry (`test/<Name>.t.sol`) example test files that interpolated user-supplied strings (`opts.name`, `opts.uri`) into the test source without escaping. A crafted input could produce a generated test file in which …

CVE-2026-48054
NVD

HIGH
CVE-2026-46612
CVE-2026-46612
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers (/v1/archive GET / POST / DELETE and /v1/archives list) directly on …
CWE: CWE-306
NVD

HIGH
CVE-2026-20251
CVE-2026-20251
pkg: python

published: Jun 10, 2026

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power…
CWE: CWE-502
NVD

HIGH
CVE-2026-45564
CVE-2026-45564
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions/<service>/<server_ip>/<configver>/save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.system(f"dos2unix -q…
CWE: CWE-78
NVD

HIGH
CVE-2026-45447
CVE-2026-45447
pkg: openssl

published: Jun 9, 2026

Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
trigger a use-after-free during PKCS#7 signature verification.

Impact summary: A use-after-free may result in process crashes, heap
corruption, or potentially remote code execution.

When processing a PKCS#7 or S/MIME signed m…

CWE: CWE-416
NVD

HIGH
CVE-2026-32193
CVE-2026-32193
pkg: kubernetes

published: Jun 9, 2026

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
CWE: CWE-22
NVD

HIGH
CVE-2026-46317
CVE-2026-46317
pkg: linux

published: Jun 9, 2026

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Reassign nested_mmus array behind mmu_lock

kvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the
MMU notifier path (kvm_unmap_gfn_range() -> kvm_nested_s2_unmap()), which
can run at any time. kvm_vc…

NVD

HIGH
CVE-2026-11681
CVE-2026-11681
pkg: google chrome, linux linux_kernel

published: Jun 9, 2026

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11680
CVE-2026-11680
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11674
CVE-2026-11674
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11673
CVE-2026-11673
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11670
CVE-2026-11670
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11664
CVE-2026-11664
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11662
CVE-2026-11662
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-843
NVD

HIGH
CVE-2026-11657
CVE-2026-11657
pkg: google chrome, apple macos

published: Jun 9, 2026

Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11650
CVE-2026-11650
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11649
CVE-2026-11649
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11648
CVE-2026-11648
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11646
CVE-2026-11646
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11645
CVE-2026-11645
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125, CWE-787
NVD

HIGH
CVE-2026-11637
CVE-2026-11637
pkg: google chrome, apple macos

published: Jun 9, 2026

Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-11633
CVE-2026-11633
pkg: google chrome, apple macos

published: Jun 9, 2026

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-11630
CVE-2026-11630
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-11629
CVE-2026-11629
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-46490
CVE-2026-46490
pkg: samlify_project samlify

published: Jun 8, 2026

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject XML markup into an attribute value (e.g., email,…
CWE: CWE-91
NVD

HIGH
CVE-2026-11523
CVE-2026-11523
pkg: go

published: Jun 8, 2026

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The e…
CWE: CWE-119, CWE-121
NVD

HIGH
CVE-2026-47135
CVE-2026-47135
pkg: node

published: Jun 12, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox cod…
CWE: CWE-693
NVD

HIGH
CVE-2026-44494
CVE-2026-44494
pkg: axios axios

published: Jun 11, 2026

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle (MITM)…
CWE: CWE-441, CWE-1321
GitHub-GHSA

HIGH
Dex: Token-exchange endpoint is missing AllowedConnectors enforcement
GHSA-7qjx-gp9h-65qj
pkg: github.com/dexidp/dex
eco: go
published: Jun 9, 2026
## Summary

`server/handlers.go::handleTokenExchange` (lines 1804-1893) does not call `isConnectorAllowed(client.AllowedConnectors, connID)` before issuing tokens, while sibling handlers do. This is a per-client connector ACL gap on the token-exchange endpoint; the redirect-flow paths enforce the sa…

GitHub-GHSA

HIGH
Netty has Insufficient Bailiwick Validation for NS Records
GHSA-5pvg-856g-cp85
pkg: io.netty:netty-resolver-dns, io.netty:netty-resolver-dns
eco: maven
published: Jun 8, 2026
### Summary
Netty's `DnsResolveContext` insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains (like `.co.uk`).

### Details
In `io.netty.resolver.dns.DnsResolveC…

CVE-2026-47691
GitHub-GHSA

HIGH
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
GHSA-676x-f7gg-47vc
pkg: io.netty:netty-resolver-dns, io.netty:netty-resolver-dns
eco: maven
published: Jun 8, 2026
### Summary
Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses.

### Details
In `io.netty.resolver.dns.DnsResolveContext#buildAliasMap`, the resolver processes the ANSWER section of a DNS response and blindly caches all CNAME records it finds.

Accor…

CVE-2026-45674
NVD

HIGH
CVE-2026-47209
CVE-2026-47209
pkg: node

published: Jun 12, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy (e.g., when a child object inher…
CWE: CWE-693
NVD

HIGH
CVE-2026-47139
CVE-2026-47139
pkg: tls

published: Jun 12, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes und…
CWE: CWE-693
NVD

HIGH
CVE-2026-44492
CVE-2026-44492
pkg: axios axios

published: Jun 11, 2026

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe)…
CWE: CWE-918
NVD

HIGH
CVE-2026-50570
CVE-2026-50570
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs (ValidatePodSpecSafety / ValidateContainerSaf…
CWE: CWE-269, CWE-732
NVD

HIGH
CVE-2026-49824
CVE-2026-49824
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook (pkg/webhook/function.go) validated that spec.secrets[].namespace and spec.configmaps[].namesp…
CWE: CWE-284, CWE-863
NVD

HIGH
CVE-2026-45549
CVE-2026-45549
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/agent/action/<action>') and @jwt_required() only — no role check, no group ownership check on the s…
CWE: CWE-862, CWE-863
NVD

HIGH
CVE-2026-46288
CVE-2026-46288
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

of: unittest: fix use-after-free in of_unittest_changeset()

The variable 'parent' is assigned the value of 'nchangeset' earlier in the
function, meaning both point to the same struct device_node. The call to
of_node_put(nchangeset…

NVD

HIGH
CVE-2026-45567
CVE-2026-45567
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches.
CWE: CWE-287, CWE-306, CWE-697
NVD

HIGH
CVE-2026-11682
CVE-2026-11682
pkg: google chrome, linux linux_kernel

published: Jun 9, 2026

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-11679
CVE-2026-11679
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11676
CVE-2026-11676
pkg: google chrome, google chrome_os, linux linux_kernel

published: Jun 9, 2026

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-11672
CVE-2026-11672
pkg: google chrome, google android

published: Jun 9, 2026

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-787
NVD

HIGH
CVE-2026-11663
CVE-2026-11663
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11661
CVE-2026-11661
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11660
CVE-2026-11660
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-11656
CVE-2026-11656
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11655
CVE-2026-11655
pkg: google chrome, apple macos

published: Jun 9, 2026

Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-472
NVD

HIGH
CVE-2026-11652
CVE-2026-11652
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11647
CVE-2026-11647
pkg: google chrome, google android

published: Jun 9, 2026

Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-11642
CVE-2026-11642
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-11640
CVE-2026-11640
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-472
NVD

HIGH
CVE-2026-11635
CVE-2026-11635
pkg: google chrome, apple macos

published: Jun 9, 2026

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-11631
CVE-2026-11631
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-46481
CVE-2026-46481
pkg: jwt

published: Jun 8, 2026

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in request.connection.config.pass…
CWE: CWE-201
NVD

HIGH
CVE-2026-46307
CVE-2026-46307
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath5k: do not access array OOB

Vincent reports:
> The ath5k driver seems to do an array-index-out-of-bounds access as
> shown by the UBSAN kernel message:
> UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath5k/…

NVD

HIGH
CVE-2026-53721
CVE-2026-53721
pkg: nuxt nuxt

published: Jun 12, 2026

Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4.7.
CWE: CWE-178, CWE-863
GitHub-GHSA

HIGH
MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input
GHSA-hv8m-jj95-wg3x
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 11, 2026
### Impact

A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes `Lz4Block` and `Lz4BlockArray`.

The decoder implementation is based on a deprecated fast-decompression algorithm that does not take a source-length bound. A remote attacker can send a cra…

CVE-2026-48109
NVD

HIGH
CVE-2026-49982
CVE-2026-49982
pkg: node

published: Jun 11, 2026

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain the substring … It is bypassed when prefix, postfix, or template is supplied as a non-string value (Array, Buffer, or any object) whose includes('…
CWE: CWE-20, CWE-22
NVD

HIGH
CVE-2026-40998
CVE-2026-40998
pkg: express

published: Jun 11, 2026

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted XML…
CWE: CWE-611
GitHub-GHSA

HIGH
FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading
GHSA-w86f-rf9w-h3x6
pkg: fuxa-server
eco: npm
published: Jun 8, 2026
## Summary

An unauthenticated attacker (Alice) connects to FUXA's Socket.IO endpoint and emits a `device-webapi-request` event whose `property.address` field names an arbitrary URL. FUXA's `DEVICE_WEBAPI_REQUEST` handler at `server/runtime/index.js:296` calls `axios.get(address)` server-side and br…

CVE-2026-47719
NVD

HIGH
CVE-2026-46303
CVE-2026-46303
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

isofs: validate Rock Ridge CE continuation extent against volume size

rock_continue() reads rs->cont_extent verbatim from the Rock Ridge CE
record and passes it to sb_bread() without checking that the block
number is within the mo…

GitHub-GHSA

HIGH
esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY
GHSA-gv7w-rqvm-qjhr
pkg: esbuild
eco: npm
published: Jun 12, 2026
### Summary

The esbuild Deno module (`lib/deno/mod.ts`) downloads native binary executables from an npm registry and writes them to disk with executable permissions (`0o755`) **without performing any integrity verification** (e.g., SHA-256 hash check). The Node.js equivalent (`lib/npm/node-install.…

GitHub-GHSA

HIGH
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation
GHSA-j9gf-vw2f-9hrw
pkg: com.appsmith:server
eco: maven
published: Jun 12, 2026
### Summary
A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current `release`.

Both flows derive the email-link base URL from the request `Origin` header. The current validation only enforces a trusted base URL when `A…

GitHub-GHSA

HIGH
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL
GHSA-3gp5-q4jw-3v94
pkg: @budibase/server
eco: npm
published: Jun 12, 2026
### Summary
Budibase stores external REST datasource credentials server-side and documents that database credentials are applied server-side and are not exposed in the UI. The REST datasource implementation redacts stored Basic/Bearer/OAuth2 auth secrets before returning datasource data to clients. …
CVE-2026-48152
GitHub-GHSA

HIGH
Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators
GHSA-9wcp-79g5-5c3c
pkg: com.appsmith:server
eco: maven
published: Jun 12, 2026
## Summary

The `/api/v1/users/super` endpoint enforces a restriction that only one super user (Instance Administrator) can be created during initial setup. However, due to a Time-of-Check-Time-of-Use (TOCTOU) race condition in the `signupAndLoginSuper()` method, concurrent requests can bypass this …

NVD

HIGH
CVE-2026-11816
CVE-2026-11816
pkg: docker

published: Jun 11, 2026

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils.py`. The functions `filter_safe_tarinfos()` and `filter_safe_zipinfos()` validate archive member paths against the process current working directory (CWD…
CWE: CWE-22
GitHub-GHSA

HIGH
Litestar has HTML Injection Through its CSRF Token
GHSA-542p-wvx7-72m4
pkg: litestar
eco: pip
published: Jun 10, 2026
# Overview

Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic escaping by the template engine when configured inline w…

CVE-2026-48060
NVD

HIGH
CVE-2026-45569
CVE-2026-45569
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. in config_file_name and configver for improved security") added a line in app/modules/config/config.py:462. This is tuple-membership, n…
CWE: CWE-22, CWE-697
NVD

HIGH
CVE-2026-45565
CVE-2026-45565
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its…
CWE: CWE-20, CWE-22, CWE-117
GitHub-GHSA

HIGH
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization
GHSA-xq69-5h5v-x9x4
pkg: org.springframework.kafka:spring-kafka, org.springframework.kafka:spring-kafka, org.springframework.kafka:spring-kafka
eco: maven
published: Jun 10, 2026
JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted hea…
CVE-2026-41731
NVD

HIGH
CVE-2026-41729
CVE-2026-41729
pkg: express

published: Jun 10, 2026

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expres…
CWE: CWE-917
NVD

HIGH
CVE-2026-41717
CVE-2026-41717
pkg: express

published: Jun 10, 2026

Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder.

Affected versions:
Spring Data MongoDB 5.0.0 th…

CWE: CWE-917
NVD

HIGH
CVE-2026-7383
CVE-2026-7383
pkg: openssl

published: Jun 9, 2026

Issue summary: A signed integer overflow when sizing the destination
buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap
buffer overflow.

Impact summary: A heap buffer overflow may lead to a crash or possibly
attacker controlled code execution or other undefined behaviour.

In ASN…

CWE: CWE-787
NVD

HIGH
CVE-2026-42987
CVE-2026-42987
pkg: microsoft windows_server_2012, microsoft windows_server_2016, microsoft windows_server_2019

published: Jun 9, 2026

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
CWE: CWE-416
NVD

HIGH
CVE-2026-42981
CVE-2026-42981
pkg: microsoft windows_11_23h2, microsoft windows_11_24h2, microsoft windows_11_25h2

published: Jun 9, 2026

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CWE: CWE-191
NVD

HIGH
CVE-2026-42974
CVE-2026-42974
pkg: microsoft windows_11_23h2, microsoft windows_11_24h2, microsoft windows_11_25h2

published: Jun 9, 2026

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CWE: CWE-190
NVD

HIGH
CVE-2026-49948
CVE-2026-49948
pkg: jwt

published: Jun 9, 2026

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validating …
CWE: CWE-862
NVD

HIGH
CVE-2026-11643
CVE-2026-11643
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-46484
CVE-2026-46484
pkg: node

published: Jun 8, 2026

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3.
CWE: CWE-22, CWE-285
GitHub-GHSA

HIGH
Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking
GHSA-3qp7-7mw8-wx86
pkg: io.netty:netty-handler, io.netty:netty-handler
eco: maven
published: Jun 8, 2026
### Summary
An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions.

### Details
`io.netty.handler.ipfilter.IpSubnetFilterRule#compareTo(java.net.InetSocketAddress)` method performs a bit…

CVE-2026-44249
NVD

HIGH
CVE-2026-48165
CVE-2026-48165
pkg: node

published: Jun 12, 2026

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system var…
CWE: CWE-78
NVD

HIGH
CVE-2026-48163
CVE-2026-48163
pkg: node

published: Jun 12, 2026

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not a…
CWE: CWE-78
NVD

HIGH
CVE-2026-44168
CVE-2026-44168
pkg: node

published: Jun 12, 2026

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not a…
CWE: CWE-78
NVD

HIGH
CVE-2026-48612
CVE-2026-48612
pkg: oauth

published: Jun 12, 2026

Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover.
CWE: CWE-352
GitHub-GHSA

HIGH
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
GHSA-r236-5pc3-3qcp
pkg: github.com/aws/aws-advanced-go-wrapper/awssql/v2, github.com/aws/aws-advanced-go-wrapper/xray, github.com/aws/aws-advanced-go-wrapper/aws-secrets-manager
eco: go
published: Jun 11, 2026
Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL.

An issue in Aurora PostgreSQL using the AWS Go Wrapper waa identified, see CVE-2026-11401.

Impact
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_supe…

CVE-2026-11401
GitHub-GHSA

HIGH
Jenkins: Stored XSS vulnerability in node offline cause description
GHSA-93qh-vwrm-c5pw
pkg: org.jenkins-ci.main:jenkins-core
eco: maven
published: Jun 10, 2026
Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attac…
CVE-2026-53441
NVD

HIGH
CVE-2026-42851
CVE-2026-42851
pkg: python

published: Jun 12, 2026

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with `cat`, a log line, an email body rendered in `less`, an issue body in a TUI, etc. — can cause kitty to execute attacker-…
CWE: CWE-94, CWE-862
NVD

HIGH
CVE-2026-44802
CVE-2026-44802
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-42991
CVE-2026-42991
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CWE: CWE-362, CWE-416
NVD

HIGH
CVE-2026-42983
CVE-2026-42983
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-42980
CVE-2026-42980
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CWE: CWE-122, CWE-191
NVD

HIGH
CVE-2026-42979
CVE-2026-42979
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CWE: CWE-362, CWE-416
NVD

HIGH
CVE-2026-42978
CVE-2026-42978
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CWE: CWE-362, CWE-416
NVD

HIGH
CVE-2026-42977
CVE-2026-42977
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CWE: CWE-362
NVD

HIGH
CVE-2026-42916
CVE-2026-42916
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CWE: CWE-190
NVD

HIGH
CVE-2026-42910
CVE-2026-42910
pkg: microsoft windows_11_24h2, microsoft windows_11_25h2, microsoft windows_11_26h1

published: Jun 9, 2026

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
CWE: CWE-787
NVD

HIGH
CVE-2026-42905
CVE-2026-42905
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-42837
CVE-2026-42837
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CWE: CWE-125
NVD

HIGH
CVE-2026-42829
CVE-2026-42829
pkg: microsoft windows_11_24h2, microsoft windows_11_25h2, microsoft windows_11_26h1

published: Jun 9, 2026

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
CWE: CWE-284
NVD

HIGH
CVE-2026-42828
CVE-2026-42828
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CWE: CWE-126
NVD

HIGH
CVE-2026-40409
CVE-2026-40409
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CWE: CWE-197
NVD

HIGH
CVE-2026-40404
CVE-2026-40404
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CWE: CWE-122, CWE-197
NVD

HIGH
CVE-2026-33828
CVE-2026-33828
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
CWE: CWE-501
NVD

HIGH
CVE-2026-8795
CVE-2026-8795
pkg: windows

published: Jun 9, 2026

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted co…
CWE: CWE-74, CWE-94, CWE-116
NVD

HIGH
CVE-2026-46311
CVE-2026-46311
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/userq: fix access to stale wptr mapping

Use drm_exec to take both locks i.e vm root bo and
wptr_obj bo to access the mapping data properly.

This fixes the security issue of unmap the wptr_obj while
a queue creation is …

NVD

HIGH
CVE-2026-46280
CVE-2026-46280
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

lib: test_hmm: evict device pages on file close to avoid use-after-free

Patch series "Minor hmm_test fixes and cleanups".

Two bugfixes a cleanup for the HMM kernel selftests. These were mostly
reported by Zenghui Yu with special…

NVD

HIGH
CVE-2026-46277
CVE-2026-46277
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

mm/zone_device: do not touch device folio after calling ->folio_free()

The contents of a device folio can immediately change after calling
->folio_free(), as the folio may be reallocated by a driver with a
different order. Instea…

NVD

HIGH
CVE-2026-46275
CVE-2026-46275
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths

Vulnerabilities leading to Use-After-Free (UAF) and Null Pointer
Dereference (NPD) conditions were observed in the lifecycle management
of hci_uart.

The pr…

NVD

HIGH
CVE-2026-46274
CVE-2026-46274
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

io-wq: check that the predecessor is hashed in io_wq_remove_pending()

io_wq_remove_pending() needs to fix up wq->hash_tail[] if the cancelled
work was the tail of its hash bucket. When doing this, it checks whether
the preceding e…

GitHub-GHSA

HIGH
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)
GHSA-fp5j-4fj2-4jvq
pkg: github.com/radius-project/radius
eco: go
published: Jun 12, 2026
# Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)

## Summary

A configuration-validation issue in the Radius Kubernetes controller can cause it to issue a `DELETE` for the container resource referenced by a tampered `radapp.io/status` …

CVE-2026-53999
GitHub-GHSA

HIGH
Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection
GHSA-g6qx-g4pr-92v7
pkg: @budibase/server
eco: npm
published: Jun 12, 2026
### Summary

The OAuth2 token fetch function in `packages/server/src/sdk/workspace/oauth2/utils.ts` (line 59) uses raw `fetch(config.url)` with **no SSRF protection**. The safe wrapper `fetchWithBlacklist()` exists in the same codebase and is used in every other outbound HTTP call (automation steps,…

CVE-2026-48146
NVD

HIGH
CVE-2026-50567
CVE-2026-50567
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result wi…
CWE: CWE-22
NVD

HIGH
CVE-2026-49823
CVE-2026-49823
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by t…
CWE: CWE-284, CWE-863
NVD

HIGH
CVE-2026-49822
CVE-2026-49822
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace was able to establish a persistent s…
CWE: CWE-284, CWE-862
NVD

HIGH
CVE-2026-49821
CVE-2026-49821
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.meta…
CWE: CWE-441, CWE-862
GitHub-GHSA

HIGH
OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth
GHSA-cxh2-4639-vmc5
pkg: github.com/open-telemetry/opentelemetry-operator
eco: go
published: Jun 10, 2026
## Affected

Repository: github.com/open-telemetry/opentelemetry-operator
Component: cmd/otel-allocator (TargetAllocator)
Companion: Prometheus Operator API types (CRDs)

## Summary

OpenTelemetry Operator's TargetAllocator watches `ServiceMonitor` resources via the Prometheus Operator CR watcher an…

CVE-2026-47701
GitHub-GHSA

HIGH
File Browser has incorrect access control for public directory shares via rule path rebasing
GHSA-j9jx-hp4c-ghhh
pkg: github.com/filebrowser/filebrowser/v2, github.com/filebrowser/filebrowser
eco: go
published: Jun 12, 2026
### Summary
File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the owner's global and per-user rules using the rebased relative path instead of the original path relative to the owner's scope.

As a result,…

CVE-2026-54091
GitHub-GHSA

HIGH
Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema
GHSA-qhv3-wjg8-6fx6
pkg: @budibase/server
eco: npm
published: Jun 12, 2026
The webhook schema-building endpoint is registered under `builderRoutes`, but the generic authorization middleware skips authorization for all paths matching `/api/webhooks/schema`. As a result, an unauthenticated caller can update the body schema for a known webhook and mutate the corresponding aut…
CVE-2026-48151
NVD

HIGH
CVE-2026-50010
CVE-2026-50010
pkg: netty netty

published: Jun 12, 2026

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X50…
CWE: CWE-347
NVD

HIGH
CVE-2026-45416
CVE-2026-45416
pkg: netty netty

published: Jun 12, 2026

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates `ctx.alloc().…
CWE: CWE-770
GitHub-GHSA

HIGH
Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds
GHSA-4r3c-5hpg-58qr
pkg: russh
eco: rust
published: Jun 11, 2026
# SSH message fields were decoded through allocation-first parsers before field-specific bounds

### Summary

Several `russh` client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote…

CVE-2026-48110
NVD

HIGH
CVE-2026-44496
CVE-2026-44496
pkg: axios axios

published: Jun 11, 2026

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who ca…
CWE: CWE-400, CWE-1333
NVD

HIGH
CVE-2026-44488
CVE-2026-44488
pkg: axios axios

published: Jun 11, 2026

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved t…
CWE: CWE-770
NVD

HIGH
CVE-2026-44487
CVE-2026-44487
pkg: axios axios

published: Jun 11, 2026

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is se…
CWE: CWE-201
NVD

HIGH
CVE-2026-44486
CVE-2026-44486
pkg: axios axios

published: Jun 11, 2026

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axio…
CWE: CWE-200
GitHub-GHSA

HIGH
@grpc/grpc-js: A malformed request can cause a server crash
GHSA-5375-pq7m-f5r2
pkg: @grpc/grpc-js, @grpc/grpc-js, @grpc/grpc-js
eco: npm
published: Jun 11, 2026
### Impact
An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js.

### Patches
The following version have fixes for this vulnerability:

– 1.9.16
– 1.10.12
– 1.11.4
– 1.12.7
– 1.13.5
– 1.14.4

### Workarounds
Ther…

CVE-2026-48068
GitHub-GHSA

HIGH
@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash
GHSA-99f4-grh7-6pcq
pkg: @grpc/grpc-js, @grpc/grpc-js, @grpc/grpc-js
eco: npm
published: Jun 11, 2026
### Impact
An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js

### Patches
The following version have fixes for this vulnerability:

– 1.9.16
– 1.10.12
– 1.11.4
– 1.12.7
– 1.13.5
– 1.14.4

### Workar…

CVE-2026-48069
NVD

HIGH
CVE-2026-46679
CVE-2026-46679
pkg: node

published: Jun 10, 2026

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23.
CWE: CWE-20, CWE-400, CWE-401
NVD

HIGH
CVE-2026-45783
CVE-2026-45783
pkg: node

published: Jun 10, 2026

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUT_VALUE messages whose keys bypass all content validation. No …
CWE: CWE-20, CWE-400
GitHub-GHSA

HIGH
Acknowledgement extension out of memory
GHSA-cqgj-h8vf-4w59
pkg: org.cometd.java:cometd-java-server-common, org.cometd.java:cometd-java-server-common, org.cometd.java:cometd-java-server-common
eco: maven
published: Jun 10, 2026
### Impact
Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError.

Such bad clients would always send:

“`json
{
"channel": "/meta/connec…

CVE-2025-53114
NVD

HIGH
CVE-2025-71330
CVE-2025-71330
pkg: node

published: Jun 10, 2026

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to tri…
CWE: CWE-835
NVD

HIGH
CVE-2025-71329
CVE-2025-71329
pkg: node

published: Jun 10, 2026

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF…
CWE: CWE-835
NVD

HIGH
CVE-2026-46545
CVE-2026-46545
pkg: node

published: Jun 10, 2026

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronizatio…
CWE: CWE-248
NVD

HIGH
CVE-2026-46541
CVE-2026-46541
pkg: node

published: Jun 10, 2026

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails (from a malicious DHT …
CWE: CWE-754
NVD

HIGH
CVE-2026-44716
CVE-2026-44716
pkg: pipecat pipecat

published: Jun 10, 2026

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py). When the runner is started with the –folder f…
CWE: CWE-22
NVD

HIGH
CVE-2025-71319
CVE-2025-71319
pkg: node

published: Jun 9, 2026

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF…
CWE: CWE-835
NVD

HIGH
CVE-2026-9076
CVE-2026-9076
pkg: openssl

published: Jun 9, 2026

Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)
processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK
cipher can trigger a heap out-of-bounds read in kek_unwrap_key().

Impact summary: A heap buffer over-read may trigger a crash which leads to
Denial…

CWE: CWE-125
NVD

HIGH
CVE-2026-45445
CVE-2026-45445
pkg: ssl

published: Jun 9, 2026

Issue summary: When an application drives an AES-OCB context through the
public EVP_Cipher() one-shot interface, the application-supplied
initialisation vector (IV) is silently discarded.

Impact summary: Every message encrypted under the same key uses the
same effective nonce regardless of the IV s…

CWE: CWE-325
NVD

HIGH
CVE-2026-42908
CVE-2026-42908
pkg: windows

published: Jun 9, 2026

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CWE: CWE-125
NVD

HIGH
CVE-2026-42765
CVE-2026-42765
pkg: openssl

published: Jun 9, 2026

Issue summary: When a partial-chain certificate verification is enabled
together with OCSP response checking for the whole chain, a NULL dereference
will happen if the verified chain does not have a self-signed trusted anchor,
crashing the process.

Impact summary: A NULL pointer dereference can tri…

CWE: CWE-476
NVD

HIGH
CVE-2026-42764
CVE-2026-42764
pkg: ssl

published: Jun 9, 2026

Issue summary: Receiving a QUIC initial packet with an invalid token may
trigger a NULL pointer dereference in the OpenSSL QUIC server with
address validation disabled.

Impact summary: NULL pointer dereference typically causes abnormal termination
of the affected QUIC server process and a Denial of…

CWE: CWE-476
NVD

HIGH
CVE-2026-34183
CVE-2026-34183
pkg: openssl

published: Jun 9, 2026

Issue summary: Remote peer may exhaust heap memory of the QUIC
server or client by flooding it with packets containing PATH_CHALLENGE
frames.

Impact summary: A malicious remote peer can cause an unbounded
memory allocation which can lead to an abnormal termination of the
application acting as a QUI…

CWE: CWE-1325
NVD

HIGH
CVE-2026-34180
CVE-2026-34180
pkg: openssl

published: Jun 9, 2026

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive
element whose content exceeds 2 gigabytes in length may cause a heap buffer
over-read on 64-bit Unix and Unix-like platforms.

Impact summary: The heap buffer over-read may crash the application (Denial of
Service) or to l…

CWE: CWE-125
NVD

HIGH
CVE-2026-41850
CVE-2026-41850
pkg: vmware spring_framework

published: Jun 9, 2026

Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation o…
CWE: CWE-407
NVD

HIGH
CVE-2026-41849
CVE-2026-41849
pkg: vmware spring_framework

published: Jun 9, 2026

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS).

Affected versions:
Spring Fr…

CWE: CWE-190
NVD

HIGH
CVE-2026-11667
CVE-2026-11667
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125
NVD

HIGH
CVE-2026-11644
CVE-2026-11644
pkg: google chrome, linux linux_kernel

published: Jun 9, 2026

Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-11641
CVE-2026-11641
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-11639
CVE-2026-11639
pkg: google chrome, apple macos

published: Jun 9, 2026

Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-11636
CVE-2026-11636
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-11632
CVE-2026-11632
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
GitHub-GHSA

HIGH
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
GHSA-2vqw-3mp8-cgmx
pkg: puma, puma
eco: rubygems
published: Jun 9, 2026
### Impact

Puma is vulnerable to source IP spoofing when `set_remote_address proxy_protocol: :v1` is enabled and persistent connections are used.

PROXY protocol v1 is a connection-level protocol. [Support was added to Puma in v5.5.0](https://github.com/puma/puma/issues/2651). A proxy sends one PRO…

CVE-2026-47737
GitHub-GHSA

HIGH
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
GHSA-qpgp-93vx-g8v8
pkg: puma, puma
eco: rubygems
published: Jun 8, 2026
### Impact

[PROXY protocol support for Puma](https://github.com/puma/puma/issues/2651) was added in version 5.5.0.

When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens…

CVE-2026-47736
GitHub-GHSA

HIGH
Netty: SCTP reassembly nests buffers without bound
GHSA-5xrh-qmmq-w6ch
pkg: io.netty:netty-transport-sctp, io.netty:netty-transport-sctp
eco: maven
published: Jun 8, 2026
For each non-complete SctpMessage fragment the handler does `fragments.put(streamId, Unpooled.wrappedBuffer(frag, byteBuf))`, wrapping the previous accumulator and the new slice into a *new* CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding…
CVE-2026-46340
GitHub-GHSA

HIGH
Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes
GHSA-x4gw-5cx5-pgmh
pkg: io.netty:netty-handler, io.netty:netty-handler
eco: maven
published: Jun 8, 2026
SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates `ctx.alloc().buffer(handshakeLength)` (line 161). The guard at line 140 is `handshakeLength > maxClientHelloLength && maxClientHelloLength != 0`, and the…
CVE-2026-45416
GitHub-GHSA

HIGH
Netty's Default QUIC token handler accepts any client-supplied token
GHSA-cmm3-54f8-px4j
pkg: io.netty:netty-codec-classes-quic
eco: maven
published: Jun 8, 2026
NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken() returns false (server will not send Retry — acceptable), but validateToken() unconditionally `return 0`. In QuicheQuicServerCodec.handlePacket(), a non-negative return from validateToken() is interp…
CVE-2026-44894
NVD

HIGH
CVE-2026-40519
CVE-2026-40519
pkg: nginx

published: Jun 8, 2026

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary co…
CWE: CWE-78
GitHub-GHSA

HIGH
Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length
GHSA-cc37-9q2j-3hfv
pkg: io.netty:netty-codec-haproxy, io.netty:netty-codec-haproxy
eco: maven
published: Jun 8, 2026
When decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex(), length)` and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsExc…
CVE-2026-44893
GitHub-GHSA

HIGH
Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size
GHSA-c2rx-5r8w-8xr2
pkg: io.netty:netty-codec-http3
eco: maven
published: Jun 8, 2026
### Summary
The default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify `HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE`, the implementation defaults to an unbounded limit. This insecure default confi…
CVE-2026-44892
GitHub-GHSA

HIGH
Netty has Unbounded Direct Memory Consumption in its RedisDecoder
GHSA-6ghj-frrj-jjj3
pkg: io.netty:netty-codec-redis, io.netty:netty-codec-redis
eco: maven
published: Jun 8, 2026
### Summary
An attacker can cause DoS by sending crafted Redis payloads across multiple connections without `\r\n`. This exhausts the server's direct memory pool (OutOfDirectMemoryError), preventing legitimate connections from being processed.

### Details
io.netty.handler.codec.redis.RedisDecoder d…

CVE-2026-44890
GitHub-GHSA

HIGH
Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays
GHSA-3244-j874-rhc2
pkg: io.netty:netty-codec-redis, io.netty:netty-codec-redis
eco: maven
published: Jun 8, 2026
### Summary
An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError.

### Details
io.netty.handler.codec.redis.RedisArrayAggregat…

CVE-2026-44250
NVD

HIGH
CVE-2026-46306
CVE-2026-46306
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

flow_dissector: do not dissect PPPoE PFC frames

RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT
RECOMMENDED for PPPoE. In practice, pppd does not support negotiating
PFC for PPPoE sessions, and the flow diss…

NVD

HIGH
CVE-2026-46304
CVE-2026-46304
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free

nvmet_tcp_release_queue_work() runs on nvmet-wq and can drop the
final controller reference through nvmet_cq_put(). If that triggers
nvmet_ctrl_free(), the teardown path flu…

GitHub-GHSA

HIGH
Routinator crashes when sending a maliciously crafted select-asn query parameter
GHSA-gc6q-cwcj-3vh9
pkg: routinator
eco: rust
published: Jun 8, 2026
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes.

This only affects users who allow API access from untrusted networks.

CVE-2026-49234
NVD

HIGH
CVE-2026-34181
CVE-2026-34181
pkg: openssl

published: Jun 9, 2026

Issue Summary: The PKCS#12 file processing fails to perform sufficient input
validation for files that use Password-Based Message Authentication Code 1
(PBMAC1) integrity mechanism allowing a certificate and private key forgery.

Impact Summary: An attacker impersonating a user can cause a service r…

CWE: CWE-354
NVD

HIGH
CVE-2026-48546
CVE-2026-48546
pkg: node

published: Jun 11, 2026

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext() sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull r…
CWE: CWE-693
NVD

HIGH
CVE-2026-11417
CVE-2026-11417
pkg: node

published: Jun 10, 2026

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.246.0 on Windows) might allow an actor who controls the value of one or more bundling properties (externalModules, define, loader, inject, or esbuildArgs) to execute arbitrary commands on the host run…
CWE: CWE-78
GitHub-GHSA

HIGH
Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion
GHSA-j9rx-rppg-6hh4
pkg: github.com/julien040/anyquery
eco: go
published: Jun 10, 2026
# Path Traversal in `clear_plugin_cache` Allows Arbitrary Directory Deletion

| Field | Value |
| —————- | —– |
| Repository | julien040/anyquery |
| Affected version | 0.4.4 |
| Vulnerability | CWE-22 — Improper Limitation of a Pathname to a Restricted Directory |…

CVE-2026-47253
NVD

HIGH
CVE-2026-42306
CVE-2026-42306
pkg: docker

published: Jun 12, 2026

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary ho…
CWE: CWE-61, CWE-367
GitHub-GHSA

HIGH
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
GHSA-7qmg-grcp-qf25
pkg: org.geoserver.web:gs-web-app, org.geoserver.web:gs-web-sec-core, org.geoserver.web:gs-web-sec-core
eco: maven
published: Jun 12, 2026
### Summary
A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to …
CVE-2025-52465
NVD

HIGH
CVE-2026-53816
CVE-2026-53816
pkg: openclaw openclaw

published: Jun 11, 2026

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway, steering…
CWE: CWE-862
GitHub-GHSA

HIGH
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
GHSA-g628-r368-6vh7
pkg: org.geoserver.extension:gs-db2
eco: maven
published: Jun 11, 2026
## Summary

Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution (RCE).

## Impact

If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code.

## Details

Authenticated users can access Vector Data Sour…

CVE-2025-27511
GitHub-GHSA

HIGH
WsgiDAV encoded dot segments can escape filesystem share roots
GHSA-wxq4-cc2q-338q
pkg: wsgidav
eco: pip
published: Jun 11, 2026
### Impact
WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout.

### Patches
The issue is fixed with version 4.3.4.

### Preconditions

The practical impact depends on the deployment.

T…

CVE-2026-48099
GitHub-GHSA

HIGH
Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents
GHSA-8qhj-4f8c-j8qg
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 10, 2026
### Summary

The dashboard exposes the cron manual-trigger action as an authenticated `GET /api/v1/cron/:id/manual` endpoint. Dashboard JWTs are sent in the `nz-jwt` cookie and configured with `SameSite=Lax`, which browsers include on top-level cross-site GET navigations. Because this state-changing…

CVE-2026-49396
NVD

HIGH
CVE-2026-53674
CVE-2026-53674
pkg: express

published: Jun 10, 2026

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit @mention…
CWE: CWE-943
NVD

HIGH
CVE-2026-44495
CVE-2026-44495
pkg: axios

published: Jun 11, 2026

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse, affecte…
CWE: CWE-94, CWE-1321
NVD

HIGH
CVE-2026-42984
CVE-2026-42984
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-42912
CVE-2026-42912
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CWE: CWE-362
NVD

HIGH
CVE-2026-42911
CVE-2026-42911
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-41108
CVE-2026-41108
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
CWE: CWE-122
NVD

HIGH
CVE-2026-34335
CVE-2026-34335
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-46299
CVE-2026-46299
pkg: linux

published: Jun 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix held lock freed on hfsplus_fill_super()

hfsplus_fill_super() calls hfs_find_init() to initialize a search
structure, which acquires tree->tree_lock. If the subsequent call to
hfsplus_cat_build_key() fails, the functio…

GitHub-GHSA

HIGH
File Browser has a DoS Vulnerability via Public Login API
GHSA-w5fm-68j4-fpc4
pkg: github.com/filebrowser/filebrowser/v2, github.com/filebrowser/filebrowser
eco: go
published: Jun 12, 2026
### Summary
Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the co…
CVE-2026-54092
GitHub-GHSA

HIGH
File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection
GHSA-8c9q-7855-wfxq
pkg: github.com/filebrowser/filebrowser/v2
eco: go
published: Jun 12, 2026
> [!NOTE]
> **This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations**. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this …
CVE-2026-54090
GitHub-GHSA

HIGH
File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path
GHSA-3q2p-72cj-682c
pkg: github.com/filebrowser/filebrowser/v2, github.com/filebrowser/filebrowser
eco: go
published: Jun 12, 2026
### Summary
This is similar vulnrability of **`CVE-2026-0035`**, which was fixed in Android `MediaProvider` with **high** severity. In the original Java issue, `MediaStore.createWriteRequest()` accepted attacker-controlled URIs and created a future grant even when the referenced media item did not e…
CVE-2026-54096
GitHub-GHSA

HIGH
File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix
GHSA-5ww9-jg6q-38r7
pkg: github.com/filebrowser/filebrowser, github.com/filebrowser/filebrowser/v2
eco: go
published: Jun 12, 2026
### Summary
A low-privileged authenticated user of filebrowser (with `create` + `delete` permissions in their own isolated scope) can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory…
CVE-2026-54097
GitHub-GHSA

HIGH
PyO3 has an Out-of-bounds Read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators
GHSA-36hh-v3qg-5jq4
pkg: pyo3
eco: rust
published: Jun 12, 2026
PyO3 0.24.0 added optimized implementations of `Iterator::nth` and `DoubleEndedIterator::nth_back` for the `BoundListIterator` and `BoundTupleIterator` types. These implementations computed the target index using unchecked `usize` addition (`index + n`) before bounds-checking against the sequence le…
GitHub-GHSA

HIGH
Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection
GHSA-24fp-5v3p-rvpw
pkg: github.com/jpillora/chisel
eco: go
published: Jun 12, 2026
### Summary

Authenticated chisel clients can bypass `–authfile` ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A…

CVE-2026-48113
GitHub-GHSA

HIGH
DevGuard has improper authorization on public assets
GHSA-6p54-fw2f-q7gf
pkg: github.com/l3montree-dev/devguard
eco: go
published: Jun 11, 2026
### Impact

On a DevGuard API instance with one or more **public assets**, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete **VEX rules** on those public assets. The same flaw a…

CVE-2026-48089
GitHub-GHSA

HIGH
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion
GHSA-h2qv-fj59-j46j
pkg: io.netty:netty-codec-haproxy, io.netty:netty-codec-haproxy
eco: maven
published: Jun 11, 2026
### Impact
The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested `PP2_TYPE_SSL` TLVs (type-length-value records) at depth two or greater. The leak occurs on the successful parse path — no exce…
CVE-2026-48059
GitHub-GHSA

HIGH
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS
GHSA-j93g-rp6m-j32m
pkg: github.com/basekick-labs/arc
eco: go
published: Jun 11, 2026
### Summary

Arc registers Go's `net/http/pprof` handlers at `/debug/pprof/*` via `app.Use(pprof.New())` in `internal/api/server.go`, and `/debug/pprof` is added to `PublicPrefixes` in `cmd/arc/main.go`. The auth middleware short-circuits before the token check on prefix match, so the endpoints are …

CVE-2026-48050
GitHub-GHSA

HIGH
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization
GHSA-xf64-8mw2-4gr2
pkg: github.com/traefik/traefik/v2, github.com/traefik/traefik/v3, github.com/traefik/traefik/v3
eco: go
published: Jun 11, 2026
## Summary

There is a high severity vulnerability in Traefik's `StripPrefix` middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a `PathPrefix` rule and applies the `StripPrefix` middleware, a request path contai…

CVE-2026-48020
GitHub-GHSA

HIGH
Element Call reports full URLs of visited pages to analytics server
GHSA-6vhh-4xw6-h2h2
pkg: @element-hq/element-call-embedded
eco: npm
published: Jun 11, 2026
### Impact

Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a `posthog` key in config.json or by the `posthogApiHost` and `posthogApiKey` URL parameters. Several fields of this data (`$initial_person_info`, `$session_entry_url`, and `$curr…

CVE-2026-48007
GitHub-GHSA

HIGH
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
GHSA-6jv9-x5w9-2ccm
pkg: io.netty:netty-codec-redis, io.netty:netty-codec-redis
eco: maven
published: Jun 11, 2026
### Impact
The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate completes. The handler retains child messages in per-handler state (`depths` field) but defines no `channelInactive`, `handlerRemoved`, or …
CVE-2026-48006
GitHub-GHSA

HIGH
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing
GHSA-qq6c-99pv-prvf
pkg: pdm
eco: pip
published: Jun 11, 2026
## Summary

PDM automatically loads project-local plugin paths from `.pdm-plugins` during `Core` initialization. Because this path is added via `site.addsitedir()`, attacker-controlled `.pth` files inside the project plugin directory are processed and can execute Python code before normal CLI handli…

CVE-2026-47781
GitHub-GHSA

HIGH
PDM wheel installation leads to Path Traversal via overridden write_to_fs
GHSA-78v8-vpjp-cjqh
pkg: pdm
eco: pip
published: Jun 10, 2026
InstallDestination.write_to_fs() in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe _path_with_destdir() (which validates via Path.resolve() + is_relative_to()) with a bare os.path.join() that performs no path validation. A malicious wh…
CVE-2026-47764
GitHub-GHSA

HIGH
@hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts
GHSA-32g3-35g9-wc9g
pkg: @hulumi/drift
eco: npm
published: Jun 10, 2026
**Affected:** `@hulumi/drift` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** Medium — **CWE-755 (Improper Handling of Exceptional Conditions)**

#### Summary

`@hulumi/drift` runs four adapters that each ask a different question about whether a resource has drifted (Pulumi-state diff, provi…

CVE-2026-48036
GitHub-GHSA

HIGH
@hulumi/baseline: AccountFoundation audit-delivery S3 bucket could be silently weakened
GHSA-2mxr-p26x-mj73
pkg: @hulumi/baseline
eco: npm
published: Jun 10, 2026
**Affected:** `@hulumi/baseline` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-1059 (Insufficient Technical Documentation / Behavioral Inconsistency)**

#### Summary

The S3 bucket that `AccountFoundation` creates to receive CloudTrail and AWS Config audit logs is meant to be …

CVE-2026-48035
GitHub-GHSA

HIGH
@hulumi/policies has a HULUMI-H5 bypass via decoy sibling resources targeting a different bucket
GHSA-9vc9-4jv3-rf86
pkg: @hulumi/policies
eco: npm
published: Jun 10, 2026
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-284 (Improper Access Control)**

#### Summary

HULUMI-H1 forbids raw `aws:s3:Bucket` outside of Hulumi's `SecureBucket` component, with one exemption: a raw bucket that's a child of a `SecureBucket`…

CVE-2026-48034
GitHub-GHSA

HIGH
@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
GHSA-rhgj-6g2c-frmm
pkg: @hulumi/policies
eco: npm
published: Jun 10, 2026
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-693 (Protection Mechanism Failure)**

#### Summary

Pulumi gives every cloud resource a structured URN that includes the resource's type chain (`hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:Buck…

CVE-2026-48033
GitHub-GHSA

HIGH
@hulumi/policies bypasses IAM-role policy checks when the role trusts multiple OIDC providers
GHSA-g759-4pxw-6692
pkg: @hulumi/policies
eco: npm
published: Jun 10, 2026
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-697 (Incorrect Comparison)**

#### Summary

AWS IAM trust policies can list more than one federated identity provider — for example, a role that accepts BOTH GitHub Actions OIDC and Google's OIDC.…

CVE-2026-48032
GitHub-GHSA

HIGH
Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks
GHSA-p2j4-c4g6-rpf5
pkg: github.com/basekick-labs/arc
eco: go
published: Jun 8, 2026
### Summary

Arc's user-SQL validator (`internal/api/query.go:ValidateSQLRequest`) blocked only `read_parquet(` and `arc_partition_agg(` via regex denylist. The broader DuckDB I/O function family — `read_csv_auto`, `read_csv`, `read_json`, `read_json_auto`, `read_text`, `read_blob`, `glob`, `parqu…

CVE-2026-47735
GitHub-GHSA

HIGH
nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator
GHSA-qm33-p5p9-f8vg
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 8, 2026
`internal/api/audit.go:12` — `handleGetAuditLog` does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via `store.ListAuditEntries` (up to limit=1000). This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP…
CVE-2026-47726
GitHub-GHSA

HIGH
nebula-mesh's web UI lacks CSRF tokens on /ui/* mutating endpoints
GHSA-273q-qgh5-wrj6
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 8, 2026
Every `/ui/*` POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. `SameSite=Lax` on the session cookie prevents most cross-site form submits but does not protect:

– top-level form-submit navigations from third-party pages (some browsers still send Lax co…

CVE-2026-47725
GitHub-GHSA

HIGH
nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)
GHSA-w7w5-5gcp-38rw
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 8, 2026
None of the response paths in `internal/web/` or `internal/api/` set the standard browser-security headers. `grep` for `Content-Security-Policy`, `X-Frame-Options`, `Strict-Transport-Security`, `X-Content-Type-Options`, `Referrer-Policy` returns zero matches across the codebase.

## Impact
The admin…

CVE-2026-47723
GitHub-GHSA

HIGH
nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml
GHSA-7hp6-g3pq-3pc3
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 8, 2026
`internal/configgen/generator.go:86,108,119` interpolates the operator-supplied `ListenHost` and `TunDevice` fields raw into a `text/template` that produces the agent's `config.yml`. `internal/web/advanced.go:20-35` accepts both with only `strings.TrimSpace` — no character or shape validation.

##…

CVE-2026-47722
GitHub-GHSA

HIGH
Routinator has cache path traversal when processing the module component of rsync URIs
GHSA-33mj-99mg-8g73
pkg: routinator
eco: rust
published: Jun 8, 2026
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.
CVE-2026-49233
GitHub-GHSA

HIGH
Routinator crashes when encountering maliciously crafted RRDP XML files
GHSA-5qf9-cf9c-hjc6
pkg: routinator
eco: rust
published: Jun 8, 2026
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
CVE-2026-49235
NVD

MEDIUM
CVE-2026-53523
CVE-2026-53523
pkg: oauth

published: Jun 12, 2026

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero valida…
CWE: CWE-601
GitHub-GHSA

MEDIUM
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
GHSA-239w-m3h6-ch8v
pkg: github.com/filebrowser/filebrowser/v2, github.com/filebrowser/filebrowser
eco: go
published: Jun 12, 2026
## Summary

File Browser enforces per-user scope with `afero.NewBasePathFs(afero.NewOsFs(), scope)`, set up in `users/users.go`. This blocks lexical `../` traversal, but it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a …

CVE-2026-54094
GitHub-GHSA

MEDIUM
Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()
GHSA-9r4w-jg96-92mv
pkg: github.com/google/go-attestation
eco: go
published: Jun 12, 2026
## Summary

`parseEfiSignatureList()` in `attest/internal/events.go` does not skip `SignatureHeaderSize` vendor bytes before reading `EFI_SIGNATURE_LIST` signature entries, violating UEFI specification section 31.4.1.

## Impact

For `hashSHA256SigGUID` lists, attacker-controlled vendor header bytes…

NVD

MEDIUM
CVE-2026-11628
CVE-2026-11628
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: Critical)
CWE: CWE-416
GitHub-GHSA

MEDIUM
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
GHSA-xmv7-r254-6q78
pkg: io.netty:netty-resolver-dns, io.netty:netty-resolver-dns
eco: maven
published: Jun 8, 2026
### Summary
Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack).

### Details
Two factors contribute to this vulnerability in io.n…

CVE-2026-45673
GitHub-GHSA

MEDIUM
LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access
GHSA-98xf-r82g-9mhx
pkg: @langchain/langgraph-checkpoint-mongodb
eco: npm
published: Jun 12, 2026
## Summary

A NoSQL injection vulnerability existed in `MongoDBSaver` where checkpoint identifier fields from `config.configurable` were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads (for example MongoDB operators like `$gt` and …

CVE-2026-48121
GitHub-GHSA

MEDIUM
Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint
GHSA-x4qr-qw6h-wvxq
pkg: github.com/fleetdm/fleet/v4
eco: go
published: Jun 12, 2026
### Summary

A vulnerability in Fleet's Apple MDM commands listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract sensitive values from joined database tables — including host enrollment secrets and Apple Push Notification Service (APNS) tokens — through …

CVE-2026-46371
GitHub-GHSA

MEDIUM
Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint
GHSA-vxm7-9x8v-8gm4
pkg: github.com/fleetdm/fleet/v4
eco: go
published: Jun 12, 2026
### Summary

A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets (`node_key`, `orbit_node_key`) through a cursor-based binary search oracle. The endpoint accepted a user-supplied `order_key` pa…

CVE-2026-46370
GitHub-GHSA

MEDIUM
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker
GHSA-wxq7-x3qp-vcr8
pkg: @budibase/backend-core
eco: npm
published: Jun 12, 2026
### Summary

The `buildMatcherRegex()` / `matches()` functions in `packages/backend-core/src/middleware/matchers.ts` share the same structural root cause as the recently patched CVE-2026-31816: route patterns are compiled into **unanchored regular expressions** and tested against `ctx.request.url`, …

CVE-2026-48147
GitHub-GHSA

MEDIUM
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
GHSA-x4r9-gmw3-hxww
pkg: org.geoserver.web:gs-web-app, org.geoserver:gs-main, org.geoserver:gs-main
eco: maven
published: Jun 12, 2026
### Summary
A GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF).

### Details
This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0):

#…

CVE-2025-58175
NVD

MEDIUM
CVE-2026-50630
CVE-2026-50630
pkg: apache cxf

published: Jun 12, 2026

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return (CR) and Line Feed (LF) characters. If an attacker can control the realm value, they can inje…
CWE: CWE-113
NVD

MEDIUM
CVE-2026-50623
CVE-2026-50623
pkg: apache cxf

published: Jun 12, 2026

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint (/services/oauth2/introspect) can be accessed by any unauthenticated network attacker. However note that th…
CWE: CWE-287
GitHub-GHSA

MEDIUM
Russh: Unchecked keyboard-interactive prompt count in client auth path
GHSA-g9g7-5cgw-6v28
pkg: russh
eco: rust
published: Jun 11, 2026
### Summary
In the `russh` client keyboard-interactive authentication path, a malicious SSH server could send a `USERAUTH_INFO_REQUEST` with an attacker-controlled prompt count, and the client would use that raw count directly in `Vec::with_capacity(…)` before validating that enough prompt data wa…
CVE-2026-48107
NVD

MEDIUM
CVE-2026-47157
CVE-2026-47157
pkg: python

published: Jun 11, 2026

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for example…
CWE: CWE-918
GitHub-GHSA

MEDIUM
python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
GHSA-9663-mqmp-p9mm
pkg: zeroconf
eco: pip
published: Jun 11, 2026
### Impact

`AsyncListener.handle_query_or_defer` retained every truncated (TC-bit) incoming query in `self._deferred[addr]` and armed a per-addr timer in `self._timers[addr]` that flushed the reassembled query within ~500 ms (RFC 6762 §18.5). Neither the per-addr list nor the number of distinct `a…

CVE-2026-48045
GitHub-GHSA

MEDIUM
@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects
GHSA-x426-x7cc-3fpc
pkg: @hapi/wreck
eco: npm
published: Jun 11, 2026
### Impact
Wreck strips credential headers (Authorization, Cookie, Proxy-Authorization) before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port. As a result, credentials are forwarded intact across same-host port changes and HTTPS-to-HTTP do…
CVE-2026-48022
GitHub-GHSA

MEDIUM
vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
GHSA-3ww4-5jv9-j5gm
pkg: vllm
eco: pip
published: Jun 10, 2026
### Summary

vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies `–revision` or `–code-revision` can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config fro…

CVE-2026-47155
NVD

MEDIUM
CVE-2026-45561
CVE-2026-45561
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes the URL path component verbatim into requests.get(f'http://{server_ip}:{agent_port}/…'). The path …
CWE: CWE-918
GitHub-GHSA

MEDIUM
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header
GHSA-xvfq-4q6q-gxx7
pkg: org.springframework.kafka:spring-kafka, org.springframework.kafka:spring-kafka, org.springframework.kafka:spring-kafka
eco: maven
published: Jun 10, 2026
When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError.

Affected versions:
Spring for Apache Kafka 4.0.0 th…

CVE-2026-41726
NVD

MEDIUM
CVE-2026-9741
CVE-2026-9741
pkg: express

published: Jun 9, 2026

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of cip…
CWE: CWE-319
NVD

MEDIUM
CVE-2026-42907
CVE-2026-42907
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: Jun 9, 2026

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CWE: CWE-200
NVD

MEDIUM
CVE-2026-42903
CVE-2026-42903
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
CWE: CWE-476
NVD

MEDIUM
CVE-2026-11658
CVE-2026-11658
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

MEDIUM
CVE-2026-11653
CVE-2026-11653
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

MEDIUM
CVE-2026-39908
CVE-2026-39908
pkg: windows

published: Jun 8, 2026

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application at…
CWE: CWE-522
NVD

MEDIUM
CVE-2026-40985
CVE-2026-40985
pkg: express

published: Jun 11, 2026

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions.

Affected versions:
Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1.

CWE: CWE-917
NVD

MEDIUM
CVE-2026-12210
CVE-2026-12210
pkg: python

published: Jun 15, 2026

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be u…
CWE: CWE-918
GitHub-GHSA

MEDIUM
FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions
GHSA-8ghr-w65f-j3qr
pkg: fuxa-server
eco: npm
published: Jun 8, 2026
## Summary

An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be restricted to administrators.

## Details

The Scheduler API did not correctly enforce administrator permissions when processing scheduler modifications.…

CVE-2026-47721
GitHub-GHSA

MEDIUM
GeoNode contains a server-side request forgery vulnerability in the service registration endpoint
GHSA-hw9r-6m78-w6h3
pkg: geonode, geonode
eco: pip
published: Jun 8, 2026
GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during…
CVE-2026-39922
NVD

MEDIUM
CVE-2026-42771
CVE-2026-42771
pkg: openssl

published: Jun 9, 2026

Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an
application to validate a crafted e-mail address, such as during S/MIME
message validation, an out of bounds read can happen.

Impact summary: This out of bounds read will not directly exfiltrate
the data read to the attacker so th…

CWE: CWE-125
NVD

MEDIUM
CVE-2026-41568
CVE-2026-41568
pkg: docker

published: Jun 12, 2026

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitrary …
CWE: CWE-81, CWE-367
NVD

MEDIUM
CVE-2026-47250
CVE-2026-47250
pkg: kubernetes

published: Jun 11, 2026

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes environ…
CWE: CWE-88
NVD

MEDIUM
CVE-2026-45566
CVE-2026-45566
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://{request.host}{next_url} and the JS client redirects via …
CWE: CWE-601
NVD

MEDIUM
CVE-2026-45560
CVE-2026-45560
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common/common.py:181-186) and highlight_word (app/modules/common/common.py:188-192) build raw HTML by string concatenation with no escaping. The frontend (app/…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-41715
CVE-2026-41715
pkg: react

published: Jun 9, 2026

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

Affected versions:
Reactor Netty 1.0.0 through 1.0.51; 1.1…

CWE: CWE-522
GitHub-GHSA

MEDIUM
gorest InMemorySecret2FA race condition allows process crash via concurrent map access (CWE-362)
GHSA-cpwg-x64r-rgwg
pkg: github.com/pilinux/gorest
eco: go
published: Jun 12, 2026
## Vulnerability: CWE-362 — Concurrent Map Access Race Condition in InMemorySecret2FA

**CWE:** CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization)

### Affected Component
– `github.com/pilinux/gorest` — Go REST API boilerplate
– InMemorySecret2FA — in-memory 2FA…

CVE-2026-48154
GitHub-GHSA

MEDIUM
Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header
GHSA-3qmc-cj7q-62hv
pkg: litestar
eco: pip
published: Jun 10, 2026
### Summary

`AllowedHostsMiddleware` trusts the `X-Forwarded-Host` header as a fallback when the `Host` header is absent. Since `X-Forwarded-Host` is a client-controllable header, an attacker can bypass the allowed hosts validation by omitting the `Host` header and supplying an `X-Forwarded-Host` h…

CVE-2026-48061
NVD

MEDIUM
CVE-2026-41696
CVE-2026-41696
pkg: express

published: Jun 10, 2026

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting.

Affected versions:
Spring Data MongoDB 5.0.0 t…

CWE: CWE-943
NVD

MEDIUM
CVE-2026-42767
CVE-2026-42767
pkg: openssl

published: Jun 9, 2026

Issue summary: An attacker-controlled CMP (Certificate Management Protocol)
server could trigger a NULL pointer dereference in a CMP client application.

Impact summary: A NULL pointer dereference causes a crash of the
application and a Denial of Service.

An attacker controlling a CMP server (or ac…

CWE: CWE-476
NVD

MEDIUM
CVE-2026-42766
CVE-2026-42766
pkg: openssl

published: Jun 9, 2026

Issue summary: A specially crafted password-encrypted CMS message
can trigger a NULL pointer dereference during CMS decryption.

Impact summary: This NULL pointer dereference leads to an application crash
and a Denial of Service.

The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined…

CWE: CWE-476
GitHub-GHSA

MEDIUM
Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset
GHSA-4mj9-pf4r-cqrc
pkg: kolibri
eco: pip
published: Jun 11, 2026
## Summary

Several Kolibri API endpoints accept an unvalidated `baseurl` parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the `RemoteFacilityUser*` viewsets; remediation review foun…

CVE-2026-48053
NVD

MEDIUM
CVE-2026-53723
CVE-2026-53723
pkg: node

published: Jun 11, 2026

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing the…
CWE: CWE-20, CWE-91
NVD

MEDIUM
CVE-2026-42915
CVE-2026-42915
pkg: microsoft windows_10_21h2, microsoft windows_10_22h2, microsoft windows_11_23h2

published: Jun 9, 2026

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
CWE: CWE-131
GitHub-GHSA

MEDIUM
Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
GHSA-xrvj-v92f-53gj
pkg: dulwich
eco: pip
published: Jun 8, 2026
## Impact

An uncontrolled-resource-consumption (memory exhaustion) denial-of-service vulnerability (CWE-400 / CWE-789).

A client with push access could push a tiny crafted thin pack (~174 bytes) whose delta header declares a huge dest_size. When dulwich ingested it via add_thin_pack / apply_de…

CVE-2026-47734
GitHub-GHSA

MEDIUM
nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)
GHSA-9pg3-25fq-p6cc
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 10, 2026
`internal/web/operators.go:251` — after `handleOperatorCreateAPIKey` mints a fresh 32-byte bearer token, the redirect points the operator's browser at:

/ui/operators/<id>?new_key=<raw-token>&key_name=<name>

The raw API key ends up:
– in the browser's URL history
– in the `Referer` header on …

CVE-2026-47768
NVD

MEDIUM
CVE-2026-42973
CVE-2026-42973
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CWE: CWE-200
NVD

MEDIUM
CVE-2026-42972
CVE-2026-42972
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
CWE: CWE-200
NVD

MEDIUM
CVE-2026-42971
CVE-2026-42971
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CWE: CWE-200
NVD

MEDIUM
CVE-2026-42970
CVE-2026-42970
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CWE: CWE-200
NVD

MEDIUM
CVE-2026-42969
CVE-2026-42969
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CWE: CWE-908
NVD

MEDIUM
CVE-2026-42968
CVE-2026-42968
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
CWE: CWE-125
NVD

MEDIUM
CVE-2026-42906
CVE-2026-42906
pkg: microsoft windows_10_21h2, microsoft windows_10_22h2, microsoft windows_11_23h2

published: Jun 9, 2026

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CWE: CWE-200
NVD

MEDIUM
CVE-2026-45581
CVE-2026-45581
pkg: tls

published: Jun 8, 2026

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in pl…
CWE: CWE-532
GitHub-GHSA

MEDIUM
Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization
GHSA-w22m-hvvm-xmwx
pkg: fabric
eco: npm
published: Jun 12, 2026
### Summary

A potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the `toSVG()` method.

Specifically, the `color` field within the `colorStops` array of a `fabric.Gradient` object is not properly esca…

CVE-2026-44311
NVD

MEDIUM
CVE-2026-53722
CVE-2026-53722
pkg: nuxt nuxt

published: Jun 12, 2026

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, <NuxtLink> did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying <a> element. When an application binds attacker-controll…
CWE: CWE-79, CWE-83
NVD

MEDIUM
CVE-2026-11666
CVE-2026-11666
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 9, 2026

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
GitHub-GHSA

MEDIUM
Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type
GHSA-w8p2-r796-3vmq
pkg: authlib, authlib
eco: pip
published: Jun 8, 2026
### Summary
Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response_type and supplies an attacker-controlled redirect_uri.

The vulnerable behavior happens before client lookup and before any redirect URI validation. …

CVE-2026-41479
NVD

MEDIUM
CVE-2026-50629
CVE-2026-50629
pkg: apache cxf

published: Jun 12, 2026

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgrade…
CWE: CWE-93
GitHub-GHSA

MEDIUM
Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input
GHSA-76r6-x97p-67vr
pkg: russh
eco: rust
published: Jun 11, 2026
### Summary

`russh` did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing pre-banner lines from clients, and the reader did not enforce a bounded number of pre-banner…

CVE-2026-48108
GitHub-GHSA

MEDIUM
@hapi/inert has a static-file confinement bypass via sibling-prefix path
GHSA-rcvq-m9j9-6f4g
pkg: @hapi/inert
eco: npm
published: Jun 11, 2026
### Impact
`@hapi/inert` serves static files from a directory configured with `path` (in the `directory` / `file` handlers) or `relativeTo` (for `h.file()`), with confinement enforced by the `confine` option (default `true`). Before the patch, the confinement check compared the resolved absolute pat…
CVE-2026-48049
GitHub-GHSA

MEDIUM
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
GHSA-c2gf-v879-257j
pkg: io.netty:netty-codec-http2, io.netty:netty-codec-http2
eco: maven
published: Jun 11, 2026
### Impact

The `DelegatingDecompressorFrameListener` class orchestrates HTTP/2 decompression by embedding a per-stream `EmbeddedChannel` that runs the appropriate decompression codec (gzip, deflate, zstd) and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled `B…

CVE-2026-48043
GitHub-GHSA

MEDIUM
joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas
GHSA-q7cg-457f-vx79
pkg: joi, joi
eco: npm
published: Jun 11, 2026
### Impact
Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas.

The blast radius depends on how the application invokes joi:
– Highest impact: `validate()` called without `try/catch` in a request handler would cause an unha…

CVE-2026-48038
NVD

MEDIUM
CVE-2026-48108
CVE-2026-48108
pkg: openssh

published: Jun 10, 2026

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing pre-banne…
CWE: CWE-20
GitHub-GHSA

MEDIUM
Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data
GHSA-vrmh-5mmx-hjwx
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 10, 2026
# Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data

**CWE**: CWE-285 (Improper Authorization) via CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-863 (Incorrect Authorization — inconsistent gating acr…

CVE-2026-49397
NVD

MEDIUM
CVE-2026-46543
CVE-2026-46543
pkg: node

published: Jun 10, 2026

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates ba…
CWE: CWE-617
NVD

MEDIUM
CVE-2026-42914
CVE-2026-42914
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: Jun 9, 2026

Windows Kerberos Denial of Service Vulnerability
CWE: CWE-125
NVD

MEDIUM
CVE-2026-42769
CVE-2026-42769
pkg: openssl

published: Jun 9, 2026

Issue Summary: An error in the callback used to verify the certificate
provided in a Root CA key update Certificate Management Protocol (CMP)
message response rendered the certificate validation ineffectual, which
could lead to escalation of credentials from the Registration Authority (RA)
level to …
CWE: CWE-295
NVD

MEDIUM
CVE-2026-41851
CVE-2026-41851
pkg: vmware spring_framework

published: Jun 9, 2026

Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded cache growth.

Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 th…

CWE: CWE-770
NVD

MEDIUM
CVE-2026-11696
CVE-2026-11696
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
NVD

MEDIUM
CVE-2026-11669
CVE-2026-11669
pkg: google chrome, google chrome_os

published: Jun 9, 2026

Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-472
GitHub-GHSA

MEDIUM
FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString
GHSA-h9fj-c2qr-76g2
pkg: fuxa-server
eco: npm
published: Jun 8, 2026
## Summary

The TDengine DAQ storage connector's `escapeTdString` at `server/runtime/storage/tdengine/index.js:10` doubles single quotes but does not escape backslashes. TDengine's SQL parser treats `\'` as a literal single quote inside a string, so a tag id of the form `x\' OR 1=1–` escapes the fi…

CVE-2026-47720
GitHub-GHSA

MEDIUM
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
GHSA-5x3r-wrvg-rp6q
pkg: io.netty:netty-codec-http2, io.netty:netty-codec-http2
eco: maven
published: Jun 8, 2026
### Impact
DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and Http2Settings never inserts SETTINGS_MAX_CONCURRENT_STREAMS by default (Http2Settings.java:305-307 only clamps a user-supplied value). Unless the application explicitly calls initialSe…
CVE-2026-47244
GitHub-GHSA

MEDIUM
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning
GHSA-8396-jffm-qx4w
pkg: github.com/openfga/openfga
eco: go
published: Jun 11, 2026
### Description
In OpenFGA, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request.

### Preconditions
This applies if the following preconditions are present:

– FGA runs with SharedI…

CVE-2026-48096
NVD

MEDIUM
CVE-2026-35188
CVE-2026-35188
pkg: tls

published: Jun 9, 2026

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering
a crafted response through the status_request extension, triggering a
double-free in the client's certificate verification path.

Impact summary: Successful exploitation allows an attacker to corrupt heap
memory via a doub…

CWE: CWE-415
NVD

MEDIUM
CVE-2026-50565
CVE-2026-50565
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet…
CWE: CWE-250, CWE-269, CWE-538
NVD

MEDIUM
CVE-2026-45559
CVE-2026-45559
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput,…
CWE: CWE-90
NVD

MEDIUM
CVE-2026-44490
CVE-2026-44490
pkg: axios

published: Jun 11, 2026

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process (e.g. lodash _.merge / CVE-2018-16487), axios silently picks up the p…
CWE: CWE-1321
NVD

MEDIUM
CVE-2026-45446
CVE-2026-45446
pkg: openssl

published: Jun 9, 2026

Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV
(RFC 8452) mishandle the authentication of AAD (Additional Authenticated
Data) with an empty ciphertext allowing a forgery of such messages.

Impact summary: An attacker can forge empty messages with arbitrary AAD
to the victim…

CWE: CWE-325
NVD

MEDIUM
CVE-2026-50569
CVE-2026-50569
pkg: kubernetes

published: Jun 10, 2026

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeUR…
CWE: CWE-20
NVD

MEDIUM
CVE-2026-45563
CVE-2026-45563
pkg: nginx

published: Jun 10, 2026

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in a…
CWE: CWE-639, CWE-863
NVD

MEDIUM
CVE-2026-11668
CVE-2026-11668
pkg: google chrome, google chrome_os, linux linux_kernel

published: Jun 9, 2026

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. (Chromium security severity: High)
CWE: CWE-457
NVD

MEDIUM
CVE-2026-11665
CVE-2026-11665
pkg: google chrome, microsoft windows

published: Jun 9, 2026

Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125
NVD

MEDIUM
CVE-2026-41714
CVE-2026-41714
pkg: tls

published: Jun 10, 2026

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://…") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification.

Affected versions:
Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.…

CWE: CWE-295
GitHub-GHSA

MEDIUM
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once
GHSA-w573-9ffj-6ff9
pkg: io.netty:netty-transport-native-epoll, io.netty:netty-transport-native-kqueue, io.netty:netty-transport-native-kqueue
eco: maven
published: Jun 8, 2026
netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` (line 940) — 24 bytes on 64-bit Linux. A peer-sent SCM_RIGHTS cmsg carrying two ints has cmsg_len = CMSG_LEN(8) = 24, which fits exactly with no MSG_CTRUNC, so the kernel installs both fds in the receiving process…
CVE-2026-45536
GitHub-GHSA

MEDIUM
pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams
GHSA-248m-82v9-q6g6
pkg: pypdf
eco: pip
published: Jun 12, 2026
### Impact

An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with `/W [0 0 0]` values and large `/Size` values.

### Patches

This has been fixed in [pypdf==6.12.0](https://github.com/py-pdf/pypdf/releases/tag/6.12.0).

### W…

CVE-2026-48156
GitHub-GHSA

MEDIUM
File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames
GHSA-gxjx-7m74-hcq8
pkg: github.com/filebrowser/filebrowser/v2, github.com/filebrowser/filebrowser
eco: go
published: Jun 12, 2026
### Summary
filebrowser builds the download-as-zip / download-as-tar archive entry names with `filepath.ToSlash`, which on a Linux host is a no-op for backslashes (`\` is only a path separator on Windows). A file whose name contains Windows-style traversal (`..\..\..\evil.txt`) is accepted by the re…
CVE-2026-54093
GitHub-GHSA

MEDIUM
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing
GHSA-vc8p-8pxg-rfwg
pkg: org.connectbot.sshlib:sshlib
eco: maven
published: Jun 12, 2026
## Summary

The DER parser used for application-supplied private keys did not safely validate encoded length values before converting them to `Int` values or allocating arrays.

A malformed private-key file could encode a length that overflowed or wrapped around, or request an allocation much larger…

GitHub-GHSA

MEDIUM
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation
GHSA-ch3q-cw5r-f4hg
pkg: org.connectbot.sshlib:sshlib
eco: maven
published: Jun 12, 2026
## Summary

The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit within the containing packet.

When a client connects to a malicious or compromised SSH server, the server can send a small, malformed packet containing an inne…

GitHub-GHSA

MEDIUM
PyO3 has a missing `Sync` bound on `PyCFunction::new_closure` closures
GHSA-chgr-c6px-7xpp
pkg: pyo3
eco: rust
published: Jun 12, 2026
`PyCFunction::new_closure` (and the temporary `new_closure_bound` complement in the 0.21–0.22 series) required the supplied closure to be `Send + 'static` but not `Sync`. The resulting `PyCFunction` is a Python callable that can be invoked from any Python thread, which means the closure may be cal…
GitHub-GHSA

MEDIUM
pypdf: Possible large memory usage for large offsets for layout mode text
GHSA-cj93-chg6-vgv8
pkg: pypdf
eco: pip
published: Jun 12, 2026
### Impact

An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets.

### Patches

This has been fixed in [pypdf==6.12.0](https://github.com/py-pdf/pypdf/releases/tag/6.12.0).

### Workaround…

CVE-2026-48155
GitHub-GHSA

MEDIUM
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
GHSA-cv96-5348-p5p8
pkg: @budibase/server
eco: npm
published: Jun 12, 2026
### Summary

The VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an arbitrary host value such as `169.254.169.254` or localhos…

CVE-2026-48148
GitHub-GHSA

MEDIUM
Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
GHSA-6964-pp88-6wp9
pkg: budibase
eco: npm
published: Jun 12, 2026
### Summary

The executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to target internal infrastructure, this creates a server-sid…

CVE-2026-48128
GitHub-GHSA

MEDIUM
netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access
GHSA-32hf-8jw3-v4qq
pkg: io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl
eco: maven
published: Jun 11, 2026
The netty-incubator-codec-ohttp library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations, provides a fallback path for direct ByteBufs that do not expose their memory address through `hasMemoryAddress()`…
CVE-2026-48040
GitHub-GHSA

MEDIUM
free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
GHSA-6gxq-gpr8-xgjp
pkg: github.com/free5gc/udr
eco: go
published: Jun 11, 2026
### Summary
The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input…
CVE-2026-47780
GitHub-GHSA

MEDIUM
PDM: Project-Local State and Config Writes Follow Symlinks
GHSA-ghq2-5c67-fprm
pkg: pdm
eco: pip
published: Jun 10, 2026
## Summary

PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets.

This creates an arbitrary file clobber primitive relative to the privileges of the …

CVE-2026-47763
GitHub-GHSA

MEDIUM
Incus has a Nil-Pointer Dereference Panic via Instance Backup Import (volume omitted)
GHSA-8g7m-96c8-8wwc
pkg: github.com/lxc/incus/v7
eco: go
published: Jun 10, 2026
## Summary

`(*backend).CreateInstanceFromBackup` in [`internal/server/storage/backend.go`](https://github.com/lxc/incus/blob/1513600/internal/server/storage/backend.go) contains a nil-pointer dereference that an authenticated user with permission to create instances in any project can trigger remot…

CVE-2026-47753
GitHub-GHSA

MEDIUM
nebula-mesh: Session and OIDC state cookies lack the Secure attribute
GHSA-rqfj-vv8r-xhqc
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 10, 2026
`internal/web/session.go` and `internal/web/oidc.go` set `HttpOnly` and `SameSite=Lax` on every cookie but never `Secure`. A single plaintext request to the origin (operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration) discloses the session.

## Affecte…

CVE-2026-48058
GitHub-GHSA

MEDIUM
nebula-mesh: Decrypted CA private key persists in heap after signing
GHSA-8h84-fhqq-q58v
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 10, 2026
`internal/pki/resolver.go:36-64` constructs a `CAManager` with the plaintext `ed25519.PrivateKey` after unwrapping via the master key; `internal/pki/ca.go:13-16` stores it. Callers at `internal/api/enroll.go:116`, `internal/api/updates.go:297`, and `internal/api/mobile_bundle.go:40` use the manager …
CVE-2026-48025
GitHub-GHSA

MEDIUM
@hulumi/baseline: AccountFoundation reuse paths silently downgrade GuardDuty / Security Hub posture
GHSA-cj8g-prcm-mfg5
pkg: @hulumi/baseline
eco: npm
published: Jun 10, 2026
**Affected:** `@hulumi/baseline` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** Medium — **CWE-693 (Protection Mechanism Failure)**

#### Summary

`AccountFoundation` can either create AWS detective services (GuardDuty for threat detection, Security Hub for compliance dashboards) or reuse p…

CVE-2026-48037
GitHub-GHSA

MEDIUM
Net::IMAP: Command Injection via ID command argument
GHSA-46q3-7gv7-qmgg
pkg: net-imap, net-imap
eco: rubygems
published: Jun 9, 2026
### Summary

Two `Net::IMAP` commands, `#id` and `#enable`, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands.

Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon.…

CVE-2026-47242
GitHub-GHSA

MEDIUM
Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument
GHSA-8p34-64r3-mwg8
pkg: net-imap, net-imap
eco: rubygems
published: Jun 9, 2026
Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals.

### Details

CVE-2026-47240
GitHub-GHSA

MEDIUM
actual Allows Electron to Run As Node
GHSA-7rvm-xjpp-63r9
pkg: actual
eco: npm
published: Jun 8, 2026
## Summary

A electron run as node vulnerability was identified in `actual` (macOS application, version `25.x (Electron 39.2.7)`).

**Vulnerability Type:** Electron Run As Node

## Description

ELECTRON_RUN_AS_NODE fuse enabled (Electron 39.2.7) — app can be converted to Node.js REPL for arbitrary…

CVE-2026-42890


Vulnerability Digest — June 8, 2026 · 43 Critical · 4 Exploited






Vulnerability Digest — Monday, June 8, 2026


Security Report

Monday, June 8, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
287
Critical
43
High
149
Actively Exploited
4
CISA-KEV4
NVD180
GitHub-GHSA103
Findings sorted by severity
CISA-KEV

CRITICAL
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
CVE-2026-28318
pkg: SolarWinds Serv-U

published: Jun 5, 2026

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
CVE-2026-45247
pkg: Mirasvit Mirasvit Full Page Cache Warmer

published: Jun 3, 2026

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Linux Kernel Improper Authentication Vulnerability
CVE-2022-0492
pkg: Linux Kernel

published: Jun 2, 2026

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Android Framework Integer Overflow Vulnerability
CVE-2025-48595
pkg: Android Framework

published: Jun 2, 2026

Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NVD

CRITICAL
CVE-2026-46389
CVE-2026-46389
pkg: kubernetes

published: Jun 5, 2026

UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the `client-kubernetes-secret` Keycloak client authenticator (shipped by `uds-identity-config` and con…
CWE: CWE-287, CWE-303
GitHub-GHSA

CRITICAL
DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
GHSA-8v3q-9vmx-36vc
pkg: dbgate-serve
eco: npm
published: Jun 5, 2026
### Summary
DbGate's JSON script runner (`POST /runners/start`) allows remote code execution via code injection in the `functionName` parameter of JSON script `assign` commands. The `functionName` value is interpolated directly into dynamically generated JavaScript source code via string concatenati…
CVE-2026-47668
NVD

CRITICAL
CVE-2026-40965
CVE-2026-40965
pkg: jwt

published: Jun 1, 2026

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JW…
CWE: CWE-200
NVD

CRITICAL
CVE-2026-45131
CVE-2026-45131
pkg: docker

published: Jun 1, 2026

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens witho…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-43986
CVE-2026-43986
pkg: python

published: Jun 4, 2026

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>` route that resolves attacker-controlled entries from `image_hash_lookup` and replays them through the same server-side image fetch logic used by authenticated image…
CWE: CWE-918
NVD

CRITICAL
CVE-2025-71316
CVE-2025-71316
pkg: windows

published: Jun 4, 2026

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterp…
CWE: CWE-176
GitHub-GHSA

CRITICAL
Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass
GHSA-chq7-94j8-cj28
pkg: jupyter_enterprise_gateway
eco: pip
published: Jun 3, 2026
### Summary

Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root).
This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted `KERNEL_UID` or `KERNEL_GID` value.

CVE-2026-44180
NVD

CRITICAL
CVE-2026-36576
CVE-2026-36576
pkg: docker

published: Jun 3, 2026

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.
CWE: CWE-78
GitHub-GHSA

CRITICAL
When Vitest UI server is listening, arbitrary file can be read and executed
GHSA-5xrq-8626-4rwp
pkg: vitest
eco: npm
published: Jun 1, 2026
### Summary
Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network.

### Impact
Only users that match either of the following conditions are affected:

– explicitly exposes the Vitest UI server to the network (using `–api.host` or [`api.host…

CVE-2026-47429
NVD

CRITICAL
CVE-2026-45758
CVE-2026-45758
pkg: python

published: Jun 5, 2026

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026 may be affected. Security r…
CWE: CWE-506
NVD

CRITICAL
CVE-2026-11112
CVE-2026-11112
pkg: linux

published: Jun 4, 2026

Insufficient validation of untrusted input in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Medium)
CWE: CWE-20, CWE-20
NVD

CRITICAL
CVE-2026-11094
CVE-2026-11094
pkg: windows

published: Jun 4, 2026

Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416, CWE-416
NVD

CRITICAL
CVE-2026-11070
CVE-2026-11070
pkg: windows

published: Jun 4, 2026

Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Medium)
CWE: CWE-20, CWE-20
NVD

CRITICAL
CVE-2026-11063
CVE-2026-11063
pkg: windows

published: Jun 4, 2026

Insufficient validation of untrusted input in WebNN in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-20, CWE-20
NVD

CRITICAL
CVE-2026-11056
CVE-2026-11056
pkg: windows

published: Jun 4, 2026

Insufficient validation of untrusted input in SiteIsolation in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-20, CWE-20
NVD

CRITICAL
CVE-2026-11052
CVE-2026-11052
pkg: windows

published: Jun 4, 2026

Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-843, CWE-843
NVD

CRITICAL
CVE-2026-11047
CVE-2026-11047
pkg: windows

published: Jun 4, 2026

Inappropriate implementation in Base in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-20, CWE-20
NVD

CRITICAL
CVE-2026-11009
CVE-2026-11009
pkg: windows

published: Jun 4, 2026

Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-10972
CVE-2026-10972
pkg: google chrome, linux linux_kernel

published: Jun 4, 2026

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416, CWE-416
NVD

CRITICAL
CVE-2026-10971
CVE-2026-10971
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

CRITICAL
CVE-2026-10892
CVE-2026-10892
pkg: google chrome, google android

published: Jun 4, 2026

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-787, CWE-787
NVD

CRITICAL
CVE-2026-10886
CVE-2026-10886
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-10881
CVE-2026-10881
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-125, CWE-787
GitHub-GHSA

CRITICAL
Supply chain compromise via malicious @cap-js/openapi
GHSA-jpvj-wpmj-h7rv
pkg: @cap-js/openapi
eco: npm
published: Jun 4, 2026
### Impact

On May 19, 2026, a compromised version of @cap-js/openapi@1.4.1 was published.
The malicious packages harvested credentials and attempted self-propagation.
If a compromised version was installed, all credentials accessible on that machine (npm tokens, cloud provider credentials, SSH keys…

NVD

CRITICAL
CVE-2026-10840
CVE-2026-10840
pkg: tls

published: Jun 4, 2026

A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluste…
CWE: CWE-732
NVD

CRITICAL
CVE-2026-5241
CVE-2026-5241
pkg: huggingface transformers

published: Jun 3, 2026

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent remote code execution, i…
CWE: CWE-829
NVD

CRITICAL
CVE-2026-32625
CVE-2026-32625
pkg: librechat librechat

published: Jun 2, 2026

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any auth…
CWE: CWE-200
GitHub-GHSA

CRITICAL
praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members
GHSA-8g2p-pqm3-fcfh
pkg: praisonai-platform
eco: pip
published: Jun 1, 2026
## Summary

**Type:** Privilege escalation / cross-tenant member injection. The `POST /workspaces/{workspace_id}/members` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`) and forwards the request body's `user_id` and `role` straight into `MemberService…

CVE-2026-47413
GitHub-GHSA

CRITICAL
Vitest browser mode serves unsanitized otelCarrier query parameter as inline script
GHSA-2h32-95rg-cppp
pkg: @vitest/browser, @vitest/browser
eco: npm
published: Jun 1, 2026
## Summary

Vitest browser mode served `/__vitest_test__/` with the `otelCarrier` query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in t…

CVE-2026-47428
NVD

CRITICAL
CVE-2026-50208
CVE-2026-50208
pkg: acer connect_m6e_5g_firmware, acer connect_m6e_5g

published: Jun 4, 2026

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.
CWE: CWE-330
GitHub-GHSA

CRITICAL
NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)
GHSA-p462-prxw-mjx4
pkg: ait-core, ait-core
eco: pip
published: Jun 5, 2026
## 1. Summary

The Binary Stream Capture (BSC) component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can:

– **Bypass the configured log root** and direct BSC to log to **arbit…

CVE-2026-47731
NVD

CRITICAL
CVE-2026-46266
CVE-2026-46266
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP

Yizhou Zhao reported that simply having one RAW socket on protocol
IPPROTO_RAW (255) was dangerous.

socket(AF_INET, SOCK_RAW, 255);

A malicious incoming ICMP packet c…

NVD

CRITICAL
CVE-2026-46244
CVE-2026-46244
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_inner: Fix IPv6 inner_thoff desync

In nft_inner_parse_l2l3(), when processing inner IPv6 packets,
ipv6_find_hdr() correctly computes the transport header offset
traversing all extension headers, but the result is im…

NVD

CRITICAL
CVE-2026-22872
CVE-2026-22872
pkg: projectcapsule capsule

published: Jun 1, 2026

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant admini…
CWE: CWE-20, CWE-863
GitHub-GHSA

CRITICAL
Authenticated Remote Code Execution via loadReader functionName code injection in DbGate
GHSA-wm5r-5qp3-5vxf
pkg: dbgate-api
eco: npm
published: Jun 5, 2026
### Summary

DbGate is vulnerable to authenticated Remote Code Execution (RCE). Any user with valid DbGate credentials can execute arbitrary OS commands as root by exploiting an unsanitized `functionName` parameter in the `/runners/load-reader` endpoint. The `require = null` mitigation is trivially …

CVE-2026-47670
GitHub-GHSA

CRITICAL
DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE
GHSA-h535-j5hr-mv56
pkg: dbgate
eco: npm
published: Jun 5, 2026
The `unzipDirectory()` function in `packages/api/src/shell/unzipDirectory.js` (line 27) does not validate that extracted file paths stay within the output directory. A malicious ZIP with `../` entries writes files anywhere on the filesystem.

In the default Docker deployment, DbGate runs as root and…

CVE-2026-47669
GitHub-GHSA

CRITICAL
MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper
GHSA-4p62-hqp5-g644
pkg: stata-mcp
eco: pip
published: Jun 4, 2026
### Summary
The `log_file_name` parameter in the `stata_do` API and CLI is directly interpolated into a Stata command string without sanitization. The security guard (`GuardValidator`) only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata command…
CVE-2026-47708
GitHub-GHSA

CRITICAL
Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering
GHSA-cfw7-6c5v-2wjq
pkg: jupyter_enterprise_gateway
eco: pip
published: Jun 3, 2026
### Summary

The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like `securityContext` and inject multi-document YAML to create additional unintended Kubernetes resources.

### Details

The server interpo…

CVE-2026-44182
GitHub-GHSA

CRITICAL
Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution
GHSA-f49j-v924-fx9w
pkg: jupyter_enterprise_gateway
eco: pip
published: Jun 3, 2026
### Summary

The environment variables (`KERNEL_XXX`) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI).
By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service.
The …

CVE-2026-44181
NVD

HIGH
CVE-2026-43984
CVE-2026-43984
pkg: python

published: Jun 4, 2026

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The ad…
CWE: CWE-79
NVD

HIGH
CVE-2026-49492
CVE-2026-49492
pkg: windows

published: Jun 5, 2026

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document – the diagram filename attribute, imported file paths, and the latex_engine code-chunk attribute. On Windows, a crafted mark…
CWE: CWE-78
GitHub-GHSA

HIGH
DbGate: Remote Code Execution via functionName injection in loadReader endpoint
GHSA-hv83-ggc4-v385
pkg: dbgate-api
eco: npm
published: Jun 5, 2026
### Summary

The `POST /runners/load-reader` endpoint in DbGate accepts a `functionName` parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user (with basic access, no special permissions required) can inject arbitrary Jav…

CVE-2026-48017
NVD

HIGH
CVE-2026-11147
CVE-2026-11147
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-11117
CVE-2026-11117
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-11074
CVE-2026-11074
pkg: google chrome, linux linux_kernel

published: Jun 4, 2026

Use after free in WebRTC in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-11071
CVE-2026-11071
pkg: linux

published: Jun 4, 2026

Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416, CWE-416
NVD

HIGH
CVE-2026-11060
CVE-2026-11060
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-11055
CVE-2026-11055
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-11041
CVE-2026-11041
pkg: windows

published: Jun 4, 2026

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-20
NVD

HIGH
CVE-2026-11028
CVE-2026-11028
pkg: google chrome, google chrome_os, linux linux_kernel

published: Jun 4, 2026

Use after free in Media in Google Chrome on Linux and ChromeOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-11000
CVE-2026-11000
pkg: google chrome, linux linux_kernel

published: Jun 4, 2026

Use after free in Fonts in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-10978
CVE-2026-10978
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10955
CVE-2026-10955
pkg: windows

published: Jun 4, 2026

Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-843, CWE-843
NVD

HIGH
CVE-2026-10914
CVE-2026-10914
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10913
CVE-2026-10913
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10910
CVE-2026-10910
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-843
NVD

HIGH
CVE-2026-10907
CVE-2026-10907
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-787
NVD

HIGH
CVE-2026-10904
CVE-2026-10904
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20, CWE-94, CWE-119
NVD

HIGH
CVE-2026-10903
CVE-2026-10903
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10902
CVE-2026-10902
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10897
CVE-2026-10897
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-787, CWE-787
NVD

HIGH
CVE-2026-10896
CVE-2026-10896
pkg: google chrome, apple iphone_os

published: Jun 4, 2026

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10895
CVE-2026-10895
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10893
CVE-2026-10893
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CWE: CWE-416, CWE-416
NVD

HIGH
CVE-2026-10891
CVE-2026-10891
pkg: google chrome, linux linux_kernel

published: Jun 4, 2026

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10890
CVE-2026-10890
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10888
CVE-2026-10888
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10885
CVE-2026-10885
pkg: google chrome, apple iphone_os

published: Jun 4, 2026

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10883
CVE-2026-10883
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-787
NVD

HIGH
CVE-2026-10882
CVE-2026-10882
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-43985
CVE-2026-43985
pkg: jwt

published: Jun 4, 2026

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate` as a state-changing administrator endpoint, but the route does not enforce `POST` and does not use any anti-CSRF token. In the default form and JWT-based authentication mode,…
CWE: CWE-352
NVD

HIGH
CVE-2026-41860
CVE-2026-41860
pkg: openssl

published: Jun 4, 2026

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling an attacker to intercept traffic between bosh-monitor and the …
CWE: CWE-326
GitHub-GHSA

HIGH
browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler
GHSA-6vr3-7wcx-v5g5
pkg: browserstack-runner
eco: npm
published: Jun 3, 2026
### Summary

The HTTP handler `/_log` in `lib/server.js` (lines 491–515) of browserstack-runner passes unauthenticated user-supplied data to `vm.runInNewContext()` combined with `eval()`, enabling a sandbox escape and arbitrary code execution on the host system.

### Details

When `browserstack-ru…

CVE-2026-49143
NVD

HIGH
CVE-2026-46264
CVE-2026-46264
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/pf: Fix sysfs initialization

In case of devm_add_action_or_reset() failure the provided cleanup
action will be run immediately on the not yet initialized kobject.
This may lead to errors like:

[ ] kobject: '(null)' (ff110…

NVD

HIGH
CVE-2026-49143
CVE-2026-49143
pkg: node

published: Jun 2, 2026

BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContext(…
CWE: CWE-94
GitHub-GHSA

HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection
GHSA-vg35-5wq7-3x7w
pkg: tinymce, tinymce, tinymce
eco: npm
published: Jun 5, 2026
### Impact
Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted `data-mce-*` attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled.

### Patches
This vulnerability has been patched in TinyMCE 8.5.1,…

CVE-2026-47761
GitHub-GHSA

HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments
GHSA-v98h-vmpc-fpqv
pkg: tinymce, tinymce, tinymce
eco: npm
published: Jun 5, 2026
### Impact
Stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option.

### Patches
Patched by validating decoded mce:protected content against configured p…

CVE-2026-47762
GitHub-GHSA

HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes
GHSA-q742-qvgc-gc2f
pkg: tinymce, tinymce, tinymce
eco: npm
published: Jun 5, 2026
### Impact
Stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation.

### Patches
Patched by stripping unsafe data-mce-* attribute…

CVE-2026-47759
GitHub-GHSA

HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs
GHSA-mh5m-5hw4-5c69
pkg: tinymce, TinyMCE, tinymce/tinymce
eco: npm
published: Jun 5, 2026
### Impact
TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested <svg> elements can bypass attribute sanitization and execute arbitrary JavaScript.

### Patches
This issue affects TinyMCE 6.8.x-7.0.x. The vulnerab…

CVE-2026-47760
NVD

HIGH
CVE-2026-46392
CVE-2026-46392
pkg: node

published: Jun 5, 2026

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML…
CWE: CWE-178, CWE-434
GitHub-GHSA

HIGH
Docling Core: Unsafe remote filename resolution
GHSA-jmmv-h3mp-59v8
pkg: docling-core
eco: pip
published: Jun 3, 2026
### Impact
In versions `>= 1.5.0, < 2.74.1`, `docling-core` did not sufficiently restrict remote request destinations and could resolve a server-provided `Content-Disposition` to a local path in an unsafe manner.

In applications that accept untrusted URLs, this could allow SSRF attacks targeting lo…

CVE-2026-44023
NVD

HIGH
CVE-2026-46273
CVE-2026-46273
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

ibmveth: Disable GSO for packets with small MSS

Some physical adapters on Power systems do not support segmentation
offload when the MSS is less than 224 bytes. Attempting to send such
packets causes the adapter to freeze, stoppin…

NVD

HIGH
CVE-2026-46270
CVE-2026-46270
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

power: supply: rt9455: Fix use-after-free in power_supply_changed()

Using the `devm_` variant for requesting IRQ _before_ the `devm_`
variant for allocating/registering the `power_supply` handle, means that
the `power_supply` hand…

NVD

HIGH
CVE-2026-46251
CVE-2026-46251
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix block_group_tree dirty_list corruption

When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the
block group tree to the switch_commits list before calling
switch_commit_roots, as we do for the tree root …

NVD

HIGH
CVE-2025-5088
CVE-2025-5088
pkg: tls

published: Jun 5, 2026

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including authenticat…
CWE: CWE-269
GitHub-GHSA

HIGH
praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
GHSA-7p8g-6c6g-h9w7
pkg: praisonai-platform
eco: pip
published: Jun 5, 2026
## Summary

**Type:** Insecure Direct Object Reference. The agent CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/agents/{agent_id}`) gate access on `require_workspace_member(workspace_id)` only, then resolve `agent_id` through `AgentService.get(agent_id)` which is a primary-key loo…

CVE-2026-47419
NVD

HIGH
CVE-2026-10940
CVE-2026-10940
pkg: windows

published: Jun 4, 2026

Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-362
NVD

HIGH
CVE-2026-10933
CVE-2026-10933
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Use after free in Audio in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10919
CVE-2026-10919
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10918
CVE-2026-10918
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10917
CVE-2026-10917
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-10915
CVE-2026-10915
pkg: google chrome, apple iphone_os

published: Jun 4, 2026

Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10911
CVE-2026-10911
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-10909
CVE-2026-10909
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10908
CVE-2026-10908
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10905
CVE-2026-10905
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10898
CVE-2026-10898
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-121
NVD

HIGH
CVE-2026-10894
CVE-2026-10894
pkg: google chrome, linux linux_kernel

published: Jun 4, 2026

Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10889
CVE-2026-10889
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-125
NVD

HIGH
CVE-2026-10884
CVE-2026-10884
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
GitHub-GHSA

HIGH
Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project
GHSA-m8xg-8xg9-mxhm
pkg: github.com/nuclio/nuclio
eco: go
published: Jun 4, 2026
This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user (without membership in the target project) to bypass OPA authorization checks on write paths (`PUT /api/projects/{id}`, `DELETE /api/projects`) and modify or delete any project along with all its …
CVE-2026-45730
GitHub-GHSA

HIGH
praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR
GHSA-xwq8-frcg-77q8
pkg: praisonai-platform
eco: pip
published: Jun 1, 2026
## Summary

**Type:** Insecure Direct Object Reference. The issue CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/issues/{issue_id}`) gate access on `require_workspace_member(workspace_id)` only, then resolve `issue_id` through `IssueService.get(issue_id)` which is a primary-key loo…

CVE-2026-47415
NVD

HIGH
CVE-2019-25745
CVE-2019-25745
pkg: go

published: Jun 4, 2026

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid' values…
CWE: CWE-89
GitHub-GHSA

HIGH
Docling: Unsafe Playwright-based HTML Rendering
GHSA-pj2v-ggqh-cmq2
pkg: docling
eco: pip
published: Jun 3, 2026
### Impact
In versions `>= 2.82.0, < 2.91.0`, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. …
CVE-2026-44016
NVD

HIGH
CVE-2026-45302
CVE-2026-45302
pkg: node

published: Jun 1, 2026

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with …
CWE: CWE-1321
GitHub-GHSA

HIGH
DOMPurify XSS via selectedcontent re-clone
GHSA-87xg-pxx2-7hvx
pkg: dompurify
eco: npm
published: Jun 1, 2026
### Summary
DOMPurify 3.4.4 allows `selectedcontent` by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify.

### Details
The chain is as follows:
1. The browser parses the input and creates a `<selectedcontent>` clone from the s…

CVE-2026-47423
NVD

HIGH
CVE-2026-10887
CVE-2026-10887
pkg: google chrome, apple macos

published: Jun 4, 2026

Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CWE: CWE-416
GitHub-GHSA

HIGH
Docling Core: Insufficient validation of image reference URIs
GHSA-j5xp-7m2f-49jv
pkg: docling-core
eco: pip
published: Jun 3, 2026
### Impact
In versions `>= 2.5.0, < 2.74.1`, `docling-core` could allow local `file://` image references and accepted inline `data:` content without a decoded-size limit.

In applications that accept untrusted image references, this may allow access to local files readable by the process or excessi…

CVE-2026-44019
GitHub-GHSA

HIGH
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
GHSA-49rj-9fvp-4h2h
pkg: react-router
eco: npm
published: Jun 3, 2026
When using React Router v7 in [Framework Mode](https://reactrouter.com/start/modes#framework), there exists a combination of steps that could potentially allow unauthorized RCE through external requests. This first requires the application code to have an existing prototype pollution vulnerability.…
CVE-2026-42211
NVD

HIGH
CVE-2026-42211
CVE-2026-42211
pkg: shopify react-router

published: Jun 2, 2026

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through external requests. This attack requires the application code to have an existing prototype pollution vulner…
CWE: CWE-502
GitHub-GHSA

HIGH
praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}
GHSA-g8rr-7rj2-f627
pkg: praisonai-platform
eco: pip
published: Jun 1, 2026
## Summary

**Type:** Authorization bypass enabling destructive action. The `DELETE /workspaces/{workspace_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member of the workspace can issue a single DELETE to wipe the entire workspace, includ…

CVE-2026-47412
GitHub-GHSA

HIGH
praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR
GHSA-cp4f-5m9r-5jc2
pkg: praisonai-platform
eco: pip
published: Jun 1, 2026
## Summary

**Type:** Insecure Direct Object Reference. The comment endpoints (`POST /workspaces/{workspace_id}/issues/{issue_id}/comments` and `GET …/comments`) gate access on `require_workspace_member(workspace_id)` only, then call `CommentService.create(issue_id=issue_id, …)` and `CommentServ…

CVE-2026-47417
GitHub-GHSA

HIGH
praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR
GHSA-943m-6wx2-rc2j
pkg: praisonai-platform
eco: pip
published: Jun 1, 2026
## Summary

**Type:** Insecure Direct Object Reference. The project CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/projects/{project_id}` and `GET …/{project_id}/stats`) gate access on `require_workspace_member(workspace_id)` only, then resolve `project_id` through `ProjectServic…

CVE-2026-47418
NVD

HIGH
CVE-2026-45745
CVE-2026-45745
pkg: tls

published: Jun 5, 2026

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured Te…
CWE: CWE-295
GitHub-GHSA

HIGH
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
GHSA-8646-j5j9-6r62
pkg: react-router
eco: npm
published: Jun 3, 2026
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources

> [!NOTE]
> This only impacts your application if you are using the unstable RSC APIs in React Router.

CVE-2026-33245
NVD

HIGH
CVE-2026-33245
CVE-2026-33245
pkg: shopify react-router

published: Jun 2, 2026

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS) vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not …
CWE: CWE-79
NVD

HIGH
CVE-2026-11103
CVE-2026-11103
pkg: windows

published: Jun 4, 2026

Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
CWE: CWE-269
NVD

HIGH
CVE-2026-10942
CVE-2026-10942
pkg: windows

published: Jun 4, 2026

Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-41859
CVE-2026-41859
pkg: openssl

published: Jun 4, 2026

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access. UsersSync#bosh_ap…
CWE: CWE-295
NVD

HIGH
CVE-2026-46271
CVE-2026-46271
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: do WoW offloads only on primary link

In case of multi-link connection, WCN7850 firmware crashes due to WoW
offloads enabled on both primary and secondary links.

Change to do it only on primary link to fix it.

Teste…

NVD

HIGH
CVE-2026-46263
CVE-2026-46263
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix out-of-bounds stream encoder index v3

eng_id can be negative and that stream_enc_regs[]
can be indexed out of bounds.

eng_id is used directly as an index into stream_enc_regs[], which has
only 5 entries. When…

NVD

HIGH
CVE-2026-46260
CVE-2026-46260
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Fix out-of-bound access in fib6_add_rt2node().

syzbot reported out-of-bound read in fib6_add_rt2node(). [0]

When IPv6 route is created with RTA_NH_ID, struct fib6_info
does not have the trailing struct fib6_nh.

The cited c…

NVD

HIGH
CVE-2026-46259
CVE-2026-46259
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

procfs: fix missing RCU protection when reading real_parent in do_task_stat()

When reading /proc/[pid]/stat, do_task_stat() accesses task->real_parent
without proper RCU protection, which leads to:

cpu 0 …

NVD

HIGH
CVE-2026-46253
CVE-2026-46253
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

pstore/ram: fix buffer overflow in persistent_ram_save_old()

persistent_ram_save_old() can be called multiple times for the same
persistent_ram_zone (e.g., via ramoops_pstore_read -> ramoops_get_next_prz
for PSTORE_TYPE_DMESG reco…

NVD

HIGH
CVE-2026-40290
CVE-2026-40290
pkg: trustedfirmware op-tee

published: Jun 3, 2026

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free (UAF) race condition exists in the shared memory teardown logic of FF-A …
CWE: CWE-416
NVD

HIGH
CVE-2022-49036
CVE-2022-49036
pkg: openssl

published: Jun 3, 2026

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.
CWE: CWE-829
NVD

HIGH
CVE-2026-8501
CVE-2026-8501
pkg: windows

published: Jun 1, 2026

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit thi…
CWE: CWE-782
GitHub-GHSA

HIGH
Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
GHSA-q4x5-8cj6-52wg
pkg: @sync-in/server
eco: npm
published: Jun 5, 2026
Summary:
The private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1), allowing SSRF protection to be bypassed on dual-stack systems.

Affected components

backend/src/applications/files/services/files-manager.service.ts – downlo…

CVE-2026-47684
GitHub-GHSA

HIGH
Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService
GHSA-wv8c-6mx2-xf4j
pkg: github.com/siderolabs/omni, github.com/siderolabs/omni
eco: go
published: Jun 5, 2026
## Summary

Omni supports importing standalone Talos clusters.

During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported.

If these secrets are not rotated by the importing actor, an authenticated Omni user with Read…

CVE-2026-45726
NVD

HIGH
CVE-2026-41234
CVE-2026-41234
pkg: tls

published: Jun 4, 2026

Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record l…
CWE: CWE-74
GitHub-GHSA

HIGH
Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending
GHSA-cq3f-vc6p-68fh
pkg: better-auth
eco: npm
published: Jun 4, 2026
### Am I affected?

You are affected if all of the following are true:

– You use `better-auth` at a version `>= 1.6.0, < 1.6.11`.
– The `deviceAuthorization` plugin is enabled in your auth config (`deviceAuthorization()` in your `plugins` array).
– A third party can observe a pending user code befo…

CVE-2026-45337
NVD

HIGH
CVE-2026-49494
CVE-2026-49494
pkg: windows

published: Jun 7, 2026

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixed header's payload length field) by the size of each IPv6 extension header without validating it, so …
CWE: CWE-191
NVD

HIGH
CVE-2026-46493
CVE-2026-46493
pkg: node

published: Jun 5, 2026

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.
CWE: CWE-338
GitHub-GHSA

HIGH
Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) – potential chain halt
GHSA-rm5c-5x2p-48wr
pkg: github.com/klever-io/klever-go
eco: go
published: Jun 5, 2026
## Summary
Every transaction gossiped on the klever-go P2P network is decoded and validated
synchronously inside the libp2p pubsub topic-validator callback. The validator
`txVersionChecker.CheckTxVersion` dereferences `tx.RawData.Version` with no nil
check. A protobuf `Transaction` whose embedded `R…
GitHub-GHSA

HIGH
klever-go: REST API slow-header connection exhaustion via Gin Engine.Run
GHSA-w4c6-7r69-w7j9
pkg: github.com/klever-io/klever-go
eco: go
published: Jun 5, 2026
### Summary

The Klever seednode REST API starts a Gin engine with `Engine.Run(restAPIInterface)`. In Gin v1.9.1, `Engine.Run` calls Go's default `http.ListenAndServe`, which constructs an HTTP server without application-level `ReadHeaderTimeout`, `ReadTimeout`, or `MaxHeaderBytes` limits.

An unaut…

GitHub-GHSA

HIGH
klever-go: Unbounded goroutine spawn on direct-message ingress enables peer-driven DoS
GHSA-hf2g-6j7h-98wg
pkg: github.com/klever-io/klever-go
eco: go
published: Jun 5, 2026
### Summary

`networkMessenger.directMessageHandler` in `network/p2p/libp2p/netMessenger.go` spawns a fresh goroutine for every incoming direct message before the antiflood layer makes an admission decision. There is no semaphore, throttler, or bound on concurrent in-flight spawns.

A single connect…

GitHub-GHSA

HIGH
wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
GHSA-2r75-cxrj-cmph
pkg: wasmtime-wasi, wasmtime-wasi, wasmtime-wasi
eco: rust
published: Jun 5, 2026
## Summary

In `wasmtime-wasi`, when a filesystem preopen is given `DirPerms::all()` and `FilePerms::READ` without `FilePerms::WRITE`, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 `descriptor.open-at` or wasip1 `path_open` interfaces by opening a file wit…

CVE-2026-47261
GitHub-GHSA

HIGH
Klever-Go KVM: Hash-array amplification in P2P resolver request handling
GHSA-w342-mj6g-v9c4
pkg: github.com/klever-io/klever-go
eco: go
published: Jun 5, 2026
### Summary
A connected peer can send a compressed `RequestDataType_HashArrayType` direct request that is only `442` bytes on the wire but expands into `200000` decoded hash entries inside the resolver path. On `klever-go` `v1.7.17`, this allows remote memory and CPU amplification against nodes that…
CVE-2026-47249
NVD

HIGH
CVE-2026-11058
CVE-2026-11058
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-472
NVD

HIGH
CVE-2026-10906
CVE-2026-10906
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-10901
CVE-2026-10901
pkg: google chrome, apple macos

published: Jun 4, 2026

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10900
CVE-2026-10900
pkg: google chrome, apple macos

published: Jun 4, 2026

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10899
CVE-2026-10899
pkg: google chrome, linux linux_kernel

published: Jun 4, 2026

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10796
CVE-2026-10796
pkg: openjsf node_version_manager

published: Jun 4, 2026

nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as `nvm install` read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URL…
CWE: CWE-78
GitHub-GHSA

HIGH
Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed compressed batches (DoS)
GHSA-74m6-4hjp-7226
pkg: github.com/klever-io/klever-go
eco: go
published: Jun 4, 2026
## Publisher note

**Fixed in `v1.7.17`.** Operators running `< v1.7.17` should upgrade. The decompression-error path in `MultiDataInterceptor.ProcessReceivedMessage` now releases the global throttler slot before returning (guarded `defer` after `StartProcessing()`, disabled when the asynchronous go…

GitHub-GHSA

HIGH
React Router vulnerable to Denial of Service via reflected user input in single-fetch
GHSA-rxv8-25v2-qmq8
pkg: react-router, turbo-stream
eco: npm
published: Jun 4, 2026
A DoS vulnerability exists in the React Router v7 [Framework Mode](https://reactrouter.com/start/modes#framework), as well as Remix v2.9.0+ with [Single Fetch](https://v2.remix.run/docs/guides/single-fetch) enabled. In some scenarios the underlying serialization algorithm can become a bottleneck whe…
CVE-2026-34077
GitHub-GHSA

HIGH
Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
GHSA-hfxv-24rg-xrqf
pkg: axios, axios
eco: npm
published: Jun 4, 2026
## Summary

Axios versions before `0.32.0` on the `0.x` line and before `1.16.0` on the `1.x` line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios ca…

CVE-2026-44496
GitHub-GHSA

HIGH
Allocation of Resources Without Limits or Throttling in Axios
GHSA-777c-7fjr-54vf
pkg: axios
eco: npm
published: Jun 4, 2026
## Summary

Axios versions `1.7.0` through `1.15.x` did not enforce configured request and response size limits when requests were sent with the `fetch` adapter. Applications that selected `adapter: 'fetch'`, or ran in environments where axios resolved to the fetch adapter, could receive or send bod…

CVE-2026-44488
NVD

HIGH
CVE-2025-46638
CVE-2025-46638
pkg: ssl

published: Jun 4, 2026

Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a Denial of Service (DoS).
CWE: CWE-770
GitHub-GHSA

HIGH
Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection
GHSA-j5f8-grm9-p9fc
pkg: axios, axios
eco: npm
published: Jun 4, 2026
### Summary

Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a `Proxy-Authorization` header. If Axios then follows a redirect and the redirected request is no longer sent through …

CVE-2026-44486
NVD

HIGH
CVE-2026-41858
CVE-2026-41858
pkg: windows

published: Jun 4, 2026

Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomize_password job exists solely t…
CWE: CWE-338
GitHub-GHSA

HIGH
Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
GHSA-m88r-rg27-5xfg
pkg: docling
eco: pip
published: Jun 3, 2026
### Impact
The USPTO patent XML parser used the standard `xml.sax.parseString()` without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could:
– Read arbitrary files from the server filesystem
– Perf…
CVE-2026-44020
GitHub-GHSA

HIGH
React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
GHSA-8x6r-g9mw-2r78
pkg: react-router, @remix-run/server-runtime
eco: npm
published: Jun 3, 2026
There exists a potential DOS attack vector in React Router Framework Mode applications (as well as Remix v2.10.0 – 2.17.4). Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users.

> [!N…

CVE-2026-42342
GitHub-GHSA

HIGH
Docling: Unsafe Zip Extraction in EasyOCR Model Download
GHSA-cjqg-rq2h-2fvj
pkg: docling
eco: pip
published: Jun 3, 2026
### Impact
In versions `< 2.91.0`, The EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files …
CVE-2026-44017
NVD

HIGH
CVE-2026-8888
CVE-2026-8888
pkg: securly securly

published: Jun 3, 2026

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in deni…
CWE: CWE-917, CWE-1333
NVD

HIGH
CVE-2026-46265
CVE-2026-46265
pkg: linux

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix WQ_MEM_RECLAIM warning

When sunrpc is used, if a reset triggered, our wq may lead the
following trace:

workqueue: WQ_MEM_RECLAIM xprtiod:xprt_rdma_connect_worker [rpcrdma]
is flushing !WQ_MEM_RECLAIM hns_roce_irq_wo…

NVD

HIGH
CVE-2026-37462
CVE-2026-37462
pkg: go

published: Jun 3, 2026

An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
CWE: CWE-190
NVD

HIGH
CVE-2026-47265
CVE-2026-47265
pkg: aiohttp aiohttp

published: Jun 2, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect. If a developer uses the `cookies` parameter on a per-request basis then sensitive data might…
CWE: CWE-346
NVD

HIGH
CVE-2026-42342
CVE-2026-42342
pkg: shopify react-router, shopify remix-run\/server-runtime

published: Jun 2, 2026

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the __manifest endpoint, resulting in response …
CWE: CWE-400
NVD

HIGH
CVE-2026-34077
CVE-2026-34077
pkg: shopify react-router, turbo-stream turbo_stream

published: Jun 2, 2026

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS) vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not …
CWE: CWE-770
NVD

HIGH
CVE-2026-45685
CVE-2026-45685
pkg: opentelemetry ebpf_instrumentation

published: Jun 2, 2026

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry a…
CWE: CWE-20, CWE-248, CWE-704
NVD

HIGH
CVE-2026-45553
CVE-2026-45553
pkg: python

published: Jun 2, 2026

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructured_text(), an attacker can use standar…
CWE: CWE-200
NVD

HIGH
CVE-2026-40964
CVE-2026-40964
pkg: jwt

published: Jun 1, 2026

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token.

Affec…

CWE: CWE-287
NVD

HIGH
CVE-2026-37226
CVE-2026-37226
pkg: mosaic5g flexric

published: Jun 1, 2026

FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGABRT) and dereferenced in Release builds (SIGSEGV). A remote unauthenticated attacker can crash the iA…
CWE: CWE-476
NVD

HIGH
CVE-2026-37224
CVE-2026-37224
pkg: node

published: Jun 1, 2026

FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process (port 36421) by sending two E2_SETUP_REQUESTs w…
CWE: CWE-617
NVD

HIGH
CVE-2026-37223
CVE-2026-37223
pkg: node

published: Jun 1, 2026

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp proce…
CWE: CWE-617
NVD

HIGH
CVE-2026-37220
CVE-2026-37220
pkg: node

published: Jun 1, 2026

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 364…
CWE: CWE-617
NVD

HIGH
CVE-2026-10968
CVE-2026-10968
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20, CWE-20
NVD

HIGH
CVE-2026-44393
CVE-2026-44393
pkg: ssl

published: Jun 4, 2026

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does not pass the expecte…
CWE: CWE-297
NVD

HIGH
CVE-2022-4991
CVE-2022-4991
pkg: openssl

published: Jun 1, 2026

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate…
NVD

HIGH
CVE-2026-11115
CVE-2026-11115
pkg: windows

published: Jun 4, 2026

Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
CWE: CWE-416, CWE-416
NVD

HIGH
CVE-2026-46250
CVE-2026-46250
pkg: tls

published: Jun 3, 2026

In the Linux kernel, the following vulnerability has been resolved:

MIPS: Work around LLVM bug when gp is used as global register variable

On MIPS, __current_thread_info is defined as global register variable
locating in $gp, and is simply assigned with new address during kernel
relocation.

This …

NVD

HIGH
CVE-2026-10617
CVE-2026-10617
pkg: go

published: Jun 2, 2026

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possible. …
CWE: CWE-287, CWE-306
NVD

HIGH
CVE-2026-41567
CVE-2026-41567
pkg: docker

published: Jun 5, 2026

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `un…
CWE: CWE-427
GitHub-GHSA

HIGH
Docling: Unsafe URI and Path Handling in HTML Backend
GHSA-q29v-xc37-wh5m
pkg: docling
eco: pip
published: Jun 3, 2026
### Impact
The HTML backend did not perform sufficient validation during resource handling:
– Accepted `file://` URIs enabling local file system access when `enable_local_fetch=True`
– Path resolution allowed traversal outside intended directories via `../` sequences and absolute paths
– Did not blo…
CVE-2026-47214
NVD

HIGH
CVE-2026-8874
CVE-2026-8874
pkg: securly securly

published: Jun 3, 2026

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS.
CWE: CWE-319
NVD

HIGH
CVE-2026-8036
CVE-2026-8036
pkg: ni ni-pal, linux linux_kernel, microsoft windows

published: Jun 2, 2026

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
CWE: CWE-1285
NVD

HIGH
CVE-2026-8035
CVE-2026-8035
pkg: ni ni-pal, linux linux_kernel, microsoft windows

published: Jun 2, 2026

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
CWE: CWE-476
NVD

HIGH
CVE-2026-46243
CVE-2026-46243
pkg: linux

published: Jun 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

smb: client: reject userspace cifs.spnego descriptions

cifs.spnego key descriptions contain authority-bearing fields such as
pid, uid, creduid, and upcall_target that cifs.upcall treats as
kernel-originating inputs. However, users…

CWE: CWE-20
GitHub-GHSA

HIGH
Nezha's authenticated agents can forge service-monitor results for other users' services
GHSA-4g6j-g789-rghm
pkg: github.com/nezhahq/nezha, github.com/nezhahq/nezha
eco: go
published: Jun 1, 2026
#### Summary

Nezha accepts service-monitor `TaskResult` messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify tha…

CVE-2026-48119
GitHub-GHSA

HIGH
Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token
GHSA-5x9f-6vg5-qg4m
pkg: github.com/siderolabs/omni, github.com/siderolabs/omni
eco: go
published: Jun 5, 2026
## Summary

`SAML.getSession` (`internal/pkg/auth/interceptor/saml.go`) checks the `Used` flag on a `SAMLAssertion` resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same `saml-session` token can both o…

CVE-2026-45720
GitHub-GHSA

HIGH
browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server
GHSA-8rpw-6cqh-2v9h
pkg: browserstack-runner
eco: npm
published: Jun 3, 2026
## Summary

The HTTP server in browserstack-runner serves files from the project directory via the `_default` handler. This handler uses `path.join(process.cwd(), uri)` to resolve file paths but does not validate that the resulting path stays within the project root. Combined with the server binding…

CVE-2026-49144
GitHub-GHSA

HIGH
skillctl: Path traversal and symlink-follow in skillctl allow arbitrary file disclosure and deletion
GHSA-wx3m-whqv-xv47
pkg: skillctl
eco: rust
published: Jun 5, 2026
## Impact

`skillctl` 0.1.0 and 0.1.1 contained four path-safety vulnerabilities that, in combination, allowed an attacker to:

1. **Exfiltrate arbitrary files on the operator's machine** by publishing a malicious skills library containing a symlink inside a skill folder (e.g. `niania → /home/user…

GitHub-GHSA

HIGH
NocoDB: Stored Cross-Site Scripting via Form View Redirect URL
GHSA-hj85-ph9q-78jg
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary

The shared form-view submit handler in NocoDB writes the form's `redirect_url` to `window.location.href` after a same-host check that does not validate the URL scheme. A user with `editor` role (or above) on any base can plant a `javascript:` URL in the form's `redirect_url`; when an au…

CVE-2026-47387
GitHub-GHSA

HIGH
NocoDB: Stored Cross-Site Scripting via Row Comments
GHSA-jf3g-4gwg-4h66
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
An authenticated commenter could store HTML in row comments that executed as script
when other users hovered over the comment in the expanded form view.

### Details
The comment write paths persisted the raw comment body with no server-side sanitisation;
the expanded-form sidebar then re…

CVE-2026-47383
GitHub-GHSA

HIGH
Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter
GHSA-p92q-9vqr-4j8v
pkg: axios, axios
eco: npm
published: Jun 4, 2026
## Summary

Axios’s Node.js HTTP adapter may forward a `Proxy-Authorization` header to a redirected origin during specific proxy-to-direct redirect flows.

This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirec…

CVE-2026-44487
GitHub-GHSA

HIGH
launch-editor vulnerable to command injection via the crafted request on Windows
GHSA-c27g-q93r-2cwf
pkg: launch-editor, vite
eco: npm
published: Jun 3, 2026
### Summary
Due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters.

### Impact
If the following conditions are met, an attacker can execute arbitrary commands o…

CVE-2024-52011
GitHub-GHSA

HIGH
@agenticmail/mcp Missing Authentication for Critical Function
GHSA-63gr-g7jc-v8rg
pkg: @agenticmail/mcp
eco: npm
published: Jun 1, 2026
# AgenticMail MCP HTTP authorization bypass

## Summary

`@agenticmail/mcp` exposes a Streamable HTTP transport when started with
`–http` or `MCP_HTTP=1`. In that mode, the `/mcp` endpoint accepts requests
without any HTTP authentication layer. A remote client can initialize a
session and call tool…

NVD

MEDIUM
CVE-2026-11218
CVE-2026-11218
pkg: google chrome, microsoft windows

published: Jun 4, 2026

Inappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. (Chromium security severity: Low)
CWE: CWE-20, CWE-94
NVD

MEDIUM
CVE-2026-0048
CVE-2026-0048
pkg: google android

published: Jun 1, 2026

In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CWE: CWE-269
NVD

MEDIUM
CVE-2025-59612
CVE-2025-59612
pkg: qualcomm cologne_firmware, qualcomm cologne, qualcomm fastconnect_6700_firmware

published: Jun 1, 2026

Memory corruption in windows drivers while sending incorrect trusted application request
CWE: CWE-121
NVD

MEDIUM
CVE-2026-46397
CVE-2026-46397
pkg: node

published: Jun 5, 2026

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written int…
CWE: CWE-22, CWE-73
NVD

MEDIUM
CVE-2026-46357
CVE-2026-46357
pkg: node

published: Jun 5, 2026

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire applicatio…
CWE: CWE-20
NVD

MEDIUM
CVE-2026-37737
CVE-2026-37737
pkg: express

published: Jun 5, 2026

sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain un…
CWE: CWE-346, CWE-625
NVD

MEDIUM
CVE-2026-11268
CVE-2026-11268
pkg: windows

published: Jun 5, 2026

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CWE: CWE-457, CWE-457
NVD

MEDIUM
CVE-2026-11143
CVE-2026-11143
pkg: linux

published: Jun 4, 2026

Out of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)
CWE: CWE-122, CWE-122
NVD

MEDIUM
CVE-2026-11101
CVE-2026-11101
pkg: windows

published: Jun 4, 2026

Uninitialized Use in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-457, CWE-457
NVD

MEDIUM
CVE-2026-11051
CVE-2026-11051
pkg: linux

published: Jun 4, 2026

Out of bounds read in ANGLE in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-125, CWE-125
NVD

MEDIUM
CVE-2026-10999
CVE-2026-10999
pkg: google chrome

published: Jun 4, 2026

Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-190
NVD

MEDIUM
CVE-2026-10912
CVE-2026-10912
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20, CWE-20
GitHub-GHSA

MEDIUM
epa4all-client: Unauthenticated REST API for Patient Record Writes
GHSA-c82x-f4xr-qv33
pkg: com.oviva.telematik:epa4all-rest-service
eco: maven
published: Jun 4, 2026
### Impact
Any network-reachable caller can write arbitrary documents to any patient's electronic
health record accessible by the institution's SMC-B card. In a misconfigured deployment
(e.g., following the production Docker example in the README), this is exploitable from
the local network without …
CVE-2026-47672
GitHub-GHSA

MEDIUM
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
GHSA-86qp-5c8j-p5mr
pkg: starlette
eco: pip
published: Jun 4, 2026
### Summary
In affected versions, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ …
CVE-2026-48710
NVD

MEDIUM
CVE-2026-44653
CVE-2026-44653
pkg: librechat librechat

published: Jun 2, 2026

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted admin-managed secrets through `GET /api/mcp/servers` and `GET /api/mcp/servers/:serverName`. The retur…
CWE: CWE-201
NVD

MEDIUM
CVE-2026-42073
CVE-2026-42073
pkg: gitlawb openclaude

published: Jun 2, 2026

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against…
CWE: CWE-352, CWE-400
NVD

MEDIUM
CVE-2026-44740
CVE-2026-44740
pkg: go

published: Jun 1, 2026

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient v…
CWE: CWE-674, CWE-835
GitHub-GHSA

MEDIUM
praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}
GHSA-rcmc-q9rj-4wmq
pkg: praisonai-platform
eco: pip
published: Jun 1, 2026
## Summary

**Type:** Authorization bypass enabling workspace metadata + settings tampering. The `PATCH /workspaces/{workspace_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can rewrite the workspace's `name`, `description`, and the …

CVE-2026-47411
NVD

MEDIUM
CVE-2026-8893
CVE-2026-8893
pkg: express

published: Jun 6, 2026

The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value, w…
CWE: CWE-79
GitHub-GHSA

MEDIUM
AIOHTTP is Vulnerable to Deserialization of Untrusted Data
GHSA-jg22-mg44-37j8
pkg: aiohttp
eco: pip
published: Jun 3, 2026
### Summary

Using “CookieJar.load()“ with untrusted input may allow arbitrary code execution.

### Impact

Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.

### Workaround

If an application does allow attacker contr…

CVE-2026-34993
NVD

MEDIUM
CVE-2026-34993
CVE-2026-34993
pkg: aiohttp aiohttp

published: Jun 2, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using “CookieJar.load()“ with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect …
CWE: CWE-502
NVD

MEDIUM
CVE-2026-5066
CVE-2026-5066
pkg: tls

published: Jun 4, 2026

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_store() and tls_session_restore() memcpy the caller-supplied address into a fixed-size buffer using t…
CWE: CWE-787
NVD

MEDIUM
CVE-2026-21404
CVE-2026-21404
pkg: windows

published: Jun 4, 2026

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SO…
CWE: CWE-798
GitHub-GHSA

MEDIUM
malla: Stored XSS via Meshtastic node names in multiple frontend pages
GHSA-ch57-39q2-4crm
pkg: malla
eco: pip
published: Jun 3, 2026
Node names (long_name, short_name) received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping.
Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor.

Affec…

CVE-2026-43980
NVD

MEDIUM
CVE-2026-49943
CVE-2026-49943
pkg: express

published: Jun 2, 2026

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack array of 2048 + 1 pm_pos entries, while parse_path() expands AS_PATH segments from a receiv…
CWE: CWE-121
NVD

MEDIUM
CVE-2026-45157
CVE-2026-45157
pkg: go

published: Jun 1, 2026

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see temporar…
CWE: CWE-284
NVD

MEDIUM
CVE-2026-10274
CVE-2026-10274
pkg: axios

published: Jun 1, 2026

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-side …
CWE: CWE-918
GitHub-GHSA

MEDIUM
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration
GHSA-6mx4-4h42-r8vh
pkg: mcp-server-kubernetes
eco: npm
published: Jun 5, 2026
### Summary
The `kubectl_generic` tool in `mcp-server-kubernetes` passes user-supplied flags directly to kubectl without any allowlist, enabling a **privilege escalation attack** within Kubernetes environments. An attacker who already has limited cluster or codebase access, for example, a developer …
CVE-2026-47250
NVD

MEDIUM
CVE-2026-10916
CVE-2026-10916
pkg: google chrome, apple macos, linux linux_kernel

published: Jun 4, 2026

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20, CWE-20
GitHub-GHSA

MEDIUM
WebOb: Location header normalization during redirect leads to open redirect – again
GHSA-fh3h-vg37-cc95
pkg: webob
eco: pip
published: Jun 4, 2026
### Impact

When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's `urllib.parse`, and joining it to the base URL. `urlsplit` (called internally by `urljoin`) however treats a `//` at the start …

CVE-2026-44889
NVD

MEDIUM
CVE-2026-40181
CVE-2026-40181
pkg: shopify react-router

published: Jun 2, 2026

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depend…
CWE: CWE-601
GitHub-GHSA

MEDIUM
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`
GHSA-cxv7-gmmp-228p
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary

An authenticated user with `columnAdd` permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional `direction` argument of `ARRAYSORT(…)`. The value is unrestricted by formula validation and embedded into a `knex.raw` `ORDER BY` clause, execu…

CVE-2026-47375
GitHub-GHSA

MEDIUM
Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
GHSA-fw38-pc54-jvx9
pkg: github.com/klever-io/klever-go
eco: go
published: Jun 5, 2026
## Summary

The account-data trie syncers leak bounded throttler slots on error paths in `syncDataTrie()`. Each failed trie sync permanently consumes one slot from
the `NumGoRoutinesThrottler`, and the slot is never returned unless the sync succeeds or the root hash was already present.

I con…

CVE-2026-49343
NVD

MEDIUM
CVE-2026-36610
CVE-2026-36610
pkg: tls

published: Jun 3, 2026

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials.
CWE: CWE-319, CWE-523
NVD

MEDIUM
CVE-2026-0061
CVE-2026-0061
pkg: google android

published: Jun 1, 2026

In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CWE: CWE-1021
NVD

MEDIUM
CVE-2026-46447
CVE-2026-46447
pkg: openstack ironic

published: Jun 3, 2026

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
CWE: CWE-669
GitHub-GHSA

MEDIUM
Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
GHSA-2j5p-7p5m-cvqr
pkg: docling
eco: pip
published: Jun 3, 2026
### Impact
The LaTeX backend's handling of `\includegraphics`, `\input`, and `\include` commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences (e.g., `../../../etc/passwd`) to:
– Read arbitrary files from the file system accessible …
CVE-2026-44022
GitHub-GHSA

MEDIUM
Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend
GHSA-r3xg-rg9j-67fv
pkg: docling
eco: pip
published: Jun 3, 2026
### Impact
The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling:
– XML External Entity (XXE) attacks to read local files or cause denial of service
– Decompression bombs (zip bombs) to exhaust memory and disk space
– Unbounded archive extracti…
CVE-2026-44018
GitHub-GHSA

MEDIUM
Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets
GHSA-64cj-qvx5-m4f3
pkg: github.com/nhost/nhost
eco: go
published: Jun 4, 2026
### Summary

The hidden `nhost configserver` used by `nhost dev` exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page lo…

CVE-2026-47671
GitHub-GHSA

MEDIUM
React Router has stored XSS via unescaped Location header in prerendered redirect HTML
GHSA-f22v-gfqf-p8f3
pkg: react-router
eco: npm
published: Jun 3, 2026
When using React Router v7 [Framework Mode](https://reactrouter.com/start/modes#framework) with [Pre-rendering](https://reactrouter.com/how-to/pre-rendering) enabled, an improper neutralization of the HTTP `Location` header value can permit Cross-Site Scripting (XSS) in statically generated HTML fil…
CVE-2026-33244
NVD

MEDIUM
CVE-2026-33244
CVE-2026-33244
pkg: shopify react-router

published: Jun 2, 2026

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP `Location` header value can permit Cross-Site Scripting (XSS) in the statically generated HTML files if the redirect location comes from an …
CWE: CWE-79
NVD

MEDIUM
CVE-2026-34460
CVE-2026-34460
pkg: oauth

published: Jun 2, 2026

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause a v…
CWE: CWE-302, CWE-346, CWE-352
NVD

MEDIUM
CVE-2026-7792
CVE-2026-7792
pkg: react

published: Jun 6, 2026

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthentica…
CWE: CWE-345
NVD

MEDIUM
CVE-2026-40898
CVE-2026-40898
pkg: quic-go_project quic-go

published: Jun 4, 2026

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field na…
CWE: CWE-770
GitHub-GHSA

MEDIUM
Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
GHSA-2gcr-mfcq-wcc3
pkg: hono
eco: npm
published: Jun 4, 2026
### Summary

`app.mount()` strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byt…

CVE-2026-47676
GitHub-GHSA

MEDIUM
Hono: IP Restriction bypasses static deny rules for non-canonical IPv6
GHSA-xrhx-7g5j-rcj5
pkg: hono
eco: npm
published: Jun 4, 2026
### Summary

The `ip-restriction` middleware (`hono/ip-restriction`) compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6 representations of an address already listed in a static rule — such as compressed forms…

CVE-2026-47674
NVD

MEDIUM
CVE-2026-41178
CVE-2026-41178
pkg: go

published: Jun 4, 2026

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue.
CWE: CWE-789
GitHub-GHSA

MEDIUM
Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification
GHSA-fr49-mhgj-crfc
pkg: strawberry-graphql
eco: pip
published: Jun 4, 2026
### Summary
The MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not consider how many times a fragments internal aliases are expanded during execution. this a…
CVE-2026-47707
GitHub-GHSA

MEDIUM
Strawberry GraphQL has a Circular Fragment Reference DOS
GHSA-qfwv-87qj-98xq
pkg: strawberry-graphql
eco: pip
published: Jun 4, 2026
### Summary
The QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determine_depth function enters an infinite recursion, leading to a RecursionError and crashing the valid…
CVE-2026-47706
GitHub-GHSA

MEDIUM
quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion
GHSA-vvgj-x9jq-8cj9
pkg: github.com/quic-go/quic-go
eco: go
published: Jun 3, 2026
## Summary

An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field names and/or large values. The implementation builds an `http.Header` fo…

CVE-2026-40898
NVD

MEDIUM
CVE-2026-45554
CVE-2026-45554
pkg: python

published: Jun 2, 2026

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette'…
CWE: CWE-248, CWE-770
NVD

MEDIUM
CVE-2026-45682
CVE-2026-45682
pkg: opentelemetry ebpf_instrumentation

published: Jun 2, 2026

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrume…
CWE: CWE-401, CWE-770
NVD

MEDIUM
CVE-2026-11281
CVE-2026-11281
pkg: windows

published: Jun 5, 2026

Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Chromium security severity: Low)
CWE: CWE-472, CWE-190
NVD

MEDIUM
CVE-2026-10533
CVE-2026-10533
pkg: kubernetes

published: Jun 1, 2026

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that acc…
CWE: CWE-770
GitHub-GHSA

MEDIUM
matrix-sdk-ui: Incomplete edit validation
GHSA-h97m-27fx-42rx
pkg: matrix-sdk-ui
eco: rust
published: Jun 4, 2026
### Impact
The message edit validation logic in the `matrix-sdk-ui` crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator (or an actor with equivalent power) to imper…
CVE-2026-45057
GitHub-GHSA

MEDIUM
Hono: JWT middleware accepts any Authorization scheme, not only Bearer
GHSA-f577-qrjj-4474
pkg: hono
eco: npm
published: Jun 4, 2026
### Summary

The `jwt` and `jwk` middlewares do not verify that the `Authorization` header value uses the`Bearer` scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds to JWT verification. A request presenting a valid JWT under a non-`Bearer` scheme i…

CVE-2026-47673
GitHub-GHSA

MEDIUM
Singluarity: Incorrect path matching for 'limit container paths' directive
GHSA-wqcr-7rf3-f64m
pkg: github.com/sylabs/singularity/v4, github.com/sylabs/singularity
eco: go
published: Jun 4, 2026
### Impact

The `limit container paths` directive in `singularity.conf` is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed.

For…

CVE-2026-47215
NVD

MEDIUM
CVE-2026-45614
CVE-2026-45614
pkg: trustedfirmware op-tee

published: Jun 3, 2026

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By pas…
CWE: CWE-347
NVD

MEDIUM
CVE-2026-10583
CVE-2026-10583
pkg: go

published: Jun 2, 2026

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the…
CWE: CWE-918
NVD

MEDIUM
CVE-2026-45702
CVE-2026-45702
pkg: trustedfirmware op-tee

published: Jun 3, 2026

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFA_MEM_SHARE…
CWE: CWE-843
NVD

MEDIUM
CVE-2026-11477
CVE-2026-11477
pkg: oauth

published: Jun 8, 2026

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in open …
CWE: CWE-601
GitHub-GHSA

MEDIUM
Bugsink: DOS using large numbers of event tags
GHSA-5×67-j5xg-c5gj
pkg: bugsink
eco: pip
published: Jun 5, 2026
### Summary

In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number
of custom (i.e. supplied by an attacker) tags can therefore make ingestion spend more time than intended writing tag rows.

Bugsink uses a single-writer database archi…

GitHub-GHSA

MEDIUM
Bugsink: Project scoping missing in sourcemap and debug-file lookup
GHSA-5389-f7vh-wxj8
pkg: bugsink
eco: pip
published: Jun 5, 2026
### Summary

Bugsink before 2.2.0 resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use sourcemap/debug-file metadata uploaded f…

CVE-2026-47728
NVD

MEDIUM
CVE-2026-48092
CVE-2026-48092
pkg: node

published: Jun 5, 2026

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer overflow in the SquashFS ReadBlock function allows an attacker-controlled node.Offset value to bypass th…
CWE: CWE-125
GitHub-GHSA

MEDIUM
Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection
GHSA-3hrh-pfw6-9m5x
pkg: hono
eco: npm
published: Jun 4, 2026
### Summary

The `serialize()` function in `hono/cookie` validates `domain` and `path` options against characters that corrupt `Set-Cookie` header syntax (`;`, `\r`, `\n`), but does not apply the same validation to `sameSite` and `priority`. An application that passes user-controlled input into eith…

CVE-2026-47675
NVD

MEDIUM
CVE-2026-10692
CVE-2026-10692
pkg: express

published: Jun 3, 2026

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack …
CWE: CWE-400, CWE-1333
NVD

MEDIUM
CVE-2026-10691
CVE-2026-10691
pkg: express

published: Jun 3, 2026

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is…
CWE: CWE-400, CWE-1333
NVD

MEDIUM
CVE-2026-10616
CVE-2026-10616
pkg: go

published: Jun 2, 2026

A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_tasks_lifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. The…
CWE: CWE-862, CWE-863
NVD

MEDIUM
CVE-2026-9723
CVE-2026-9723
pkg: go

published: Jun 2, 2026

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the plugin'…
CWE: CWE-352
NVD

MEDIUM
CVE-2026-9048
CVE-2026-9048
pkg: oauth

published: Jun 2, 2026

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 – 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social me…
CWE: CWE-863
NVD

MEDIUM
CVE-2026-10291
CVE-2026-10291
pkg: express

published: Jun 1, 2026

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient reg…
CWE: CWE-400, CWE-1333
NVD

MEDIUM
CVE-2026-48104
CVE-2026-48104
pkg: node

published: Jun 5, 2026

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, _blockToNode is allocated with capacity for every metadata block but populated o…
CWE: CWE-125, CWE-908
GitHub-GHSA

MEDIUM
Improper Access Control in vantage6 node
GHSA-x9f6-9rvm-mmrg
pkg: vantage6
eco: pip
published: Jun 5, 2026
### Impact
Malicious algorithms can potentially access other algorithms input and output files.

### Patches
Todo

### Workarounds
Verify and restrict the algorithm containers that are allowed to run on your node. See [here](https://docs.vantage6.ai/usage/running-the-node/security) on how to do this…

GitHub-GHSA

MEDIUM
Vantage6: Set admin user and password from environment or configuration
GHSA-fgmc-2hqj-86v4
pkg: vantage6
eco: pip
published: Jun 5, 2026
### Impact
Vantage6 currently provides an initial user with username `root` and password `root`. This is not ideal for the following reasons:
– Attackers know that almost all vantage6 servers have a user with username `root` that probably has admin rights
– The initial password is very weak and it i…
GitHub-GHSA

MEDIUM
NocoDB: OAuth Tokens Persist Through Security Events
GHSA-g72g-r7m4-9x4g
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
OAuth access and refresh tokens were not revoked when the user changed, reset, or
recovered their password, leaving an attacker-issued OAuth grant valid after the user
believed they had locked the attacker out.

### Details
`revokeAllOAuthTokensByUser` in the users service was an empty s…

GitHub-GHSA

MEDIUM
Source controller: Improper path handling allows traversal
GHSA-jjrm-hr5f-673x
pkg: github.com/fluxcd/source-controller
eco: go
published: Jun 5, 2026
### Impact

An actor with the ability to influence the contents of a bucket referenced by a `Bucket` resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory.

The corruption surface is bounded by source-controller's own and downstre…

CVE-2026-47680
GitHub-GHSA

MEDIUM
NocoDB: OAuth Authorization Code Race Condition
GHSA-8m7c-hf24-5g47
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
Two concurrent token-exchange requests using the same OAuth authorization code could
each mint a distinct valid `(access_token, refresh_token)` pair, breaking the
single-use guarantee that PKCE relies on.

### Details
The token-exchange flow read `is_used` and called `markAsUsed` as an u…

CVE-2026-47386
GitHub-GHSA

MEDIUM
NocoDB: Path Traversal via SQLite Source Filename
GHSA-wvqj-9wv4-7ff5
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
An authenticated user with base-create permission can attach a SQLite source pointing at
an arbitrary file on the NocoDB host, including NocoDB's own internal databases.

### Details
The SQLite client and the base/integration create services accepted a caller-supplied
filename and passed…

CVE-2026-47385
GitHub-GHSA

MEDIUM
NocoDB: SQL Injection via Column Title in Bulk GroupBy
GHSA-p8wx-5f39-w3x4
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
An authenticated user with column-create permission can inject SQL into the bulk groupBy
endpoint by setting a column's title to a SQL fragment.

### Details
The bulk groupBy path in `group-by.ts` builds three database-specific `knex.raw()`
aggregations that interpolate the request's `co…

CVE-2026-47384
GitHub-GHSA

MEDIUM
NocoDB: Server-Side Request Forgery via Database Connection Host
GHSA-w43h-r5m5-p832
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
The connection-test endpoint opened a raw TCP socket to the user-supplied database
host without resolving and range-checking the destination, so private and link-local
addresses (including IPv4-mapped IPv6 forms and `localhost`) reached the driver.

### Details
A new `validateDbConnectio…

CVE-2026-47382
GitHub-GHSA

MEDIUM
NocoDB: Cross-Workspace Integration Use in Connection Test
GHSA-96fh-m4r8-6v9v
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
A user in one workspace could exercise another workspace's integration through the
`testConnection` endpoint by supplying its ID, because the integration was fetched in
a bypass scope and the caller's permission check matched any base in any workspace.

### Details
The connection-test en…

CVE-2026-47381
GitHub-GHSA

MEDIUM
NocoDB: Plaintext Password Comparison in Shared Views
GHSA-qhxg-623c-cfjm
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
The shared-view password check fell back to strict-equality (`===`) comparison for
legacy plaintext passwords, leaking the password's length and per-character prefix
through response timing.

### Details
The bcrypt branch (hashes starting with `$2a$`/`$2b$`) was unaffected. The legacy
fa…

CVE-2026-47379
GitHub-GHSA

MEDIUM
NocoDB: Hidden Column Exposure in Public Shared View Endpoints
GHSA-4w6r-5c2j-qf5f
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
Public shared-view endpoints exposed values from columns that the view owner had
hidden, via three independent paths: groupBy returned raw values for any column
named in the request, filter and sort arrays operated on hidden columns enabling
boolean-blind extraction, and the related-data…
CVE-2026-47378
GitHub-GHSA

MEDIUM
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin
GHSA-rvp5-9p55-f5rp
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary

The client-side `hashRedirect` plugin called `window.location.replace()` on a path extracted from the URL hash fragment after only checking `hashPath.startsWith('/')`. Protocol-relative URLs (`//attacker.com/…`) also satisfy that check, so a crafted link such as `https://nocodb.exampl…

CVE-2026-47377
GitHub-GHSA

MEDIUM
NocoDB: Reflected Cross-Site Scripting via Password Reset Token
GHSA-6xcx-7qmg-vjfq
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary

The password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS `<%= %>` HTML-entity-encodes a fixed set of characters but does not escape single quotes or backslashes, so a crafted token could break out of the JS string co…

CVE-2026-47376
GitHub-GHSA

MEDIUM
NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints
GHSA-9wgh-m22w-9xj8
pkg: nocodb
eco: npm
published: Jun 5, 2026
### Summary
The public shared-view relation endpoints accepted a caller-supplied column
ID without verifying that the column was visible in the shared view, so
anyone holding a share UUID could read links from any LTAR column on the
view's table — including columns the view owner had hidden.

### …

CVE-2026-47279
GitHub-GHSA

MEDIUM
Vantage6: 2FA can be circumvented with hacked email access
GHSA-4c5c-2vc3-x5w2
pkg: vantage6
eco: pip
published: Jun 5, 2026
### Impact
If an attacker hacks into a vantage6 user's email account, they can 1) reset the password via email and then 2) reset the 2FA token via email. This way they reduce 2FA to 1FA (email access).

Note that most email providers require 2FA to access email, so this issue is not very likely to …

CVE-2024-27928
GitHub-GHSA

MEDIUM
AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle
GHSA-xgx4-4h9w-53pv
pkg: github.com/AdguardTeam/AdGuardHome, github.com/AdguardTeam/dnsproxy
eco: go
published: Jun 4, 2026
## Summary

This report covers the client-triggered DoQ forwarding path in:

– `dnsproxy` `v0.81.2` (`adguard/dnsproxy:v0.81.2`)
– `AdGuard Home` `v0.107.74` (`adguard/adguardhome:latest`, image version label `v0.107.74`)

The issue was reproduced on `2026-04-25` with the products configured through…

CVE-2026-47703
GitHub-GHSA

MEDIUM
Spree: CSV Formula Injection in Customer Export
GHSA-xf4v-w5x5-pv79
pkg: spree, spree, spree
eco: rubygems
published: Jun 4, 2026
### Summary

CSV formula injection (also known as formula injection or CSV injection) affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted
Export in Microsoft Excel or LibreOffice Calc, formulas embedded in use…

GitHub-GHSA

MEDIUM
OpenMeter: SQL injection through meter creation
GHSA-wc3v-3457-c8cm
pkg: github.com/openmeterio/openmeter
eco: go
published: Jun 4, 2026
### Summary

An authenticated tenant can inject arbitrary SQL through the `valueProperty` or `groupBy` fields of `POST /api/v1/meters`. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with…

CVE-2026-8462
GitHub-GHSA

MEDIUM
Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution
GHSA-wfq4-36m3-9g42
pkg: matrix-sdk-crypto
eco: rust
published: Jun 4, 2026
### Impact

The `matrix-sdk-crypto` crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the `sender_device_keys` property.

This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacke…

CVE-2026-45056
GitHub-GHSA

MEDIUM
Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret
GHSA-m6vc-f87m-cc2h
pkg: doorkeeper-openid_connect
eco: rubygems
published: Jun 4, 2026
### Impact

The `DynamicClientRegistrationController#register` action hard-codes `confidential: false` when creating applications (dynamic_client_registration_controller.rb:18-25), yet the response includes a client_secret and advertises `token_endpoint_auth_methods_supported: ["client_secret_basic"…

CVE-2026-44476
GitHub-GHSA

MEDIUM
AIOHTTP is vulnerable to cross-origin redirect with per-request cookies
GHSA-hg6j-4rv6-33pg
pkg: aiohttp
eco: pip
published: Jun 3, 2026
### Summary

Cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect.

### Impact

If a developer uses the `cookies` parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect.

### Workaround…

CVE-2026-47265
GitHub-GHSA

MEDIUM
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
GHSA-2j2x-hqr9-3h42
pkg: react-router, react-router
eco: npm
published: Jun 3, 2026
Certain URLs passed to the `redirect` function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the `redirect`.

> [!NOTE]
> This does not impact your React Router application if you are using [Declarative Mode](https:…

CVE-2026-40181
GitHub-GHSA

MEDIUM
rattler has an entry-point path traversal in noarch:python install (arbitrary file write)
GHSA-q53q-5r4j-5729
pkg: rattler
eco: rust
published: Jun 1, 2026
## Summary

`EntryPoint::FromStr` in `rattler_conda_types` performs only `.trim()` on the `command` field before the linker joins it onto the install prefix and writes an executable Python script. A malicious `noarch:python` package can ship an `info/link.json` with an entry-point name containing `.…

CVE-2026-47425


Vulnerability Digest — June 1, 2026 · 52 Critical · 5 Exploited






Vulnerability Digest — Monday, June 1, 2026


Security Report

Monday, June 1, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
308
Critical
52
High
148
Actively Exploited
5
CISA-KEV5
NVD176
GitHub-GHSA127
Findings sorted by severity
CISA-KEV

CRITICAL
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
CVE-2026-0257
pkg: Palo Alto Networks PAN-OS

published: May 29, 2026

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Nx Console Embedded Malicious Code Vulnerability
CVE-2026-48027
pkg: Nx Nx Console

published: May 27, 2026

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
TanStack Unspecified Vulnerability
CVE-2026-45321
pkg: TanStack TanStack

published: May 27, 2026

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Daemon Tools Lite Embedded Malicious Code Vulnerability
CVE-2026-8398
pkg: Daemon Daemon Tools Lite

published: May 27, 2026

Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
CVE-2026-48172
pkg: LiteSpeed cPanel Plugin

published: May 26, 2026

LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NVD

CRITICAL
CVE-2026-45631
CVE-2026-45631
pkg: jwt

published: May 29, 2026

Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via th…
CWE: CWE-798
GitHub-GHSA

CRITICAL
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
GHSA-rp36-8xq3-r6c4
pkg: vm2
eco: npm
published: May 29, 2026
## Summary

`NodeVM` blocks several dangerous Node.js builtins such as `module`, `worker_threads`, `cluster`, `vm`, `repl`, and `inspector`.

However, the denylist misses `process` and `inspector/promises`. Both can be used from sandboxed code to reach host-side execution primitives.

This allows sa…

CVE-2026-47140
GitHub-GHSA

CRITICAL
vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
GHSA-m4wx-m65x-ghrr
pkg: vm2
eco: npm
published: May 29, 2026
## Summary

The fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in `nodevm.js` line 263 that blocks the combination `nesting: true` + `require: false`. However, the check uses strict equality (`options.require === false`), which is trivially bypassed by omitting the `require` option …

CVE-2026-47137
GitHub-GHSA

CRITICAL
vm2 is Vulnerable to Sandbox Breakout Through Promise Species
GHSA-76w7-j9cq-rx2j
pkg: vm2
eco: npm
published: May 29, 2026
### Summary

VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.

### Details

The `localPromise` constructor was changed to call `this.then(undefined, eater)` to ensure a reje…

CVE-2026-47208
GitHub-GHSA

CRITICAL
vm2 has a Sandbox Escape issue
GHSA-v6mx-mf47-r5wg
pkg: vm2
eco: npm
published: May 29, 2026
### Summary
By combining `Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__")`, `Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__")`, and Node.js's `ERR_INVALID_ARG_TYPE` Error, the host's `TypeError` constructor can be obtained, which allows the escape from the sandbox.
This allows a…
CVE-2026-47131
GitHub-GHSA

CRITICAL
LiquidJS is Vulnerable to Remote Code Execution
GHSA-gf2q-c269-pqgc
pkg: liquidjs
eco: npm
published: May 27, 2026
### Summary
It is possible to execute arbitrary code with crafted templates

### Details

<details>
<summary>
`1|valueOf` -> `this` when evaluating the filter

</summary>

“`liquid
{%assign r=1|valueOf%}
{{r|inspect}}
“`

“`json
{"context":{"scopes":[{"r":"[Circular]"}],"registers":{},"breakCa…

CVE-2026-45618
NVD

CRITICAL
CVE-2026-44330
CVE-2026-44330
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token (e.g. Authorization: …
CWE: CWE-863
NVD

CRITICAL
CVE-2026-44329
CVE-2026-44329
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and th…
CWE: CWE-306, CWE-862
NVD

CRITICAL
CVE-2026-44327
CVE-2026-44327
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handler …
CWE: CWE-306, CWE-862
GitHub-GHSA

CRITICAL
PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
GHSA-4mr5-g6f9-cfrh
pkg: praisonaiagents, PraisonAI
eco: pip
published: May 29, 2026
## Summary

`execute_code()` in `praisonaiagents/tools/python_tools.py` (v1.6.37, subprocess sandbox mode) can be fully bypassed using `print.__self__` to retrieve the real Python `builtins` module, from which `__import__` can be extracted via `vars()` and runtime string construction. This achieves …

CVE-2026-47392
NVD

CRITICAL
CVE-2026-45625
CVE-2026-45625
pkg: docker

published: May 29, 2026

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eight …
CWE: CWE-862
NVD

CRITICAL
CVE-2026-45663
CVE-2026-45663
pkg: docker

published: May 29, 2026

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly in…
CWE: CWE-77
NVD

CRITICAL
CVE-2026-45102
CVE-2026-45102
pkg: node

published: May 27, 2026

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98.
CWE: CWE-693
NVD

CRITICAL
CVE-2026-44450
CVE-2026-44450
pkg: node

published: May 26, 2026

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code execution …
CWE: CWE-88
NVD

CRITICAL
CVE-2026-46624
CVE-2026-46624
pkg: twenty twenty

published: May 26, 2026

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the …
CWE: CWE-78, CWE-89
NVD

CRITICAL
CVE-2026-7374
CVE-2026-7374
pkg: node

published: May 26, 2026

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to th…
CWE: CWE-59
GitHub-GHSA

CRITICAL
praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset
GHSA-3qg8-5g3r-79v5
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary

**Type:** Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal `"dev-secret-change-me"` when `PLATFORM_JWT_SECRET` is unset. A safety check exists but only fires when `PLATFORM_ENV != "dev"`; the default value of `PLATFORM_ENV` is `"dev"`, so the c…

CVE-2026-47410
GitHub-GHSA

CRITICAL
PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
GHSA-vg22-4gmj-prxw
pkg: PraisonAI
eco: pip
published: May 29, 2026
## Summary

The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain:

1. The example exposes an A2A server without configuring `auth_token`.
2. The same example binds the server to `0.0.0.0`.
3. The example registers a `calculate(expression)` …

CVE-2026-47391
GitHub-GHSA

CRITICAL
PraisonAI `deploy –type api` emits a Flask server with authentication disabled by default
GHSA-8444-4fhq-fxpq
pkg: PraisonAI
eco: pip
published: May 29, 2026
### Summary

CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that PraisonAI ships a code-generator (`praisonai.deploy.api.generate_api_server_code`) that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart (`praisonai deploy –type api`) get a …

CVE-2026-47393
GitHub-GHSA

CRITICAL
PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
GHSA-86qc-r5v2-v6x6
pkg: PraisonAI
eco: pip
published: May 29, 2026
### Summary

PraisonAI's call server exposes a network-facing agent control API without authentication when `CALL_SERVER_TOKEN` is not configured.

The affected component is the `praisonai.api.agent_invoke` router as mounted by `praisonai.api.call`. The authentication helper `verify_token()` fails o…

CVE-2026-47396
GitHub-GHSA

CRITICAL
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection
GHSA-29h4-r29x-hchv
pkg: redshift-connector
eco: pip
published: May 29, 2026
### Summary
amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitra…
CVE-2026-8838
GitHub-GHSA

CRITICAL
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
GHSA-6j2x-vhqr-qr7q
pkg: vm2
eco: npm
published: May 29, 2026
### Summary
A sandbox escape vulnerability in `vm2` allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (`WebAssembly.promising` / `WebAssembly.Suspending`). In the tested configuration, a JSPI-backed Promise ca…
CVE-2026-47210
NVD

CRITICAL
CVE-2026-10042
CVE-2026-10042
pkg: docker

published: May 29, 2026

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} endpoints deserialize attacker-controlled HTTP request…
CWE: CWE-502
GitHub-GHSA

CRITICAL
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
GHSA-vmwp-vh32-rj75
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
# Remote Code Execution via Mission Database algorithm override

## Summary

The Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in `MdbOverrideApi.updateAlgorithm` is constructed without a `ClassFilter`, allowing a user with the `ChangeMissionDatabase` privilege to execute arbi…

CVE-2026-46562
NVD

CRITICAL
CVE-2026-45083
CVE-2026-45083
pkg: express

published: May 27, 2026

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the b…
CWE: CWE-306
NVD

CRITICAL
CVE-2026-44888
CVE-2026-44888
pkg: python

published: May 27, 2026

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into
pialert.conf without validation. Since pialert.conf is loaded via Python's exec() every 3–5 m…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-44887
CVE-2026-44887
pkg: python

published: May 27, 2026

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the da…
CWE: CWE-94
GitHub-GHSA

CRITICAL
Langroid has Prompt to SQL Injection, Leading to RCE
GHSA-mxfr-6hcw-j9rq
pkg: langroid
eco: pip
published: May 27, 2026
# Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid

## Affected Scope
langroid < 0.63.0

## Vulnerability Description

SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privi…

CVE-2026-25879
NVD

CRITICAL
CVE-2026-48902
CVE-2026-48902
pkg: joomla joomla\!

published: May 26, 2026

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
NVD

CRITICAL
CVE-2026-8376
CVE-2026-8376
pkg: perl perl

published: May 26, 2026

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.

Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a la…

CWE: CWE-680
GitHub-GHSA

CRITICAL
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
GHSA-c2m8-4gcg-v22g
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary

**Type:** Vertical privilege escalation. The `PATCH /workspaces/{workspace_id}/members/{user_id}` endpoint is gated by `require_workspace_member(workspace_id)`, which defaults to `min_role="member"` and is never overridden by the route. The handler then calls `MemberService.update_role(w…

CVE-2026-47416
NVD

CRITICAL
CVE-2026-45628
CVE-2026-45628
pkg: docker

published: May 29, 2026

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (which runs through /bin/sh -c). User-supplied branch names, repository URLs, and Docker credentials a…
CWE: CWE-20, CWE-77
NVD

CRITICAL
CVE-2026-45323
CVE-2026-45323
pkg: node

published: May 28, 2026

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect (repeated) radio range to execute arbitrary javascript in the Home Assistant frontend of anyone viewi…
CWE: CWE-79
NVD

CRITICAL
CVE-2026-44985
CVE-2026-44985
pkg: amirraminfar dozzle

published: May 26, 2026

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables C…
CWE: CWE-346
NVD

CRITICAL
CVE-2026-44326
CVE-2026-44326
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptions …
CWE: CWE-862
NVD

CRITICAL
CVE-2026-44315
CVE-2026-44315
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a fo…
CWE: CWE-862
NVD

CRITICAL
CVE-2026-44451
CVE-2026-44451
pkg: node

published: May 26, 2026

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator (validateComponentOverrideSou…
CWE: CWE-693
GitHub-GHSA

CRITICAL
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection
GHSA-2g95-6x5q-xjwj
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
### Summary
A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython (via the JSR-223 ScriptEngine API) without enforcing a secure sandbox. An authenti…
CVE-2026-46621
GitHub-GHSA

CRITICAL
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`
GHSA-524g-x36v-9wm6
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
### Summary
A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory`). The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated us…
CVE-2026-44632
NVD

CRITICAL
CVE-2026-46833
CVE-2026-46833
pkg: tls

published: May 28, 2026

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. While the vulnerability is in Net Service, attack…
NVD

CRITICAL
CVE-2026-45721
CVE-2026-45721
pkg: windows

published: May 26, 2026

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute …
CWE: CWE-20, CWE-426, CWE-552
GitHub-GHSA

CRITICAL
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
GHSA-h8q5-cp56-rr65
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary

The Platform server exposes resources under `/api/v1/workspaces/{workspace_id}/…` and protects them with a `require_workspace_member(workspace_id)` FastAPI dependency. The dependency only checks that the caller is a member of the workspace_id in the URL prefix. The route handlers then …

CVE-2026-47407
GitHub-GHSA

CRITICAL
stigmem-node's federation peer registration lacked explicit out-of-band approval
GHSA-9vp8-3hmv-8fgh
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
Federation peer registration accepted peer key material during registration without a separate administrator approval step based on an out-of-band fingerprint check. Impacted deployments are nodes that accept federation peer registration across a network where initial registration could b…
GitHub-GHSA

CRITICAL
stigmem-node's federation insecure transport settings may allow non-loopback cleartext federation
GHSA-jmfc-hfjq-pxcp
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
Stigmem nodes with federation enabled could be configured to run without mTLS outside loopback-only local development. In affected deployments, federation traffic may traverse the network without the intended transport protection. Impacted users are operators who enabled federation and ex…
GitHub-GHSA

CRITICAL
stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback
GHSA-fp6w-8wpg-74g5
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node…
GitHub-GHSA

CRITICAL
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
GHSA-qrvh-r3f2-9h4r
pkg: org.xwiki.platform:xwiki-platform-rest-server, org.xwiki.platform:xwiki-platform-rest-server, org.xwiki.platform:xwiki-platform-rest-server
eco: maven
published: May 26, 2026
### Impact

`POST /wikis/{wikiName}` executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki

### Patches

This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1…

CVE-2026-33137
GitHub-GHSA

CRITICAL
XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash
GHSA-xq3r-2qv5-vqqm
pkg: org.xwiki.commons:xwiki-commons-classloader-api, org.xwiki.commons:xwiki-commons-classloader-api, org.xwiki.commons:xwiki-commons-classloader-api
eco: maven
published: May 26, 2026
### Impact

It's possible to get access and read configuration files by using URLs such as `http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false`.

This can apparently be reproduced on Tomcat instances.

### Patches

This has been patched in 18.0.0-rc-1, 17.10.3,…

CVE-2026-23734
GitHub-GHSA

HIGH
PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership
GHSA-h37g-4h4p-9×97
pkg: praisonai-platform
eco: pip
published: May 29, 2026
### Summary

PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to `owner`.

The issue is caused by privileged workspace-management routes using the shared dependency `require_workspace_member(…)` wi…

CVE-2026-47405
GitHub-GHSA

HIGH
PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
GHSA-6h6v-6m7w-7vxx
pkg: praisonai-platform
eco: pip
published: May 29, 2026
### Summary

PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global UUID.

The affected patt…

CVE-2026-47399
GitHub-GHSA

HIGH
PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
GHSA-gv23-xrm3-8c62
pkg: praisonai-platform
eco: pip
published: May 29, 2026
### Summary

The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any …

CVE-2026-48169
NVD

HIGH
CVE-2026-47125
CVE-2026-47125
pkg: docker

published: May 29, 2026

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin author…
CWE: CWE-862
GitHub-GHSA

HIGH
Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename
GHSA-hwc4-gmrw-5222
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 29, 2026
### Summary
`filepath.Base` on the Linux container does not strip backslashes (`\`), because `\` is only a path separator on Windows. A multipart filename like `..\..\..\..\Windows\System32\evil.pdf` survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output…
CVE-2026-44829
NVD

HIGH
CVE-2026-45662
CVE-2026-45662
pkg: docker

published: May 29, 2026

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${response.registryUrl} without shell escaping. In the same file, the docker login command correctly uses shE…
CWE: CWE-78
NVD

HIGH
CVE-2026-9984
CVE-2026-9984
pkg: google chrome, microsoft windows

published: May 28, 2026

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-9945
CVE-2026-9945
pkg: google chrome, microsoft windows

published: May 28, 2026

Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-9928
CVE-2026-9928
pkg: google chrome, microsoft windows

published: May 28, 2026

Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125
GitHub-GHSA

HIGH
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
GHSA-897w-fcg9-f6xj
pkg: dulwich
eco: pip
published: May 28, 2026
## Impact

Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows.

Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax:

– \ — the Windows path …

CVE-2026-42305
NVD

HIGH
CVE-2026-46125
CVE-2026-46125
pkg: go

published: May 28, 2026

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: remove station if connection prep fails

If connection preparation fails for MLO connections, then the
interface is completely reset to non-MLD. In this case, we must
not keep the station since it's related to the l…

NVD

HIGH
CVE-2026-46113
CVE-2026-46113
pkg: go

published: May 28, 2026

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

The shadow MMU computes GFNs for direct shadow pages using sp->gfn plus
the SPTE index. This assumption breaks for shadow paging if the guest
page tables are modifie…

NVD

HIGH
CVE-2026-44346
CVE-2026-44346
pkg: docker

published: May 27, 2026

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom…
CWE: CWE-78, CWE-94
NVD

HIGH
CVE-2026-44345
CVE-2026-44345
pkg: docker

published: May 27, 2026

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 interpolates docker.base_image raw with no escaping, newline filtering, or validation. A malicious bent…
CWE: CWE-78
NVD

HIGH
CVE-2026-36044
CVE-2026-36044
pkg: node

published: May 27, 2026

@pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js chi…
CWE: CWE-78
NVD

HIGH
CVE-2026-24187
CVE-2026-24187
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE: CWE-416
GitHub-GHSA

HIGH
vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
GHSA-m5q2-4fm3-vfqp
pkg: vm2
eco: npm
published: May 29, 2026
## Summary

vm2 3.11.2 `Symbol.for` override in `setup-sandbox.js` only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's `set`/`defineProperty`/`deleteProperty` traps having **no** `isDangerousCrossRealmSymbol` key check, sandbox code can obtain real cross-realm sy…

CVE-2026-47135
GitHub-GHSA

HIGH
axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
GHSA-35jp-ww65-95wh
pkg: axios
eco: npm
published: May 29, 2026
# Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

## Summary

The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any `Object.prototype` pollution in the application's dependency tree to be escalated into a **full Ma…

CVE-2026-44494
GitHub-GHSA

HIGH
HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint
GHSA-g2g8-95qg-v35h
pkg: @haxtheweb/haxcms-nodejs
eco: npm
published: May 29, 2026
## Summary

HaxCMS is affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by injecting an event handler attribute without whitespace before the attribute name.

For e…

CVE-2026-48527
NVD

HIGH
CVE-2026-48527
CVE-2026-48527
pkg: node

published: May 29, 2026

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by in…
CWE: CWE-79
NVD

HIGH
CVE-2026-45348
CVE-2026-45348
pkg: python

published: May 28, 2026

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the…
CWE: CWE-79
NVD

HIGH
CVE-2026-44543
CVE-2026-44543
pkg: kubernetes

published: May 28, 2026

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-pat…
CWE: CWE-269
NVD

HIGH
CVE-2026-42197
CVE-2026-42197
pkg: python

published: May 27, 2026

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin accou…
CWE: CWE-79
GitHub-GHSA

HIGH
Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview
GHSA-6m7c-xfhp-p9fh
pkg: @typebot.io/js
eco: npm
published: May 26, 2026
## Summary
The rating block's custom icon feature accepts arbitrary HTML/SVG via the `customIcon.svg` field and renders it using Solid's `innerHTML` directive without any sanitization. When a malicious typebot is imported or crafted by a workspace collaborator, the payload executes in the builder's …
CVE-2026-28445
NVD

HIGH
CVE-2026-44697
CVE-2026-44697
pkg: node

published: May 29, 2026

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on t…
CWE: CWE-409, CWE-770
GitHub-GHSA

HIGH
NodeVM network builtin exclusions bypass via internal _http_client and _http_server
GHSA-r9pm-gxmw-wv6p
pkg: vm2
eco: npm
published: May 29, 2026
## Summary

`NodeVM` supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to `http`, `https`, `http2`, `net`, `dgram`, `tls`, `dns`, and `dns/promises` is blocked.

However, Node.js also exposes underscored internal HTTP builtins such as …

CVE-2026-47139
GitHub-GHSA

HIGH
vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain
GHSA-c4cf-2hgv-2qv6
pkg: vm2
eco: npm
published: May 29, 2026
## Summary

The `BaseHandler.set` trap in `bridge.js` (line 1231) ignores the `receiver` parameter and unconditionally writes to the host target object. Per the Proxy `set` trap specification, when `receiver !== proxy` (e.g., when a child object inherits from the proxy via `Object.create`), the prop…

CVE-2026-47209
GitHub-GHSA

HIGH
axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
GHSA-pjwm-pj3p-43mv
pkg: axios, axios
eco: npm
published: May 29, 2026
### Summary
shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as `127.0.0.1` or `169.254.169.254`, a request URL using the IPv4-mapped IPv6 form (`::ffff:7f00:1`, `::ffff:a9fe:a9fe`) still routes th…
CVE-2026-44492
GitHub-GHSA

HIGH
yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation
GHSA-vv9j-gjw2-j8wp
pkg: yeoman-environment
eco: npm
published: May 26, 2026
### Impact

`yeoman-environment` versions `>= 2.9.0` and `< 6.0.1` install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package i…

CVE-2026-42089
NVD

HIGH
CVE-2026-45298
CVE-2026-45298
pkg: amirraminfar dozzle

published: May 26, 2026

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that …
CWE: CWE-918
GitHub-GHSA

HIGH
authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user
GHSA-c3m2-jqmq-pvp3
pkg: goauthentik.io
eco: go
published: May 29, 2026
### Summary

authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user.

### Patches

authentik 2026.5.1, 20…

CVE-2026-47201
NVD

HIGH
CVE-2026-44850
CVE-2026-44850
pkg: kubernetes

published: May 28, 2026

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for non-adminis…
CWE: CWE-863
NVD

HIGH
CVE-2026-48153
CVE-2026-48153
pkg: oauth

published: May 27, 2026

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no sch…
CWE: CWE-918
GitHub-GHSA

HIGH
compliance-trestle – jinja has an Arbitrary File Write via Path Traversal
GHSA-4q5v-7g7x-j79w
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 28, 2026
**Relevant Products/Components:**

* `trestle/core/commands/author/jinja.py`
* `trestle author jinja`

## Detailed Description:

The `-o/–output` argument in `trestle author jinja` allows writing files outside the intended workspace.

The application does not properly validate:

* `../`
* `..\…

CVE-2026-46345
NVD

HIGH
CVE-2026-10105
CVE-2026-10105
pkg: express

published: May 29, 2026

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string interpolation in clickho…
CWE: CWE-89
NVD

HIGH
CVE-2026-9994
CVE-2026-9994
pkg: google chrome, microsoft windows

published: May 28, 2026

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-9966
CVE-2026-9966
pkg: google chrome, microsoft windows

published: May 28, 2026

Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-472
NVD

HIGH
CVE-2026-9949
CVE-2026-9949
pkg: google chrome, microsoft windows

published: May 28, 2026

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-9937
CVE-2026-9937
pkg: google chrome, microsoft windows

published: May 28, 2026

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-9932
CVE-2026-9932
pkg: windows

published: May 28, 2026

Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-9924
CVE-2026-9924
pkg: windows

published: May 28, 2026

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-122
NVD

HIGH
CVE-2026-9905
CVE-2026-9905
pkg: windows

published: May 28, 2026

Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-9890
CVE-2026-9890
pkg: windows

published: May 28, 2026

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-10000
CVE-2026-10000
pkg: windows

published: May 28, 2026

Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-45627
CVE-2026-45627
pkg: docker

published: May 29, 2026

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution lands…
CWE: CWE-79
NVD

HIGH
CVE-2026-46510
CVE-2026-46510
pkg: node

published: May 29, 2026

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, or prototype. A single HTTP form field whose name starts with __proto__[…] causes the library to mu…
CWE: CWE-1321
NVD

HIGH
CVE-2026-44358
CVE-2026-44358
pkg: node

published: May 28, 2026

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolu…
CWE: CWE-427, CWE-829
NVD

HIGH
CVE-2026-44483
CVE-2026-44483
pkg: react

published: May 27, 2026

RVF (formerly Remix Validated Form) provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get (used by @rvf/core to flatten incoming form data into a nested object) does not block the keys __proto__, constructor, or prototype when wal…
CWE: CWE-1321
NVD

HIGH
CVE-2026-44328
CVE-2026-44328
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally dereferences upNode.UPF after the type-guarded a…
CWE: CWE-306, CWE-476, CWE-862
NVD

HIGH
CVE-2026-42083
CVE-2026-42083
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer(), the smPolicyGroup route group is created and routes are a…
CWE: CWE-862
NVD

HIGH
CVE-2026-45843
CVE-2026-45843
pkg: linux

published: May 27, 2026

In the Linux kernel, the following vulnerability has been resolved:

slip: bound decode() reads against the compressed packet length

slhc_uncompress() parses a VJ-compressed TCP header by advancing a
pointer through the packet via decode() and pull16(). Neither helper
bounds-checks against isize, a…

NVD

HIGH
CVE-2026-44843
CVE-2026-44843
pkg: langchain langchain

published: May 26, 2026

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load() with …
CWE: CWE-502
GitHub-GHSA

HIGH
praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role
GHSA-w388-2392-px73
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary

**Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can remove any other member, including the workspace owner, using …

CVE-2026-47409
GitHub-GHSA

HIGH
praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks
GHSA-4x6r-9v57-3gqw
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary

**Type:** Insecure Direct Object Reference. The dependency endpoints (`POST/GET /workspaces/{workspace_id}/issues/{issue_id}/dependencies` and `DELETE …/dependencies/{dep_id}`) gate access on `require_workspace_member(workspace_id)` only, then dispatch to `DependencyService` calls that…

CVE-2026-47406
GitHub-GHSA

HIGH
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` – sibling of CVE-2026-44334
GHSA-78r8-wwqv-r299
pkg: PraisonAI
eco: pip
published: May 29, 2026
<html><head></head><body><h2>Arbitrary code execution via ungated <code>spec.loader.exec_module</code> in <code>agents_generator.py</code> (v4.6.32 chokepoint refactor bypass)</h2>
<h3>Summary</h3>
<p>The v4.6.32 chokepoint refactor (which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj) added the <cod…
CVE-2026-47398
NVD

HIGH
CVE-2026-45707
CVE-2026-45707
pkg: node

published: May 29, 2026

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLE_MULTI_TENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that omitt…
CWE: CWE-284
NVD

HIGH
CVE-2026-44882
CVE-2026-44882
pkg: kubernetes

published: May 28, 2026

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer (kubeClientMiddle…
CWE: CWE-863
NVD

HIGH
CVE-2026-45574
CVE-2026-45574
pkg: tls

published: May 26, 2026

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-signed, expired, wrong CN) and intercept all SOAP traffic. This includes patient ide…
CWE: CWE-295
NVD

HIGH
CVE-2026-8855
CVE-2026-8855
pkg: ibm http_server, ibm aix, ibm z\/os

published: May 26, 2026

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).
CWE: CWE-94
NVD

HIGH
CVE-2026-46076
CVE-2026-46076
pkg: go

published: May 27, 2026

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1

Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want
to intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and the
hypercall is some…

NVD

HIGH
CVE-2026-32325
CVE-2026-32325
pkg: windows

published: Jun 1, 2026

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
CWE: CWE-268
NVD

HIGH
CVE-2026-27788
CVE-2026-27788
pkg: windows

published: Jun 1, 2026

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
CWE: CWE-732
GitHub-GHSA

HIGH
compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)
GHSA-gg2g-p7xc-qqmm
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 28, 2026
A High severity Server-Side Template Injection (SSTI) vulnerability exists in the `trestle author jinja` command. The command recursively evaluates rendered templates, allowing an attacker to achieve arbitrary command execution with privileges of the running process by injecting malicious payloads i…
CVE-2026-46439
NVD

HIGH
CVE-2026-46209
CVE-2026-46209
pkg: express

published: May 28, 2026

In the Linux kernel, the following vulnerability has been resolved:

drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

drm_gem_fb_init_with_funcs() computes sub-sampled plane dimensions
using plain integer division:

unsigned int width = mode_cmd->width / (i …

NVD

HIGH
CVE-2026-46129
CVE-2026-46129
pkg: go

published: May 28, 2026

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double free in create_space_info() error path

When kobject_init_and_add() fails, the call chain is:

create_space_info()
-> btrfs_sysfs_add_space_info_type()
-> kobject_init_and_add()
-> failure
-> kobject_put(&space_in…

NVD

HIGH
CVE-2026-46117
CVE-2026-46117
pkg: go

published: May 28, 2026

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()

Sashiko points out that the user can specify WQs sharing the same CQ as a
part of the uAPI and this will trigger the WARN_ON() then go on to corrupt
the kerne…

NVD

HIGH
CVE-2026-46116
CVE-2026-46116
pkg: node

published: May 28, 2026

In the Linux kernel, the following vulnerability has been resolved:

xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete

KASAN reproduces a slab-use-after-free in __xfrm_state_delete()'s
hlist_del_rcu calls under syzkaller load on linux-6.12.y stable
(reproduced on 6.12.47, also reacha…

NVD

HIGH
CVE-2026-46107
CVE-2026-46107
pkg: node

published: May 28, 2026

In the Linux kernel, the following vulnerability has been resolved:

dm-thin: fix metadata refcount underflow

There's a bug in dm-thin in the function rebalance_children. If the
internal btree node has one entry, the code tries to copy all btree
entries from the node's child to the node itself and …

NVD

HIGH
CVE-2026-44724
CVE-2026-44724
pkg: node

published: May 27, 2026

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained int…
CWE: CWE-78
NVD

HIGH
CVE-2026-46065
CVE-2026-46065
pkg: go

published: May 27, 2026

In the Linux kernel, the following vulnerability has been resolved:

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

Hold state of deferred I/O in struct fb_deferred_io_state. Allocate an
instance as part of initializing deferred I/O and remove it only after
the final mapp…

NVD

HIGH
CVE-2026-45942
CVE-2026-45942
pkg: go

published: May 27, 2026

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix e4b bitmap inconsistency reports

A bitmap inconsistency issue was observed during stress tests under
mixed huge-page workloads. Ext4 reported multiple e4b bitmap check
failures like:

ext4_mb_complex_scan_group:2508: gro…

NVD

HIGH
CVE-2026-45933
CVE-2026-45933
pkg: go

published: May 27, 2026

In the Linux kernel, the following vulnerability has been resolved:

bpf: Preserve id of register in sync_linked_regs()

sync_linked_regs() copies the id of known_reg to reg when propagating
bounds of known_reg to reg using the off of known_reg, but when
known_reg was linked to reg like:

known_reg …

NVD

HIGH
CVE-2026-45852
CVE-2026-45852
pkg: linux

published: May 27, 2026

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rxe: Fix double free in rxe_srq_from_init

In rxe_srq_from_init(), the queue pointer 'q' is assigned to
'srq->rq.queue' before copying the SRQ number to user space.
If copy_to_user() fails, the function calls rxe_queue_cleanup…

NVD

HIGH
CVE-2023-52945
CVE-2023-52945
pkg: synology beedrive

published: May 27, 2026

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.
CWE: CWE-427
NVD

HIGH
CVE-2026-24194
CVE-2026-24194
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execu…
CWE: CWE-281
NVD

HIGH
CVE-2026-24193
CVE-2026-24193
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE: CWE-787
NVD

HIGH
CVE-2026-24192
CVE-2026-24192
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data …
CWE: CWE-681
NVD

HIGH
CVE-2026-24191
CVE-2026-24191
pkg: windows

published: May 26, 2026

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE: CWE-367
NVD

HIGH
CVE-2026-24190
CVE-2026-24190
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and …
CWE: CWE-862
NVD

HIGH
CVE-2026-24162
CVE-2026-24162
pkg: linux

published: May 26, 2026

NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
CWE: CWE-502
NVD

HIGH
CVE-2026-47179
CVE-2026-47179
pkg: docker

published: May 29, 2026

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectServ…
CWE: CWE-22
GitHub-GHSA

HIGH
Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives
GHSA-c3px-h233-h6fq
pkg: github.com/getarcaneapp/arcane/backend
eco: go
published: May 28, 2026
## Summary

`ProjectService.GetProjectFileContent` returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because `ProjectService.CreateProject` writes attacker-supplied compose content to disk without validating i…

CVE-2026-47179
NVD

HIGH
CVE-2026-45296
CVE-2026-45296
pkg: python

published: May 28, 2026

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify th…
CWE: CWE-284
NVD

HIGH
CVE-2026-48146
CVE-2026-48146
pkg: oauth

published: May 27, 2026

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection. The safe wrapper fetchWithBlacklist() exists in the same codebase and is used in every other outboun…
CWE: CWE-918
NVD

HIGH
CVE-2026-45061
CVE-2026-45061
pkg: node

published: May 27, 2026

Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passe…
CWE: CWE-918
GitHub-GHSA

HIGH
praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)
GHSA-5jx9-w35f-vp65
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary

**Type:** Insecure Direct Object Reference. Five label endpoints — `PATCH /workspaces/{workspace_id}/labels/{label_id}`, `DELETE …/labels/{label_id}`, `POST …/issues/{issue_id}/labels/{label_id}`, `DELETE …/issues/{issue_id}/labels/{label_id}`, `GET …/issues/{issue_id}/labels` …

CVE-2026-47414
NVD

HIGH
CVE-2026-44680
CVE-2026-44680
pkg: node

published: May 26, 2026

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path emitters (Platform.getS…
CWE: CWE-89
NVD

HIGH
CVE-2026-45082
CVE-2026-45082
pkg: docker

published: May 26, 2026

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward …
CWE: CWE-918
NVD

HIGH
CVE-2026-7459
CVE-2026-7459
pkg: react

published: May 30, 2026

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unreact_to_event()). The endpoints register get_items_pe…
CWE: CWE-640
GitHub-GHSA

HIGH
russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
GHSA-wwx6-x28x-8259
pkg: russh
eco: rust
published: May 29, 2026
### Summary

When SSH compression is enabled, `russh` accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected.

CVE-2026-46702
GitHub-GHSA

HIGH
ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag
GHSA-h64w-w9pr-82m4
pkg: exifreader
eco: npm
published: May 29, 2026
### Impact

When parsing an image with an embedded ICC profile that contains a crafted `multiLocalizedUnicodeType` (`mluc`) tag, ExifReader can be made to allocate memory proportional to attacker-controlled fields in the tag rather than to
the actual size of the input. Processing such an image cause…

CVE-2026-8813
GitHub-GHSA

HIGH
Gotenberg has a Race Condition via Multipart `downloadFrom` Handling
GHSA-vp73-vjw8-8f32
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 29, 2026
### Summary

Gotenberg is vulnerable to a remote denial of service in multipart `downloadFrom` handling.

A multipart request containing multiple `downloadFrom` entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with `fatal error: con…

CVE-2026-45742
GitHub-GHSA

HIGH
Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes
GHSA-86m8-88fq-xfxp
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 29, 2026
### Summary

`IsPublicIP` in `pkg/gotenberg/outbound.go` incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public IPs, allowing an unauthenticated attacker to reach internal destinations (e.g., cloud metadata services at `169.254.169.254`) via a single crafted DNS AAAA re…

CVE-2026-45741
NVD

HIGH
CVE-2026-10056
CVE-2026-10056
pkg: windows

published: May 29, 2026

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeove…
CWE: CWE-942
NVD

HIGH
CVE-2026-48116
CVE-2026-48116
pkg: mintplexlabs anythingllm

published: May 28, 2026

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a — end-of-options separator. …
CWE: CWE-77, CWE-88
NVD

HIGH
CVE-2026-10044
CVE-2026-10044
pkg: windows

published: May 28, 2026

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal sequence…
CWE: CWE-36
NVD

HIGH
CVE-2026-46835
CVE-2026-46835
pkg: tls

published: May 28, 2026

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can result…
CWE: CWE-400
NVD

HIGH
CVE-2026-46834
CVE-2026-46834
pkg: tls

published: May 28, 2026

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can result…
CWE: CWE-400
NVD

HIGH
CVE-2026-32847
CVE-2026-32847
pkg: tls

published: May 28, 2026

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /{full_path:path} endpoint. Attackers can bypass Starlette'…
CWE: CWE-22
GitHub-GHSA

HIGH
FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations
GHSA-q3w6-q3hc-c5x6
pkg: fuxa-server
eco: npm
published: May 27, 2026
### Summary

The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled.

### Details

File: `server/api/projects/index.js`

“`javascript
prjApp.get("/api/project", secureFnc, function(req, res) {
const permission = ch…

CVE-2026-47717
NVD

HIGH
CVE-2026-45090
CVE-2026-45090
pkg: go

published: May 27, 2026

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes (clos…
CWE: CWE-362, CWE-404
NVD

HIGH
CVE-2026-45047
CVE-2026-45047
pkg: go

published: May 27, 2026

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&request) without restricting the maximum read size. An unauthenticated remote attacker can stream an …
CWE: CWE-400
GitHub-GHSA

HIGH
LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
GHSA-r7g9-xpmj-5fcq
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary

The built-in `strip_html` filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many `<script`, `<style`, or `<!–` opener tokens without matching closers, the V8 regex engine performs O(N²) backtracking, blocking the Node.js event loop. A…

CVE-2026-45617
GitHub-GHSA

HIGH
LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)
GHSA-hh27-hf48-9f5q
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary

The `date` filter's strftime implementation parses width specifiers like `%9999999d` and forwards the captured width unchecked into `pad()`/`padStart()` in `src/util/underscore.ts`. The pad loop performs unbounded string concatenation without consulting the Context's `memoryLimit` or `re…

CVE-2026-45357
NVD

HIGH
CVE-2026-44321
CVE-2026-44321
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFromConfi…
CWE: CWE-306, CWE-617, CWE-862
NVD

HIGH
CVE-2026-44319
CVE-2026-44319
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(…) and on any delivery erro…
CWE: CWE-20, CWE-617, CWE-755
NVD

HIGH
CVE-2026-48922
CVE-2026-48922
pkg: jenkins credentials_binding

published: May 27, 2026

Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if …
CWE: CWE-20
NVD

HIGH
CVE-2026-44902
CVE-2026-44902
pkg: node

published: May 27, 2026

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default 0.0.0.0:9464) has no error handling around URL parsing, so a request with an invalid …
CWE: CWE-755
NVD

HIGH
CVE-2026-46052
CVE-2026-46052
pkg: node

published: May 27, 2026

In the Linux kernel, the following vulnerability has been resolved:

ceph: only d_add() negative dentries when they are unhashed

Ceph can call d_add(dentry, NULL) on a negative dentry that is already
present in the primary dcache hash.

In the current VFS that is not safe. d_add() goes through __d…

GitHub-GHSA

HIGH
XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests
GHSA-rh28-mqj4-8×59
pkg: org.xwiki.platform:xwiki-platform-livetable-ui, org.xwiki.platform:xwiki-platform-livetable-ui, org.xwiki.platform:xwiki-platform-livetable-ui
eco: maven
published: May 26, 2026
### Impact
XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the `LiveTableResults`, it is still possible to discover password hashes one bit at a time, so with 768 requests, the full password salt and hash can be retrieved of a user.

CVE-2026-48048
NVD

HIGH
CVE-2026-24212
CVE-2026-24212
pkg: nvidia isaac_launchable, linux linux_kernel

published: May 26, 2026

NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CWE: CWE-319
NVD

HIGH
CVE-2026-47071
CVE-2026-47071
pkg: benoitc hackney

published: May 25, 2026

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which d…
CWE: CWE-400
GitHub-GHSA

HIGH
GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands
GHSA-8xvp-7hj6-mcj9
pkg: github.com/cli/cli/v2
eco: go
published: May 29, 2026
### Summary

GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands.

**Affected users:**

– Authenticated `github.com` users who previously ran `gh attestation` commands, …

CVE-2026-48501
NVD

HIGH
CVE-2026-46579
CVE-2026-46579
pkg: tls

published: May 29, 2026

A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a …
CWE: CWE-287
NVD

HIGH
CVE-2026-48526
CVE-2026-48526
pkg: python

published: May 28, 2026

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret…
CWE: CWE-287, CWE-347
GitHub-GHSA

HIGH
Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
GHSA-chqv-56wv-7564
pkg: deno
eco: rust
published: May 27, 2026
## Summary

A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When `autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook t…

CVE-2026-44726
NVD

HIGH
CVE-2026-45575
CVE-2026-45575
pkg: tls

published: May 26, 2026

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects uri_puk_idp_enc and uri…
CWE: CWE-347
NVD

HIGH
CVE-2026-48697
CVE-2026-48697
pkg: pavel-odintsov fastnetmon

published: May 26, 2026

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but neve…
CWE: CWE-295
NVD

HIGH
CVE-2026-44320
CVE-2026-44320
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g. Authorization: Bearer not-a-real-token) is enough to reach the SMF-callback …
CWE: CWE-306, CWE-862
NVD

HIGH
CVE-2026-36045
CVE-2026-36045
pkg: express

published: May 27, 2026

picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete.
CWE: CWE-78
NVD

HIGH
CVE-2026-48962
CVE-2026-48962
pkg: express

published: May 27, 2026

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.

_parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through …

CWE: CWE-95
NVD

HIGH
CVE-2026-45609
CVE-2026-45609
pkg: oauth

published: May 29, 2026

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it processes untrusted UR…
CWE: CWE-918
GitHub-GHSA

HIGH
OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd
GHSA-q537-qhj4-wcjx
pkg: pycti
eco: pip
published: May 28, 2026
### Summary
An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization.

### Impact
Full platform access, access to sensitive or proprietary information.

CVE-2026-44730
GitHub-GHSA

HIGH
CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests
GHSA-rw47-hm26-6wr7
pkg: github.com/crowdsecurity/crowdsec
eco: go
published: May 27, 2026
## Summary

The CrowdSec AppSec component fails to read the HTTP request body for any request whose `Content-Length` is not positive — most notably HTTP/1.1 requests using `Transfer-Encoding: chunked` and HTTP/2 requests sent without a `content-length` header. Coraza is then evaluated against an e…

CVE-2026-44982
NVD

HIGH
CVE-2026-46175
CVE-2026-46175
pkg: node

published: May 28, 2026

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix fsck inconsistency caused by FGGC of node block

During FGGC node block migration, fsck may incorrectly treat the
migrated node block as fsync-written data.

The reproduction scenario:
root@vm:/mnt/f2fs# seq 1 2048 | xarg…

NVD

HIGH
CVE-2026-45134
CVE-2026-45134
pkg: python

published: May 27, 2026

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPromptCommit in JS/TS) fetch and deserialize prompt manifests fr…
CWE: CWE-502
NVD

HIGH
CVE-2026-45856
CVE-2026-45856
pkg: linux

published: May 27, 2026

In the Linux kernel, the following vulnerability has been resolved:

RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send

ib_uverbs_post_send() uses cmd.wqe_size from userspace without any
validation before passing it to kmalloc() and using the allocated
buffer as struct ib_uverbs_…

NVD

HIGH
CVE-2026-24196
CVE-2026-24196
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
CWE: CWE-125
NVD

HIGH
CVE-2026-24195
CVE-2026-24195
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service.
CWE: CWE-20
GitHub-GHSA

HIGH
axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
GHSA-3g43-6gmg-66jw
pkg: axios, axios
eco: npm
published: May 29, 2026
## Summary

Axios versions before the fixed releases contain prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted `Object.prototype.transformResponse`, affected Axios versions may treat that inherited value as request …

CVE-2026-44495
GitHub-GHSA

HIGH
Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring
GHSA-9rfg-v8g9-9367
pkg: @fedify/fedify
eco: npm
published: May 26, 2026
### Summary

An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received.

### Details

The vulnerability essentially boil…

CVE-2026-42462
GitHub-GHSA

HIGH
PraisonAI has an Arbitrary File Write in Python API
GHSA-hvhp-v2gc-268q
pkg: PraisonAI
eco: pip
published: May 29, 2026
# Bug Report: Arbitrary File Write in Python API

## Summary

Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. `write_file` skips path validation when `workspace=None` (always `None` in production).

## Affected

PraisonAI <= 4.6.37 (pip i…

CVE-2026-47397
GitHub-GHSA

HIGH
PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
GHSA-9cr9-25q5-8prj
pkg: PraisonAI
eco: pip
published: May 29, 2026
## Summary

The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_server/adapters/cli_tools.py`:

> "registers four file-handling tools by default, `praisonai.rules.create`, `praisonai.rules.show`, `praisonai.rules.de…

CVE-2026-47394
GitHub-GHSA

HIGH
stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment
GHSA-w7pm-9g55-mxfm
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded.

### Patches
Patched in 0.9.0a2. Disabling plugin si…

GitHub-GHSA

HIGH
stigmem-node's Postgres schema identifier handling required defensive quoting
GHSA-9pc9-4crj-mhpj
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
Postgres backend schema identifiers were interpolated into SQL strings. In the reviewed code path the schema value is operator-controlled, but the pattern was unsafe if future call sites allowed tenant or request-controlled schema names. Impacted users are operators using the Postgres bac…
GitHub-GHSA

HIGH
stigmem-node's federation peer token timestamp validation may reject valid peer tokens
GHSA-xh5j-xjfq-qvvx
pkg: stigmem-node
eco: pip
published: May 29, 2026
### Impact
A mismatch in federation peer-token timestamp handling could cause valid peer tokens to be treated as expired. Impacted deployments are Stigmem nodes using federation peer authentication paths from affected versions. The primary impact is availability and reliability of authenticated fede…
GitHub-GHSA

HIGH
ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
GHSA-c4m7-2gwp-vw76
pkg: ouroboros-ai
eco: pip
published: May 29, 2026
### Impact
A Remote Code Execution (RCE) vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover.

The vulnerability (CWE-426: Untrusted Search Path & C…

CVE-2026-47211
GitHub-GHSA

HIGH
CC-Tweaked has an SSRF Protection Bypass with NAT64
GHSA-5jh9-2h63-pw4q
pkg: cc.tweaked:cc-tweaked-1.21-core, cc.tweaked:cc-tweaked-1.20.1-core, cc.tweaked:cc-tweaked-1.20.4-core
eco: maven
published: May 29, 2026
### Summary

CC-Tweaked's HTTP API (`http.request`, `http.websocket`) blocks requests to private network ranges to prevent server-side request forgery (SSRF). This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses (`64:ff9b::/96`). An attacker who can execute…

CVE-2026-47695
GitHub-GHSA

HIGH
AgenticMail API/storage and outbound relay hardening fixes
GHSA-wjjv-3mj2-39hf
pkg: @agenticmail/api, @agenticmail/core
eco: npm
published: May 29, 2026
The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct stora…
CVE-2026-47255
GitHub-GHSA

HIGH
Dulwich Vulnerable to Command Injection via Merge Driver Path
GHSA-9277-mp7x-85jf
pkg: dulwich
eco: pip
published: May 28, 2026
## Summary

Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the merge driver command via the `%P` placeholder and executes it with `subprocess.run(…, shell=True)`. An attacker who can cause a victim to merge an u…

CVE-2026-42563
GitHub-GHSA

HIGH
OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL
GHSA-v8v8-cm84-m686
pkg: github.com/openbao/openbao
eco: go
published: May 28, 2026
# Impact

OpenBao's namespaces provide multi-tenant separation. A tenant who intentionally leaks lease identifiers can have their lease and underlying credential revoked or renewed by a user in another tenant via the legacy, undocumented `sys/revoke` and `sys/renew` endpoints.

# Patch

This will be…

CVE-2026-45808
GitHub-GHSA

HIGH
compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal
GHSA-g3vg-vx23-3858
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 27, 2026
## Summary

The compliance-trestle library's remote fetching cache mechanism (HTTPSFetcher and SFTPFetcher) constructs the local cache file path from the URL path component without sanitizing path traversal sequences (`../`). When a remote OSCAL profile references a URL with traversal in its path, t…

CVE-2026-45725
GitHub-GHSA

HIGH
Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
GHSA-2gv2-cffp-j227
pkg: github.com/kata-containers/kata-containers
eco: go
published: May 27, 2026
### Summary

In the runtime-rs standalone virtio-fs path, verified here with QEMU (and verified with Cloud Hypervisor too), Kata Containers runs host `virtiofsd` as root with:

“`
–sandbox none –seccomp none
“`

If an attacker has root-equivalent execution inside the Kata guest VM, they can send…

CVE-2026-47243
GitHub-GHSA

HIGH
@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters
GHSA-36hh-x5p5-jgc8
pkg: @hapi/content
eco: npm
published: May 27, 2026
### Impact
The two parsers resolved duplicates inconsistently and silently:
– `Content.disposition()` retained the last occurrence of each parameter.
– `Content.type()` retained the first occurrence of charset and boundary.

Either behavior creates a parameter-smuggling primitive when another compon…

CVE-2026-44974
GitHub-GHSA

HIGH
tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape
GHSA-ph9p-34f9-6g65
pkg: tmp
eco: npm
published: May 27, 2026
### Summary

The tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the `prefix`, `postfix`, or `dir` options. By embedding traversal sequences (e.g., `../`) or path separators in these parameters, attackers ca…

CVE-2026-44705
GitHub-GHSA

HIGH
FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass
GHSA-rg3m-cfq7-g6h6
pkg: fuxa-server
eco: npm
published: May 26, 2026
### Summary

An unauthenticated Remote Code Execution vulnerability exists in FUXA when `secureEnabled` is set to `true`. The `POST /api/runscript` endpoint checks authorization against the stored script's permission by ID, but when `test: true` is set in the request, it compiles and executes attack…

CVE-2026-43947
GitHub-GHSA

HIGH
FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue
GHSA-fwcm-rqvw-j3p7
pkg: fuxa-server
eco: npm
published: May 26, 2026
### Summary
An authorization bypass in the /api/getTagValue endpoint allows unauthenticated access to tag values when the referenced script does not exist.

### Details
The issue is caused by the combination of these code paths:

– `server/api/apikeys/verify-api-or-token.js:45` sends requests…

CVE-2026-43946
GitHub-GHSA

HIGH
FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection
GHSA-p69w-mmfv-xrfj
pkg: @frangoteam/fuxa
eco: npm
published: May 26, 2026
**Pre-auth** RCE in FUXA via Logic Bypass

Summary

A Critical vulnerability chain exists in FUXA (v.1.3.0-2706) that allows an unauthenticated remote attacker to achieve Full Remote Code Execution (RCE) as root. The exploit succeeds even when the platform is configured in its most secure state (Sec…

CVE-2026-43945
NVD

MEDIUM
CVE-2026-44247
CVE-2026-44247
pkg: kubernetes

published: May 27, 2026

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially cau…
CWE: CWE-400, CWE-770
NVD

MEDIUM
CVE-2026-44707
CVE-2026-44707
pkg: oauth

published: May 26, 2026

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not o…
CWE: CWE-283, CWE-287
GitHub-GHSA

MEDIUM
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
GHSA-w76h-q7c6-jpjp
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 28, 2026
A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module.

**Finding 1 (Critical): SSRF (CWE-918)**
The HTTPSFetcher._do_fetch() method passes a user-supplied URL directly to requests.get() without validation. This allows an at…

CVE-2026-46380
GitHub-GHSA

MEDIUM
praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership
GHSA-27p4-pjqv-whgj
pkg: praisonai-platform
eco: pip
published: May 29, 2026
## Summary

**Type:** Insecure Direct Object Reference. The `GET /workspaces/{workspace_id}/issues/{issue_id}/activity` endpoint is gated by `require_workspace_member(workspace_id)` and dispatches to `ActivityService.list_for_issue(issue_id)`, which executes `SELECT * FROM activity WHERE issue_id = …

CVE-2026-47408
GitHub-GHSA

MEDIUM
BoxLite has a Timeout Bypass Vulnerability
GHSA-xjhv-pp2r-6f82
pkg: boxlite
eco: pip
published: May 29, 2026
#### Summary

BoxLite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill t…

CVE-2026-47213
GitHub-GHSA

MEDIUM
zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
GHSA-rfg2-pjw2-56×2
pkg: zeroconf
eco: pip
published: May 29, 2026
### Impact

`DNSCache._async_add` inserted every response record into `cache`, `_expirations`, `_expire_heap`, and `service_cache` with no cap on entry count. The only pre-existing protection was a PTR TTL floor (`_DNS_PTR_MIN_TTL = 1125` s, RFC 6762 §10), which actually *prolonged* attacker-inject…

CVE-2026-47184
GitHub-GHSA

MEDIUM
zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
GHSA-phvx-9mgw-67r5
pkg: zeroconf
eco: pip
published: May 29, 2026
### Impact
`DNSIncoming._log_exception_debug` and the four `QuietLogger` exception-dedup methods stored an unbounded `_seen_logs` dict keyed by `str(sys.exc_info()[1])`. The seven `IncomingDecodeError` messages raised from `_read_name` / `_decode_labels_at_offset` (RFC 6762 §18 name-decoding error …
CVE-2026-47183
GitHub-GHSA

MEDIUM
zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
GHSA-9pgc-3ccv-5297
pkg: zeroconf
eco: pip
published: May 29, 2026
### Impact

`DNSIncoming._decode_labels_at_offset` recurses once per DNS-name compression pointer (RFC 1035 §4.1.4). Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single ~3 kB mDNS packet carrying ~1500 chained pointers drives the recursion …

CVE-2026-47180
GitHub-GHSA

MEDIUM
go-git: Malformed Git object data may cause panics or resource exhaustion
GHSA-w5pp-99ch-qj29
pkg: github.com/go-git/go-git/v5, github.com/go-git/go-git/v6
eco: go
published: May 29, 2026
### Impact
Several denial-of-service issues were identified in `go-git` when parsing maliciously crafted Git repository data.

An attacker may craft a malicious `.pack`, `.idx` or loose objects that causes an application using an affected version of `go-git` to panic or consume excessive resources.

NVD

MEDIUM
CVE-2026-45619
CVE-2026-45619
pkg: curl

published: May 29, 2026

WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS pinning via CURLOPT_RESOLVE, opening DNS-rebinding TOCTOU.
CWE: CWE-367, CWE-918
NVD

MEDIUM
CVE-2026-45582
CVE-2026-45582
pkg: node

published: May 29, 2026

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend.…
CWE: CWE-201
NVD

MEDIUM
CVE-2026-42399
CVE-2026-42399
pkg: express

published: May 28, 2026

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression co…
CWE: CWE-400
NVD

MEDIUM
CVE-2026-45306
CVE-2026-45306
pkg: python

published: May 28, 2026

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect the Flask session directory (/tmp/pyLoad/flask). An authenticated attacker can set storage_folder to…
CWE: CWE-706
NVD

MEDIUM
CVE-2026-44796
CVE-2026-44796
pkg: networktocode nautobot

published: May 28, 2026

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in co…
CWE: CWE-400, CWE-1333
NVD

MEDIUM
CVE-2026-5737
CVE-2026-5737
pkg: curl

published: May 28, 2026

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrer_url values when the signature matches, combined with a sc…
CWE: CWE-918
NVD

MEDIUM
CVE-2026-47273
CVE-2026-47273
pkg: express

published: May 27, 2026

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and device-supplied identifiers (USB device serial, model, vendor) to query /etc/pamusb.conf. These identifi…
CWE: CWE-91
NVD

MEDIUM
CVE-2026-48147
CVE-2026-48147
pkg: express

published: May 27, 2026

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex() / matches() functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. T…
CWE: CWE-185, CWE-352
NVD

MEDIUM
CVE-2026-44324
CVE-2026-44324
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId doe…
CWE: CWE-704, CWE-754
NVD

MEDIUM
CVE-2026-44318
CVE-2026-44318
pkg: free5gc free5gc

published: May 27, 2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock() via BSFContext.GetSubscription(subId), but i…
CWE: CWE-362, CWE-820
NVD

MEDIUM
CVE-2026-3676
CVE-2026-3676
pkg: linux

published: May 27, 2026

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced enviro…
CWE: CWE-1284
GitHub-GHSA

MEDIUM
LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body
GHSA-8xx9-69p8-7jp3
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary

The `renderLimit` option — documented in `docs/source/tutorials/dos.md` as the mechanism that "mitigates this by limiting the time consumed by each render() call" — can be fully bypassed by a `{% for %}` (or `{% tablerow %}`) tag whose body is empty. The per-iteration time check is r…

CVE-2026-44645
GitHub-GHSA

MEDIUM
Yamcs has No Rate Limiting on Authentication Endpoint
GHSA-w5r6-mcgq-7pq4
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
### Summary

The authentication endpoint `POST /auth/token` in `yamcs-core` lacks any form of rate limiting, account lockout, or failed attempt throttling. As a result, an unauthenticated remote attacker can perform unlimited password guessing attempts against any user account.

This missing rate li…

CVE-2026-44596
NVD

MEDIUM
CVE-2026-47672
CVE-2026-47672
pkg: docker

published: May 26, 2026

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment (e.g., followin…
CWE: CWE-306
NVD

MEDIUM
CVE-2026-24197
CVE-2026-24197
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnera…
CWE: CWE-1188
NVD

MEDIUM
CVE-2026-24182
CVE-2026-24182
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.
CWE: CWE-667
GitHub-GHSA

MEDIUM
Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
GHSA-6×26-5727-rrm9
pkg: github.com/nezhahq/nezha
eco: go
published: May 29, 2026
#### Summary

An authenticated Nezha dashboard user can create or update a DDNS profile with provider `webhook` and configure an arbitrary `webhook_url`, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured req…

CVE-2026-47268
NVD

MEDIUM
CVE-2026-8866
CVE-2026-8866
pkg: go

published: May 27, 2026

The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes (userid, albumid, authkey, imgmax, maxr…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-8842
CVE-2026-8842
pkg: go

published: May 27, 2026

The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes ('id' and 'name') in the gplusnamelink_gener…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-9831
CVE-2026-9831
pkg: jwt

published: May 29, 2026

A race condition in the shared Extreme Platform
ONE IAM Gateway API-key authentication path could, under specific
high-concurrency traffic conditions, intermittently allow requests
authenticated with an Extreme Platform ONE /IAM-issued API key to receive
response data for another tenant. The issue w…
CWE: CWE-362, CWE-488
NVD

MEDIUM
CVE-2026-45626
CVE-2026-45626
pkg: docker

published: May 29, 2026

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is passed to a shell command (sh -c "find … | while …") inside an Arcane helper container. The path …
CWE: CWE-78
NVD

MEDIUM
CVE-2026-10101
CVE-2026-10101
pkg: kubernetes

published: May 29, 2026

ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `InfraEnv` objects and recover the referenced Secret's…
CWE: CWE-201
NVD

MEDIUM
CVE-2026-42328
CVE-2026-42328
pkg: go

published: May 27, 2026

go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list …
CWE: CWE-674
GitHub-GHSA

MEDIUM
nono: Sandbox escape on Linux via D-Bus: `systemd-run –user`
GHSA-27vp-2mmc-vmh3
pkg: nono-cli
eco: rust
published: May 28, 2026
### Summary

The nono Landlock/seccomp policies allow access to local Unix domain sockets (concrete and abstract). This allows an easy sandbox escape by talking to the per-user systemd dbus socket.

Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so th…

CVE-2026-47128
NVD

MEDIUM
CVE-2026-44681
CVE-2026-44681
pkg: oauth

published: May 27, 2026

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attack…
CWE: CWE-601, CWE-863
GitHub-GHSA

MEDIUM
LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS
GHSA-2qv6-9wx5-cwv4
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary

The `strip_html` filter in liquidjs is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The implementation uses a regex whose catch-all branch (`<.*?>`) does not match line terminators, so any HTML tag containing a `\n` or `\r` characte…

CVE-2026-44644
NVD

MEDIUM
CVE-2026-44898
CVE-2026-44898
pkg: mistune_project mistune

published: May 26, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the visible link label) are inserted into <a> tags via a …
CWE: CWE-79
NVD

MEDIUM
CVE-2026-44897
CVE-2026-44897
pkg: mistune_project mistune

published: May 26, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTML — with no call to escape(), safe_entity(), or any other sanitisation function. A double-quote cha…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-44896
CVE-2026-44896
pkg: mistune_project mistune

published: May 26, 2026

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRend…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-44708
CVE-2026-44708
pkg: mistune_project mistune

published: May 26, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($…$) and block math ($$…$$) by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is exp…
CWE: CWE-79
GitHub-GHSA

MEDIUM
CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS
GHSA-g2g4-47gv-p72v
pkg: cryptpad
eco: npm
published: May 26, 2026
### Summary
CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags.
Because the sanitizer only validates the src attribute of `<iframe>` `<video>`, and `<audio>` elements, and does not restrict other attributes, an attacker can inject arbitrary H…
CVE-2026-26028
GitHub-GHSA

MEDIUM
unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
GHSA-6m57-8r3p-pqx6
pkg: unbounded-spsc
eco: rust
published: May 29, 2026
## Summary

`Sender::send` in `src/lib.rs` contains an `unsafe` block in the `DISCONNECTED` arm that transmutes a **raw pointer** (`*mut Producer<T>`) into the bytes of a **value-level** `Consumer<T>`. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. T…

CVE-2026-46690
NVD

MEDIUM
CVE-2026-49129
CVE-2026-49129
pkg: curl

published: May 28, 2026

Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP…
CWE: CWE-918
NVD

MEDIUM
CVE-2026-24198
CVE-2026-24198
pkg: linux

published: May 26, 2026

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of servi…
CWE: CWE-200
GitHub-GHSA

MEDIUM
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
GHSA-5cxw-77wg-jrf3
pkg: praisonaiagents, PraisonAI
eco: pip
published: May 29, 2026
### Summary

PraisonAI's direct-prompt CLI automatically expands `@url:` mentions in raw prompt text before agent execution begins.

If a prompt contains `@url:<http-or-https-url>`, the CLI calls `MentionsParser.process(…)`. The `@url:` handler then performs a direct `urllib.request.urlopen()` req…

CVE-2026-47395
GitHub-GHSA

MEDIUM
PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
GHSA-5c6w-wwfq-7qqm
pkg: praisonaiagents, PraisonAI
eco: pip
published: May 29, 2026
### Summary

PraisonAI's `spider_tools` URL validation can be bypassed using alternate loopback host encodings.

The affected component is:

“`text
praisonaiagents/tools/spider_tools.py
““

The tool contains a URL validation function intended to block local or unsafe targets before fetching attac…

CVE-2026-47390
GitHub-GHSA

MEDIUM
CAPM3 vulnerable to Cross-Namespace resource access
GHSA-rf84-wr5g-m3rp
pkg: github.com/metal3-io/cluster-api-provider-metal3, github.com/metal3-io/cluster-api-provider-metal3
eco: go
published: May 29, 2026
## Summary

CAPM3 is Metal3's Cluster API (CAPI) provider for baremetal provisioning in Kubernetes. Multiple cross-namespace access control vulnerabilities in Cluster API Provider Metal3 allow users with permissions to create or modify CAPM3 resources in one namespace to reference, read, or claim re…

NVD

MEDIUM
CVE-2026-44885
CVE-2026-44885
pkg: kubernetes

published: May 28, 2026

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target dire…
CWE: CWE-22
GitHub-GHSA

MEDIUM
Shamefile has an arbitrary file read via shamefile.yaml in shame next
GHSA-x6p3-76f2-xxvh
pkg: shamefile, shamefile, shamefile
eco: npm
published: May 28, 2026
### Impact

A path traversal vulnerability in `shame next` allows an attacker-controlled `shamefile.yaml` to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details.

### Patches

Fixed in 0.1.7. Up…

CVE-2026-47144
NVD

MEDIUM
CVE-2025-13755
CVE-2025-13755
pkg: ibm db2

published: May 26, 2026

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.
CWE: CWE-532
NVD

MEDIUM
CVE-2026-48523
CVE-2026-48523
pkg: jwt

published: May 28, 2026

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature veri…
CWE: CWE-347
NVD

MEDIUM
CVE-2026-45571
CVE-2026-45571
pkg: go

published: May 27, 2026

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were intr…
CWE: CWE-22
GitHub-GHSA

MEDIUM
Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers
GHSA-hqmv-v56g-4m47
pkg: @typebot.io/js
eco: npm
published: May 26, 2026
### Summary

The Typebot viewer (`packages/embeds/js`) renders anchor tags from rich text bubble content without filtering the `javascript:` URI scheme. A bot author can set a link URL to `javascript:PAYLOAD`, which executes in the visitor's browser context when clicked. Since the viewer is typicall…

CVE-2026-39964
GitHub-GHSA

MEDIUM
Nerdbank.MessagePack has Inefficient CPU Computation
GHSA-92vj-hp7m-gwcj
pkg: Nerdbank.MessagePack
eco: nuget
published: May 29, 2026
### Impact

Applications that call `OptionalConverters.WithExpandoObjectConverter` and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a `O(n²)` algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an `ExpandoObject`, whos…

GitHub-GHSA

MEDIUM
Nerdbank.MessagePack has a memory amplification DoS in collection deserialization
GHSA-qjvr-435c-5fjh
pkg: Nerdbank.MessagePack
eco: nuget
published: May 29, 2026
Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be allocated…
GitHub-GHSA

MEDIUM
russh server userauth state is not reset when authentication principal changes
GHSA-hpv4-5h6f-wqr3
pkg: russh
eco: rust
published: May 29, 2026
### Summary
The `russh` server authentication path keeps internal userauth state across `SSH_MSG_USERAUTH_REQUEST` messages without separating that state when the request principal changes.

RFC 4252 allows the `user name` and `service name` fields to change between authentication requests. The issu…

CVE-2026-46705
GitHub-GHSA

MEDIUM
ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
GHSA-rr89-w3h9-m66j
pkg: exifreader
eco: npm
published: May 29, 2026
### Impact

Versions of ExifReader from 4.20.0 through 4.38.1 do not bound the size of decompressed metadata blocks. When a caller invokes the asynchronous API (e.g. `ExifReader.load(file)` or `ExifReader.load(buffer, {async: true})`) on an attacker-supplied image, a small compressed chunk in the fi…

CVE-2026-8814
GitHub-GHSA

MEDIUM
OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens
GHSA-7j6w-vvw2-5f9c
pkg: github.com/openbao/openbao
eco: go
published: May 28, 2026
### Impact

In OpenBao's Kerberos auth method on the `GET` handler, or when an `Authorization: Negotiate` header is supplied, the response is includes a `logical.Auth` object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entit…

CVE-2026-46405
GitHub-GHSA

MEDIUM
opentelemetry-go's baggage parsing no longer caps raw header length
GHSA-5wrp-cwcj-q835
pkg: go.opentelemetry.io/otel/baggage, go.opentelemetry.io/otel/propagation, go.opentelemetry.io/otel/baggage
eco: go
published: May 28, 2026
### Summary

https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs.

### Details

The commit removes the upfront baggage-string length che…

CVE-2026-41178
NVD

MEDIUM
CVE-2026-48525
CVE-2026-48525
pkg: python

published: May 28, 2026

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For b6…
CWE: CWE-400
NVD

MEDIUM
CVE-2026-7552
CVE-2026-7552
pkg: go

published: May 28, 2026

The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to expose sensitive plugin co…
CWE: CWE-862
GitHub-GHSA

MEDIUM
LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`
GHSA-9x9p-qf8f-mvjg
pkg: liquidjs
eco: npm
published: May 27, 2026
## Summary

`Context.spawn()` in liquidjs creates a child `Context` for the `{% render %}` tag but does not propagate the parent context's resolved `ownPropertyOnly` value. The new context re-derives `ownPropertyOnly` from `opts.ownPropertyOnly` (the instance-level option), silently discarding any `…

CVE-2026-44646
NVD

MEDIUM
CVE-2026-47271
CVE-2026-47271
pkg: express

published: May 27, 2026

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(data != NULL). The C standard specifies that all assert() expressions are compiled out when NDEBUG is de…
CWE: CWE-476
GitHub-GHSA

MEDIUM
local-deep-research has an SSRF bypass in `safe_get`
GHSA-g23j-2vwm-5c25
pkg: local-deep-research
eco: pip
published: May 28, 2026
### Summary
The URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks.

### Details
The current project uses `validate_url` to validate the input URL. The main logic is to perform security checks on the host portion of the URL extra…

CVE-2026-46526
NVD

MEDIUM
CVE-2026-46561
CVE-2026-46561
pkg: python

published: May 28, 2026

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with…
CWE: CWE-918
NVD

MEDIUM
CVE-2026-41704
CVE-2026-41704
pkg: go

published: May 27, 2026

AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing 'exception' goes thr…
CWE: CWE-284
NVD

MEDIUM
CVE-2026-9568
CVE-2026-9568
pkg: react

published: May 26, 2026

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack's c…
CWE: CWE-74, CWE-94
NVD

MEDIUM
CVE-2026-44723
CVE-2026-44723
pkg: vowpalwabbit vowpal_wabbit

published: May 26, 2026

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script run_tests_model_g…
CWE: CWE-78, CWE-1336
GitHub-GHSA

MEDIUM
Weblate has a Server-Side Request Forgery issue
GHSA-hfpv-mc5v-p9mm
pkg: Weblate
eco: pip
published: May 26, 2026
### Impact
The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, the repository URL field is not validated or sanitized, allowing an attacker to suppl…
CVE-2025-66407
NVD

MEDIUM
CVE-2026-9801
CVE-2026-9801
pkg: node

published: May 28, 2026

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password …
CWE: CWE-1284
NVD

MEDIUM
CVE-2026-42797
CVE-2026-42797
pkg: apache syncope

published: May 25, 2026

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.

An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-se…

CWE: CWE-202
GitHub-GHSA

MEDIUM
axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
GHSA-898c-q2cr-xwhg
pkg: axios, axios
eco: npm
published: May 29, 2026
## Summary

axios `1.15.2` exposes two read-side prototype-pollution gadgets. When `Object.prototype` is polluted by an upstream dependency in the same process (e.g. lodash `_.merge` / [CVE-2018-16487](https://nvd.nist.gov/vuln/detail/CVE-2018-16487)), axios silently picks up the polluted values:

1…

CVE-2026-44490
NVD

MEDIUM
CVE-2026-47673
CVE-2026-47673
pkg: hono hono

published: May 28, 2026

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds …
CWE: CWE-285
GitHub-GHSA

MEDIUM
CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters
GHSA-7g26-2qgj-chfg
pkg: carrierwave, carrierwave
eco: rubygems
published: May 27, 2026
### Summary
CarrierWave's content_type_denylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block.

**Note**: CarrierWave is aware `#content_type_denylist is deprecated for the security reason`, but it s…

CVE-2026-44587
NVD

MEDIUM
CVE-2026-44899
CVE-2026-44899
pkg: mistune_project mistune

published: May 26, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^\d+(?:\.\d*)?"). When the validated value is not a plain integer, render_block_image() inserts it dir…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-24199
CVE-2026-24199
pkg: nvidia gpu_display_driver, nvidia geforce, nvidia nvs

published: May 26, 2026

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service.
CWE: CWE-362
GitHub-GHSA

MEDIUM
IPAM controller service account granted unnecessary full access to Secrets
GHSA-49pm-43hf-6xfq
pkg: github.com/metal3-io/ip-address-manager, github.com/metal3-io/ip-address-manager
eco: go
published: May 29, 2026
### Impact

IPAM is the IP address Manager for Cluster API Provider Metal3. The IPAM controller's ClusterRole granted full CRUD permissions (create, delete, get, list, patch, update, watch) on core/v1 Secrets. The controller never accesses Secrets during normal operation. If the controller pod were …

CVE-2026-47190
NVD

MEDIUM
CVE-2026-48792
CVE-2026-48792
pkg: node

published: May 27, 2026

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to return 0 (no virtual devices found) even when every open() call failed due to…
CWE: CWE-390, CWE-693
NVD

MEDIUM
CVE-2026-41164
CVE-2026-41164
pkg: jwt

published: May 26, 2026

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint (/auth/v1/introspect_access_token) accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claim…
CWE: CWE-345
NVD

MEDIUM
CVE-2025-33221
CVE-2025-33221
pkg: linux

published: May 26, 2026

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.
CWE: CWE-20
GitHub-GHSA

MEDIUM
Ironic Standalone Operator's controller modifies user-owned resources without consent
GHSA-hfc8-w5f4-3x6m
pkg: github.com/metal3-io/ironic-standalone-operator, github.com/metal3-io/ironic-standalone-operator
eco: go
published: May 29, 2026
## Impact

The Ironic Standalone Operator (IRSO) is the operator to maintain an Ironic deployment for Metal3. IRSO controller automatically adds its environment label to user-provided Secrets and ConfigMaps without the resource owner's consent. A high-privilege controller modifying user-owned resour…

GitHub-GHSA

MEDIUM
Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces
GHSA-7cwm-fpfh-rrch
pkg: github.com/metal3-io/ironic-standalone-operator
eco: go
published: May 29, 2026
## Impact

The Ironic Standalone Operator (IRSO) is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 (all network interfaces) by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to a…

NVD

MEDIUM
CVE-2026-9907
CVE-2026-9907
pkg: windows

published: May 28, 2026

Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125
NVD

MEDIUM
CVE-2026-9618
CVE-2026-9618
pkg: express

published: May 28, 2026

The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.120.46. This is due to missing or incorrect nonce validation on the peachpay_str…
CWE: CWE-352
NVD

MEDIUM
CVE-2026-7533
CVE-2026-7533
pkg: oauth

published: May 28, 2026

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the `handle_oauth_redirect()` function, which is registered on the `admin_init` hook and processes Square OAuth tokens…
CWE: CWE-352
NVD

MEDIUM
CVE-2026-48924
CVE-2026-48924
pkg: jenkins bitbucket_oauth

published: May 27, 2026

Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
CWE: CWE-601
NVD

MEDIUM
CVE-2026-8943
CVE-2026-8943
pkg: go

published: May 27, 2026

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostats_manage() function. This makes it possible for unauthenticated attackers to update the plugin's set…
CWE: CWE-352
GitHub-GHSA

MEDIUM
Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints
GHSA-p2rj-mrmc-9w29
pkg: org.yamcs:yamcs-core
eco: maven
published: May 27, 2026
### Summary

The IAM API endpoints (`listUsers`, `getUser`, `listGroups`, and `getGroup`) in `yamcs-core` do not enforce the required `SystemPrivilege.ControlAccess` check. As a result, **any authenticated user** (even those with low or no privileges) can enumerate all user accounts in the system, i…

CVE-2026-44595
GitHub-GHSA

MEDIUM
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
GHSA-cqh3-jg8p-336j
pkg: org.yamcs:yamcs-core
eco: maven
published: May 26, 2026
### Summary

An LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping.

### Root Cause

**File:** `yamcs-core/src/main/java/org/yamcs/security/Ldap…

CVE-2026-42568
NVD

MEDIUM
CVE-2026-46430
CVE-2026-46430
pkg: linux

published: May 26, 2026

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort("", ":5553") resolves to ":5553". Th…
CWE: CWE-668, CWE-1188
NVD

MEDIUM
CVE-2026-44502
CVE-2026-44502
pkg: python

published: May 26, 2026

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be (partially) bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For …
CWE: CWE-918
NVD

MEDIUM
CVE-2026-48522
CVE-2026-48522
pkg: jwt

published: May 28, 2026

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no docum…
CWE: CWE-441, CWE-918
GitHub-GHSA

MEDIUM
tuf has platform-dependent delegation path matching
GHSA-qp9x-wp8f-qgjj
pkg: tuf
eco: pip
published: May 28, 2026
`DelegatedRole._is_target_in_pathpattern` uses `fnmatch.fnmatch` to decide whether a given target path is authorized by a delegation's glob pattern.

Python's `fnmatch.fnmatch` calls `os.path.normcase()` on both arguments before matching. On POSIX hosts `normcase` is the identity function; on Window…

GitHub-GHSA

MEDIUM
uv is vulnerable to arbitrary file write through entry point names
GHSA-4gg8-gxpx-9rph
pkg: uv, uv
eco: pip
published: May 29, 2026
### Impact

In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification (under `console_scripts` or `gui_scripts`), uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scr…

GitHub-GHSA

MEDIUM
Parse Server's GraphQL "Did you mean …?" validation suggestions disclose schema to unauthenticated callers
GHSA-8cph-rgr4-g5vj
pkg: parse-server, parse-server
eco: npm
published: May 29, 2026
### Impact

Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through `Did you mean …?` suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconst…

CVE-2026-47248
GitHub-GHSA

MEDIUM
tar has a PAX header desynchronization issue
GHSA-3pv8-6f4r-ffg2
pkg: tar
eco: rust
published: May 29, 2026
### Summary

When a tar stream contains multiple "header" entries prior to a file entry, tar-rs applies the PAX header (`x`) to the _next_ entry in the stream, regardless of type. For example, a stream of `x -> L -> file` (PAX, GNU longname, file) would result in `x`'s extensions being applied to `L…

GitHub-GHSA

MEDIUM
astral-tokio-tar has a PAX Header Desynchronization issue
GHSA-3cv2-h65g-fgmm
pkg: astral-tokio-tar
eco: rust
published: May 29, 2026
### Impact

Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle une…

GitHub-GHSA

MEDIUM
NodeVM observability builtins leak host process and HTTP request data
GHSA-9g8x-92q2-p28f
pkg: vm2
eco: npm
published: May 29, 2026
## Summary

`NodeVM` exposes some process-wide observability builtins when they are allowed through `require.builtin`.

The following builtins are not blocked by the dangerous builtin denylist:

“`text
diagnostics_channel
async_hooks
perf_hooks
“`

These modules are process-wide, not sandbox-local…

CVE-2026-47141
GitHub-GHSA

MEDIUM
Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`
GHSA-hg3f-28rg-4jxj
pkg: nuxt, @nuxt/nitro-server, @nuxt/nitro-server
eco: npm
published: May 29, 2026
### Summary

When `experimental.componentIslands` is enabled (default in Nuxt 4), any `.server.vue` file under `pages/` is automatically registered as a server island under the key `page_<routeName>` and exposed via the `/__nuxt_island/:name` endpoint. Until this fix, requests through that endpoint …

CVE-2026-47200
GitHub-GHSA

MEDIUM
FUXA provides guest and invalid-token access to protected read APIs in secure mode
GHSA-r9g5-7q8j-958c
pkg: fuxa-server
eco: npm
published: May 28, 2026
### Summary

When `secureEnabled=true`, FUXA `1.3.0-2773` still allows guest and invalid-token requests to read project, alarms, and scheduler APIs.

### Details

In secure mode, requests with no token or an explicitly invalid token were still able to access protected read endpoints.

Confir…

CVE-2026-47718
GitHub-GHSA

MEDIUM
OpenBao's Inline Auth Incorrectly Redacted Headers
GHSA-q8cj-789h-vg24
pkg: github.com/openbao/openbao
eco: go
published: May 28, 2026
### Impact

OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source authenti…

CVE-2026-46358
GitHub-GHSA

MEDIUM
compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal
GHSA-mj4x-vf5c-5xg8
pkg: compliance-trestle, compliance-trestle
eco: pip
published: May 28, 2026
## Summary

The compliance-trestle library's profile import mechanism resolves `trestle://` URIs and relative file paths by joining them with `trestle_root` and calling `.resolve()`, but performs **no boundary check** to ensure the resolved path stays within the trestle workspace. An attacker can cr…

CVE-2026-45774
GitHub-GHSA

MEDIUM
Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability
GHSA-qjjm-7j9w-pw72
pkg: github.com/projectcapsule/capsule
eco: go
published: May 28, 2026
# TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

## Summary

The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Tenant administrators…

CVE-2026-22872
GitHub-GHSA

MEDIUM
AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username
GHSA-g794-3fmp-753h
pkg: asyncssh
eco: pip
published: May 27, 2026
## Summary
AsyncSSH 2.22.0 expands the OpenSSH-compatible `AuthorizedKeysFile` `%u` token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as `AuthorizedKeysFile authorized_keys/%u` can be made to read an author…
CVE-2026-45309
GitHub-GHSA

MEDIUM
CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression
GHSA-273h-gvwr-c3qj
pkg: github.com/crowdsecurity/crowdsec
eco: go
published: May 27, 2026
The LAPI router uses `gin-contrib/gzip` with `DefaultDecompressHandle` globally (`pkg/apiserver/controllers/controller.go`).
This middleware decompresses incoming request bodies without enforcing a maximum decompressed size.

The endpoints `/v1/watchers` or `/v1/watchers/login` require no authentic…

CVE-2026-44981
GitHub-GHSA

MEDIUM
@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects
GHSA-vhjm-w67q-g75c
pkg: @hapi/wreck
eco: npm
published: May 27, 2026
### Impact
When `@hapi/wreck` follows a 3xx redirect to a different hostname, only the `Authorization` and `Cookie` headers are stripped. The standard credential header `Proxy-Authorization` is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside …
CVE-2026-44979
GitHub-GHSA

MEDIUM
Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations
GHSA-rr59-xxvx-96qr
pkg: github.com/kata-containers/kata-containers
eco: go
published: May 26, 2026
## Summary

Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the `io.katacontainers.config.hypervisor.virtio_fs_extra_args` pod annotation. By injecting `-o source=/` along with `–no-announce-su…

CVE-2026-44210
GitHub-GHSA

MEDIUM
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures
GHSA-f659-372h-6x3x
pkg: io.netty.incubator:netty-incubator-codec-ohttp
eco: maven
published: May 26, 2026
HKDF_expand: returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key.

When EVP_HPKE_CTX_export fails it also returns an empty b…

CVE-2026-41207
GitHub-GHSA

MEDIUM
XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin
GHSA-vgwr-23fq-pr7g
pkg: org.xwiki.platform:xwiki-platform-webjars-api, org.xwiki.platform:xwiki-platform-webjars-api, org.xwiki.platform:xwiki-platform-webjars-api
eco: maven
published: May 26, 2026
### Impact
A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requi…
CVE-2026-48047


Vulnerability Digest — May 25, 2026 · 29 Critical · 10 Exploited






Vulnerability Digest — Monday, May 25, 2026


Security Report

Monday, May 25, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
216
Critical
29
High
90
Actively Exploited
10
CISA-KEV10
GitHub-GHSA206
Findings sorted by severity
CISA-KEV

CRITICAL
Drupal Core SQL Injection Vulnerability
CVE-2026-9082
pkg: Drupal Core

published: May 22, 2026

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Langflow Origin Validation Error Vulnerability
CVE-2025-34291
pkg: Langflow Langflow

published: May 21, 2026

Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint…
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
CVE-2026-34926
pkg: Trend Micro Apex One

published: May 21, 2026

Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Microsoft Windows Buffer Overflow Vulnerability
CVE-2008-4250
pkg: Microsoft Windows

published: May 20, 2026

Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Microsoft DirectX NULL Byte Overwrite Vulnerability
CVE-2009-1537
pkg: Microsoft DirectX

published: May 20, 2026

Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
CVE-2009-3459
pkg: Adobe Acrobat and Reader

published: May 20, 2026

Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Microsoft Internet Explorer Use-After-Free Vulnerability
CVE-2010-0249
pkg: Microsoft Internet Explorer

published: May 20, 2026

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product util…
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Microsoft Internet Explorer Use-After-Free Vulnerability
CVE-2010-0806
pkg: Microsoft Internet Explorer

published: May 20, 2026

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users shou…
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Microsoft Defender Link Following Vulnerability
CVE-2026-41091
pkg: Microsoft Defender

published: May 20, 2026

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Microsoft Defender Denial of Service Vulnerability
CVE-2026-45498
pkg: Microsoft Defender

published: May 20, 2026

Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
GitHub-GHSA

CRITICAL
BoxLite: Permission Bypass Allows Modification of Read-Only Files
GHSA-g6ww-w5j2-r7x3
pkg: boxlite, @boxlite-ai/boxlite, github.com/boxlite-ai/boxlite/sdks/go
eco: npm
published: May 21, 2026
#### Summary

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code.

One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode (read_only=True) i…

CVE-2026-46695
GitHub-GHSA

CRITICAL
Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm
GHSA-6xwp-cp5h-q856
pkg: @beproduct/nestjs-auth
eco: npm
published: May 19, 2026
## Summary

Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compromised npm publish token to publish 18 malicious versions of `@beproduct/nestjs-auth` (0.1.2 through 0.1.19). The packages contained payloads from the **Mini Shai-Hulud** npm supply-chain worm campaign described by [Aiki…

CVE-2026-46412
GitHub-GHSA

CRITICAL
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
GHSA-fhh6-4qxv-rpqj
pkg: 9router
eco: npm
published: May 19, 2026
## Summary

9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with **zero prerequisites** and **no credentials required**.

The vulnerability exists because t…

CVE-2026-46339
GitHub-GHSA

CRITICAL
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
GHSA-99gv-2m7h-3hh9
pkg: github.com/nezhahq/nezha
eco: go
published: May 23, 2026
## Summary

`nezha`'s dashboard supports two user roles: `RoleAdmin` (Role==0) and `RoleMember` (Role==1). The cron routes `POST /api/v1/cron` and `PATCH /api/v1/cron/:id` are wired through `commonHandler` (any authenticated user) rather than `adminHandler`, and the per-server permission check on cr…

CVE-2026-46716
GitHub-GHSA

CRITICAL
Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs
GHSA-7h26-hg47-p9hx
pkg: github.com/getarcaneapp/arcane/backend
eco: go
published: May 18, 2026
## Summary

Arcane's huma-based REST API exposes nine endpoints under `/api/customize/git-repositories` and `/api/git-repositories/sync` for managing GitOps source repositories and their stored credentials. Eight of those endpoints (`list`, `create`, `get`, `update`, `delete`, `test`, `listBranches`…

CVE-2026-45625
GitHub-GHSA

CRITICAL
Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger
GHSA-3g33-6vg6-27m8
pkg: github.com/fission/fission
eco: go
published: May 21, 2026
### Summary

The Fission router registers an internal-style route — `/fission-function/<name>` and `/fission-function/<ns>/<name>` — for every `Function` object, independent of whether any `HTTPTrigger` exists for that function. The route was mounted on the same listener as user-defined `HTTPTri…

CVE-2026-46614
GitHub-GHSA

CRITICAL
Kopia: RCE via SSH ProxyCommand Injection
GHSA-2q4c-3mrw-63c3
pkg: github.com/kopia/kopia
eco: go
published: May 19, 2026
## Summary

Kopia's HTTP server, when started with `–without-password `, accepts unauthenticated requests to `/api/v1/repo/exists`. The handler forwards an attacker-supplied storage configuration to `blob.NewStorage`. For SFTP backends with `externalSSH: true`, that path constructs a process comman…

CVE-2026-45695
GitHub-GHSA

CRITICAL
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
GHSA-f396-4rp4-7v2j
pkg: boxlite, boxlite-cli, boxlite
eco: npm
published: May 21, 2026
#### Summary

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not accoun…

CVE-2026-46703
GitHub-GHSA

CRITICAL
Malicious code in guardrails-ai 0.10.1 (supply chain compromise)
GHSA-xmpw-2vmm-p4p6
pkg: guardrails-ai
eco: pip
published: May 19, 2026
### Impact

On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI.

**Affected:** any user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026.

Security researchers identified the malicious package within approxim…

CVE-2026-45758
GitHub-GHSA

CRITICAL
Malware in @opensearch-project/opensearch
GHSA-27f5-xjrr-q9ff
pkg: @opensearch-project/opensearch, @opensearch-project/opensearch, @opensearch-project/opensearch
eco: npm
published: May 19, 2026
## Overview

The OpenSearch Project has sustained a security incident involving an external actor gaining force-push permissions within the project's CI infrastructure to embed malicious packages into four release versions of `@opensearch-project/opensearch`. Users are instructed to immediately take…

GitHub-GHSA

CRITICAL
Malicious dropper in mistralai 2.4.6 PyPI package
GHSA-wx9m-wx4f-4cmg
pkg: mistralai
eco: pip
published: May 18, 2026
The `mistralai` PyPI package version `2.4.6` contains a malicious dropper that executes on import on Linux. No `v2.4.6` tag, commit, or release workflow run exists in this repository, the legitimate latest version before the upload was `2.4.5`, and the upload bypassed this repository's normal releas…
GitHub-GHSA

CRITICAL
Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft
GHSA-6×44-w3xg-hqqf
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: May 19, 2026
## Summary

`azureidentity.Validate()` verifies that the PKCS#7 signer certificate chains to a trusted Azure CA but never verifies the PKCS#7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. `{"vmId":"<target>"}` and the forged `vmId` will be ac…

CVE-2026-46354
GitHub-GHSA

CRITICAL
Algernon: handler.lua discovery walks parent directories above the server root
GHSA-xwcr-wm99-g9jc
pkg: github.com/xyproto/algernon
eco: go
published: May 19, 2026
### Summary

When Algernon is asked for any URL path that resolves to a directory *without* an index file, `DirPage` walks **upward through parent directories — past the configured server root** — looking for a file named `handler.lua` to execute as the request handler. The loop terminates only …

CVE-2026-45721
GitHub-GHSA

CRITICAL
FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory
GHSA-qqqm-5547-774x
pkg: github.com/gtsteffaniak/filebrowser/backend
eco: go
published: May 22, 2026
## Summary

`publicPatchHandler` in `backend/http/public.go` joins user-controlled `fromPath` and `toPath` body fields with the trusted `d.share.Path` BEFORE the downstream sanitizer runs. Because `filepath.Join` collapses `..` segments during the join, the sanitizer in `resourcePatchHandler` never …

GitHub-GHSA

CRITICAL
@hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators
GHSA-q2f7-m237-v562
pkg: @hulumi/policies
eco: npm
published: May 21, 2026
Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in G_OIDC_1. Set-qualified operators such as ForAnyValue:StringLike could hide wildcard GitHub Actions OIDC sub conditions from the mandatory guardrail.

Patched in 1.3.2: the AW…

GitHub-GHSA

CRITICAL
Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)
GHSA-pvw4-cvr4-97p8
pkg: @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service
eco: npm
published: May 20, 2026
## Impact

On April 29, 2026, compromised versions of `@cap-js/sqlite@2.2.2`, `@cap-js/postgres@2.2.2`, and `@cap-js/db-service@2.10.1` were published.
The malicious packages harvested credentials and attempted self-propagation.
If a compromised version was installed, all credentials accessible on t…

CVE-2026-46421
GitHub-GHSA

CRITICAL
MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path
GHSA-g53w-w6mj-hrpp
pkg: github.com/Kuadrant/mcp-gateway
eco: go
published: May 19, 2026
## Summary

The MCP router (ext_proc) exposes an `initialize`-method code path that, when a
request carries an `mcp-init-host` header, bypasses the gateway JWT session
validator and rewrites the upstream `:authority` header to whatever the caller
chooses, gated only by a single shared header value …

GitHub-GHSA

CRITICAL
rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
GHSA-jh67-hwqw-m5r7
pkg: zrok
eco: pip
published: May 19, 2026
## Summary

Alice exposes a Python SDK `ProxyShare` with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to `urllib.parse.urljoin`, which replaces Alice's configured target host with Bob's host and returns the server-side resp…

CVE-2026-45568
GitHub-GHSA

CRITICAL
HAXcms: Private Key Disclosure via Broken HMAC Implementation
GHSA-6c8g-9hfh-pq5h
pkg: @haxtheweb/haxcms-nodejs
eco: npm
published: May 19, 2026
### Summary
The `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing key and forge arbitrary admin-level JSON Web Tokens (JWTs) allowing them to get f…
CVE-2026-46395
GitHub-GHSA

HIGH
Arcane: Missing admin authorization on global variables endpoint
GHSA-jpjh-jm2p-39hh
pkg: github.com/getarcaneapp/arcane/backend
eco: go
published: May 23, 2026
## Summary

The `PUT /api/environments/{id}/templates/variables` endpoint, which writes the system-wide `.env.global` file used for variable substitution in every project's compose file, is missing an admin authorization check. Any authenticated non-admin user can call this endpoint with their beare…

CVE-2026-47125
GitHub-GHSA

HIGH
MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement
GHSA-cr22-wjx7-2w6m
pkg: mcp-server-kubernetes
eco: npm
published: May 21, 2026
## Summary

`mcp-server-kubernetes` exposes three environment variables (`ALLOW_ONLY_READONLY_TOOLS`, `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS`, `ALLOWED_TOOLS`) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer …

CVE-2026-46519
GitHub-GHSA

HIGH
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
GHSA-chf8-4hv6-8pg6
pkg: github.com/fission/fission
eco: go
published: May 21, 2026
### Summary

The Fission `storagesvc` component registers archive CRUD handlers (`/v1/archive` GET / POST / DELETE and `/v1/archives` list) directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the `storagesvc` ClusterIP — including any other…

CVE-2026-46612
GitHub-GHSA

HIGH
PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE
GHSA-22qr-rp27-j9wm
pkg: @penpot/mcp
eco: npm
published: May 19, 2026
### Summary

The MCP module's `ReplServer` binds to all interfaces (`0.0.0.0:4403`) and exposes a `/execute` endpoint that runs arbitrary code with zero authentication. Anyone on the network can POST JavaScript and it runs on the server. The main `PenpotMcpServer` was partially fixed for a similar b…

CVE-2026-45805
GitHub-GHSA

HIGH
Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration
GHSA-c54j-xp92-wh28
pkg: @budibase/worker
eco: npm
published: May 18, 2026
## Summary

The `POST /api/global/users/onboard` endpoint is protected by `workspaceBuilderOrAdmin` middleware, allowing any user with builder permissions to access it. When SMTP email is not configured (the default for self-hosted Budibase instances), this endpoint bypasses the admin-restricted inv…

CVE-2026-45716
GitHub-GHSA

HIGH
Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)
GHSA-3v9w-6365-9w54
pkg: github.com/amir20/dozzle
eco: go
published: May 18, 2026
## Summary

In a default dozzle deploy (the documented quickstart, no `DOZZLE_AUTH_PROVIDER` set), `POST /api/notifications/test-webhook` is reachable without authentication and forwards an attacker-controlled URL into a `WebhookDispatcher` that:

– Sends an HTTP POST to the supplied URL with attack…

CVE-2026-45298
GitHub-GHSA

HIGH
Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification
GHSA-w4g9-mxgg-j532
pkg: github.com/nezhahq/nezha
eco: go
published: May 23, 2026
## Summary

nezha's dashboard supports two user roles: `RoleAdmin` (Role==0) and `RoleMember` (Role==1). The notification routes `POST /api/v1/notification` and `PATCH /api/v1/notification/:id` are wired through `commonHandler` rather than `adminHandler` — so a `RoleMember` user can call them. The…

CVE-2026-46717
GitHub-GHSA

HIGH
wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None
GHSA-mw8f-w6p8-xrf4
pkg: wger
eco: pip
published: May 20, 2026
## Summary

GHSA-mhc8-p3jx-84mm (CVE-2026-43948) reported that wger's `reset_user_password` and `gym_permissions_user_edit` views in `wger/gym/views/user.py` performed a gym-scope authorization check using Django ORM object comparison (`if request.user.userprofile.gym != user.userprofile.gym`) which…

GitHub-GHSA

HIGH
SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
GHSA-qg89-qwwh-5f3j
pkg: sillytavern
eco: npm
published: May 19, 2026
## Resolution

SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting). Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance…

CVE-2026-46372
GitHub-GHSA

HIGH
OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
GHSA-9vmh-whc4-7phg
pkg: org.open-metadata:openmetadata-service
eco: maven
published: May 21, 2026
**This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production**
In OpenMetadata 1.12.1, a non-admin SSO user can trigger a `TEST_CONNECTION` workflow for a Database Service and receive, in …
CVE-2026-46481
GitHub-GHSA

HIGH
Caddy Defender trusted proxy client IP bypass
GHSA-3h23-rrpc-3p87
pkg: pkg.jsn.cam/caddy-defender
eco: go
published: May 19, 2026
### Impact

Caddy Defender used `r.RemoteAddr` when evaluating whether a request should be blocked. `RemoteAddr` is the address of the immediate peer connected to Caddy.

In deployments where Caddy is behind a trusted proxy, CDN, or load balancer, the immediate peer is usually the proxy, not the ori…

CVE-2026-46415
GitHub-GHSA

HIGH
auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs
GHSA-hv85-774v-26fg
pkg: auth-fetch-mcp
eco: npm
published: May 19, 2026
# SSRF + disk-exfil in `download_media` and `auth_fetch` tools — ymw0407/auth-fetch-mcp

## Severity
The `download_media` and `auth_fetch` MCP tools accept arbitrary URLs and reach them as the MCP server process, with `download_media` additionally persisting the fetched response body to a user-con…

GitHub-GHSA

HIGH
TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection
GHSA-p7c4-8×34-8j8f
pkg: github.com/DatanoiseTV/tinyice
eco: go
published: May 18, 2026
## Title

Missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection in TinyIce

## Ecosystem / Package

– **Ecosystem:** `Go` (or "Other" — TinyIce is shipped as a Go binary, not a Go module published to a registry)
– **Package name:** `github.com/DatanoiseTV/tinyice…

CVE-2026-45327
GitHub-GHSA

HIGH
@tmlmobilidade/utils has prototype pollution in its setValueAtPath
GHSA-cmxg-94mg-jq94
pkg: @tmlmobilidade/utils
eco: npm
published: May 18, 2026
### Impact
Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath().

### Patches
A fix is available in versions 20260509.0340.15 and up.

CVE-2026-45325
GitHub-GHSA

HIGH
parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names
GHSA-xp7r-j8r6-j9h3
pkg: parse-nested-form-data
eco: npm
published: May 18, 2026
## Summary

`parseFormData()` walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with `__proto__`, or contains `.__proto__.` mid-path, causes the parser to traverse onto `Object.prototype` and as…

CVE-2026-45302
GitHub-GHSA

HIGH
Arcane Backend: Unauthenticated reflected XSS via SVG color parameter enables admin account takeover
GHSA-q2pj-8v84-9mh5
pkg: github.com/getarcaneapp/arcane/backend
eco: go
published: May 18, 2026
## Summary

The unauthenticated `GET /api/app-images/logo` endpoint reflects a user-supplied `color` query parameter into the body of an SVG document via `strings.ReplaceAll` with no escaping. The substitution lands inside a `<style>` element of the embedded `logo.svg`, allowing an attacker to close…

CVE-2026-45627
GitHub-GHSA

HIGH
form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
GHSA-m2hg-wjq3-28wq
pkg: form-data-objectizer
eco: npm
published: May 18, 2026
## Summary

`form-data-objectizer` walks bracket-notation form keys (e.g. `name[sub]`) into nested objects without filtering `__proto__`, `constructor`, or `prototype`. A single HTTP form field whose name starts with `__proto__[…]` causes the library to mutate `Object.prototype`, which is a protot…

CVE-2026-46510
GitHub-GHSA

HIGH
ORAS Java: Path traversal in pullArtifact via attacker-controlled org.opencontainers.image.title annotation
GHSA-xm96-gfjx-jcrc
pkg: land.oras:oras-java-sdk
eco: maven
published: May 19, 2026
### Summary

The `pullArtifact` methods in `Registry` and `OCILayout` use the `org.opencontainers.image.title` annotation from a pulled manifest as a filename, resolving it against the caller supplied output directory without normalization or a containment check. A manifest publisher can set this an…

GitHub-GHSA

HIGH
n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete
GHSA-jxx9-px88-pj69
pkg: n8n-mcp
eco: npm
published: May 18, 2026
## Summary

When `ENABLE_MULTI_TENANT=true`, the HTTP transport documents that the target n8n instance is selected per-request from `x-n8n-url` / `x-n8n-key` headers. Requests that omitted those headers — or supplied only one of them — silently fell back to the process-level `N8N_API_URL` / `N8N…

CVE-2026-45707
GitHub-GHSA

HIGH
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
GHSA-m675-2p33-xv9g
pkg: github.com/caddyserver/caddy/v2
eco: go
published: May 18, 2026
### Summary

The FastCGI transport's `splitPos()` in [`modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go`](https://github.com/caddyserver/caddy/blob/master/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go) misuses `golang.org/x/text/search` with `search.IgnoreCase` when the request path contains a …

CVE-2026-45135
GitHub-GHSA

HIGH
lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
GHSA-9xq9-36w5-q796
pkg: lmdeploy
eco: pip
published: May 21, 2026
> ## 📋 Reframing (2026-05-02): implicit unsafe remote-code path, not "supply-chain"
>
> The accurate description of this vulnerability is:
> **"`get_model_arch` and related helpers hardcode `trust_remote_code=True`
> with no opt-out, creating an implicit unsafe remote-code load path
> on every mo…
CVE-2026-46517
GitHub-GHSA

HIGH
LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
GHSA-m549-qq94-fvhg
pkg: lmdeploy
eco: pip
published: May 21, 2026
## Summary

lmdeploy hardcodes `trust_remote_code=True` in multiple HuggingFace model-loading call sites.

The affected code paths are in:

“`text
lmdeploy/archs.py
lmdeploy/utils.py
““

The vulnerable call sites pass `trust_remote_code=True` into HuggingFace Transformers APIs such as `AutoConfig…

CVE-2026-46432
GitHub-GHSA

HIGH
Graphite Has a Pickle Deserialization Vulnerability
GHSA-qw48-84f6-28gv
pkg: graphitedb
eco: pip
published: May 18, 2026
### Impact
**Type of vulnerability:** Insecure Deserialization via Python's `pickle` module.

**Who is impacted:**
Users of *Graphite graph database engine* versions **before 0.2** who load database files from untrusted or third-party sources.
An attacker could craft a malicious database file th…

GitHub-GHSA

HIGH
Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret
GHSA-j3vx-cx2r-pvg8
pkg: network-ai
eco: npm
published: May 21, 2026
# Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

| Field | Value |
| —————- | —– |
| Repository | Jovancoding/Network-AI |
| Affected version | v5.4.4 (commit c12686e181f231cf8d7bcf836a96d78f0f0877ac) |

## Summary

The MCP SSE server default…

CVE-2026-46701
GitHub-GHSA

HIGH
Budibase: Unrestricted Upload of File with Dangerous Type
GHSA-82rc-gxrg-v4gf
pkg: budibase
eco: npm
published: May 19, 2026
### Summary
The file upload endpoint `POST /api/attachments/process` does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions (`html`, `svg`, `js`, `php`, etc.) are conditionally wrapped inside `if (isPublicUser)` or `if (isPublicUser || !env.SEL…
CVE-2026-46426
GitHub-GHSA

HIGH
aiosend: Deserialization of request body before signature verification (Pre-auth DoS) in webhook handler
GHSA-7m8f-hgjq-8gc9
pkg: aiosend
eco: pip
published: May 22, 2026
# Vulnerability Description

In `aiosend/webhook/base.py`, the `WebhookHandler.feed_update()` method performs full deserialization of the incoming JSON via Pydantic **before** verifying the HMAC signature. Anyone can send a request with an arbitrary body — the server will parse it, spend CPU and m…

GitHub-GHSA

HIGH
js-libp2p: Memory DoS via subscription flood of unique topics
GHSA-4f8r-922h-2vgv
pkg: @libp2p/gossipsub
eco: npm
published: May 21, 2026
### Summary
Three cooperating omissions in `@libp2p/gossipsub` allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options.

1. **`defaultDecodeRpcLimits.maxSubscriptions = Infinity`** (`packages/gossipsub/src/message/decodeRpc.ts:11`): no decode-level…

CVE-2026-46679
GitHub-GHSA

HIGH
JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
GHSA-qjx8-664m-686j
pkg: js-cookie
eco: npm
published: May 21, 2026
## Summary

`js-cookie`'s internal `assign()` helper copies properties with `for…in` + plain assignment. When the source object is produced by `JSON.parse`, the JSON object's `"__proto__"` member is an *own enumerable* property, so the `for…in` enumerates it and the `target[key] = source[key]` w…

CVE-2026-46625
GitHub-GHSA

HIGH
Russh: Unchecked CryptoVec allocation and growth handling is reachable
GHSA-g9f8-wqj9-fjw5
pkg: russh-cryptovec, russh
eco: rust
published: May 21, 2026
### Title
Unchecked `CryptoVec` allocation and growth handling was reachable from local agent inputs in current `russh` releases and from remote SSH traffic in historical pre-`0.58.0` releases

### Summary
`CryptoVec` used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation…

CVE-2026-46673
GitHub-GHSA

HIGH
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
GHSA-mw3q-r9wh-h2ff
pkg: nimiq-primitives
eco: rust
published: May 21, 2026
### Impact

A remote, unauthenticated denial-of-service vulnerability in `MerkleRadixTrie::put_chunk` allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes).

A malicious peer can respond to a `RequestChunk` with a `ResponseChunk::C…

CVE-2026-46545
GitHub-GHSA

HIGH
Diffusers: TOCTOU Trust Remote Code Bypass
GHSA-7wx4-6vff-v64p
pkg: diffusers
eco: pip
published: May 20, 2026
## Background

This vulnerability is found in the `diffusers` package – the `transformers`-equivalent library for diffusion models.

It is found in the `DiffusionPipeline.from_pretrained` flow, which is used to load a pipeline from the HuggingFace Hub.

This function has a `trust_remote_code` guard:…

CVE-2026-45804
GitHub-GHSA

HIGH
SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser
GHSA-73jc-5mrq-prw7
pkg: sqlfluff
eco: pip
published: May 19, 2026
### Impact

In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion.

### Patches

Versions 4.2.0 and up contain a configurable parse …

CVE-2026-46374
GitHub-GHSA

HIGH
SQLFluff: Recursive Stack Overflow in Parser
GHSA-wmhf-fqc8-vxhh
pkg: sqlfluff
eco: pip
published: May 19, 2026
### Impact

In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion.

### Patches

Versions 4.1.0 and up …

CVE-2026-46373
GitHub-GHSA

HIGH
Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal
GHSA-m6xr-fvfg-5g64
pkg: github.com/tomwright/dasel/v3
eco: go
published: May 19, 2026
### Summary

`dasel`'s selector lexer enters a non-terminating loop when tokenizing an unterminated regex pattern such as `r/abc`. A 2-byte input (`r/`) is sufficient to cause the tokenizer to consume 100% CPU on one core indefinitely.

I confirmed the issue on `v3.3.1` (`fba653c7f248aff10f2b89fca93…

CVE-2026-46378
GitHub-GHSA

HIGH
Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string
GHSA-m5j3-4634-c2vq
pkg: github.com/tomwright/dasel/v3
eco: go
published: May 19, 2026
### Summary

`dasel`'s selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash (e.g., `"\` or `'\`). A 2-byte input causes an immediate process crash via Go runtime panic.

I confirmed the issue on `v3.3.1` (`fba653c7f248aff10f2b89fc…

CVE-2026-46377
GitHub-GHSA

HIGH
@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes
GHSA-32mq-hpph-xfvr
pkg: @libp2p/kad-dht
eco: npm
published: May 19, 2026
### Summary
An unauthenticated remote peer can exhaust the disk storage of any `@libp2p/kad-dht` node running in server mode by sending an unbounded stream of `PUT_VALUE` messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a craf…
CVE-2026-45783
GitHub-GHSA

HIGH
Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service
GHSA-7xpr-hc2w-34m9
pkg: com.squareup.wire:wire-runtime-jvm, com.squareup.wire:wire-runtime, com.squareup.wire:wire-runtime
eco: maven
published: May 19, 2026
# CVE-2026-45799

## Maintainer summary

Wire's protobuf group-skipping logic did not reject negative lengths before skipping a
length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an
unchecked runtime exception during decoding instead of the documented `IOExce…

CVE-2026-45799
GitHub-GHSA

HIGH
Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes
GHSA-fpxj-m5q8-fphw
pkg: github.com/axllent/mailpit
eco: go
published: May 19, 2026
### Summary
The Mailpit SMTP server has a Server.MaxSize int field that controls the maximum allowed DATA payload size, but the field is never assigned anywhere outside test code, leaving it at Go's zero value (0 ⇒ "no limit"). The same applies to the HTTP /api/v1/send endpoint, whose request body…
CVE-2026-45713
GitHub-GHSA

HIGH
Algernon: Single-file mode unconditionally enables debug mode
GHSA-fwqx-8365-9983
pkg: github.com/xyproto/algernon
eco: go
published: May 19, 2026
### Summary

When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow (`algernon foo.lua`, `algernon page.po2`, `algernon index.html`, `algernon mywebsite.alg`) — `singleFileMode` is set to true and **`debugMode` is forcibly enabled** with no…

CVE-2026-45728
GitHub-GHSA

HIGH
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
GHSA-7gg8-qqx7-92g5
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
Due to a missing check in the MIFF decoder a crafted file could cause an infinite loop resulting in CPU exhaustion.
CVE-2026-46522
GitHub-GHSA

HIGH
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
GHSA-36wm-hprc-mcf5
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
When reading multiple images with different dimensions an out of bounds heap write can occur.
CVE-2026-46520
GitHub-GHSA

HIGH
HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
GHSA-3653-68v6-rq57
pkg: ca.uhn.hapi.fhir:org.hl7.fhir.dstu2, ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may, ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
eco: maven
published: May 18, 2026
## Summary

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions `matches()`, `matchesFull()`, and `replaceMatches()` pass user-controlled regular expressions directly to Java's `Pattern.compile()` and `String.…

CVE-2026-45367
GitHub-GHSA

HIGH
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
GHSA-jfrm-rx66-g536
pkg: nicegui
eco: pip
published: May 18, 2026
### Summary

`ui.restructured_text()` renders reStructuredText server-side with Docutils without disabling file insertion directives.

When a NiceGUI application passes attacker-controlled content to `ui.restructured_text()`, an attacker can use standard Docutils directives (`include`, `csv-table` w…

CVE-2026-45553
GitHub-GHSA

HIGH
OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI
GHSA-43g7-cwr8-q3jh
pkg: go.opentelemetry.io/obi
eco: go
published: May 18, 2026
### Summary

A remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as `set`, `add`, `replace`, `append`, `prepend`, or `cas`, OBI accepts extremely large `<bytes>` values and a…

CVE-2026-45686
GitHub-GHSA

HIGH
OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages
GHSA-j8p6-96vp-f3r9
pkg: go.opentelemetry.io/obi
eco: go
published: May 18, 2026
### Summary

Malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validat…

CVE-2026-45685
GitHub-GHSA

HIGH
Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability
GHSA-9v76-4qcc-frgh
pkg: Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-x64
eco: nuget
published: May 18, 2026
## Executive Summary:

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Loop with unreachable ex…

CVE-2026-42899
GitHub-GHSA

HIGH
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability
GHSA-rg75-q538-x34v
pkg: Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.win-arm
eco: nuget
published: May 18, 2026
## Executive Summary:

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A tampering vulnerabil…

CVE-2026-32175
GitHub-GHSA

HIGH
OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads
GHSA-pgvv-q3wf-mm9m
pkg: go.opentelemetry.io/obi
eco: go
published: May 18, 2026
### Summary

The Postgres protocol parser assumes `BIND` message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond the end of the captured buffer and panic.

### Details

The vulnerable logic is in [pkg/ebpf/common/sql_detect_postg…

CVE-2026-45678
GitHub-GHSA

HIGH
multiparty vulnerable to ReDoS via filename parsing
GHSA-65×3-rw7q-gx94
pkg: multiparty
eco: npm
published: May 18, 2026
### Impact

multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the `Content-Disposition` filename parameter parser. A multipart upload with a long header value containing `!filename="1` repeated can cause regex matching to take seconds, blo…

CVE-2026-8159
GitHub-GHSA

HIGH
multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
GHSA-xh3c-6gcq-g4rv
pkg: multiparty
eco: npm
published: May 18, 2026
### Impact

multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a `multipart/form-data` request with a `Content-Disposition: filename*=utf-8''` header containing a malformed percent-encoding (e.g., `%FF`, `%GG`), the parser invokes `decodeURI` o…

CVE-2026-8162
GitHub-GHSA

HIGH
multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
GHSA-qxch-whhj-8956
pkg: multiparty
eco: npm
published: May 18, 2026
### Impact

multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a `multipart/form-data` request with a field name that collides with an inherited `Object.prototype` property (e.g., `__proto__`, `constructor`, `toString`), the parser invokes `.pu…

CVE-2026-8161
GitHub-GHSA

HIGH
dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport
GHSA-fvh2-gm75-j4j7
pkg: dynoxide-rs, dynoxide
eco: npm
published: May 18, 2026
## Summary

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive `rmcp` dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local `dynoxide mcp –http` or `dynoxide serve –mcp` server with a non-loopback…

GitHub-GHSA

HIGH
iskorotkov/avro: CPU Exhaustion in Decoder
GHSA-w8j3-pq8g-8m7w
pkg: github.com/iskorotkov/avro/v2
eco: go
published: May 18, 2026
# CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration

## Summary

The Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. `Reader.ReadBlockHeader` returns the count as a Go `int`, …

CVE-2026-46385
GitHub-GHSA

HIGH
iskorotkov/avro: Integer Overflow in Decoder
GHSA-mc57-h6j3-3hmv
pkg: github.com/iskorotkov/avro/v2
eco: go
published: May 18, 2026
# Integer Overflow in Avro Decoder

## Summary

Several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized `int` before bounds-checking, or summed them with overflow-prone signed-`int` arithmetic. On 32-bit targets (`GOARCH=386`,…

CVE-2026-46384
GitHub-GHSA

HIGH
iskorotkov/avro: Denial-of-Service Vulnerability in Decoder
GHSA-mx64-mj3q-7prj
pkg: github.com/iskorotkov/avro/v2
eco: go
published: May 18, 2026
# Memory Exhaustion via Unbounded Map Allocations in Avro Decoder

## Summary

The Avro map decoder accepted attacker-controlled block-element counts from the wire format and grew the destination map without enforcing an upper bound. The slice decoder already had `Config.MaxSliceAllocSize` for the e…

GitHub-GHSA

HIGH
ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351
GHSA-c32j-vqhx-rx3x
pkg: jwt
eco: rubygems
published: May 18, 2026
`JWT.decode(token, '', true, algorithm: 'HS256')` accepts an attacker-forged token.
`OpenSSL::HMAC.digest('SHA256', '', payload)` returns a valid digest under an empty key, and no `raise
InvalidKeyError if key.empty?` precondition exists in the HMAC algorithm.

“`
JWT.decode(token, "", true, algo…

CVE-2026-45363
GitHub-GHSA

HIGH
async-http-client: Cookie header not stripped on cross-origin redirect
GHSA-fmxf-pm6p-7xgm
pkg: org.asynchttpclient:async-http-client, org.asynchttpclient:async-http-client
eco: maven
published: May 18, 2026
## Summary

async-http-client leaks `Cookie` headers to cross-origin redirect targets. When following a redirect across a security boundary (different origin, or HTTPS→HTTP downgrade), the `propagatedHeaders()` method in `Redirect30xInterceptor.java` strips `Authorization` and `Proxy-Authorization…

CVE-2026-45300
GitHub-GHSA

HIGH
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree
GHSA-q5pp-gvjg-h7v4
pkg: apm
eco: pip
published: May 18, 2026
## Summary

Two primitive integrators in `apm-cli` enumerate package files with bare `Path.glob()` / `Path.rglob()` calls and read each match with `Path.read_text()`, transparently following symbolic links.

A symlink committed inside a remote APM dependency under `.apm/prompts/<x>.prompt.md` or `.a…

CVE-2026-45539
GitHub-GHSA

HIGH
Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
GHSA-h98r-wv3h-fr38
pkg: github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v3
eco: go
published: May 19, 2026
### Summary

A user with **application write access (developer role)** can set `link.argocd.argoproj.io/*` annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's **URLs section** as `<a href>` elements without URL validation. Using the pipe-separator trick (…

CVE-2026-45738
GitHub-GHSA

HIGH
Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability
GHSA-8x9c-mqxv-q2pp
pkg: Microsoft.WindowsDesktop.App.Runtime.win-arm64, Microsoft.WindowsDesktop.App.Runtime.win-x64, Microsoft.WindowsDesktop.App.Runtime.win-x86
eco: nuget
published: May 18, 2026
## Executive Summary:

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Improper input validatio…

CVE-2026-35433
GitHub-GHSA

HIGH
md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)
GHSA-32q2-hhr5-6qvv
pkg: md-fileserver
eco: npm
published: May 21, 2026
### Summary
A cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including <script> tags—is processed and injected into the resulting page without sanitization, allowing arbitrary Jav…
CVE-2026-46492
GitHub-GHSA

HIGH
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
GHSA-7hh5-prp2-mfh5
pkg: sagemaker, sagemaker
eco: pip
published: May 21, 2026
## Summary
Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable, w…
CVE-2026-8596
GitHub-GHSA

HIGH
Docker: Race condition in docker cp allows bind mount redirection to host path
GHSA-rg2x-37c3-w2rh
pkg: github.com/docker/docker, github.com/moby/moby/v2, github.com/moby/moby
eco: go
published: May 18, 2026
## Summary

A race condition during `docker cp` mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service.

## Details

When copying files into a container, the daemon sets up a temporary filesy…

CVE-2026-42306
GitHub-GHSA

HIGH
Docker: `PUT /containers/{id}/archive` executes container binary on the host
GHSA-x86f-5xw2-fm2r
pkg: github.com/moby/moby/v2, github.com/docker/docker, github.com/moby/moby
eco: go
published: May 18, 2026
## Summary

When a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon (host root) privileges.

## Details

When handling `PUT /containers/{id}/archive` requests with compressed archives, the daemon decompresses them using external system bina…

CVE-2026-41567
GitHub-GHSA

HIGH
Spring AI MCP Security: Unvalidated URL Fetching (SSRF)
GHSA-qjp4-4jvr-xqg3
pkg: org.springaicommunity:mcp-client-security
eco: maven
published: May 18, 2026
### Summary

The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) [security specifications](https://modelcontextprotocol.io/docs/tutorials/security/security_best_practices#mitigation-3). Specifically, it processes untrusted URLs fo…

CVE-2026-45609
GitHub-GHSA

HIGH
Parse Server: Pre-authentication denial of service via client version header regex backtracking
GHSA-38m6-82c8-4xfm
pkg: parse-server, parse-server
eco: npm
published: May 23, 2026
### Impact

An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and befo…

CVE-2026-47138
GitHub-GHSA

HIGH
@nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for…in without hasOwnProperty
GHSA-x7j8-49r8-mr43
pkg: @nevware21/ts-utils
eco: npm
published: May 21, 2026
## Summary

The _copyProps function in lib/src/object/copy.ts uses for…in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys (__proto__, constructor, prototype). This allows an attacker to pollute the prototype chain of all objects i…

CVE-2026-46681
GitHub-GHSA

HIGH
containerd user ID handling bypass allows runAsNonRoot evasion
GHSA-fqw6-gf59-qr4w
pkg: github.com/containerd/containerd, github.com/containerd/containerd/v2, github.com/containerd/containerd/v2
eco: go
published: May 21, 2026
### Impact
A bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the container ultimately ru…
CVE-2026-46680
GitHub-GHSA

HIGH
@hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governance guardrails
GHSA-59f3-7227-wmh4
pkg: @hulumi/policies
eco: npm
published: May 21, 2026
Impact: @hulumi/policies versions before 1.3.2 used stack-wide evidence shortcuts in several Cloudflare and deployment-governance validators. Unrelated compliant-looking evidence could suppress violations for different zones, hostnames, origins, or repositories in the same stack.

Patched in 1.3.2: …

GitHub-GHSA

HIGH
@hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM policies
GHSA-4xrh-5m3m-328w
pkg: @hulumi/policies
eco: npm
published: May 21, 2026
Impact: @hulumi/policies versions before 1.3.2 did not fully inspect inline and attached IAM policy evidence for the administrator-policy guardrail, so some admin-equivalent policy paths could pass policy evaluation.

Patched in 1.3.2: the validator inspects the affected policy shapes and includes r…

GitHub-GHSA

HIGH
@hulumi/policies: HULUMI-H1 SecureBucket parent spoof bypass
GHSA-g43v-9x7q-83pq
pkg: @hulumi/policies
eco: npm
published: May 21, 2026
Impact: @hulumi/policies versions before 1.3.2 could accept spoofed SecureBucket parent evidence for HULUMI-H1, allowing policy evaluation to miss an unsafe bucket shape.

Patched in 1.3.2: the validator now correlates evidence to the expected component/resource relationship and includes regression …

GitHub-GHSA

HIGH
@hulumi/drift: Orphan reconciler accepted externally supplied execute plans
GHSA-2ffm-hxrq-qqmm
pkg: @hulumi/drift
eco: npm
published: May 21, 2026
Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation input to be treated as trusted.

Patched in 1.3.2: execute-plan handling now validates provenance and rejects untrusted plans, with regressi…

GitHub-GHSA

HIGH
Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
GHSA-vj64-rjf3-w3v7
pkg: p3-challenger, p3-challenger
eco: rust
published: May 21, 2026
### Impact

– **Key**: `challenger/src/multi_field_challenger.rs` | `MultiField32Challenger::duplexing` | `transcript_malleability`
– **Affected files**: `challenger/src/multi_field_challenger.rs`, `field/src/helpers.rs`
– **Violated invariant**: The Fiat-Shamir sponge must bind challenges to the ex…

CVE-2026-46654
GitHub-GHSA

HIGH
Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
GHSA-85g2-pmrx-r49q
pkg: github.com/fission/fission
eco: go
published: May 21, 2026
### Summary

Fission runtime pods were created with `ServiceAccountName: fission-fetcher`, and the `fission-fetcher` ServiceAccount was granted namespace-wide `get` on `secrets` and `configmaps` (it needs that to load function code, env vars, and config). The runtime pod's automounted token was reac…

CVE-2026-46617
GitHub-GHSA

HIGH
samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
GHSA-34r5-q4jw-r36m
pkg: samlify
eco: npm
published: May 21, 2026
## Summary

samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., `<saml:AttributeValue>`) are not escaped. A normal user can inject XML markup into an attribute value (e.g., email, name) and add new `<saml:Attribute>` elements inside the signed …

CVE-2026-46490
GitHub-GHSA

HIGH
Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS
GHSA-vrxg-gm77-7q5g
pkg: windows-mcp
eco: pip
published: May 21, 2026
HTTP transports expose unauthenticated PowerShell control with wildcard CORS

There is an issue in the SSE and Streamable HTTP transport modes. The default stdio mode is not affected, but the documented HTTP modes expose the MCP control plane without authentication and add wildcard CORS handling aro…

GitHub-GHSA

HIGH
@angular/platform-server: SSRF via Hostname Hijacking
GHSA-rfh7-fxqc-q52v
pkg: @angular/platform-server, @angular/platform-server, @angular/platform-server
eco: npm
published: May 19, 2026
### Impact

A Server-Side Request Forgery (SSRF) vulnerability exists in `@angular/platform-server`. The issue stems from how the server-side rendering (SSR) engine processes the request URL provided to the rendering entry points.

When an absolute-form URL (e.g., `http://evil.com`) is passed to the…

CVE-2026-46417
GitHub-GHSA

HIGH
FileBrowser Quantum: unauthenticated user share share info
GHSA-3jmg-p96m-m328
pkg: github.com/gtsteffaniak/filebrowser/backend, github.com/gtsteffaniak/filebrowser
eco: go
published: May 19, 2026
### Impact
Some sensitive info — such as source and path can get exposed.

### Patches
Update to the latest version

### Workarounds
no

CVE-2026-46410
GitHub-GHSA

HIGH
CamoFox MCP: Unauthenticated HTTP MCP browser-control surface
GHSA-7hgr-7h44-33w2
pkg: camofox-mcp
eco: npm
published: May 19, 2026
# Unauthenticated HTTP MCP browser-control surface in `camofox-mcp`

## Summary

`camofox-mcp` exposed a Streamable HTTP MCP endpoint at `/mcp` with rate limiting but no inbound MCP-layer authentication. When HTTP mode was enabled, any client that could reach `/mcp` could list and invoke browser-con…

GitHub-GHSA

HIGH
libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case
GHSA-fhvh-vw7h-9xf3
pkg: libcrux-ml-dsa
eco: rust
published: May 19, 2026
The AVX2 implementation of ML-DSA verification incorrectly implemented
the `use_hint` function, mishandling an edge case that should lead to
signature rejection.

## Impact
An attacker could make the ML-DSA verifier accept a crafted invalid
signature under a maliciously generated verification key, i…

GitHub-GHSA

HIGH
libcrux: Potential Panic on Overlong Ciphertext Buffer
GHSA-hc3c-63hc-2r9f
pkg: libcrux-chacha20poly1305
eco: rust
published: May 19, 2026
An application that passes in a ciphertext buffer of length greater
than `ptxt.len() + TAG_LEN` to `libcrux_chacha20poly1305::encrypt` or
`libcrux_chacha20poly1305::xchacha20_poly1305::encrypt` would
experience a panic.

## Impact
An application where the length of the ciphertext buffer is under
att…

GitHub-GHSA

HIGH
zrok copy writes attacker-controlled WebDAV paths outside the destination root
GHSA-c656-jcx2-7pqj
pkg: github.com/openziti/zrok/v2, github.com/openziti/zrok
eco: go
published: May 19, 2026
## Summary

Alice runs `zrok2 copy` from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV `href` such as `/../outside.txt`. The sync pipeline stores that path in the source inventory and passes it to `FilesystemTarget.WriteStream`, which joins it with the ta…

CVE-2026-45576
GitHub-GHSA

HIGH
HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack
GHSA-x3x5-7h4h-gwxg
pkg: @haxtheweb/haxcms-nodejs
eco: npm
published: May 19, 2026
### Summary
An attack chain utilizing **Stored XSS** alongside dynamic token exposure in the `/system/api/connectionSettings` endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens (including…
CVE-2026-46511
GitHub-GHSA

HIGH
Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover
GHSA-jh3h-rpxg-fr36
pkg: @haxtheweb/haxcms-nodejs, @haxtheweb/video-player, @haxtheweb/iframe-loader
eco: npm
published: May 19, 2026
### Summary
A stored cross-site scripting (XSS) vulnerability exists in HAX CMS due to improper sanitization of `<iframe>` elements.

The application allows `javascript:` URIs in the `src` attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary Java…

CVE-2026-46396
GitHub-GHSA

HIGH
HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
GHSA-4fg7-f244-3j49
pkg: @haxtheweb/open-apis
eco: npm
published: May 19, 2026
### Summary
Multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the matched substrings to an attacker-controlled endpoint and capture authentication.

### Details
[api/services/website/cacheAddress.js](https://g…

CVE-2026-46391
GitHub-GHSA

HIGH
HAXcms createSite SSRF Enables Arbitrary File Read
GHSA-q862-gcgq-5m6g
pkg: @haxtheweb/haxcms-nodejs
eco: npm
published: May 19, 2026
### Summary
An authenticated Server-Side Request Forgery (SSRF) vulnerability in HAXcms allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access.

### Details
The `createSite` endpo…

CVE-2026-46393
GitHub-GHSA

HIGH
Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString
GHSA-24c8-4792-22hx
pkg: scriban
eco: nuget
published: May 19, 2026
## Summary

`ArrayFunctions.InsertAt` in Scriban allocates `index – list.Count` null entries in a tight C# `for` loop with no bound on `index`. The function is exposed to template authors as `array.insert_at`, and the fill loop ignores every existing safety control: `LoopLimit`, `LimitToString`, `Ob…

GitHub-GHSA

HIGH
CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion
GHSA-mf33-gv72-w2h5
pkg: cloakbrowser
eco: pip
published: May 18, 2026
The `cloakserve` CDP multiplexer uses the user-supplied `fingerprint` query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted `fingerprint` value containing path traversal seq…
CVE-2026-45727
GitHub-GHSA

HIGH
eduMFA Passkeys: missing expiration flag may allow replay attacks and reuse of old challenges
GHSA-j5rm-v3vh-vx94
pkg: edumfa
eco: pip
published: May 18, 2026
### Impact
In eduMFA < 2.9.1 userless Passkey/WebAuthn challenges might be replayed and do not expire

### Patches
Fixed in eduMFA >= 2.9.1 by adding validity information to the userless challenges.

### Workarounds
No known workarounds besides disabling userless login altogether.

GitHub-GHSA

HIGH
eduMFA: Incorrect InnoDB snapshot isolation possibly allows token reusage
GHSA-qq2p-4282-cfc5
pkg: edumfa
eco: pip
published: May 18, 2026
### Impact

For deployments using MySQL or MariaDB < 11.6.2 (or newer with innodb_snapshot_isolation=off) reusage of token values might be possible due to faulty transaction isolation inside the database. Exploiting this requires racing this transaction.
Affected are all tokentypes whose values are …

GitHub-GHSA

MEDIUM
n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass
GHSA-3875-8gcx-7v46
pkg: n8n
eco: npm
published: May 19, 2026
## Impact
The `POST /rest/dynamic-node-parameters/options` endpoint allowed any authenticated user to cause the n8n server to issue HTTP requests including credentials bypassing the intended restrictions on which hosts could be contacted for that credential (Allowed HTTP Request Domains). The user n…
GitHub-GHSA

MEDIUM
Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler
GHSA-rq6v-x3j8-7qgf
pkg: sagemaker, sagemaker
eco: pip
published: May 21, 2026
## Summary
Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the Triton inference handler deserializes model artifacts without performing integrity verification, allowing s…
CVE-2026-8597
GitHub-GHSA

MEDIUM
Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)
GHSA-cqp8-fcvh-x7r3
pkg: pydantic-ai, pydantic-ai-slim
eco: pip
published: May 21, 2026
## Summary

When an application using Pydantic AI opts a URL into `force_download='allow-local'` (which disables the default block on private/internal IPs), the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form (IPv4-mapped IPv6, 6to4, or NAT64). Dual-…

CVE-2026-46678
GitHub-GHSA

MEDIUM
Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
GHSA-hvv7-hfrh-7gxj
pkg: github.com/nezhahq/nezha
eco: go
published: May 23, 2026
### Summary

Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by `HasPermission`, but the WebSocket stream treats the presence of any authenticated u…

CVE-2026-47124
GitHub-GHSA

MEDIUM
instagrapi: Unsafe signup challenge path handling in instagrapi
GHSA-ggxf-37hm-9wqf
pkg: instagrapi
eco: pip
published: May 23, 2026
instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intended I…
GitHub-GHSA

MEDIUM
aiograpi: Unsafe signup challenge path handling
GHSA-jh37-x3fv-4×72
pkg: aiograpi
eco: pip
published: May 23, 2026
aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intended In…
CVE-2026-47157
GitHub-GHSA

MEDIUM
FlaskBB: SSRF in get_image_info() via unrestricted avatar URL
GHSA-xq32-9g7q-7297
pkg: flaskbb
eco: pip
published: May 21, 2026
###Summary
A Server-Side Request Forgery (SSRF) vulnerability in get_image_info() allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services (e.g., AWS 169.254.169.254). This is a blind SSRF with confirmed internal port …
CVE-2026-46556
GitHub-GHSA

MEDIUM
NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
GHSA-99vc-2jx2-688p
pkg: nocodb
eco: npm
published: May 21, 2026
### Summary

The `uploadViaURL` path in the v1/v2 attachment API did not enforce `NC_ATTACHMENT_FIELD_SIZE` against the remote `content-length` or against the response stream. An authenticated user (Editor+) could direct the server to download arbitrarily large files, exhausting disk space and causi…

CVE-2026-46551
GitHub-GHSA

MEDIUM
Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint
GHSA-686c-7vgv-v3fx
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: May 19, 2026
## Summary

Unauthenticated semi-blind Server-Side Request Forgery (SSRF) via the Azure instance identity endpoint (`POST /api/v2/workspaceagents/azure-instance-identity`). An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submittin…

CVE-2026-45796
GitHub-GHSA

MEDIUM
HAX CMS: Denial of Service using Malicious Import Request
GHSA-9r33-xhw8-4qqp
pkg: @haxtheweb/haxcms-nodejs
eco: npm
published: May 19, 2026
### Summary

The HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service.

### Details

Th…

CVE-2026-46357
GitHub-GHSA

MEDIUM
OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages
GHSA-8rrq-wcg8-cv5q
pkg: go.opentelemetry.io/obi
eco: go
published: May 18, 2026
### Summary

OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis …

CVE-2026-45679
GitHub-GHSA

MEDIUM
Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API
GHSA-363w-hvwh-w7m6
pkg: @budibase/server
eco: npm
published: May 18, 2026
# Security Advisory: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

**Affected Software:** Budibase
**Affected Component:** `packages/server/src/api/controllers/view/viewBuilder.ts`, `packages/server/src/api/routes/view.ts`
**CWE:** CWE-94 (Improper Control of Genera…

CVE-2026-45719
GitHub-GHSA

MEDIUM
brace-expansion: Large numeric range defeats documented `max` DoS protection
GHSA-jxxr-4gwj-5jf2
pkg: brace-expansion
eco: npm
published: May 18, 2026
The `max` option was being applied too late:

When expanding a single large numeric range like `{1..10000000}`, the sequence generation loop generates all 10 million intermediate elements before the `max` limit is applied With `max=10`, the output is correctly limited to 10 items, but the process st…

CVE-2026-45149
GitHub-GHSA

MEDIUM
eduMFA: Unauthenticated Failcounter Increment on Resolver Tokens via /validate/check
GHSA-74r7-3mjm-jc5v
pkg: edumfa
eco: pip
published: May 18, 2026
### Impact
If the resolver parameter is passed, but the user does not exist, all failcounters of tokens in that resolver will be increased.

### Patches
This, along with other issues, was fixed in eduMFA v2.9.1.

### Workarounds
Limiting access to `/validate/check` to client applications (i.e. Shibb…

GitHub-GHSA

MEDIUM
n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
GHSA-f3rg-xqjj-cj9w
pkg: n8n-mcp
eco: npm
published: May 18, 2026
## Summary

In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant ide…

CVE-2026-45582
GitHub-GHSA

MEDIUM
n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions
GHSA-2vx9-7wpg-88jq
pkg: n8n
eco: npm
published: May 19, 2026
## Impact
The `ExecuteWorkflow` node's `localFile` source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the `N8N_RE…
GitHub-GHSA

MEDIUM
Klever-Go KVM read-only execution can commit contract delete and upgrade side effects
GHSA-jc6w-wmfc-fh33
pkg: github.com/klever-io/klever-go
eco: go
published: May 21, 2026
## Publisher note

**Fixed in `v1.7.17`.** Operators running `< v1.7.17` should upgrade. Contract delete and upgrade host-core paths now reject execution when `runtime.ReadOnly()` is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output fiel…

CVE-2026-46403
GitHub-GHSA

MEDIUM
Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
GHSA-rg3g-4rw9-gqrp
pkg: github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v3
eco: go
published: May 19, 2026
### Summary
The original fix for [GHSA-3v3m-wc6v-x4x3](https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3) is incomplete. argocd app diff –server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation.…
CVE-2026-45737
GitHub-GHSA

MEDIUM
Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter
GHSA-9mvm-4gwg-v8mp
pkg: github.com/getarcaneapp/arcane/backend
eco: go
published: May 18, 2026
## Summary

`GET /environments/{id}/volumes/{volumeName}/browse` accepts a `path` query parameter that is passed to a shell command (`sh -c "find … | while …"`) inside an Arcane helper container. The path sanitiser blocks `../` traversal but does not strip Bourne-shell metacharacters such as `$(…

CVE-2026-45626
GitHub-GHSA

MEDIUM
ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix
GHSA-jqq5-8px3-9m6m
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 21, 2026
An incorrect fix that was applied in GHSA-5592-p365-24xh could result in a heap buffer over-write of a single byte.
GitHub-GHSA

MEDIUM
OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle
GHSA-5qwm-7pvp-w988
pkg: OpenMcdf
eco: nuget
published: May 19, 2026
### Summary
The BST name-lookup loop in `DirectoryTree.TryGetDirectoryEntry` (`OpenMcdf/DirectoryTree.cs:35-46`) walks directory entries by repeatedly calling `directories.TryGetSibling(child, siblingType, validateColor)`. A crafted CFB file with cyclic Left/Right sibling links among directory entri…
CVE-2026-45785
GitHub-GHSA

MEDIUM
ImageMagick: Stack overflow in fx operation
GHSA-rcr6-g7jc-f57g
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
Due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument.
CVE-2026-46557
GitHub-GHSA

MEDIUM
ImageMagick: Use-After-Free in MSL decoder.
GHSA-5r4x-w6p5-222q
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
A crafted MSL image can trigger a heap-use-after-free.
CVE-2026-46523
GitHub-GHSA

MEDIUM
NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
GHSA-9qgr-6vpg-9gh9
pkg: nocodb
eco: npm
published: May 21, 2026
### Summary
A reflected XSS vulnerability exists in the Page Leaving Warning page. The `ncRedirectUrl` and `ncBackUrl` query parameters are used in `window.location.href` and `<a>` tag bindings without validation, allowing `javascript:` URI injection.

### Details
`PageLeavingWarning.vue` reads `ncR…

CVE-2026-46547
GitHub-GHSA

MEDIUM
Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching
GHSA-jwp7-wg77-3w9v
pkg: @apify/actors-mcp-server
eco: npm
published: May 19, 2026
### Summary
The `fetch-apify-docs` tool validates URLs against a domain allowlist using `String.startsWith()` instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains (e.g., `https://docs.apify.com.evil.com/`), enabling the tool to fetch and return arbitrary w…
CVE-2026-46341
GitHub-GHSA

MEDIUM
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
GHSA-vp62-88p7-qqf5
pkg: github.com/docker/docker, github.com/moby/moby/v2, github.com/moby/moby
eco: go
published: May 18, 2026
## Summary

A race condition during `docker cp` mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem.

This advisory covers the race during mountpoint creation. The related race during the subsequent mount syscall is tracked…

CVE-2026-41568
GitHub-GHSA

MEDIUM
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
GHSA-799f-29jm-gr6c
pkg: nimiq-primitives
eco: rust
published: May 21, 2026
### Impact
A logic flaw in `BlockInclusionProof::is_block_proven` causes the function to return true without performing any cryptographic verification when `get_interlink_hops` yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the ele…
CVE-2026-46539
GitHub-GHSA

MEDIUM
Mailpit: Concurrent map read & write in proxy CSS rewriter – remote unauth crash (fatal error: concurrent map read and map write)
GHSA-w4vj-r5pg-3722
pkg: github.com/axllent/mailpit
eco: go
published: May 19, 2026
### Summary
The screenshot/print proxy (/proxy?data=…) maintains a package-level assets map[string]MessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and (re-entrant) CSS-rewriting code path concurrently write to it under the lock. When the un…
CVE-2026-45712
GitHub-GHSA

MEDIUM
Mailpit: Path traversal & arbitrary file write in mailpit dump –http via attacker-controlled message IDs
GHSA-qx5x-85p8-vg4j
pkg: github.com/axllent/mailpit
eco: go
published: May 19, 2026
### Summary
The mailpit dump –http <base-url> <out-dir> sub-command downloads every message from a remote Mailpit instance and writes each one as <id>.eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated i…
CVE-2026-45711
GitHub-GHSA

MEDIUM
OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size
GHSA-r6c9-g6q5-qrf9
pkg: go.opentelemetry.io/obi
eco: go
published: May 18, 2026
### Summary

The per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry.

### Details

https://github.com/open-teleme…

CVE-2026-45681
GitHub-GHSA

MEDIUM
OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU
GHSA-89c6-vpcj-7vj4
pkg: go.opentelemetry.io/obi
eco: go
published: May 18, 2026
### Summary

OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop every collection interval.

### Details

The vulnerable loo…

CVE-2026-45680
GitHub-GHSA

MEDIUM
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
GHSA-chqv-vrj7-qffp
pkg: nocodb
eco: npm
published: May 21, 2026
### Summary

Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID (`xc-shared-base-id`), an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem …

CVE-2026-46552
GitHub-GHSA

MEDIUM
Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer
GHSA-j3fj-qppj-fmmc
pkg: github.com/axllent/mailpit
eco: go
published: May 19, 2026
## Summary

The fix for GHSA-6jxm-fv7w-rw5j (CVE-2026-23845, "Server-Side Request Forgery (SSRF) via HTML Check API"), shipped in mailpit `v1.28.3`, hardened `internal/htmlcheck/css.go::downloadCSSToBytes` with a 5MB size cap, a `text/css` content-type check, login-info stripping in `isValidURL`, an…

CVE-2026-45709
GitHub-GHSA

MEDIUM
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
GHSA-6gxq-f64p-5w6f
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 22, 2026
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process.
CVE-2026-47166
GitHub-GHSA

MEDIUM
ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define
GHSA-vhrh-72hq-w8m7
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
An invalid `connected-components:keep-top` value could result in a heap buffer over-read when performing the connected components operation.
CVE-2026-45359
GitHub-GHSA

MEDIUM
fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode
GHSA-wg5x-3g47-v38r
pkg: org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim
eco: maven
published: May 19, 2026
When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain the…
CVE-2026-45581
GitHub-GHSA

MEDIUM
ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
GHSA-jcqp-6r6f-3mfx
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
When using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check.
CVE-2026-46521
GitHub-GHSA

MEDIUM
OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent
GHSA-wp73-mwgf-4jq9
pkg: go.opentelemetry.io/obi
eco: go
published: May 18, 2026
### Summary

OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language.

### Details

`…

CVE-2026-45676
GitHub-GHSA

MEDIUM
Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)
GHSA-rxf6-wjh4-jfj6
pkg: github.com/nezhahq/nezha
eco: go
published: May 23, 2026
## Summary

`createAlertRule` and `createService` (and their `update*` siblings) accept `FailTriggerTasks []uint64` and `RecoverTriggerTasks []uint64` — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's `Rules.Ignore` server map; it never ch…

CVE-2026-47120
GitHub-GHSA

MEDIUM
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
GHSA-f74w-272x-mqcv
pkg: nocodb
eco: npm
published: May 21, 2026
### Summary

The refresh-token cookie was set with `httpOnly: true` but missing both the `secure` flag and the `sameSite` attribute. Over plain HTTP the cookie could be intercepted on the network; without `sameSite`, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh e…

CVE-2026-46550
GitHub-GHSA

MEDIUM
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
GHSA-2qjj-h6wp-c7h7
pkg: Umbraco.Cms, Umbraco.Cms
eco: nuget
published: May 21, 2026
### Impact
Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks.

### Patches
The issue is resolved in ve…

CVE-2026-46616
GitHub-GHSA

MEDIUM
Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization
GHSA-x5w9-xh9r-mvfc
pkg: github.com/caddyserver/caddy/v2
eco: go
published: May 19, 2026
This report is not about a normal textual prefix-expansion case.

The issue here is that the authorization layer and the `/config` traversal layer do **not agree on what object the path refers to**.

In this case, a path authorized for one config object is accepted, but then resolves to a **diffe…

CVE-2026-45692
GitHub-GHSA

MEDIUM
go-git: Crafted repositories may modify main and submodule .git directories
GHSA-crhj-59gh-8×96
pkg: github.com/go-git/go-git/v5, github.com/go-git/go-git/v6, github.com/go-git/go-git
eco: go
published: May 19, 2026
### Impact
A path validation issue in `go-git` could allow crafted repository data to affect files outside the intended checkout target, including the repository's `.git` directory.

These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from tho…

CVE-2026-45571
GitHub-GHSA

MEDIUM
Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
GHSA-3263-v5v9-xq8q
pkg: budibase
eco: npm
published: May 18, 2026
## Summary

The row action trigger endpoint (`POST /api/tables/:sourceId/actions/:actionId/trigger`) fails to validate that the user-supplied `rowId` is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, inclu…

CVE-2026-45718
GitHub-GHSA

MEDIUM
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
GHSA-q8mj-m7cp-5q26
pkg: qs
eco: npm
published: May 22, 2026
### Summary

`qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not handled by any of qs's null-related options (`skipNulls`, `strictNullHandling`).

### Details

In the com…

CVE-2026-8723
GitHub-GHSA

MEDIUM
nimiq-blockchain: Genesis batch set request
GHSA-vghx-352f-93jm
pkg: nimiq-blockchain
eco: rust
published: May 21, 2026
### Impact
A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls `get_epoch_chunks` which iterates backwards through macro blocks using `Policy::macro_block_before`. When it reaches the genesis block number, `macro_block_bef…
CVE-2026-46543
GitHub-GHSA

MEDIUM
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
GHSA-jggg-4jg4-v7c6
pkg: protobufjs, protobufjs
eco: npm
published: May 19, 2026
## Summary

protobufjs could recurse without a depth limit while expanding nested JSON descriptors through `Root.fromJSON()` and `Namespace.addJSON()`.

A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading.…

CVE-2026-45740
GitHub-GHSA

MEDIUM
Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication
GHSA-9v4j-7g44-qcqw
pkg: github.com/xyproto/algernon
eco: go
published: May 19, 2026
### Summary

When auto-refresh is enabled, Algernon spins up an SSE handler that streams a `data:` line for every filesystem event under the watched directory. The handler performs **no authentication** of any kind — no shared token, no cookie check against the `permissions2` userstate, no IP allo…

GitHub-GHSA

MEDIUM
ImageMagick: Policy Bypass in MNG coder could
GHSA-g5mf-wqq5-vwg6
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
Because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use.
CVE-2026-45664
GitHub-GHSA

MEDIUM
NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes
GHSA-pq7c-x8g4-rvp6
pkg: nicegui
eco: pip
published: May 18, 2026
### Summary

Two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled `RuntimeError` inside Starlette's `FileResponse`, which Uvicorn writes to the serv…

CVE-2026-45554
GitHub-GHSA

MEDIUM
ImageMagick: Policy Bypass in PSD decoder
GHSA-cwpj-h54c-xjpx
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
Due to a missing check in the PSD decoder it would be possible to bypass the `list-length` resource policy when decoding a PSD image. Other security limits would still apply.
CVE-2026-45031
GitHub-GHSA

MEDIUM
ImageMagick: Out-of-Bounds Read of a single byte in meta encoder
GHSA-cr6r-hmj8-pr7r
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
An of by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder.
CVE-2026-45358
GitHub-GHSA

MEDIUM
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
GHSA-79cf-xcqc-c78w
pkg: webpack-dev-server
eco: npm
published: May 18, 2026
### Impact

When webpack-dev-server is running on a non-HTTPS origin (the default), cross-origin requests from malicious websites can load the dev server's JavaScript bundles via `<script>` tags. The fix introduced in v5.2.1 (CVE-2025-30359) relied on `Sec-Fetch-Mode` and `Sec-Fetch-Site` request he…

CVE-2026-6402
GitHub-GHSA

MEDIUM
ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
GHSA-pfvh-m9xv-8966
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
When performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments.
CVE-2026-45624
GitHub-GHSA

MEDIUM
OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals
GHSA-962q-hwm5-52×5
pkg: go.opentelemetry.io/obi
eco: go
published: May 18, 2026
### Summary

The custom `CappedConcurrentHashMap` introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory.

### D…

CVE-2026-45682
GitHub-GHSA

MEDIUM
ImageMagick: Heap Buffer Over-Read in IPTC encoder
GHSA-7wff-wpr6-vmhm
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte.
CVE-2026-42326
GitHub-GHSA

MEDIUM
pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls API
GHSA-8rp3-xc6w-5qp5
pkg: pyload-ng
eco: pip
published: May 21, 2026
## Summary

The SSRF mitigation added in commit `33c55da` for GHSA-7gvf-3w72-p2pg is incomplete. The `PREREQFUNCTION`-based private IP check was correctly applied to `HTTPChunk` (download path) but not to `HTTPRequest` (used by the `parse_urls` API). An authenticated attacker can supply a URL pointi…

CVE-2026-46561
GitHub-GHSA

MEDIUM
OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers
GHSA-vvmg-8mjr-g6q3
pkg: go.opentelemetry.io/obi
eco: go
published: May 18, 2026
### Summary

OBI's log enricher mishandles `writev` buffers by reading only the first `iovec` entry but using the total `iov_iter.count` as the copy length. When log injection is enabled, a crafted multi-segment `writev` call can make OBI read and overwrite memory beyond the first segment.

### Deta…

CVE-2026-45684
GitHub-GHSA

MEDIUM
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
GHSA-vr9v-27gg-qgx4
pkg: Umbraco.Cms
eco: nuget
published: May 21, 2026
### Impact
Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding.

### Patches
This issue has been patched in 17.4.0

CVE-2026-46609
GitHub-GHSA

MEDIUM
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory
GHSA-4j5m-wc25-pvh7
pkg: onenote_parser
eco: rust
published: May 21, 2026
### Impact
A maliciously crafted `.onetoc2` table-of-contents file can cause `Parser::parse_notebook` to open arbitrary files on the host filesystem outside the notebook's directory. The parser reads entry names listed inside the `.onetoc2` and joins them against the notebook's base directory withou…
CVE-2026-46671
GitHub-GHSA

MEDIUM
ws: Uninitialized memory disclosure
GHSA-58qx-3vcg-4xpx
pkg: ws
eco: npm
published: May 18, 2026
### Impact

The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument.

### Proof of concept

“`js
import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';

const wss = new WebS…

CVE-2026-45736
GitHub-GHSA

MEDIUM
SQLAdmin: Authorization Bypass on `ajax_lookup`
GHSA-54mc-gghv-4cfj
pkg: sqladmin
eco: pip
published: May 21, 2026
### Impact

The `ajax_lookup` endpoint in `application.py` bypasses the `is_accessible()` access control check that all other endpoints enforce.

If a developer restricts model access by overriding `is_accessible()`, an authenticated user can still query that model's data through the `ajax_lookup` e…

CVE-2026-46645
GitHub-GHSA

MEDIUM
NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
GHSA-2c5x-4jgf-88mj
pkg: nocodb
eco: npm
published: May 21, 2026
### Summary

The `request-filtering-agent` SSRF protection was non-functional in the four notification webhook plugins (Slack, Discord, Mattermost, Teams) because `httpAgent` / `httpsAgent` were passed as part of the request **body** rather than the axios **config**. An authenticated user with hook-…

CVE-2026-46548
GitHub-GHSA

MEDIUM
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
GHSA-h9cc-w26m-j342
pkg: nimiq-keys
eco: rust
published: May 21, 2026
### Impact

A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. `Ed25519PublicKey::delinearize()` in `keys/src/multisig/mod.rs` called `.unwrap()` on curve point decompression, which panics when a public key is
constructed from 32 bytes that do not represent a…

CVE-2026-46542
GitHub-GHSA

MEDIUM
Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *
GHSA-hw27-4v2q-5qff
pkg: github.com/xyproto/algernon
eco: go
published: May 20, 2026
### Summary

The SSE event server's `Access-Control-Allow-Origin` response header was hardcoded to the wildcard `*` regardless of the caller's `Origin`. Because `EventSource` does not preflight and does not send cookies, the wildcard is sufficient to let any third-party page the developer visits ope…

CVE-2026-46431
GitHub-GHSA

MEDIUM
Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
GHSA-gj84-924c-48fx
pkg: github.com/xyproto/algernon
eco: go
published: May 20, 2026
### Summary

The SSE event server bound to `0.0.0.0:5553` on Linux/macOS by default because the platform-dependent host default in `engine/flags.go:39-46` set `host = ""` for non-Windows, and `utils.JoinHostPort("", ":5553")` resolves to `":5553"` — a Go `http.Server.Addr` of `":5553"` listens on …

CVE-2026-46430
GitHub-GHSA

MEDIUM
Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path
GHSA-62q4-447f-wv8h
pkg: pymdown-extensions
eco: pip
published: May 19, 2026
# Summary

`pymdownx.snippets` has a regression of the CVE-2023-32309 / GHSA-jh85-wwv9-24hv fix. With `restrict_base_path: True` (the default), the current `filename.startswith(base)` containment check does not enforce a directory boundary. As a result, a markdown snippet directive can read files fr…

CVE-2026-46338
GitHub-GHSA

MEDIUM
Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path Matching
GHSA-gx7w-56w6-g48x
pkg: github.com/caddyserver/caddy/v2
eco: go
published: May 19, 2026
## AI Disclosure

I used an LLM to help review the source code, reason about attack surface, and help draft and refine this report.
I manually validated the finding by reproducing it locally, confirming the vulnerable code path, and verifying the HTTP behavior with `curl -v`.

## Summary

Ca…

GitHub-GHSA

MEDIUM
Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour
GHSA-6vp2-6r7m-2jvx
pkg: @budibase/backend-core
eco: npm
published: May 19, 2026
## Summary

The public API role unassignment endpoint (`POST /api/public/v1/roles/unassign`) updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user identity and permissions from this cache (TTL: 3600 s…

CVE-2026-46424
GitHub-GHSA

MEDIUM
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model
GHSA-2rgj-gx5x-f62w
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 22, 2026
The distributed pixel cache was originally designed to operate without a challenge–response authentication model. However, given today’s heightened security expectations, we have changed our implementation.
CVE-2026-47165
GitHub-GHSA

MEDIUM
ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking
GHSA-4g75-9r48-jf92
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 22, 2026
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met.
CVE-2026-46693
GitHub-GHSA

MEDIUM
ImageMagick: Heap Buffer Over-Write in distributed pixel cache server
GHSA-p93h-f2jc-477j
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 22, 2026
An attacker who can connect to a `magick -distribute-cache` service can cause a heap buffer over-write in the server process.
CVE-2026-46692
GitHub-GHSA

MEDIUM
ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.
GHSA-533m-3wf6-c33v
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: May 18, 2026
An incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options.
CVE-2026-46559
GitHub-GHSA

MEDIUM
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
GHSA-97r5-pg8x-p63p
pkg: Flask-Security-Too
eco: pip
published: May 22, 2026
### Summary

Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a
session as fresh after verifying an OAuth account that belongs to a
different user.

If an attacker can operate an already-authenticated but stale victim
session, they can complete OAuth verification using their…

CVE-2026-46715
GitHub-GHSA

MEDIUM
@hulumi/baseline: CloudTrail selector tampering events were not fully detected
GHSA-gfp8-mp24-5vxg
pkg: @hulumi/baseline
eco: npm
published: May 21, 2026
Impact: @hulumi/baseline versions before 1.3.2 could miss some CloudTrail event-selector tampering evidence, reducing coverage for changes to audit logging configuration.

Patched in 1.3.2: detection coverage and regression tests were expanded.

Remediation: upgrade @hulumi/baseline to 1.3.2 or late…

GitHub-GHSA

MEDIUM
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
GHSA-7pjr-qpvh-m339
pkg: github.com/fission/fission
eco: go
published: May 21, 2026
### Summary

Before the round-1 security sweep, `pkg/builder/builder.go` passed `Environment.spec.builder.command` directly into `exec.Command(…)` after a `strings.Fields` split, with no validation of the executable path or its arguments. A user who could create or update `Environment` CRDs in a n…

CVE-2026-46618
GitHub-GHSA

MEDIUM
@sveltejs/kit: `query.batch` cross-talk
GHSA-hgv7-v322-mmgr
pkg: @sveltejs/kit
eco: npm
published: May 21, 2026
`query.batch()` could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure.
GitHub-GHSA

MEDIUM
Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing
GHSA-5h3g-px23-w6vw
pkg: mvt
eco: pip
published: May 21, 2026
### Summary

The `fileID` field from `Manifest.db` (a SQLite database inside iOS backups, generated by the device) is used directly in filesystem path construction without validation. This affects two commands through a shared code path:

– **`mvt-ios decrypt-backup`** (`decrypt.py`): `file_id` is u…

CVE-2026-46486
GitHub-GHSA

MEDIUM
Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows
GHSA-c2c9-mfw7-p8hw
pkg: flowise
eco: npm
published: May 20, 2026
## Summary

The `/api/v1/chatflows/apikey/:apikey` endpoint (whitelisted, accessible with API key auth only) returns all chatflows bound to the provided API key AND all chatflows across the entire system that have no API key assigned. This crosses workspace boundaries, allowing a user in Workspace A…

GitHub-GHSA

MEDIUM
Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification
GHSA-59fh-9f3p-7m39
pkg: flowise
eco: npm
published: May 20, 2026
### Summary
A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the credential (password hash), bypassing the intended password change workflow.

Because the endpoint forwards the entire request body to the …

GitHub-GHSA

MEDIUM
Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage
GHSA-m837-xvxr-vqwg
pkg: flowise
eco: npm
published: May 20, 2026
### Summary

The TTS generation endpoint sets `Access-Control-Allow-Origin: *` as a hardcoded response header, independent of the server's CORS configuration. This enables any webpage to make cross-origin requests to generate speech using stored credentials.

### Root Cause

“`typescript
// package…

GitHub-GHSA

MEDIUM
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM
GHSA-fvvm-949w-qj4w
pkg: rtk
eco: rust
published: May 20, 2026
RTK (Rust Token Killer) improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads `.rtk/filters.toml` from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to apply…
CVE-2026-45792
GitHub-GHSA

MEDIUM
rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers
GHSA-phqj-4mhp-q6mq
pkg: openssl
eco: rust
published: May 19, 2026
`CipherCtxRef::cipher_update_inplace` incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corru…
CVE-2026-45784
GitHub-GHSA

MEDIUM
Trubo: Login callback CSRF/session fixation
GHSA-hcf7-66rw-9f5r
pkg: turbo
eco: npm
published: May 19, 2026
### Impact

Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before th…

CVE-2026-45773
GitHub-GHSA

MEDIUM
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`
GHSA-m9p2-fxp5-v3fp
pkg: diesel
eco: rust
published: May 19, 2026
Diesel allows users to configure various options for PostgreSQL's `COPY FROM` and `COPY TO` statements. These configurations are partially provided as strings or characters.

Diesel did not check if any these user-provided options contain a quote character `'`, which can lead to the injection of ad…

GitHub-GHSA

MEDIUM
Diesel: Possible unaligned data access for implementations of `SqliteAggregate`
GHSA-q8x8-jrhj-fh9p
pkg: diesel
eco: rust
published: May 19, 2026
Diesel allows to register custom aggregate SQL functions for SQLite via the `SqliteAggregate` interface.

To store an instance of the custom aggregate processor Diesel relied on the `sqlite3_aggregate_context` function provided by sqlite. This function doesn't provide any guarantees about alignment …

GitHub-GHSA

MEDIUM
Caddy CVE-2026-30852 Fix Bypass
GHSA-wwhq-w58m-w29c
pkg: github.com/caddyserver/caddy/v2
eco: go
published: May 19, 2026
#

## TL;DR

CVE-2026-30852 fixed double expansion in `vars_regexp` when the variable key is a placeholder (e.g. `{http.vars.x}`). The fix does NOT protect literal key names (e.g. `tenant_id`). An attacker injects `{env.AWS_SECRET_ACCESS_KEY}` or `{file./etc/passwd}` via a request header → Caddy …

GitHub-GHSA

MEDIUM
Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation
GHSA-m23h-6mwm-39m8
pkg: github.com/kong/kubernetes-ingress-controller/v3, github.com/kong/kubernetes-ingress-controller/v3, github.com/kong/kubernetes-ingress-controller/v2
eco: go
published: May 19, 2026
## Summary

A vulnerability in the Kong Ingress Controller (KIC) allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode (where the `GatewayClass` lacks an unmanaged annotation), the Gateway TLS translator skips critical…

GitHub-GHSA

MEDIUM
Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint
GHSA-3278-c88v-xrh4
pkg: github.com/kong/kubernetes-ingress-controller/v3, github.com/kong/kubernetes-ingress-controller/v2, github.com/kong/kubernetes-ingress-controller
eco: go
published: May 19, 2026
## Summary

A vulnerability in the Kong Ingress Controller (KIC) allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information (using `–dump-sensitive-config=false`), KIC fails to sanitize the `Plugins` f…

GitHub-GHSA

MEDIUM
Envoy AI Proxy – MCP Message Smuggling Vulnerability
GHSA-4gph-2hhr-5mwg
pkg: github.com/envoyproxy/ai-gateway
eco: go
published: May 19, 2026
Envoy AI Gateway was found to be affected by a protocol parser differential vulnerability due to improper implementation of the JSON-RPC 2.0 specification. Such differential causes a MCP message alteration, potentially causing a bypass of security controls in a multi-layered architecture.

According…

GitHub-GHSA

MEDIUM
Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
GHSA-6m52-m754-pw2g
pkg: @nuxt/rspack-builder, @nuxt/rspack-builder, @nuxt/webpack-builder
eco: npm
published: May 19, 2026
### Summary
This is an incomplete fix for [GHSA-4gf7-ff8x-hq99](https://github.com/nuxt/nuxt/security/advisories/GHSA-4gf7-ff8x-hq99). Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address (e.g. `nuxt dev –host`) and the de…
CVE-2026-45670
GitHub-GHSA

MEDIUM
Nuxt: Reflected XSS in `navigateTo()` external redirect
GHSA-fx6j-w5w5-h468
pkg: nuxt, nuxt
eco: npm
published: May 19, 2026
### Summary
`navigateTo()` with `external: true` generates a server-side HTML redirect body containing a `<meta http-equiv="refresh">` tag. The destination URL is only sanitized by replacing `"` with `%22`, leaving `<`, `>`, `&`, and `'` unencoded. An attacker who can influence the URL passed to `na…
CVE-2026-45669
GitHub-GHSA

MEDIUM
HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft
GHSA-2m6p-hm3w-6jm3
pkg: @haxtheweb/haxcms-nodejs, @haxtheweb/video-player
eco: npm
published: May 19, 2026
### Summary
A stored cross-site scripting (XSS) vulnerability exists in HAX CMS due to improper sanitization of the `<video-player>` component.

The component allows `javascript:` URIs in the `source` attribute, which are executed when the page is viewed. This enables attackers to execute arbitrary …

CVE-2026-46496
GitHub-GHSA

MEDIUM
Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
GHSA-65pc-fj4g-8rjx
pkg: idna
eco: pip
published: May 19, 2026
This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. Payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize the `valid_contexto` function prior to length rejection, and for high values of `N` will take a long time to process.

### Im…

CVE-2026-45409
GitHub-GHSA

MEDIUM
Microsoft DirectX12: .spritefont multiply overflow only in 32-bit builds
GHSA-5r97-79vw-qvm4
pkg: directxtk12_desktop_win10, directxtk12_uwp
eco: nuget
published: May 18, 2026
### Impact
The spritefont reader can be induced to perform a 32-bit overflow multiply that could in theory result in a RCE.

This impacts the use of the *DirectX Tool Kit* **SpriteFont** class file loading ctor if given untrusted data files.

> Note this only applies to x86/ARM builds of the library…

GitHub-GHSA

MEDIUM
Microsoft DirectX: .spritefont multiply overflow only in 32-bit builds
GHSA-c55g-rp4x-fx84
pkg: directxtk_desktop_win10, directxtk_uwp
eco: nuget
published: May 18, 2026
### Impact
The spritefont reader can be induced to perform a 32-bit overflow multiply that could in theory result in a RCE.

This impacts the use of the *DirectX Tool Kit* **SpriteFont** class file loading ctor if given untrusted data files.

> Note this only applies to x86/ARM builds of the library…

GitHub-GHSA

MEDIUM
Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass
GHSA-5cvp-p7p4-mcx9
pkg: neotoma
eco: npm
published: May 18, 2026
Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present.

In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the h…

CVE-2026-45577


Vulnerability Digest — May 18, 2026 · 77 Critical · 2 Exploited






Vulnerability Digest — Monday, May 18, 2026


Security Report

Monday, May 18, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
490
Critical
77
High
257
Actively Exploited
2
CISA-KEV2
NVD254
GitHub-GHSA234
Findings sorted by severity
CISA-KEV

CRITICAL
Microsoft Exchange Server Cross-Site Scripting Vulnerability
CVE-2026-42897
pkg: Microsoft Microsoft

published: May 15, 2026

Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
CVE-2026-20182
pkg: Cisco Catalyst SD-WAN

published: May 14, 2026

Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
Required action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
GitHub-GHSA

CRITICAL
utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
GHSA-33p6-5jxp-p3x4
pkg: utcp-cli
eco: pip
published: May 14, 2026
## Summary

The `_substitute_utcp_args` method in `cli_communication_protocol.py` inserts user-controlled `tool_args` values directly into shell command strings without any sanitization or escaping. These commands are then executed via `/bin/bash -c` (Unix) or `powershell.exe -Command` (Windows), al…

CVE-2026-45369
NVD

CRITICAL
CVE-2026-44523
CVE-2026-44523
pkg: jwt

published: May 14, 2026

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4.
CWE: CWE-326, CWE-345
NVD

CRITICAL
CVE-2026-44006
CVE-2026-44006
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.
CWE: CWE-94
NVD

CRITICAL
CVE-2026-44005
CVE-2026-44005
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled …
CWE: CWE-94, CWE-1321
NVD

CRITICAL
CVE-2026-43997
CVE-2026-43997
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability …
CWE: CWE-94
GitHub-GHSA

CRITICAL
Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`
GHSA-v25v-m36w-jp4h
pkg: github.com/hahwul/dalfox/v2
eco: go
published: May 12, 2026
# GHSA: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

## Summary

When dalfox is started in REST API server mode (`dalfox server`), the server binds to `0.0.0.0:6664` by default and requires no API key unless the operator explicitly passes `–api-key`. Because `mode…

CVE-2026-45087
NVD

CRITICAL
CVE-2026-42869
CVE-2026-42869
pkg: docker

published: May 11, 2026

SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWT_SECRET…
CWE: CWE-287, CWE-522, CWE-798
GitHub-GHSA

CRITICAL
SandboxJS has a sandbox escape via Function.caller leakage of internal call op
GHSA-g8f2-4f4f-5jqw
pkg: @nyariv/sandboxjs
eco: npm
published: May 11, 2026
### Summary
Sandbox-defined functions expose `Function.caller`, allowing sandboxed code to recover the internal `LispType.Call` runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function con…
CVE-2026-43898
NVD

CRITICAL
CVE-2026-44643
CVE-2026-44643
pkg: peerigon angular-expressions

published: May 11, 2026

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.
CWE: CWE-95
NVD

CRITICAL
CVE-2026-43999
CVE-2026-43999
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host context, completely byp…
CWE: CWE-863
NVD

CRITICAL
CVE-2026-43948
CVE-2026-43948
pkg: python

published: May 12, 2026

wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope authorization check using Python object comparison (!=) that evaluates None != None as False, silently bypassing the guard when both the atta…
CWE: CWE-863
NVD

CRITICAL
CVE-2026-7813
CVE-2026-7813
pkg: ssl

published: May 11, 2026

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules.

Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's pri…

CWE: CWE-284
NVD

CRITICAL
CVE-2026-44717
CVE-2026-44717
pkg: express

published: May 15, 2026

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1.
CWE: CWE-94
NVD

CRITICAL
CVE-2026-5229
CVE-2026-5229
pkg: oauth

published: May 15, 2026

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email address…
CWE: CWE-287
GitHub-GHSA

CRITICAL
vm2 Has a Sandbox Breakout Using Async Generator
GHSA-248r-7h7q-cr24
pkg: vm2
eco: npm
published: May 14, 2026
### Summary

VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.

### Details

It is possible to catch a host exception using the `yield*` expression inside an async generator.…

CVE-2026-45411
GitHub-GHSA

CRITICAL
Marten has an injection vulnerability in its full-text search regConfig parameter
GHSA-vmw2-qwm8-x84c
pkg: Marten
eco: nuget
published: May 14, 2026
## Summary

Marten's full-text search APIs interpolated the user-supplied `regConfig` parameter directly into the generated SQL without parameterization or validation, making every code path that exposes `regConfig` to untrusted input a SQL injection sink.

## Affected APIs

– `IQuerySession.SearchA…

CVE-2026-45288
NVD

CRITICAL
CVE-2026-42589
CVE-2026-42589
pkg: express

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded in a…
CWE: CWE-78
NVD

CRITICAL
CVE-2026-45411
CVE-2026-45411
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by the …
CWE: CWE-668
NVD

CRITICAL
CVE-2026-44009
CVE-2026-44009
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.
CWE: CWE-668
NVD

CRITICAL
CVE-2026-44008
CVE-2026-44008
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and…
CWE: CWE-668
GitHub-GHSA

CRITICAL
Goobi viewer – Core: Unauthenticated Solr Streaming Expression Proxy
GHSA-2rgp-f66f-4499
pkg: io.goobi.viewer:viewer-core
eco: maven
published: May 13, 2026
### Summary

The Goobi viewer REST endpoint `POST /api/v1/index/stream` accepted an arbitrary Solr streaming
expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction.
An attacker could read the complete Solr index and, in default Solr deployment…

CVE-2026-45083
GitHub-GHSA

CRITICAL
SillyTavern has Authentication Bypass via SSO Header Injection
GHSA-gxx6-h3g6-vwjh
pkg: sillytavern
eco: npm
published: May 12, 2026
## Resolution

SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs.

Documentation: https://docs.sillytavern.app/administration/sso/

CVE-2026-44649
NVD

CRITICAL
CVE-2026-45185
CVE-2026-45185
pkg: tls

published: May 12, 2026

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to hea…
CWE: CWE-416
NVD

CRITICAL
CVE-2026-31239
CVE-2026-31239
pkg: python

published: May 12, 2026

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file without enabling the security-restrictive …
CWE: CWE-502
NVD

CRITICAL
CVE-2026-31238
CVE-2026-31238
pkg: python

published: May 12, 2026

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load() without enabling the security-restrictive weights_only=True param…
CWE: CWE-502
NVD

CRITICAL
CVE-2026-31237
CVE-2026-31237
pkg: python

published: May 12, 2026

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict() method, the framework automatically determines the file format. If the file is a pickle (.pkl) file, it is loaded using pandas.…
CWE: CWE-502
NVD

CRITICAL
CVE-2026-31236
CVE-2026-31236
pkg: python

published: May 12, 2026

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its –functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function with…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-31235
CVE-2026-31235
pkg: python

published: May 12, 2026

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the _augment_images_worker() method without any safety c…
CWE: CWE-502
NVD

CRITICAL
CVE-2026-31231
CVE-2026-31231
pkg: python

published: May 12, 2026

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security cont…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-31230
CVE-2026-31230
pkg: python

published: May 12, 2026

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the –clip_values and –input_shape command-…
CWE: CWE-88
NVD

CRITICAL
CVE-2026-31229
CVE-2026-31229
pkg: python

published: May 12, 2026

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights from a file (e.g., model.pt) during robustness evaluation, the code uses torch.load() without the secu…
CWE: CWE-502
NVD

CRITICAL
CVE-2026-31228
CVE-2026-31228
pkg: python

published: May 12, 2026

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters w…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-31220
CVE-2026-31220
pkg: python

published: May 12, 2026

PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution on the server. While…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-31217
CVE-2026-31217
pkg: python

published: May 12, 2026

The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory path via the –model command-line argument, the function reads a module.py file …
CWE: CWE-94
NVD

CRITICAL
CVE-2026-31214
CVE-2026-31214
pkg: python

published: May 12, 2026

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The script uses torch.load() to process PyTorch checkpoint files (.pt) without enabling the security-restr…
CWE: CWE-502
GitHub-GHSA

CRITICAL
WebdriverIO BrowserStack Service has a Command Injection issue
GHSA-5c46-x3qw-q7j7
pkg: @wdio/browserstack-service
eco: npm
published: May 11, 2026
### Summary
A command injection vulnerability exists in `@wdio/browserstack-service` that allows remote code execution (RCE) when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command inject…
CVE-2026-25244
GitHub-GHSA

CRITICAL
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
GHSA-72w5-pf8h-xfp4
pkg: deepseek-tui
eco: rust
published: May 14, 2026
### Summary

The `task_create` tool spawns durable sub-agents that inherit two insecure defaults:

– `allow_shell` defaults to `true` (`config.rs:1499`: `self.allow_shell.unwrap_or(true)`)
– `auto_approve` defaults to `true` (`task_manager.rs:297`: `auto_approve: Some(true)`)

When a user approves a…

CVE-2026-45374
GitHub-GHSA

CRITICAL
DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
GHSA-wx44-2q6h-j6p8
pkg: deepseek-tui, deepseek-tui-cli, deepseek-tui
eco: npm
published: May 14, 2026
### Summary
The `run_tests` tool executes `cargo test` in the workspace with `ApprovalRequirement::Auto`, meaning it runs without any user approval prompt. The source code explicitly states this design choice:

“`rust
fn approval_requirement(&self) -> ApprovalRequirement {
// Tests are encoura…

CVE-2026-45311
NVD

CRITICAL
CVE-2026-8511
CVE-2026-8511
pkg: go

published: May 14, 2026

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-44482
CVE-2026-44482
pkg: node

published: May 14, 2026

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on the…
CWE: CWE-20, CWE-79, CWE-94, CWE-862
GitHub-GHSA

CRITICAL
Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server
GHSA-vw82-7fv8-r6gp
pkg: github.com/obot-platform/obot
eco: go
published: May 13, 2026
## Summary

If you have the MCP Server ID, you can connect to the MCP server even if you don't have permissions to the server.

The MCP gateway endpoint `/mcp-connect/{mcp_id}` does not enforce Access Control Rules (ACRs). Any authenticated Obot user who possesses an MCP Server ID can connect to tha…

GitHub-GHSA

CRITICAL
Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
GHSA-g7cv-rxg3-hmpx
pkg: @tanstack/arktype-adapter, @tanstack/eslint-plugin-router, @tanstack/eslint-plugin-start
eco: npm
published: May 12, 2026
## Summary

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 `@tanstack/*` packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for `TanStack/router`, but the publish wo…

CVE-2026-45321
GitHub-GHSA

CRITICAL
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection
GHSA-9mqq-jqxf-grvw
pkg: PraisonAI
eco: pip
published: May 11, 2026
## Summary

PraisonAI's MCP (Model Context Protocol) server (`praisonai mcp serve`) registers four file-handling tools by default — `praisonai.rules.create`, `praisonai.rules.show`, `praisonai.rules.delete`, and `praisonai.workflow.show`. Each accepts a path or filename string from MCP `tools/call…

CVE-2026-44336
NVD

CRITICAL
CVE-2026-42596
CVE-2026-42596
pkg: docker

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://[::ffff:127…
CWE: CWE-918
NVD

CRITICAL
CVE-2026-42882
CVE-2026-42882
pkg: go

published: May 11, 2026

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the per…
CWE: CWE-22, CWE-863
GitHub-GHSA

CRITICAL
Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`
GHSA-rpr9-rxv7-x643
pkg: sanitize-html
eco: npm
published: May 14, 2026
### Summary
Under the default configuration, `sanitize-html` can turn attacker-controlled content inside a disallowed `xmp` element into live HTML or JavaScript. This is a sanitizer bypass in the default `disallowedTagsMode: 'discard'` path and can lead to stored XSS in applications that render sani…
CVE-2026-44990
NVD

CRITICAL
CVE-2026-43900
CVE-2026-43900
pkg: vue

published: May 11, 2026

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer (s…
CWE: CWE-79
NVD

CRITICAL
CVE-2026-41258
CVE-2026-41258
pkg: express

published: May 15, 2026

OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The Velocit…
CWE: CWE-94
GitHub-GHSA

CRITICAL
@samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Without Authentication, Enabling User Impersonation
GHSA-wf8q-wvv8-p8jf
pkg: @samanhappy/mcphub
eco: npm
published: May 14, 2026
### Summary

A critical identity spoofing vulnerability in MCPHub allows any unauthenticated user to impersonate any other user — including administrators — on SSE (Server-Sent Events) and MCP transport endpoints. The server accepts a username from the URL path parameter and creates an internal …

NVD

CRITICAL
CVE-2026-42555
CVE-2026-42555
pkg: express

published: May 14, 2026

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language (SpEL) expressions fr…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-44351
CVE-2026-44351
pkg: jwt

published: May 13, 2026

fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an …
CWE: CWE-287, CWE-326, CWE-1391
NVD

CRITICAL
CVE-2026-44007
CVE-2026-44007
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM w…
CWE: CWE-284
GitHub-GHSA

CRITICAL
SillyTavern has a Path Traversal issue
GHSA-886q-f44j-h6wh
pkg: sillytavern
eco: npm
published: May 12, 2026
## Summary

`POST /api/extensions/delete` endpoint accepts `extensionName: "."` which bypasses
`sanitize-filename` validation, causing the entire user extensions directory to be
recursively deleted. No authentication is required in the default configuration.

## Affected File

`src/endpoints/exten…

CVE-2026-44650
GitHub-GHSA

CRITICAL
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
GHSA-x3r2-fj3r-g5mv
pkg: sealed-env, io.github.davidalmeidac:sealed-env-core
eco: npm
published: May 12, 2026
In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token (CI build logs, container env dumps, …
CVE-2026-45091
NVD

CRITICAL
CVE-2026-45091
CVE-2026-45091
pkg: node

published: May 12, 2026

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded J…
CWE: CWE-200, CWE-522
GitHub-GHSA

CRITICAL
Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation
GHSA-qqcj-rghw-829x
pkg: io.unitycatalog:unitycatalog-server
eco: maven
published: May 11, 2026
**Context:**
A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without va…
CVE-2026-27478
NVD

CRITICAL
CVE-2026-42457
CVE-2026-42457
pkg: kubernetes

published: May 14, 2026

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external scr…
CWE: CWE-79
GitHub-GHSA

CRITICAL
SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution
GHSA-27qc-m5gf-jv5r
pkg: github.com/siyuan-note/siyuan/kernel
eco: go
published: May 13, 2026
### Summary

SiYuan's Bazaar (community marketplace) renders the `name` and `version` fields of a package's `plugin.json` (and the equivalent `theme.json` / `template.json` / `widget.json` / `icon.json`) into the Settings → Marketplace UI without HTML escaping. The kernel-side helper `sanitizePack…

CVE-2026-45375
NVD

CRITICAL
CVE-2026-41901
CVE-2026-41901
pkg: express

published: May 12, 2026

Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially dangerous expression…
CWE: CWE-917, CWE-1336
GitHub-GHSA

CRITICAL
Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading
GHSA-wmmv-vvg5-993q
pkg: com.amazon.redshift:redshift-jdbc42
eco: maven
published: May 14, 2026
### Summary
Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs). An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL paramet…
CVE-2026-8178
GitHub-GHSA

CRITICAL
Electerm Local code through electerm's single-instance socket
GHSA-7p5m-v798-f8vv
pkg: electerm
eco: npm
published: May 14, 2026
### Impact
_Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine._

### …

CVE-2026-45353
GitHub-GHSA

CRITICAL
Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark
GHSA-jgg9-rw32-44pj
pkg: electerm
eco: npm
published: May 14, 2026
### Impact
_Persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured (gist/WebDAV). The attacker can inject `exec*` fields or global config to cause remote code to run when a bookmark is …
CVE-2026-45058
GitHub-GHSA

CRITICAL
Portainer has an endpoint security bypass via Swarm service create/update
GHSA-5fxq-qcf3-244w
pkg: github.com/portainer/portainer, github.com/portainer/portainer, github.com/portainer/portainer
eco: go
published: May 14, 2026
## Summary

Portainer enforces seven `EndpointSecuritySettings` restrictions that administrators configure to restrict the container configurations non-admin users can launch: **privileged mode**, **host PID namespace**, **device mapping**, **capabilities**, **sysctls**, **security-opt (Seccomp / Ap…

CVE-2026-44849
GitHub-GHSA

CRITICAL
Portainer missing authorization on Docker plugin endpoints, which allows host RCE
GHSA-rrmm-9v76-h3p4
pkg: github.com/portainer/portainer, github.com/portainer/portainer, github.com/portainer/portainer
eco: go
published: May 14, 2026
## Summary

Portainer enforces Role-Based Access Control (RBAC) on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers (containers, images, services, volumes, etc.) that apply authorization checks.

The Docker plugin management endpoints (`/plugins/*`)…

CVE-2026-44848
GitHub-GHSA

CRITICAL
n8n Has an XML Node Prototype Pollution Patch Bypass
GHSA-wrwr-h859-xh2r
pkg: n8n, n8n, n8n
eco: npm
published: May 14, 2026
## Impact
An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host.

## Patches
The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Use…

CVE-2026-44791
GitHub-GHSA

CRITICAL
n8n Has an Arbitrary File Read via Git Node
GHSA-57g9-58c2-xjg3
pkg: n8n, n8n, n8n
eco: npm
published: May 14, 2026
## Impact
An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise.

## Patches
The issue has been fixed in n8n versions 1.123.43…

CVE-2026-44790
GitHub-GHSA

CRITICAL
n8n: HTTP Request Node Pagination Prototype Pollution to RCE
GHSA-c8xv-5998-g76h
pkg: n8n, n8n, n8n
eco: npm
published: May 14, 2026
## Impact
An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance.

## Patches
The issue has been fixed in n8n …

CVE-2026-44789
GitHub-GHSA

CRITICAL
FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape
GHSA-9rvc-vf7m-pgm2
pkg: flowise
eco: npm
published: May 14, 2026
### Summary

`POST /api/v1/node-custom-function` lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the `Custom JS Function` node.

When `E2B_APIKEY` is not configured — the common deployment case — Flowise executes this code inside a `N…

CVE-2026-46442
GitHub-GHSA

CRITICAL
Strapi may leak sensitive data via relational filtering due to lack of query sanitization
GHSA-rjg2-95×7-8qmx
pkg: @strapi/strapi
eco: npm
published: May 14, 2026
### Summary of CVE-2026-27886 Vulnerability Details

– CVE: CVE-2026-27886
– CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N` (9.3 — Critical)
– Affected Versions: `@strapi/strapi` <=5.36.1
– How to Patch: Immediately update your Strapi to >=5.37.0

### Descripti…

CVE-2026-27886
GitHub-GHSA

CRITICAL
Strapi Vulnerable to SQL Injection in Content Type Builder
GHSA-3xcq-8mjw-h6mx
pkg: @strapi/content-type-builder, @strapi/plugin-content-type-builder
eco: npm
published: May 13, 2026
### Summary of CVE-2026-22599 Vulnerability Details

– CVE: CVE-2026-22599
– CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N` (9.3 — Critical)
– Affected Versions: `@strapi/content-type-builder` <=5.33.1 (v5), `@strapi/plugin-content-type-builder` <=4.26.0 (v4)
-…

CVE-2026-22599
GitHub-GHSA

CRITICAL
Mapfish Print: Remote Code Injection (RCE) in Dynamic table
GHSA-q7m6-wpvf-mvwx
pkg: org.mapfish.print:print-lib, org.mapfish.print:print-lib, org.mapfish.print:print-lib
eco: maven
published: May 13, 2026
### Impact

The attacker can execute arbitrary code without being authenticated

### Mitigation

Upgrade to a patched version (please check affected/patched version matrix)

### Credits

Bug Bounty of Canton du Jura

CVE-2026-44672
GitHub-GHSA

CRITICAL
esm.sh: Legacy Route Path Traversal Can Lead to RCE
GHSA-3636-h3vx-6465
pkg: github.com/esm-dev/esm.sh
eco: go
published: May 12, 2026
### Impact
– Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for.
– Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges.

### Exploit

The l…

CVE-2026-44593
GitHub-GHSA

CRITICAL
OpenClaude Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input
GHSA-m77w-p5jj-xmhg
pkg: openclaude
eco: npm
published: May 12, 2026
### Summary
The `dangerouslyDisableSandbox` parameter is exposed as part of the BashTool input schema, meaning the LLM (an untrusted principal per the project's own threat model) can set it to `true` in any `tool_use` response. Combined with the default `allowUnsandboxedCommands: true` setting, a pr…
CVE-2026-42074
GitHub-GHSA

CRITICAL
Angular Expressions – Remote Code Execution using filters
GHSA-pw8r-6689-xvf4
pkg: angular-expressions
eco: npm
published: May 11, 2026
## Impact

An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system.

Example of vulnerable code:

“`
const expressions = require("angular-expressions");
const result = expressions.compile("a | __proto__")({}, {});
“`

This should throw the erro…

CVE-2026-44643
GitHub-GHSA

CRITICAL
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE
GHSA-423p-g724-fr39
pkg: github.com/cloudnative-pg/cloudnative-pg, github.com/cloudnative-pg/cloudnative-pg
eco: go
published: May 11, 2026
### Impact

The CloudNativePG metrics exporter opens its PostgreSQL connection as the `postgres` superuser via the pod-local Unix socket, then demotes the session with `SET ROLE pg_monitor`. `SET ROLE` changes only `current_user`; `session_user` remains `postgres`. That residual superuser identity i…

CVE-2026-44477
NVD

HIGH
CVE-2026-8719
CVE-2026-8719
pkg: oauth

published: May 17, 2026

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be g…
CWE: CWE-269
GitHub-GHSA

HIGH
Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL
GHSA-44m2-crh7-f4q2
pkg: @budibase/server
eco: npm
published: May 15, 2026
## Summary

Budibase exposes a REST API for datasource management. The route `PUT /api/datasources/:datasourceId` is registered in the `authorizedRoutes` group with `TABLE/READ` permission. This is the same authorization level as the read endpoint (`GET /api/datasources/:datasourceId`). Every authen…

CVE-2026-45717
GitHub-GHSA

HIGH
Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
GHSA-482j-2pq6-q5w4
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary

The `/api/v1/utils/code/execute` endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set `ENABLE_CODE_EXECUTION=false`. The feature gate is not enforced on the API endpoint — the configuration says "disabled" but code still executes.

###…

CVE-2026-45672
NVD

HIGH
CVE-2026-8532
CVE-2026-8532
pkg: go

published: May 14, 2026

Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-472
NVD

HIGH
CVE-2026-8531
CVE-2026-8531
pkg: go

published: May 14, 2026

Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-122
NVD

HIGH
CVE-2026-8529
CVE-2026-8529
pkg: go

published: May 14, 2026

Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)
CWE: CWE-122
NVD

HIGH
CVE-2026-8527
CVE-2026-8527
pkg: go

published: May 14, 2026

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-8526
CVE-2026-8526
pkg: go

published: May 14, 2026

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-787
NVD

HIGH
CVE-2026-8524
CVE-2026-8524
pkg: go

published: May 14, 2026

Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-787
NVD

HIGH
CVE-2026-8522
CVE-2026-8522
pkg: go

published: May 14, 2026

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-8519
CVE-2026-8519
pkg: go

published: May 14, 2026

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-472
NVD

HIGH
CVE-2026-8518
CVE-2026-8518
pkg: go

published: May 14, 2026

Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-8517
CVE-2026-8517
pkg: go

published: May 14, 2026

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-664
NVD

HIGH
CVE-2026-8509
CVE-2026-8509
pkg: go

published: May 14, 2026

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-122
NVD

HIGH
CVE-2026-43909
CVE-2026-43909
pkg: openimageio openimageio

published: May 14, 2026

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to compute a large negative…
CWE: CWE-125, CWE-190, CWE-787
NVD

HIGH
CVE-2026-43908
CVE-2026-43908
pkg: openimageio openimageio

published: May 14, 2026

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i * 3 inside ConvertCbYCrYToRGB() causes the function to compute a lar…
CWE: CWE-190, CWE-787
NVD

HIGH
CVE-2026-44827
CVE-2026-44827
pkg: python

published: May 14, 2026

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hugging Face Hub repositories. The _resolve_custom_pipeline_and_cls function in pipeline_loading_utils.…
CWE: CWE-94
NVD

HIGH
CVE-2026-44293
CVE-2026-44293
pkg: protobufjs_project protobufjs

published: May 13, 2026

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default val…
CWE: CWE-94
NVD

HIGH
CVE-2026-45227
CVE-2026-45227
pkg: python

published: May 12, 2026

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __impo…
CWE: CWE-693
NVD

HIGH
CVE-2026-44224
CVE-2026-44224
pkg: requarks wiki.js

published: May 12, 2026

Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without an…
CWE: CWE-269
NVD

HIGH
CVE-2026-34329
CVE-2026-34329
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CWE: CWE-122
NVD

HIGH
CVE-2026-31232
CVE-2026-31232
pkg: python

published: May 12, 2026

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a user-specified directory (via the –model_dir argument), the code uses torch.load()…
CWE: CWE-502
NVD

HIGH
CVE-2026-31225
CVE-2026-31225
pkg: python

published: May 12, 2026

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe eval() function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Altho…
CWE: CWE-94
NVD

HIGH
CVE-2026-31224
CVE-2026-31224
pkg: snorkel snorkel

published: May 12, 2026

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the MultitaskClassifier.load() method of the MultitaskClassifier class. The method loads model weight files using torch.load() without enabling the security-restrictive weights_only=True parameter. This …
CWE: CWE-502
NVD

HIGH
CVE-2026-31223
CVE-2026-31223
pkg: snorkel snorkel

published: May 12, 2026

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load() function on user-supplied file paths without any validation or se…
CWE: CWE-502, CWE-502
NVD

HIGH
CVE-2026-31222
CVE-2026-31222
pkg: snorkel snorkel

published: May 12, 2026

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior all…
CWE: CWE-502, CWE-502
NVD

HIGH
CVE-2026-31219
CVE-2026-31219
pkg: python

published: May 12, 2026

The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When a user provides a single model file path (e.g., .pt or .pth) via the –model command-lin…
CWE: CWE-502
NVD

HIGH
CVE-2026-31218
CVE-2026-31218
pkg: python

published: May 12, 2026

The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When loading a model state dictionary from a state_dict.pt file via torch.load(), the functio…
CWE: CWE-502
GitHub-GHSA

HIGH
LiteLLM has a sandbox escape in custom-code guardrail
GHSA-wxxx-gvqv-xp7p
pkg: litellm
eco: pip
published: May 11, 2026
### Impact

The `POST /guardrails/test_custom_code` endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level techniques, allowing arbitrary code execution in the proxy process — which runs as root in the default Docker image.

**Reaching the …

CVE-2026-40217
GitHub-GHSA

HIGH
Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043)
GHSA-w2pm-x38x-jp44
pkg: bentoml
eco: pip
published: May 11, 2026
# BentoML `envs[*].name` Dockerfile command injection — sibling of CVE-2026-33744 / CVE-2026-35043

A malicious `bentofile.yaml` containing a newline-injected value in `envs[*].name` produces unquoted `RUN` directives in the BentoML-generated Dockerfile. When the victim runs `bentoml containerize`…

CVE-2026-44346
GitHub-GHSA

HIGH
BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043)
GHSA-78f9-r8mh-4xm2
pkg: bentoml
eco: pip
published: May 11, 2026
The same Dockerfile template that mishandles `envs[*].name` (pending GHSA-w2pm-x38x-jp44) also interpolates `docker.base_image` raw with no escaping, newline filtering, or validation. A malicious bento.yaml with a multi-line `docker.base_image` value smuggles arbitrary Dockerfile directives into the…
CVE-2026-44345
GitHub-GHSA

HIGH
pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in packages.js template literal
GHSA-fcjq-435v-jx94
pkg: pyload-ng
eco: pip
published: May 14, 2026
## Summary

The `packages.js` template at `src/pyload/webui/app/themes/modern/templates/js/packages.js:172` interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the DOM via `$(div).html(html)`. No escaping runs between the API value and `inne…

CVE-2026-45348
GitHub-GHSA

HIGH
Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
GHSA-m8f9-9whg-f4xr
pkg: open-webui
eco: pip
published: May 14, 2026
## Summary

The audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHE_DIR/audio/tran…

CVE-2026-45315
GitHub-GHSA

HIGH
protobuf.js: Code injection in pbjs static output from crafted schema names
GHSA-6r35-46g8-jcw9
pkg: protobufjs-cli, protobufjs-cli
eco: npm
published: May 12, 2026
## Summary

`pbjs` static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output with…

CVE-2026-44295
GitHub-GHSA

HIGH
Local Path Provisioner Vulnerable to HelperPod Template Injection
GHSA-7fxv-8wr2-mfc4
pkg: github.com/rancher/local-path-provisioner
eco: go
published: May 11, 2026
### Impact

A malicious user with permission to edit the `local-path-config` ConfigMap in the `local-path-storage` namespace can manipulate the `helperPod.yaml` template used by `rancher/local-path-provisioner`.

The `helperPod.yaml` template is loaded by the provisioner and used to create HelperPod…

CVE-2026-44543
NVD

HIGH
CVE-2026-42595
CVE-2026-42595
pkg: docker

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point Chro…
CWE: CWE-918
NVD

HIGH
CVE-2026-44578
CVE-2026-44578
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server t…
CWE: CWE-918
NVD

HIGH
CVE-2026-44001
CVE-2026-44001
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2)…
CWE: CWE-248
GitHub-GHSA

HIGH
Klever-Go MultiDataInterceptor has remote OOM via crafted compressed P2P payload
GHSA-87m7-qffr-542v
pkg: github.com/klever-io/klever-go
eco: go
published: May 13, 2026
## Summary

A remote, unauthenticated denial-of-service vulnerability in
`Batch.Decompress` (`data/batch/batch.go`) allows any peer that
participates in a topic served by `MultiDataInterceptor` to allocate
multi-gigabyte heaps on the receiving node from a sub-50 KiB gossip
payload. A single packet i…

CVE-2026-44697
GitHub-GHSA

HIGH
Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades
GHSA-c4j6-fc7j-m34r
pkg: next, next
eco: npm
published: May 11, 2026
### Impact

Self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or…

CVE-2026-44578
GitHub-GHSA

HIGH
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
GHSA-gmjg-hv98-qggq
pkg: praisonaiagents, PraisonAI
eco: pip
published: May 11, 2026
### Summary
`praisonaiagents` resolves unresolved tool names against module globals and `__main__` after it fails to match the declared tool list and the registry. With the default agent configuration, `_perm_allow` is `None`, so undeclared non-dangerous tool names are not rejected by the permission…
CVE-2026-44339
GitHub-GHSA

HIGH
Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass
GHSA-chwh-f6gm-r836
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 11, 2026
A review of 4 published Gotenberg security advisories exposed an SSRF issue. GHSA-pjrr-jgp4-v2fm covers SSRF via the `downloadFrom` endpoint. GHSA-pcrp-7g9h-7qhp covers SSRF via the `webhook` endpoint. Neither advisory addresses SSRF through the primary Chromium URL-to-PDF conversion endpoint (`/for…
CVE-2026-42595
GitHub-GHSA

HIGH
Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)
GHSA-rh5x-h6pp-cjj6
pkg: open-webui
eco: pip
published: May 14, 2026
# Server-Side Request Forgery (SSRF) Bypass via HTTP Redirect Following in Web-Fetch, Image-Load, and Chat-Completion Endpoints

## Summary

The `validate_url()` function in `backend/open_webui/retrieval/web/utils.py` only validates the *initial* URL submitted by the caller. The HTTP clients used do…

CVE-2026-45401
GitHub-GHSA

HIGH
Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`
GHSA-8w7q-q5jp-jvgx
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability.

### Details
In the current project, URL validation is performed using the function validate_url.

<img width="1323" height="1145" alt="QQ20260322-202854-22-1"…

CVE-2026-45400
GitHub-GHSA

HIGH
Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
GHSA-4v7r-f4w8-8972
pkg: open-webui
eco: pip
published: May 14, 2026
# SSRF Bypass via IPv6/IPv4-mapped IPv6/IPv4-reserved-ranges in `validate_url()`

## Summary

`validate_url()` in `backend/open_webui/retrieval/web/utils.py` calls `validators.ipv6(ip, private=True)`, but the `validators` library does NOT implement the `private` keyword for IPv6 — the call raises …

CVE-2026-45331
GitHub-GHSA

HIGH
Portainer has a bind-mount restriction bypass via HostConfig.Mounts
GHSA-7fw3-x4r2-g7wc
pkg: github.com/portainer/portainer, github.com/portainer/portainer, github.com/portainer/portainer
eco: go
published: May 14, 2026
## Summary

Portainer offers an environment-level **Disable bind mounts for non-administrators** security setting that blocks regular users from binding host paths into containers they create through the Portainer-mediated Docker API. The check that enforces this setting only inspected the legacy `H…

CVE-2026-44850
NVD

HIGH
CVE-2026-43998
CVE-2026-43998
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dere…
CWE: CWE-59
GitHub-GHSA

HIGH
Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)
GHSA-c35q-vxrp-ph26
pkg: nautobot, nautobot
eco: pip
published: May 13, 2026
### Impact

Nautobot's `Webhook` data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF).

### Patches

F…

CVE-2026-44797
NVD

HIGH
CVE-2026-44015
CVE-2026-44015
pkg: nginxui nginx_ui

published: May 12, 2026

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forward…
CWE: CWE-918
NVD

HIGH
CVE-2026-25705
CVE-2026-25705
pkg: node

published: May 13, 2026

A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI …
CWE: CWE-35
NVD

HIGH
CVE-2026-45369
CVE-2026-45369
pkg: python

published: May 14, 2026

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c (Un…
CWE: CWE-78
NVD

HIGH
CVE-2026-8534
CVE-2026-8534
pkg: linux

published: May 14, 2026

Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-472
NVD

HIGH
CVE-2026-8533
CVE-2026-8533
pkg: go

published: May 14, 2026

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-8530
CVE-2026-8530
pkg: go

published: May 14, 2026

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-8525
CVE-2026-8525
pkg: go

published: May 14, 2026

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-122
NVD

HIGH
CVE-2026-8523
CVE-2026-8523
pkg: go

published: May 14, 2026

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-8520
CVE-2026-8520
pkg: go

published: May 14, 2026

Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-362
NVD

HIGH
CVE-2026-8515
CVE-2026-8515
pkg: go

published: May 14, 2026

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-8514
CVE-2026-8514
pkg: go

published: May 14, 2026

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-8513
CVE-2026-8513
pkg: go

published: May 14, 2026

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-8512
CVE-2026-8512
pkg: go

published: May 14, 2026

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-44586
CVE-2026-44586
pkg: node

published: May 14, 2026

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows are …
CWE: CWE-79, CWE-94
NVD

HIGH
CVE-2026-42313
CVE-2026-42313
pkg: pyload-ng_project pyload-ng

published: May 11, 2026

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist ADMIN_ONLY_CORE_OPTIONS. The allowlist …
CWE: CWE-441, CWE-863, CWE-918
GitHub-GHSA

HIGH
Open WebUI has inconsistent authorization controls within memories API
GHSA-hmjq-crxp-7rjw
pkg: open-webui
eco: pip
published: May 11, 2026
### Summary

Authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories.

### Details

Using a newly created non-admin user with no existing memories, it is possible to view ex…

CVE-2026-44570
GitHub-GHSA

HIGH
Open WebUI has a CORS misconfiguration and session validation issue
GHSA-6xcp-7mpr-m7wm
pkg: open-webui
eco: pip
published: May 11, 2026
# GitHub Security Lab (GHSL) Vulnerability Report, open-webui: `GHSL-2024-174`, `GHSL-2024-175`

The [GitHub Security Lab](https://securitylab.github.com) team has identified potential security vulnerabilities in [open-webui](https://github.com/open-webui/open-webui).

We are committed to working wi…

GitHub-GHSA

HIGH
@joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files
GHSA-gcmj-c9gg-9vh6
pkg: @joplin/onenote-converter
eco: npm
published: May 15, 2026
### Summary
A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk.

### Details
The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious `.one` file th…

CVE-2026-22810
GitHub-GHSA

HIGH
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @ranfdev/deepobj
GHSA-x7q7-fchv-8h2j
pkg: @ranfdev/deepobj
eco: npm
published: May 14, 2026
### Impact
Prototype pollution is possible when property paths contain `__proto__`/`constructor`/`prototype`. The property path must not be exposed as user input.
CVE-2026-46509
NVD

HIGH
CVE-2026-42591
CVE-2026-42591
pkg: docker

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely …
CWE: CWE-918
NVD

HIGH
CVE-2026-42590
CVE-2026-42590
pkg: docker

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix synt…
CWE: CWE-184
NVD

HIGH
CVE-2026-40893
CVE-2026-40893
pkg: docker

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. Th…
CWE: CWE-73, CWE-184
NVD

HIGH
CVE-2026-32992
CVE-2026-32992
pkg: ssl

published: May 13, 2026

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
CWE: CWE-295
GitHub-GHSA

HIGH
Anchor: Program<'info, System> is not properly validated
GHSA-c6rc-8jpp-2fgc
pkg: anchor-lang
eco: rust
published: May 13, 2026
### Summary
An logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in programs that invoke system program instructions.

### Details
In the TryFrom<&'a AccountInfo<'a>> implementation for Pro…

CVE-2026-45137
NVD

HIGH
CVE-2026-43929
CVE-2026-43929
pkg: node

published: May 12, 2026

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address (e.g. http://[::ffff:127.0.0.1]/). The WHATWG URL parser bu…
CWE: CWE-184, CWE-918
GitHub-GHSA

HIGH
Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option
GHSA-8hf9-3q64-q2qf
pkg: github.com/hahwul/dalfox/v2
eco: go
published: May 12, 2026
## Summary

When dalfox is run in REST API server mode, the `output`, `output-all`, and `debug` fields in `model.Options` are JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through `dalfox.Initialize` into the scan engine's logging path. The logger …

CVE-2026-45089
NVD

HIGH
CVE-2026-43893
CVE-2026-43893
pkg: node

published: May 11, 2026

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stay_open True -@ – mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments wi…
CWE: CWE-88
NVD

HIGH
CVE-2026-43886
CVE-2026-43886
pkg: oauth

published: May 11, 2026

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle th…
CWE: CWE-269
GitHub-GHSA

HIGH
@rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)
GHSA-c567-44rc-m5hq
pkg: @rvf/set-get, @rvf/set-get
eco: npm
published: May 11, 2026
## Summary

`setPath` in `@rvf/set-get` (used by `@rvf/core` to flatten incoming form data into a nested object) does not block the keys `__proto__`, `constructor`, or `prototype` when walking a path. Because field names in submitted form data are passed directly to `setPath` via `preprocessFormData…

CVE-2026-44483
GitHub-GHSA

HIGH
GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
GHSA-587r-mc96-6f2p
pkg: guarddog
eco: pip
published: May 11, 2026
# Summary
The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and ca…
CVE-2026-44971
NVD

HIGH
CVE-2026-45675
CVE-2026-45675
pkg: oauth

published: May 15, 2026

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, lin…
CWE: CWE-269, CWE-362
GitHub-GHSA

HIGH
epa4all-client: TLS Certificate Validation Disabled in Production
GHSA-5hhf-xmfx-4vvr
pkg: com.oviva.telematik:epa4all-client
eco: maven
published: May 15, 2026
### Impact
An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-signed, expired, wrong CN) and intercept all SOAP traffic. This includes patient identifiers (KVNR), SMC-B card operations (authentication, signing),
document content, and crede…
CVE-2026-45574
GitHub-GHSA

HIGH
FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
GHSA-3g8v-8r37-cgjm
pkg: github.com/dunglas/frankenphp
eco: go
published: May 15, 2026
### Summary

The `splitPos()` function in [`cgi.go`](https://github.com/php/frankenphp/blob/main/cgi.go) misuses `golang.org/x/text/search` with `search.IgnoreCase` when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead FrankenPHP into treating a…

CVE-2026-45062
NVD

HIGH
CVE-2026-35194
CVE-2026-35194
pkg: express

published: May 15, 2026

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions (1.15.0+) and LIKE exp…
CWE: CWE-94
GitHub-GHSA

HIGH
Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
GHSA-h3ww-q6xx-w7x3
pkg: open-webui
eco: pip
published: May 14, 2026
## Summary

The LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (`signup_handler` in auths.py, line 663) was explicitly patched to prevent this race with the comment *"Insert with default role first…

CVE-2026-45675
GitHub-GHSA

HIGH
Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order
GHSA-cqp4-qqvg-3787
pkg: open-webui
eco: npm
published: May 14, 2026
### Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically, DOMPurify is executed before the marked library).

This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the …

CVE-2026-45665
GitHub-GHSA

HIGH
Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints
GHSA-r472-mw7m-967f
pkg: open-webui
eco: pip
published: May 14, 2026
# Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints

## Summary

Multiple endpoints accept a user-supplied `file_id` and attach the referenced file to a resource the caller controls (folder knowledge, knowledge-base contents) without verifying that …

CVE-2026-45402
GitHub-GHSA

HIGH
Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file
GHSA-r8wh-8m7r-fh33
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
A missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform.

### Details
All `files/` related endpoints lack permission checks.

#### Listing all files
For example, let's see how…

CVE-2026-45301
GitHub-GHSA

HIGH
Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation
GHSA-gf43-24g3-5hw2
pkg: apostrophe
eco: npm
published: May 14, 2026
## Summary

ApostropheCMS's password reset flow constructs the reset URL using `req.hostname`,
which is derived directly from the attacker-controlled HTTP `Host` header when
`apos.baseUrl` is not explicitly configured. An unauthenticated attacker who knows
a victim's email address can send a craf…

CVE-2026-45013
GitHub-GHSA

HIGH
go-billy has path traversal vulnerabilities
GHSA-qw64-3×98-g7q2
pkg: github.com/go-git/go-billy/v5, github.com/go-git/go-billy/v6
eco: go
published: May 14, 2026
### Impact
Multiple path traversal issues exist across different components of `go-billy`. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using `..`) to escape intended base directories.

While go-billy was not originally designed to provide a strong security …

CVE-2026-44973
GitHub-GHSA

HIGH
Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
GHSA-mgq6-4×29-88r3
pkg: github.com/portainer/portainer
eco: go
published: May 14, 2026
## Summary

Portainer proxies requests to Kubernetes clusters through a middleware layer (`kubeClientMiddleware`) that validates the requesting user's token before forwarding traffic to the cluster. When `security.RetrieveTokenData` returned an error, the middleware wrote an HTTP 403 response but wa…

CVE-2026-44882
GitHub-GHSA

HIGH
wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager
GHSA-9qpr-vc49-hqg2
pkg: wger
eco: pip
published: May 14, 2026
### Summary
A gym trainer can escalate their session to any higher-privileged account (gym manager, general manager) by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a low-privileged user, the session flag `trainer.identity`
is set and this flag a…
CVE-2026-43978
NVD

HIGH
CVE-2026-42602
CVE-2026-42602
pkg: jwt

published: May 13, 2026

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any OpenTelemetry…
CWE: CWE-208, CWE-287, CWE-290, CWE-294, CWE-347
NVD

HIGH
CVE-2026-44574
CVE-2026-44574
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic…
CWE: CWE-288
NVD

HIGH
CVE-2026-42945
CVE-2026-42945
pkg: express

published: May 13, 2026

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacemen…
CWE: CWE-122
NVD

HIGH
CVE-2026-44304
CVE-2026-44304
pkg: tls

published: May 12, 2026

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to …
CWE: CWE-90
NVD

HIGH
CVE-2026-8430
CVE-2026-8430
pkg: nginx

published: May 12, 2026

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuratio…
CWE: CWE-94
GitHub-GHSA

HIGH
protobuf.js: Code generation gadget after prototype pollution
GHSA-75px-5xx7-5xc7
pkg: protobufjs, protobufjs
eco: npm
published: May 12, 2026
## Summary

protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If `Object.prototype` had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type inform…

CVE-2026-44291
NVD

HIGH
CVE-2026-42315
CVE-2026-42315
pkg: pyload-ng_project pyload-ng

published: May 11, 2026

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary dire…
CWE: CWE-22, CWE-36
GitHub-GHSA

HIGH
Open WebUI Arbitrary File Write, Delete via Path Traversal
GHSA-j3fw-wc48-29g3
pkg: open-webui
eco: pip
published: May 11, 2026
** CONFIDENTIAL **

Vulnerability Disclosure Analysis Documentation
———————————————–

Vulnerability Details
———————
1. Discoverer: Taylor Pennington of KoreLogic, Inc.
2. Date Submitted: June 11, 2024
3. Title: Open WebUI Arbitrary File Write, Delete via …

CVE-2026-44565
GitHub-GHSA

HIGH
Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion
GHSA-26g9-27vm-x3q8
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary

Any authenticated user can permanently delete files owned by other users via `DELETE /api/v1/files/{id}` when the target file is referenced in any shared chat. The `has_access_to_file()` authorization gate unconditionally grants access through its shared-chat branch. It checks neither t…

CVE-2026-45671
NVD

HIGH
CVE-2026-34332
CVE-2026-34332
pkg: microsoft windows_server_2025

published: May 12, 2026

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
CWE: CWE-416
GitHub-GHSA

HIGH
uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution
GHSA-qqq4-5773-pmw5
pkg: gitlab.com/uniget-org/cli
eco: go
published: May 13, 2026
I discovered a command injection vulnerability in uniget that allows arbitrary command execution through the metadata loading and version check mechanism.

### Summary

A command injection vulnerability exists in uniget due to unsafe execution of the `check` field from metadata files using `/bin/bas…

CVE-2026-45152
GitHub-GHSA

HIGH
Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
GHSA-hvx9-hwr7-wjj9
pkg: systeminformation
eco: npm
published: May 13, 2026
## Summary

On Linux, `systeminformation` is vulnerable to command injection in `networkInterfaces()` when an **active NetworkManager connection profile name** contains shell metacharacters.

This is not caused by a caller passing attacker-controlled arguments into `networkInterfaces()`. The vulnera…

CVE-2026-44724
NVD

HIGH
CVE-2026-35421
CVE-2026-35421
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CWE: CWE-122
NVD

HIGH
CVE-2026-35420
CVE-2026-35420
pkg: microsoft windows_server_2012, microsoft windows_server_2016, microsoft windows_server_2019

published: May 12, 2026

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CWE: CWE-122
NVD

HIGH
CVE-2026-35418
CVE-2026-35418
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: May 12, 2026

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CWE: CWE-367, CWE-416
NVD

HIGH
CVE-2026-35417
CVE-2026-35417
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: May 12, 2026

Access of resource using incompatible type ('type confusion') in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.
CWE: CWE-843
NVD

HIGH
CVE-2026-35415
CVE-2026-35415
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CWE: CWE-190
NVD

HIGH
CVE-2026-34351
CVE-2026-34351
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CWE: CWE-362
NVD

HIGH
CVE-2026-34344
CVE-2026-34344
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CWE: CWE-843
NVD

HIGH
CVE-2026-34343
CVE-2026-34343
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CWE: CWE-122
NVD

HIGH
CVE-2026-34338
CVE-2026-34338
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-34337
CVE-2026-34337
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: May 12, 2026

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CWE: CWE-362, CWE-416
NVD

HIGH
CVE-2026-34336
CVE-2026-34336
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CWE: CWE-126
NVD

HIGH
CVE-2026-34334
CVE-2026-34334
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CWE: CWE-362
NVD

HIGH
CVE-2026-34333
CVE-2026-34333
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Use after free in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally.
CWE: CWE-190, CWE-416
NVD

HIGH
CVE-2026-34330
CVE-2026-34330
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Integer overflow or wraparound in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally.
CWE: CWE-190, CWE-416
NVD

HIGH
CVE-2026-33841
CVE-2026-33841
pkg: microsoft windows_10_21h2, microsoft windows_10_22h2, microsoft windows_11_23h2

published: May 12, 2026

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CWE: CWE-122
NVD

HIGH
CVE-2026-33840
CVE-2026-33840
pkg: microsoft windows_11_24h2, microsoft windows_11_25h2, microsoft windows_11_26h1

published: May 12, 2026

Use after free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-33838
CVE-2026-33838
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CWE: CWE-415
NVD

HIGH
CVE-2026-33837
CVE-2026-33837
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CWE: CWE-122
NVD

HIGH
CVE-2026-33835
CVE-2026-33835
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: May 12, 2026

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-33834
CVE-2026-33834
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
CWE: CWE-284
NVD

HIGH
CVE-2026-20767
CVE-2026-20767
pkg: intel quickassist_technology

published: May 12, 2026

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege.…
CWE: CWE-20
NVD

HIGH
CVE-2026-20714
CVE-2026-20714
pkg: intel quickassist_technology

published: May 12, 2026

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This r…
CWE: CWE-787
NVD

HIGH
CVE-2026-31221
CVE-2026-31221
pkg: lightningai pytorch_lightning

published: May 12, 2026

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load saved model states, internally calls torch.load() without setting the securi…
CWE: CWE-502, CWE-502
GitHub-GHSA

HIGH
protobuf.js is Vulnerable to OS Command Injection in the CLI
GHSA-f84p-cvgm-xgjj
pkg: protobufjs-cli, protobufjs-cli
eco: npm
published: May 12, 2026
## Summary

`pbts` invoked JSDoc by building a shell command string from input file paths and executing it through `child_process.exec`. File paths containing shell metacharacters could therefore be interpreted by the shell instead of being passed to JSDoc as plain arguments.

## Impact

An attacker…

CVE-2026-42290
NVD

HIGH
CVE-2026-45338
CVE-2026-45338
pkg: oauth

published: May 15, 2026

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() in backend/open_webui/utils/oauth.py (line ~1338). The function fetches arbitrary URLs from OAuth pic…
CWE: CWE-918
GitHub-GHSA

HIGH
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
GHSA-fgqv-jh4g-pvg2
pkg: @budibase/server
eco: npm
published: May 15, 2026
### Summary

The REST datasource integration follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services (cloud metadata, databases) by redirecting through an attacker-controlled server. The same vulnerability class was already patched i…

CVE-2026-45715
GitHub-GHSA

HIGH
Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation
GHSA-rpj4-7x2v-wjrf
pkg: @budibase/server
eco: npm
published: May 15, 2026
## Vulnerability Details

**CWE-918**: Server-Side Request Forgery (SSRF)

The `processUrlFile` function in `packages/server/src/automations/steps/ai/extract.ts` uses `fetch(fileUrl)` directly **without the IP blacklist validation** that is consistently applied to all other automation steps. This al…

CVE-2026-45548
NVD

HIGH
CVE-2026-45370
CVE-2026-45370
pkg: python

published: May 14, 2026

python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This vuln…
CWE: CWE-526
GitHub-GHSA

HIGH
python-utcp: Full Process Environment Exposed to CLI Subprocess – Secrets Leakage via Command Injection
GHSA-5v57-8rxj-3p2r
pkg: utcp-cli
eco: pip
published: May 14, 2026
## Summary

`_prepare_environment()` in `cli_communication_protocol.py` passes a full copy of `os.environ` to every CLI subprocess. When combined with the Command Injection vulnerability (CWE-78) in `_substitute_utcp_args()` tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-leve…

CVE-2026-45370
GitHub-GHSA

HIGH
Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)
GHSA-24c9-2m8q-qhmh
pkg: open-webui
eco: pip
published: May 14, 2026
## Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in `_process_picture_url()` in `backend/open_webui/utils/oauth.py` (line ~1338). The function fetches arbitrary URLs from OAuth `picture` claims without applying `validate_url()`, allowing an attacker to force the server to make H…

CVE-2026-45338
GitHub-GHSA

HIGH
Open WebUI has stored XSS via the HTML renedering view
GHSA-4vrc-m9ch-6m3r
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
Through the HTML rendering view, scripts can be injected and executed.
The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on …
CVE-2026-45303
NVD

HIGH
CVE-2026-42283
CVE-2026-42283
pkg: kubernetes

published: May 14, 2026

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the sam…
CWE: CWE-200, CWE-306
NVD

HIGH
CVE-2026-44738
CVE-2026-44738
pkg: getgrav grav

published: May 11, 2026

Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire merged site configuration — including all plugin secrets (SMTP passwords, AWS keys, OAuth client secre…
CWE: CWE-200
GitHub-GHSA

HIGH
Budibase vulnerable to SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)
GHSA-xh5j-727m-w6gg
pkg: budibase
eco: npm
published: May 11, 2026
## 1. Summary

| Field | Value |
|——-|——-|
| **Title** | SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload |
| **Product** | Budibase (Self-Hosted) |
| **Version** | ≤ 3.34.11 (latest stable as of 2026-03-30) |
| **Component** | `packages/server/src/api/controllers/plugin/ur…

CVE-2026-45061
GitHub-GHSA

HIGH
Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget
GHSA-pr28-mf3q-qpg6
pkg: apostrophe
eco: npm
published: May 14, 2026
### Summary
ApostropheCMS contains an authenticated server-side request forgery (SSRF) in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch attacker-controlled URLs during widget validation. For image-compatible respons…
CVE-2026-45012
GitHub-GHSA

HIGH
Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer
GHSA-3jh5-rr2q-xfv7
pkg: com.ritense.valtimo:web, com.ritense.valtimo:web
eco: maven
published: May 11, 2026
### Summary

The `LoggingRestClientCustomizer` in the `web` module automatically intercepts all outgoing HTTP calls made via Spring's `RestClient` and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown `Http…

CVE-2026-44516
NVD

HIGH
CVE-2021-47942
CVE-2021-47942
pkg: jwt

published: May 16, 2026

Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, the…
CWE: CWE-22
NVD

HIGH
CVE-2026-46359
CVE-2026-46359
pkg: jwt

published: May 15, 2026

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break ou…
CWE: CWE-89
GitHub-GHSA

HIGH
Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
GHSA-3363-2ph6-35wh
pkg: pipecat-ai
eco: pip
published: May 15, 2026
## Summary

A path traversal vulnerability exists in Pipecat's development runner (`src/pipecat/runner/run.py`). When the runner is started with the `–folder` flag, it exposes a `GET /files/{filename:path}` download endpoint. The `filename` path parameter is concatenated directly onto `args.folder`…

CVE-2026-44716
GitHub-GHSA

HIGH
nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT
GHSA-27w2-87xv-37c6
pkg: nimiq-keys
eco: rust
published: May 15, 2026
### Impact
A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a `TaggedSigned<ValidatorRecord, KeyPair>` with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls `TaggedSigned::verify`, execution …
CVE-2026-40092
NVD

HIGH
CVE-2026-38728
CVE-2026-38728
pkg: node

published: May 15, 2026

An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components
CWE: CWE-400
GitHub-GHSA

HIGH
Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
GHSA-4g37-7p2c-38r9
pkg: open-webui
eco: pip
published: May 14, 2026
# IDOR: Retrieval API Bypasses Knowledge Base Access Controls

**Author:** Andrew Orr <aorr@tenable.com>

## Summary

`_validate_collection_access()` ([PR #22109](https://github.com/open-webui/open-webui/pull/22109)) checks the `user-memory-*` and `file-*` collection name prefixes but does not check…

CVE-2026-45398
GitHub-GHSA

HIGH
Svelte devalue: DoS via sparse array deserialization
GHSA-77vg-94rm-hx3p
pkg: devalue
eco: npm
published: May 14, 2026
`devalue.parse` could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption.
CVE-2026-42570
NVD

HIGH
CVE-2026-8521
CVE-2026-8521
pkg: go

published: May 14, 2026

Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-8510
CVE-2026-8510
pkg: go

published: May 14, 2026

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-472
NVD

HIGH
CVE-2026-23998
CVE-2026-23998
pkg: fleetdm fleet

published: May 14, 2026

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled …
CWE: CWE-295
NVD

HIGH
CVE-2026-42594
CVE-2026-42594
pkg: docker

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent requ…
CWE: CWE-362
GitHub-GHSA

HIGH
wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API
GHSA-cj9g-27ph-4cgv
pkg: wger
eco: pip
published: May 14, 2026
### Summary
Any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own.

The RoutinePermission class grants read access to any authenticated user when a routine has is…

CVE-2026-43977
GitHub-GHSA

HIGH
FlowiseAI Exposes Basic Auth Credentials via API
GHSA-php6-83fg-gw3g
pkg: flowise
eco: npm
published: May 14, 2026
**Detection Method:** Kolega.dev Deep Code Scan

| Attribute | Value |
|—|—|
| Severity | Medium |
| CWE | CWE-522 (Insufficiently Protected Credentials) |
| Location | packages/server/src/enterprise/controllers/account.controller.ts:128-135 |
| Practical Exploitability | Medium |
| Developer Ap…

CVE-2026-46440
NVD

HIGH
CVE-2026-6479
CVE-2026-6479
pkg: ssl

published: May 14, 2026

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.…
CWE: CWE-674
GitHub-GHSA

HIGH
Fleet has a Windows MDM management endpoint authentication bypass
GHSA-2rc4-7jc6-qffh
pkg: github.com/fleetdm/fleet/v4
eco: go
published: May 14, 2026
### Summary

A vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data.

##…

CVE-2026-23998
NVD

HIGH
CVE-2026-42561
CVE-2026-42561
pkg: python

published: May 13, 2026

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual …
CWE: CWE-770
NVD

HIGH
CVE-2026-42304
CVE-2026-42304
pkg: react

published: May 13, 2026

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending …
CWE: CWE-400, CWE-407
NVD

HIGH
CVE-2026-42582
CVE-2026-42582
pkg: express

published: May 13, 2026

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for a string literal before verifying that length byt…
CWE: CWE-770, CWE-789
NVD

HIGH
CVE-2026-45109
CVE-2026-45109
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6.
CWE: CWE-288
NVD

HIGH
CVE-2026-44579
CVE-2026-44579
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurati…
CWE: CWE-770
NVD

HIGH
CVE-2026-44004
CVE-2026-44004
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust hos…
CWE: CWE-770
NVD

HIGH
CVE-2026-44575
CVE-2026-44575
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetchin…
CWE: CWE-288
NVD

HIGH
CVE-2026-44573
CVE-2026-44573
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data/<bui…
CWE: CWE-863
NVD

HIGH
CVE-2026-44432
CVE-2026-44432
pkg: python urllib3

published: May 13, 2026

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.dra…
CWE: CWE-409
NVD

HIGH
CVE-2026-42920
CVE-2026-42920
pkg: ssl

published: May 13, 2026

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CWE: CWE-835
NVD

HIGH
CVE-2026-40629
CVE-2026-40629
pkg: ssl

published: May 13, 2026

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CWE: CWE-770
NVD

HIGH
CVE-2026-40618
CVE-2026-40618
pkg: ssl

published: May 13, 2026

When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to…
CWE: CWE-131
GitHub-GHSA

HIGH
SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover
GHSA-wmm3-h9qj-p5v6
pkg: sillytavern
eco: npm
published: May 12, 2026
### Summary
Changing a user’s password does not invalidate existing sessions, allowing an attacker with a stolen cookie to retain access even after the victim resets their password.

### Details
SillyTavern relies on cookie-session for authentication, storing all session data (user handle, permiss…

CVE-2026-44648
GitHub-GHSA

HIGH
esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files
GHSA-rg65-45m7-hq57
pkg: github.com/esm-dev/esm.sh
eco: go
published: May 12, 2026
### Summary

A Local File Inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the `browser` field in `package.json`. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process.

### Details

CVE-2026-44594
NVD

HIGH
CVE-2026-44296
CVE-2026-44296
pkg: tls

published: May 12, 2026

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS ClientH…
CWE: CWE-400, CWE-405
NVD

HIGH
CVE-2026-42544
CVE-2026-42544
pkg: python

published: May 12, 2026

Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction path,…
CWE: CWE-20, CWE-248, CWE-400
NVD

HIGH
CVE-2026-42268
CVE-2026-42268
pkg: owasp modsecurity

published: May 12, 2026

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @veri…
CWE: CWE-191, CWE-248
NVD

HIGH
CVE-2026-44240
CVE-2026-44240
pkg: node

published: May 12, 2026

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before authent…
CWE: CWE-400, CWE-770
NVD

HIGH
CVE-2026-35424
CVE-2026-35424
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CWE: CWE-401
NVD

HIGH
CVE-2026-32161
CVE-2026-32161
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
CWE: CWE-362, CWE-416
GitHub-GHSA

HIGH
Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)
GHSA-2g4x-fq3j-cgq4
pkg: github.com/hahwul/dalfox/v2
eco: go
published: May 12, 2026
## Summary

`ParameterAnalysis` in `pkg/scanning/parameterAnalysis.go` runs two sequential worker stages that both write to the same `results` channel. The channel is correctly closed after the first stage completes (`close(results)` at line 438), but the second stage — which processes POST-body p…

CVE-2026-45090
GitHub-GHSA

HIGH
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`
GHSA-35wr-x7v6-9fv2
pkg: github.com/hahwul/dalfox/v2
eco: go
published: May 12, 2026
## Summary

When dalfox is run in REST API server mode, the `custom-payload-file` field in `model.Options` is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through `dalfox.Initialize` into the scan engine. The engine passes the value to `voltFile.R…

CVE-2026-45088
GitHub-GHSA

HIGH
protobuf.js: Process-wide denial of service through unsafe option paths
GHSA-jvwf-75h9-cwgg
pkg: protobufjs, protobufjs
eco: npm
published: May 12, 2026
## Summary

protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in funct…

CVE-2026-44290
GitHub-GHSA

HIGH
protobuf.js: Denial of service through unbounded protobuf recursion
GHSA-685m-2w69-288q
pkg: protobufjs, protobufjs
eco: npm
published: May 12, 2026
## Summary

protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields.

A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding.

CVE-2026-44289
NVD

HIGH
CVE-2026-8159
CVE-2026-8159
pkg: pillarjs multiparty

published: May 12, 2026

multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any service…
CWE: CWE-1333
GitHub-GHSA

HIGH
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
GHSA-pv5w-4p9q-p3v2
pkg: kysely
eco: npm
published: May 11, 2026
## Summary

Kysely 0.28.12 added a `sanitizeStringLiteral()` call inside `DefaultQueryCompiler.visitJSONPathLeg` (commit `0a602bf`, PR #1727) to fix CVE-2026-32763 (`GHSA-wmrf-hv6w-mr66`). The fix only doubles single quotes (`'` → `''`); it does **not** escape JSON-path metacharacters (`.`, `[`, `…

CVE-2026-44635
NVD

HIGH
CVE-2026-33359
CVE-2026-33359
pkg: windows

published: May 11, 2026

In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows.
CWE: CWE-862
GitHub-GHSA

HIGH
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes – Incomplete Fix Follow-Up
GHSA-26hh-7cqf-hhc6
pkg: next, next
eco: npm
published: May 11, 2026
### Impact

It was found that the fix addressing [CVE-2026-44575](https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f) did not apply to `middleware.ts` with Turbopack. Refer to [CVE-2026-44575](https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f) for fur…

CVE-2026-45109
GitHub-GHSA

HIGH
Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding
GHSA-39qr-rc93-vhqm
pkg: github.com/xddxdd/bird-lg-go
eco: go
published: May 11, 2026
### Summary
The `apiHandler` (and similarly `webHandlerTelegramBot`) processes user-provided JSON payloads by directly using `json.NewDecoder(r.Body).Decode(&request)` without restricting the maximum read size. An unauthenticated remote attacker can stream an extremely large, endless JSON payload (e…
CVE-2026-45047
GitHub-GHSA

HIGH
@theecryptochad/merge-guard has Prototype Pollution in its deepMerge() function
GHSA-mhwj-73qx-jqxm
pkg: @theecryptochad/merge-guard
eco: npm
published: May 11, 2026
## Summary

`@theecryptochad/merge-guard` versions prior to 1.0.1 are vulnerable to Prototype Pollution via the `deepMerge()` function. An attacker who controls the source object can inject `__proto__` keys that mutate `Object.prototype`, affecting all objects in the Node.js runtime.

## Details

Th…

GitHub-GHSA

HIGH
Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
GHSA-mg66-mrh9-m8jx
pkg: next, next
eco: npm
published: May 11, 2026
### Impact

Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurations, a malicious request can trigger a request-body handling deadlock that leaves connections o…

CVE-2026-44579
GitHub-GHSA

HIGH
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes
GHSA-267c-6grr-h53f
pkg: next, next
eco: npm
published: May 11, 2026
### Impact

App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted `.rsc` and segment-prefetch URLs can resolve to the …

CVE-2026-44575
GitHub-GHSA

HIGH
urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
GHSA-mf9v-mfxr-j63j
pkg: urllib3
eco: pip
published: May 11, 2026
### Impact

urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.7.0/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.

urllib3 can perform…

CVE-2026-44432
GitHub-GHSA

HIGH
PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`
GHSA-9q28-ghcr-c4x3
pkg: PraisonAI
eco: pip
published: May 11, 2026
### Summary
The `_safe_extractall` helper that all `recipe pull`, `recipe publish`, and `recipe unpack` flows route through validates each archive member's `name` for absolute paths, `..` segments, and resolved-path escape — but does **not** validate `member.linkname`, does not reject symlink/hard…
CVE-2026-44340
GitHub-GHSA

HIGH
Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client
GHSA-gqx7-6552-67hf
pkg: com.oviva.telematik:epa4all-client
eco: maven
published: May 15, 2026
### Impact
An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects u ri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challeng…
CVE-2026-45575
GitHub-GHSA

HIGH
goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request
GHSA-mxg3-432p-mr72
pkg: goshs.de/goshs/v2
eco: go
published: May 15, 2026
### Summary

The `–tunnel` / `-t` flag opens an outbound SSH connection to `localhost.run:22` with `HostKeyCallback: ssh.InsecureIgnoreHostKey()`. The Go documentation for that function states verbatim: *"It should not be used for production code."* With the callback disabled the client accepts any…

GitHub-GHSA

HIGH
DeepSeek TUI has SSRF‌ IPV6 bypass
GHSA-88gh-2526-gfrr
pkg: deepseek-tui
eco: rust
published: May 14, 2026
### Summary
Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as `http://[::1]`, the SSRF defenses do not work.

### Details
https://github.com/Hmbown/DeepSeek-TUI/blob/15f62e3e93d842f30b428877819ebc1c8cb96814/crates/tui/src/…

CVE-2026-45373
GitHub-GHSA

HIGH
DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool
GHSA-96ff-gc8g-wpvg
pkg: deepseek-tui, deepseek-tui-cli, deepseek-tui
eco: npm
published: May 14, 2026
### Summary
The `fetch_url` tool validates the initial URL's resolved IP address against a restricted-IP blocklist (`is_restricted_ip()`) to prevent SSRF attacks against internal services (cloud metadata endpoints, localhost, private networks). However, the HTTP client (`reqwest`) is configured to a…
CVE-2026-45310
NVD

HIGH
CVE-2026-8759
CVE-2026-8759
pkg: express

published: May 17, 2026

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of special e…
CWE: CWE-20, CWE-917
GitHub-GHSA

HIGH
Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation
GHSA-p6v2-xcpg-h6xw
pkg: better-auth, better-auth
eco: npm
published: May 15, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their app uses `better-auth` at a version `< 1.4.17`, or at a v1.5 prerelease tagged `<= 1.5.0-beta.8`.
– The apps authentication endpoints serve clients reachable over IPv6. Most managed hosts including Cloudflare, Vercel, …

CVE-2026-45364
GitHub-GHSA

HIGH
Open WebUI vulnerable to stored XSS via OAuth picture claim stored as SVG data URI in profile_image_url
GHSA-3wgj-c2hg-vm6q
pkg: open-webui
eco: pip
published: May 14, 2026
# Summary

When a user signs in via OAuth, Open WebUI fetches the `picture` claim URL, infers a MIME type from the URL extension via `mimetypes.guess_type`, and stores `data:<mime>;base64,…` as the user's profile image. The OAuth code path does not go through the `validate_profile_image_url` Pydan…

GitHub-GHSA

HIGH
Apostrophe has stored XSS via javascript: URL in Image Widget Link
GHSA-5f64-7vfc-rcx6
pkg: apostrophe
eco: npm
published: May 14, 2026
### Summary
A stored cross-site scripting vulnerability was identified in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload.

Because editors have permission to publish pages, the malicious widget can be published to the l…

CVE-2026-45011
NVD

HIGH
CVE-2026-44995
CVE-2026-44995
pkg: openclaw openclaw

published: May 11, 2026

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawne…
CWE: CWE-829
NVD

HIGH
CVE-2026-31254
CVE-2026-31254
pkg: python

published: May 11, 2026

The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability (CWE-94) in its training script. The script registers the Python eval() function as a Hydra configuration resolver under the name eval. This allows configuration file…
CWE: CWE-95
NVD

HIGH
CVE-2026-31253
CVE-2026-31253
pkg: python

published: May 11, 2026

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechanism. The load_checkpoint() function in checkpoint.py and the checkpoint loading code in eval.py use to…
CWE: CWE-94, CWE-502
NVD

HIGH
CVE-2026-31251
CVE-2026-31251
pkg: python

published: May 11, 2026

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load() without enabling the w…
CWE: CWE-20, CWE-94, CWE-915
NVD

HIGH
CVE-2026-31250
CVE-2026-31250
pkg: python

published: May 11, 2026

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads PyTorch checkpoint files (epoch_*.pt) for model averaging using torch.load() without enabling the we…
CWE: CWE-502
NVD

HIGH
CVE-2026-31249
CVE-2026-31249
pkg: python

published: May 11, 2026

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) using torch.load() w…
CWE: CWE-502
GitHub-GHSA

HIGH
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
GHSA-6rmh-7xcm-cpxj
pkg: PraisonAI
eco: pip
published: May 11, 2026
### Summary
PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access `/agents` and trigger the configured `agents.yaml` workflow through `/chat` without providing a token.

### Details
The vulnerable server i…

CVE-2026-44338
GitHub-GHSA

HIGH
Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution
GHSA-p4fx-23fq-jfg6
pkg: open-webui
eco: npm
published: May 14, 2026
### Summary

The tool update endpoint (`POST /api/v1/tools/id/{id}/update`) is missing the `workspace.tools` permission check that is present on the tool create endpoint. This allows a user who has been explicitly **denied** tool management capabilities ( and who the administrator considers **untrus…

CVE-2026-45395
NVD

HIGH
CVE-2026-8597
CVE-2026-8597
pkg: python

published: May 14, 2026

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle pa…
CWE: CWE-354
NVD

HIGH
CVE-2026-8596
CVE-2026-8596
pkg: python

published: May 14, 2026

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially …
CWE: CWE-312
GitHub-GHSA

HIGH
Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
GHSA-8jjp-r2w2-4v22
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
Any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST /api/tasks/stop/{task_id} methods. This allows a casual user to disrupt system-wide chat usage by continuously cancel…
CVE-2026-45399
GitHub-GHSA

HIGH
Open WebUI's chat completion API allows tool restrictions to be bypassed
GHSA-4pcg-253r-rf9w
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access.

### Details
In the [chat_completion](https://github.com/open-webui/open-webui/blob/a7271532f8a38da46785afcaa7…

CVE-2026-45350
GitHub-GHSA

HIGH
Open WebUI has Broken Access Control for Completions API
GHSA-gfm2-xm6c-37qc
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
Any user `X` can continue the conversation of any other user `Y`, as long as the Chat ID of `Y` is known. User `X` does not even need to be an admin to do so.

### Details
A user just needs to use the API endpoint: `/api/chat/completions` with their own API key (generated in OWUI) and t…

CVE-2026-45349
NVD

HIGH
CVE-2026-44637
CVE-2026-44637
pkg: saitoha libsixel

published: May 14, 2026

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel_decode_raw_impl. context->pos_x grows by repeat_count on every sixel character…
CWE: CWE-190, CWE-787, CWE-787
GitHub-GHSA

HIGH
Nautobot: GitRepository.current_head field should not be writable through REST API
GHSA-p3hx-pwf3-j8wr
pkg: nautobot, nautobot
eco: pip
published: May 13, 2026
### Impact

A user with access to add/change a GitRepository record could use the REST API to directly set the `current_head` field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the…

CVE-2026-44798
GitHub-GHSA

HIGH
LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
GHSA-3644-q5cj-c5c7
pkg: langsmith, langsmith, langchain-classic
eco: npm
published: May 13, 2026
## Description

The LangSmith SDK's prompt pull methods (`pull_prompt` / `pull_prompt_commit` in Python, `pullPrompt` / `pullPromptCommit` in JS/TS) fetch and deserialize prompt manifests from the LangSmith Hub. These manifests may contain serialized LangChain objects and model configuration that af…

CVE-2026-45134
NVD

HIGH
CVE-2026-5371
CVE-2026-5371
pkg: oauth

published: May 12, 2026

The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and i…
CWE: CWE-862
NVD

HIGH
CVE-2026-45226
CVE-2026-45226
pkg: node

published: May 12, 2026

Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds poin…
CWE: CWE-863
GitHub-GHSA

HIGH
Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse
GHSA-qfxw-v8qx-vj3v
pkg: github.com/ellanetworks/core
eco: go
published: May 11, 2026
## Summary

A radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection, then creates a GTP tunnel towards that radio.

## Impact

Down…

CVE-2026-44473
GitHub-GHSA

HIGH
Open WebUI's Insecure Message Access Breaks Authorization
GHSA-jxwr-g6r6-j3fx
pkg: open-webui
eco: pip
published: May 11, 2026
### Description

There's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but co…

CVE-2026-44569
NVD

HIGH
CVE-2026-35416
CVE-2026-35416
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-34347
CVE-2026-34347
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Use after free in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-34345
CVE-2026-34345
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CWE: CWE-362, CWE-416
NVD

HIGH
CVE-2026-34342
CVE-2026-34342
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CWE: CWE-362
NVD

HIGH
CVE-2026-34341
CVE-2026-34341
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
CWE: CWE-415
NVD

HIGH
CVE-2026-34340
CVE-2026-34340
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: May 12, 2026

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CWE: CWE-416
NVD

HIGH
CVE-2026-34331
CVE-2026-34331
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally.
CWE: CWE-362, CWE-416
NVD

HIGH
CVE-2026-33839
CVE-2026-33839
pkg: microsoft windows_10_1809, microsoft windows_10_21h2, microsoft windows_10_22h2

published: May 12, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally.
CWE: CWE-362
NVD

HIGH
CVE-2026-7818
CVE-2026-7818
pkg: python

published: May 11, 2026

Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager.

The session manager performed unsafe deserialization of session-file contents (using Python's standard object-serialization module) before performing any HMAC integrity check. Any file dropped into the sessions direc…

CWE: CWE-502
GitHub-GHSA

HIGH
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
GHSA-qccp-gfcp-xxvc
pkg: urllib3
eco: pip
published: May 11, 2026
### Impact

When following cross-origin redirects for requests made using urllib3’s high-level APIs, such as `urllib3.request()`, `PoolManager.request()`, and `ProxyManager.request()`, sensitive headers — `Authorization`, `Cookie`, and `Proxy-Authorization` (defined in `Retry.DEFAULT_REMOVE_HEAD…

CVE-2026-44431
GitHub-GHSA

HIGH
Open WebUI has XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image
GHSA-3856-3vxq-m6fc
pkg: open-webui
eco: pip
published: May 14, 2026
As part of our research on improving our [AI pentest](https://www.aikido.dev/attack/aipentest), we have uncovered the following issue in Open WebUI. We've manually verified and tided up the report, but you can also find the original agent finding at the bottom of this report.

### Summary

The chann…

CVE-2026-45314
GitHub-GHSA

HIGH
ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override
GHSA-5qrq-9645-g5g2
pkg: ethyca-fides
eco: pip
published: May 14, 2026
### Summary

`fides.js` is the script that renders Fides's consent banner on customer websites. It lets the embedding page override the banner's description text at runtime via a URL query parameter, a JavaScript global, or a cookie. On sites that have opted into HTML-formatted descriptions, the ove…

CVE-2026-44541
GitHub-GHSA

HIGH
Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections
GHSA-7rx4-c5vx-g8w3
pkg: @karakeep/sdk
eco: npm
published: May 14, 2026
## Summary

The `metascraper-logo-favicon` plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's `validateUrl()` SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page co…

GitHub-GHSA

HIGH
Portainer: JWT accepted in URL query leaks tokens to logs and referers
GHSA-jvp4-q659-95mj
pkg: github.com/portainer/portainer, github.com/portainer/portainer, github.com/portainer/portainer
eco: go
published: May 14, 2026
## Summary
Portainer's authentication middleware accepts JWT bearer tokens passed as the `?token=<JWT>` URL query parameter on any authenticated API endpoint, in addition to the standard `Authorization: Bearer` header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP `Refere…
CVE-2026-44883
GitHub-GHSA

HIGH
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
GHSA-rpgq-m5fp-32wr
pkg: github.com/portainer/portainer, github.com/portainer/portainer, github.com/portainer/portainer
eco: go
published: May 14, 2026
## Summary
Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using `go-git` v5, which translates Git blob entries with mode `0o120000` (symlink) into real OS symlinks on the host filesystem via `os.Symlink`. The …
CVE-2026-44881
GitHub-GHSA

HIGH
FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
GHSA-wxrr-jp8m-qq7f
pkg: flowise
eco: npm
published: May 14, 2026
## Summary

**Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Evaluator entity -> cross-workspace data takeover and IDOR.
**File:** `packages/server/src/Interface.Evaluation.ts`
**Root cause:** The Evaluator contro…

CVE-2026-46480
GitHub-GHSA

HIGH
FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover
GHSA-mq53-pc65-wjc4
pkg: flowise
eco: npm
published: May 14, 2026
## Summary

**Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Evaluation entity -> cross-workspace data takeover and IDOR.
**File:** `packages/server/src/services/evaluations/index.ts`
**Root cause:** The Evaluatio…

CVE-2026-46479
GitHub-GHSA

HIGH
FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
GHSA-7j65-65cr-6644
pkg: flowise
eco: npm
published: May 14, 2026
## Summary

**Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the DatasetRow entity -> cross-workspace data takeover and IDOR.
**File:** `packages/server/src/services/dataset/index.ts`
**Root cause:** The DatasetRow co…

CVE-2026-46478
GitHub-GHSA

HIGH
FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover
GHSA-5h9v-837x-m97r
pkg: flowise
eco: npm
published: May 14, 2026
## Summary

**Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Dataset entity -> cross-workspace data takeover and IDOR.
**File:** `packages/server/src/services/dataset/index.ts`
**Root cause:** The Dataset controll…

CVE-2026-46477
GitHub-GHSA

HIGH
FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover
GHSA-728h-4mwj-f2p4
pkg: flowise
eco: npm
published: May 14, 2026
## Summary

**Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the CustomTemplate entity -> cross-workspace data takeover and IDOR.
**File:** `packages/server/src/services/marketplaces/index.ts`
**Root cause:** The Cust…

CVE-2026-46476
GitHub-GHSA

HIGH
FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover
GHSA-78pr-c5x5-jggc
pkg: flowise
eco: npm
published: May 14, 2026
## Summary

**Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Assistant entity -> cross-workspace data takeover and IDOR.
**File:** `packages/server/src/services/assistants/index.ts`
**Root cause:** The Assistant c…

CVE-2026-46475
GitHub-GHSA

HIGH
FlowiseAI: Vector Store No Permission Checks
GHSA-hmg2-jjjx-jcp2
pkg: flowise
eco: npm
published: May 14, 2026
### FINDING 4: OpenAI Assistants Vector Store – No Auth on CRUD Operations
**Severity**: HIGH (CVSS ~8.1)
**Type**: CWE-306 (Missing Authentication for Critical Function)
**File**: `packages/server/src/routes/openai-assistants-vector-store/index.ts`

**Description**: ALL CRUD endpoints for OpenAI As…

CVE-2026-46444
GitHub-GHSA

HIGH
Synapse CPU starvation (Denial of Service)
GHSA-8q93-326v-3m7g
pkg: matrix-synapse
eco: pip
published: May 14, 2026
### Impact

Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service.

Homeservers that trust all their local users are not at risk.

### Patches

Update to Synapse 1.152.1 or later.

### Workarounds

If …

CVE-2026-45078
GitHub-GHSA

HIGH
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
GHSA-6h4j-wcr9-2vg7
pkg: n8n, n8n, n8n
eco: npm
published: May 14, 2026
## Impact
The OAuth1 and OAuth2 credential reconnect endpoints authorized access using `credential:read` rather than `credential:update`. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credent…
CVE-2026-45732
GitHub-GHSA

HIGH
n8n Has a Source Control Pull SQL Injection
GHSA-mhrx-qhrj-673w
pkg: n8n, n8n, n8n
eco: npm
published: May 14, 2026
## Impact
An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection …
CVE-2026-44792
GitHub-GHSA

HIGH
FlowiseAI Vulnerable to Credential Data Leak
GHSA-7g73-99r4-m4mj
pkg: flowise
eco: npm
published: May 14, 2026
**Severity**: HIGH (CVSS ~7.5)
**Type**: CWE-200 (Exposure of Sensitive Information)
**File**: `packages/server/src/services/credentials/index.ts:62-71`

**Description**: When credentials are fetched with a `credentialName` filter parameter, the `encryptedData` field is NOT stripped from the respons…

CVE-2026-46443
GitHub-GHSA

HIGH
FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
GHSA-hp26-q66v-q2w7
pkg: flowise
eco: npm
published: May 14, 2026
### Summary
A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI.

The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource.

Due to missing server-side validat…

CVE-2026-46441
GitHub-GHSA

HIGH
Flowise has an MCP Security Bypass that Enables RCE
GHSA-m99r-2hxc-cp3q
pkg: flowise, flowise-components
eco: npm
published: May 14, 2026
## Summary
There are three bypass methods for the security limitations of the Flowise MCP feature, and attackers can execute arbitrary commands by combining these three methods

## Details

### 【Vulnerability one】The Docker build subcommand not being on the blocklist leads to remote code execu…

GitHub-GHSA

HIGH
FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment
GHSA-5wxp-qjgq-fx6m
pkg: flowise
eco: npm
published: May 14, 2026
### Summary
A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI.

The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object.

Due to missing server-side vali…

CVE-2026-42863
GitHub-GHSA

HIGH
FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment
GHSA-x5v6-pj28-cwwm
pkg: flowise
eco: npm
published: May 14, 2026
### Summary
A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI.

The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource.

Due to missing server-side validation and aut…

CVE-2026-42862
GitHub-GHSA

HIGH
FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment
GHSA-6fw7-3q8r-m5vj
pkg: flowise
eco: npm
published: May 14, 2026
### Summary
A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI.

The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource.

Due to missing server-side validation…

CVE-2026-42861
GitHub-GHSA

HIGH
Fleet server may terminate unexpectedly when handling certain gRPC requests
GHSA-x67p-9m2r-fxqv
pkg: github.com/fleetdm/fleet/v4
eco: go
published: May 14, 2026
### Summary

Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrol…

CVE-2026-26062
GitHub-GHSA

HIGH
Fleet Windows MDM Azure AD JWT Authentication Bypass
GHSA-ffg9-j72f-j6xm
pkg: github.com/fleetdm/fleet/v4
eco: go
published: May 14, 2026
### Summary

A vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the `aud` (audience) or `iss` (issuer) claims, any Micros…

CVE-2026-24899
GitHub-GHSA

HIGH
SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs
GHSA-gmmv-4cc5-wr9r
pkg: github.com/siyuan-note/siyuan/kernel
eco: go
published: May 13, 2026
### Summary

SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs

`POST /api/graph/getGraph`, `POST /api/graph/getLocalGraph`, `POST /api/sync/setSyncInterval`, `POST /api/storage/updateRecentDocViewTime`, `POST /api/storage/updateRecentDocCloseTime`, `POST /api/storage/updat…

CVE-2026-45371
GitHub-GHSA

HIGH
Anchor: `InterfaceAccount` allows account substitution between unexpected types
GHSA-429q-fhh4-r6hj
pkg: anchor-lang
eco: rust
published: May 13, 2026
### Impact
Any uses of `InterfaceAccount` allows another unexpected account type to be passed, after https://github.com/solana-foundation/anchor/pull/3837 disabled discriminator checking for this type.

The bug was originally reported and fixed in https://github.com/solana-foundation/anchor/pull/413…

GitHub-GHSA

HIGH
claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
GHSA-g3xq-3gmv-qq8g
pkg: claude-code-cache-fix
eco: npm
published: May 13, 2026
## Summary

`tools/quota-statusline.sh` (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A `'''` byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in t…

CVE-2026-45136
GitHub-GHSA

HIGH
UltraJSON has a Memory Leak in ujson.dump() on Write Failure
GHSA-c38f-wx89-p2xg
pkg: ujson
eco: pip
published: May 12, 2026
### Summary

When `ujson.dump()` writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload.

Code that uses `ujson.dumps()` rather than `ujs…

CVE-2026-44660
GitHub-GHSA

HIGH
protobuf.js: Code injection through bytes field defaults in generated toObject code
GHSA-66ff-xgx4-vchm
pkg: protobufjs, protobufjs
eco: npm
published: May 12, 2026
## Summary

protobufjs generated JavaScript for `toObject` conversion could include an unsafe expression derived from a schema-controlled `bytes` field default value. A crafted descriptor with a non-string default value for a `bytes` field could cause attacker-controlled code to be emitted into the …

CVE-2026-44293
GitHub-GHSA

HIGH
GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor
GHSA-9ccr-r5hg-74gf
pkg: @github/copilot
eco: npm
published: May 11, 2026
## Summary

A security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent performs git operations. By exploiting git's automatic bare repository discovery during directory…

CVE-2026-45033
GitHub-GHSA

HIGH
python-liquid: Absolute paths escape filesystem loader search path
GHSA-8p4x-wr7x-3788
pkg: python-liquid
eco: pip
published: May 11, 2026
### Impact
The built-in `FileSystemLoader` and `CachingFileSystemLoader` do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the `{% include %}` and `{% render %}` tags. Ta…
CVE-2026-45017
GitHub-GHSA

HIGH
go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git
GHSA-389r-gv7p-r3rp
pkg: github.com/go-git/go-git/v6, github.com/go-git/go-git/v5
eco: go
published: May 11, 2026
### Impact
`go-git` may parse malformed Git objects in a way that differs from upstream Git. When `commit` or `tag` objects contain ambiguous or malformed headers, `go-git`’s decoded representation may expose values differently from how Git itself would interpret or reject the same object.

Additi…

CVE-2026-45022
GitHub-GHSA

HIGH
Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication
GHSA-j643-x8pv-8m67
pkg: github.com/amir20/dozzle
eco: go
published: May 11, 2026
## Summary

The WebSocket upgrader for the `/exec` and `/attach` endpoints uses `CheckOrigin: func(r *http.Request) bool { return true }`, accepting upgrade requests from any origin. Combined with the JWT cookie using `SameSite: Lax`, this enables Cross-Site WebSocket Hijacking (CSWSH) — **even wh…

CVE-2026-44985
NVD

MEDIUM
CVE-2026-1322
CVE-2026-1322
pkg: gitlab gitlab

published: May 14, 2026

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read_api scoped OAuth application to create issues and add comments to issues in private projects due to …
CWE: CWE-840
NVD

MEDIUM
CVE-2026-44305
CVE-2026-44305
pkg: tls

published: May 12, 2026

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the …
CWE: CWE-295
NVD

MEDIUM
CVE-2026-33603
CVE-2026-33603
pkg: tls

published: May 12, 2026

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and client…
CWE: CWE-99
NVD

MEDIUM
CVE-2026-43875
CVE-2026-43875
pkg: oauth

published: May 11, 2026

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=<email>&pass=<HASH> where <HASH> is the victim's stored password hash (md5(hash("whirlpool", sha1(passw…
CWE: CWE-598
NVD

MEDIUM
CVE-2026-42312
CVE-2026-42312
pkg: pyload-ng_project pyload-ng

published: May 11, 2026

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist ADMIN_ONLY_CORE_OPTIONS. The option ("g…
CWE: CWE-295, CWE-306, CWE-863
NVD

MEDIUM
CVE-2026-32170
CVE-2026-32170
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
CWE: CWE-415
NVD

MEDIUM
CVE-2026-21530
CVE-2026-21530
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CWE: CWE-415
NVD

MEDIUM
CVE-2026-20905
CVE-2026-20905
pkg: intel quickassist_technology

published: May 12, 2026

Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result m…
CWE: CWE-20
NVD

MEDIUM
CVE-2026-20782
CVE-2026-20782
pkg: intel quickassist_technology

published: May 12, 2026

Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potent…
CWE: CWE-120
NVD

MEDIUM
CVE-2026-20717
CVE-2026-20717
pkg: intel quickassist_technology

published: May 12, 2026

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result …
CWE: CWE-20
NVD

MEDIUM
CVE-2026-39052
CVE-2026-39052
pkg: express

published: May 15, 2026

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions.
CWE: CWE-94
GitHub-GHSA

MEDIUM
Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)
GHSA-m69w-p7m4-585j
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
GET `/api/v1/memories/ef` is accessible without authentication and executes `request.app.state.EMBEDDING_FUNCTION(…)`. This allows any unauthenticated caller to trigger embedding generation which can lead to direct cost exposure if a paid provider is used.
Code reference: `backend/open…
CVE-2026-45667
GitHub-GHSA

MEDIUM
Open WebUI has an Indirect Object Reference (IDOR) in user notes
GHSA-x3qm-p8hr-3c3h
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
The API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. This results in unauthorized disclosure of potentially sensitive or private user data.

### Details
– if …

CVE-2026-45666
GitHub-GHSA

MEDIUM
Open WebUI Exposes System Prompt to Regular User [Non-Admin]
GHSA-jh9g-8jqw-m2qx
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
_A regular user [non-admin] can view the system prompt of the model which is set by an admin._

### Details
_When a regular user [non-admin] logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt o…

CVE-2026-45351
GitHub-GHSA

MEDIUM
Open WebUI missing authorization check at the model update function – models from other users can be updated
GHSA-gm54-m39w-grjp
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
A user can modify another user's model even if its visibility is set to `Private`.
The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here.…
CVE-2026-45345
GitHub-GHSA

MEDIUM
Open WebUI's API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpoints
GHSA-57q6-fvp4-pqmm
pkg: open-webu
eco: pip
published: May 14, 2026
### Summary

Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from `/api/v1/messages`, requests using the `Authorization: Bearer sk-…` header are correctly blocked with 403. However, the same key sent via the `x-api-key` header bypasses …

CVE-2026-45339
GitHub-GHSA

MEDIUM
pyLoad Has Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory in pyLoad
GHSA-w727-595x-pc3r
pkg: pyload-ng
eco: pip
published: May 14, 2026
## Summary
The fix for CVE-2026-33509 prevents setting `storage_folder` inside `PKGDIR` or `userdir`, but does NOT protect the Flask session directory (`/tmp/pyLoad/flask`). An authenticated attacker can set `storage_folder` to the session directory and download session files of other users via `/fi…
CVE-2026-45306
GitHub-GHSA

MEDIUM
Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/
GHSA-g39v-cvjh-8fpf
pkg: ha-mcp
eco: pip
published: May 14, 2026
### Summary

When `ENABLE_YAML_CONFIG_EDITING=true`, every `ha_config_set_yaml` call backs up the pre-edit file to `<config>/www/yaml_backups/`, which Home Assistant serves at `/local/` with **no authentication**. Anyone who can reach the HA web interface can download the most recent pre-edit `confi…

NVD

MEDIUM
CVE-2026-44514
CVE-2026-44514
pkg: kubernetes

published: May 14, 2026

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the u…
CWE: CWE-1385
GitHub-GHSA

MEDIUM
@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input
GHSA-hcwq-x9fw-8cfq
pkg: @apostrophecms/cli
eco: npm
published: May 14, 2026
Summary

The @apostrophecms/cli package contains a command injection vulnerability in the apos create command.
User-supplied input from the password prompt is embedded directly into a shell command without proper sanitization or escaping.
This allows execution of arbitrary commands on the host syste…

CVE-2026-42853
NVD

MEDIUM
CVE-2026-44000
CVE-2026-44000
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sand…
CWE: CWE-693
NVD

MEDIUM
CVE-2026-42946
CVE-2026-42946
pkg: nginx

published: May 13, 2026

A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an …
CWE: CWE-789, CWE-823
NVD

MEDIUM
CVE-2026-40460
CVE-2026-40460
pkg: nginx

published: May 13, 2026

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluate…
CWE: CWE-290
GitHub-GHSA

MEDIUM
wger has an Uncontrolled Resource Consumption issue
GHSA-v25j-wqcw-fvhj
pkg: wger
eco: pip
published: May 13, 2026
### Summary

Any authenticated user can create a routine spanning an arbitrarily long date range (e.g. 100 years) and then trigger the `date_sequence` computation via any of the routine detail endpoints. The server iterates once per day in an unbounded `while` loop with no maximum duration validatio…

GitHub-GHSA

MEDIUM
Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
GHSA-qrpw-gjvh-x5gm
pkg: nautobot, nautobot
eco: pip
published: May 13, 2026
### Impact

Nautobot UI object-bulk-rename endpoints (for example, `/dcim/interfaces/rename/`) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the `find` field in combination with the `use_regex` flag.

### Patches

A general-purpose timeout has b…

CVE-2026-44796
GitHub-GHSA

MEDIUM
go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion
GHSA-m3xc-h892-ggx6
pkg: github.com/go-git/go-billy/v5, github.com/go-git/go-billy/v6
eco: go
published: May 13, 2026
### Impact
Multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption.

These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, o…

CVE-2026-44740
NVD

MEDIUM
CVE-2026-8199
CVE-2026-8199
pkg: mongodb mongodb

published: May 13, 2026

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM.

This issue impacts MongoDB Server v7.0 versions prior to 7.0.3…

CWE: CWE-1325
NVD

MEDIUM
CVE-2026-35422
CVE-2026-35422
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CWE: CWE-288
NVD

MEDIUM
CVE-2026-34350
CVE-2026-34350
pkg: microsoft windows_server_2025

published: May 12, 2026

Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
CWE: CWE-476
GitHub-GHSA

MEDIUM
OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS
GHSA-c73c-x77g-854r
pkg: @gitlawb/openclaude
eco: npm
published: May 12, 2026
# OAuth State Validation Bypass via `error` Parameter Causes Local Server DoS in MCP Auth Callback

## Description

The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a `state` parameter against an …

CVE-2026-42073
NVD

MEDIUM
CVE-2026-42314
CVE-2026-42314
pkg: pyload-ng_project pyload-ng

published: May 11, 2026

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ….// becomes .._ after replacement (partial removal), leaving .. which can be exploited when the path is later resolve…
CWE: CWE-22
NVD

MEDIUM
CVE-2026-7820
CVE-2026-7820
pkg: oauth

published: May 11, 2026

Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4.

pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.init_app() and is reachable on every server, nev…

CWE: CWE-307
GitHub-GHSA

MEDIUM
Streamlink has an arbitrary local file read via file:// URI in HLS and DASH
GHSA-hgqw-6m45-hw5f
pkg: streamlink
eco: pip
published: May 11, 2026
## Summary

Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote `.m3u8` HLS playlist or `.mpd` DASH manifest can list `file:///path/to/file` as a segment, and streamlink will read that local file and write its contents to the output strea…

CVE-2026-44353
GitHub-GHSA

MEDIUM
Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission
GHSA-jgj3-r8hr-9pjw
pkg: open-webui
eco: pip
published: May 11, 2026
## Vulnerability Description

In standard channels (i.e., channels whose `channel.type` is neither `group` nor `dm`), the endpoint

`POST /api/v1/channels/{channel_id}/messages/{message_id}/update` can be accessed with **read permission only**.

When `access_control` is set to `None`, the authorizat…

CVE-2026-44571
NVD

MEDIUM
CVE-2026-5361
CVE-2026-5361
pkg: express

published: May 14, 2026

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the update_gallery_data() function and improper output escaping in the gallery_init() function. The san…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-6962
CVE-2026-6962
pkg: go

published: May 13, 2026

The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_cog_product_cost' and 'alg_wc_cog_product_profit' shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitizati…
CWE: CWE-79
GitHub-GHSA

MEDIUM
dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
GHSA-xpww-f6pm-cfhq
pkg: dbt-mcp
eco: pip
published: May 14, 2026
*Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation.**

## Summary

`_run_dbt_command()` in `src/dbt_mcp/dbt_cli/tools.py` constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization…

CVE-2026-44968
NVD

MEDIUM
CVE-2026-33380
CVE-2026-33380
pkg: express

published: May 13, 2026

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.
CWE: CWE-552
GitHub-GHSA

MEDIUM
Keylime has a hardcoded attestation challenge nonce that allows replay attacks
GHSA-q8w6-w55c-ccv5
pkg: keylime
eco: pip
published: May 11, 2026
## CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks

### Impact

The `CertificationParameters.generate_challenge()` method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based …

CVE-2026-6420
GitHub-GHSA

MEDIUM
PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
GHSA-3643-7v76-5cj2
pkg: PraisonAI
eco: pip
published: May 11, 2026
### Summary
PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated `name` and `collection` arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection.

### Details
This i…

CVE-2026-44337
GitHub-GHSA

MEDIUM
pyzipper has an encryption bypass for small files encrypted using it
GHSA-crqm-m339-7m2p
pkg: pyzipper
eco: pip
published: May 14, 2026
### Impact
A Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the calle…
CVE-2026-44722
GitHub-GHSA

MEDIUM
Mistune TOC Anchor Injection XSS
GHSA-6269-cqxg-mhhv
pkg: mistune
eco: pip
published: May 14, 2026
## Summary
`render_toc_ul()` builds a `<ul>` table-of-contents tree from a list of `(level, id, text)` tuples. Both the `id` value (used as `href="#<id>"`) and the `text` value (used as the visible link label) are inserted into `<a>` tags via a plain Python format string — with no HTML escaping ap…
CVE-2026-44898
NVD

MEDIUM
CVE-2026-44580
CVE-2026-44580
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped …
CWE: CWE-79
GitHub-GHSA

MEDIUM
Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect
GHSA-r95x-qfjj-fjj2
pkg: authlib, authlib
eco: pip
published: May 13, 2026
### Summary

An unauthenticated open redirect in Authlib's `OpenIDImplicitGrant` and `OpenIDHybridGrant` authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the `openid` scope.

CVE-2026-44681
NVD

MEDIUM
CVE-2026-44245
CVE-2026-44245
pkg: vue

published: May 12, 2026

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that {{ }} interpolation provides. The PropertyCard.vue component us…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-20771
CVE-2026-20771
pkg: intel quickassist_technology

published: May 12, 2026

Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result m…
CWE: CWE-476
NVD

MEDIUM
CVE-2026-7464
CVE-2026-7464
pkg: go

published: May 12, 2026

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject a…
CWE: CWE-79
GitHub-GHSA

MEDIUM
Next.js has cross-site scripting in beforeInteractive scripts with untrusted input
GHSA-gx5p-jg67-6x7h
pkg: next, next
eco: npm
published: May 11, 2026
### Impact

Applications that use `beforeInteractive` scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before being embedded into the document, which could allow attacker-controlled input to brea…

CVE-2026-44580
GitHub-GHSA

MEDIUM
Ella Core has a UE Security Capability bypass on NGAP PathSwitchRequest
GHSA-pwfh-mqp3-pqwj
pkg: github.com/ellanetworks/core
eco: go
published: May 11, 2026
## Summary

Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with arbitrary values by sending a single crafted PathSwitchRequest.

CVE-2026-44475
NVD

MEDIUM
CVE-2026-42597
CVE-2026-42597
pkg: docker

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/… from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can load …
CWE: CWE-73, CWE-918
NVD

MEDIUM
CVE-2026-44577
CVE-2026-44577
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cau…
CWE: CWE-770
NVD

MEDIUM
CVE-2026-6253
CVE-2026-6253
pkg: haxx curl

published: May 13, 2026

curl might erroneously pass on credentials for a first proxy to a second
proxy.

This can happen when the following conditions are true:

1. curl is setup to use specific different proxies for different URL schemes
2. the first proxy needs credentials
3. the second proxy uses no credentials
4. while…

CWE: CWE-522
NVD

MEDIUM
CVE-2026-4873
CVE-2026-4873
pkg: haxx curl

published: May 13, 2026

A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool. If an initial
transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request
to that same host bypasses the TLS requirement and instead transmi…
CWE: CWE-295, CWE-319
NVD

MEDIUM
CVE-2026-42545
CVE-2026-42545
pkg: python

published: May 12, 2026

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value constructors, so malforme…
CWE: CWE-248, CWE-755
GitHub-GHSA

MEDIUM
Next.js has a Denial of Service in the Image Optimization API
GHSA-h64f-5h5j-jqjh
pkg: next, next
eco: npm
published: May 11, 2026
### Impact

When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the `/_next/image` endpoint that ma…

CVE-2026-44577
NVD

MEDIUM
CVE-2026-44312
CVE-2026-44312
pkg: openssl

published: May 14, 2026

css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFY_NONE, meanin…
CWE: CWE-295, CWE-829
NVD

MEDIUM
CVE-2026-44002
CVE-2026-44002
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks getThis() and getFunction() to prevent host object leakage, but allows getFileName() to return unsanitized host absolute paths. Any sandboxed code …
CWE: CWE-209
NVD

MEDIUM
CVE-2026-42926
CVE-2026-42926
pkg: nginx

published: May 13, 2026

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer.  Note: Software versions which have reached End of Technical Support (EoTS) are not…
CWE: CWE-172
NVD

MEDIUM
CVE-2026-44347
CVE-2026-44347
pkg: warpgate_project warpgate

published: May 12, 2026

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the …
CWE: CWE-352
NVD

MEDIUM
CVE-2026-44695
CVE-2026-44695
pkg: getoutline outline

published: May 11, 2026

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a logged-in…
CWE: CWE-352
NVD

MEDIUM
CVE-2026-31252
CVE-2026-31252
pkg: python

published: May 11, 2026

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load() to load model weight files (e.g., llm.pt, flow.pt, hift.pt) without enabling the security-restricti…
CWE: CWE-94, CWE-915
GitHub-GHSA

MEDIUM
Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`
GHSA-mq5j-pw29-jcv3
pkg: apm-cli
eco: pip
published: May 15, 2026
### Summary

Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by `apm install <bundle>` on supported Python 3.10 and 3.11 runtimes. When `apm install` is given a local `.tar.gz` that is not recognized as a plugin-format bundle, APM probes …

CVE-2026-46383
NVD

MEDIUM
CVE-2026-46383
CVE-2026-46383
pkg: python

published: May 15, 2026

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install <bundle> on supported Python 3.10 and 3.11 runtimes. When apm install is g…
CWE: CWE-22, CWE-73
GitHub-GHSA

MEDIUM
Portainer has a path traversal in backup archive extraction that allows arbitrary file write
GHSA-m8fg-67j7-cx4v
pkg: github.com/portainer/portainer
eco: go
published: May 14, 2026
### Summary
Portainer's backup restore feature accepts a `.tar.gz` archive and extracts it to a target directory on the server. The extraction function (`ExtractTarGz` in `api/archive/targz.go`) constructed output paths using `filepath.Clean(filepath.Join(outputDirPath, header.Name))`. This combinat…
CVE-2026-44885
NVD

MEDIUM
CVE-2026-35419
CVE-2026-35419
pkg: microsoft windows_11_24h2, microsoft windows_11_25h2, microsoft windows_11_26h1

published: May 12, 2026

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CWE: CWE-125
NVD

MEDIUM
CVE-2026-34339
CVE-2026-34339
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Null pointer dereference in Windows LDAP – Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
CWE: CWE-476
NVD

MEDIUM
CVE-2026-20914
CVE-2026-20914
pkg: intel quickassist_technology

published: May 12, 2026

Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result …
CWE: CWE-476
NVD

MEDIUM
CVE-2026-20881
CVE-2026-20881
pkg: intel quickassist_technology

published: May 12, 2026

Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potenti…
CWE: CWE-369
GitHub-GHSA

MEDIUM
Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
GHSA-f3jg-756w-gm35
pkg: github.com/safedep/gryph
eco: go
published: May 11, 2026
Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive `file-write` content remains in the stored `payload` as `ContentPreview`, …
CVE-2026-45046
NVD

MEDIUM
CVE-2026-23695
CVE-2026-23695
pkg: vue

published: May 15, 2026

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function() and rendered via Vue's v-html directive withou…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-44429
CVE-2026-44429
pkg: lfprojects mcp_registry

published: May 14, 2026

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / (file internal/api/handlers/v0/ui_index.html) is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published ser…
CWE: CWE-79, CWE-116
GitHub-GHSA

MEDIUM
Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
GHSA-rjmp-vjf2-qf4g
pkg: open-webui
eco: pip
published: May 14, 2026
# Mass Assignment in Feedback Creation Allows User ID Spoofing and Evaluation Data Manipulation

## Summary

The `POST /api/v1/evaluations/feedback` endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via `FeedbackForm`, which uses `model_config = ConfigDict(extra='allow')`. Due to an ins…

CVE-2026-45396
GitHub-GHSA

MEDIUM
Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]
GHSA-v6qf-75pr-p96m
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary

An internal-only bypass_filter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypass_filter=true and bypass model access control checks to invoke admin-restricted model…

CVE-2026-45365
GitHub-GHSA

MEDIUM
Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)
GHSA-hcwp-82g6-8wxc
pkg: open-webui
eco: pip
published: May 14, 2026
## Related advisory

This advisory tracks a regression of the original Excel-preview XSS that was
publicly disclosed and patched under [GHSA-jwf8-pv5p-vhmc](https://github.com/open-webui/open-webui/security/advisories/GHSA-jwf8-pv5p-vhmc)
(patched in v0.8.0). The same root cause — `XLSX.utils.sh…

CVE-2026-45318
GitHub-GHSA

MEDIUM
Open WebUI has Stored Cross-Site Scripting In Profile Picture
GHSA-6gh2-q7cp-9qf6
pkg: open-webui
eco: pip
published: May 14, 2026
## Summary

The `profile_image_url` field on the user profile update form accepted arbitrary `data:` URI values without MIME-type validation. Two distinct attack paths were independently demonstrated by separate reporters:

1. **`data:text/html;base64,…` in a new browser tab** (raresvis, 2025-04-1…

CVE-2026-45299
NVD

MEDIUM
CVE-2026-43644
CVE-2026-43644
pkg: go

published: May 14, 2026

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin HTM…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-3829
CVE-2026-3829
pkg: ssl

published: May 14, 2026

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wple_basic_get_requests' function in all versions up to, and including, 7.8.5.10. This mak…
CWE: CWE-862
NVD

MEDIUM
CVE-2026-45228
CVE-2026-45228
pkg: vue

published: May 13, 2026

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders push_config key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the PO…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-44576
CVE-2026-44576
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can…
CWE: CWE-436
GitHub-GHSA

MEDIUM
Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference
GHSA-wpxj-44w3-2j6x
pkg: nautobot, nautobot
eco: pip
published: May 13, 2026
### Impact

In the case of inter-object references via `GenericForeignKey` (a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables), when creating or updating an object containing a `GenericForeignKey`, Nautobot's REST …

CVE-2026-44794
NVD

MEDIUM
CVE-2026-43879
CVE-2026-43879
pkg: curl

published: May 11, 2026

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts (e.g. http://127.0.0.1:8080/…, http://169.254.169.254/latest/…, RFC1918 addresses). Whe…
CWE: CWE-918
GitHub-GHSA

MEDIUM
Next.js vulnerable to cache poisoning in React Server Component responses
GHSA-wfc6-r584-vfw7
pkg: next, next
eco: npm
published: May 11, 2026
### Impact

Applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later vi…

CVE-2026-44576
NVD

MEDIUM
CVE-2026-8723
CVE-2026-8723
pkg: node

published: May 17, 2026

### Summary

`qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not handled by any of qs's null-related options (`skipNulls`, `strictNullHandling`).

### Details

In t…

CWE: CWE-476
GitHub-GHSA

MEDIUM
Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE
GHSA-wxw3-q3m9-c3jr
pkg: better-auth
eco: npm
published: May 15, 2026
### Am I affected?

Users are affected if all of the following are true:

– The application uses `better-auth` at a version below `1.6.2` (or `@better-auth/sso` paired with such a version).
– `betterAuth({ account: { storeStateStrategy } })` is set to `"cookie"`. The default `"database"` is not affe…

GitHub-GHSA

MEDIUM
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure
GHSA-65pg-qhhw-mxwg
pkg: open-webui
eco: pip
published: May 14, 2026
**Vulnerability Type:** Information Disclosure / Missing Authentication
**Severity:** Medium
**Component:** `backend/open_webui/routers/retrieval.py` — `get_status()` (`GET /`)
**Affected Endpoint:** `GET /api/v1/retrieval/`
**Affected Version:** Open WebUI `main` branch — confirmed unpa…
CVE-2026-45397
NVD

MEDIUM
CVE-2026-8535
CVE-2026-8535
pkg: linux

published: May 14, 2026

Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)
CWE: CWE-125
NVD

MEDIUM
CVE-2026-8516
CVE-2026-8516
pkg: go

published: May 14, 2026

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: C…
CWE: CWE-20
NVD

MEDIUM
CVE-2025-64526
CVE-2025-64526
pkg: strapi strapi

published: May 14, 2026

Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from `ctx.request.body.email`, including on routes whose body schema does not contain an `email` field (`/auth…
CWE: CWE-307
GitHub-GHSA

MEDIUM
OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation
GHSA-rcgg-9c38-7xpx
pkg: io.opentelemetry:opentelemetry-api, io.opentelemetry:opentelemetry-extension-trace-propagators
eco: maven
published: May 14, 2026
## Overview

A vulnerability affects the baggage propagation implementation in
`opentelemetry-api` and `opentelemetry-extension-trace-propagators`. Parsing oversized baggage
causes unbounded memory allocation and CPU consumption. Because baggage is automatically
re-injected into every outgoing reque…

CVE-2026-45292
NVD

MEDIUM
CVE-2026-42593
CVE-2026-42593
pkg: express

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression…
CWE: CWE-22, CWE-73
NVD

MEDIUM
CVE-2026-42592
CVE-2026-42592
pkg: docker

published: May 14, 2026

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it n…
CWE: CWE-367, CWE-918
GitHub-GHSA

MEDIUM
Fleet has a rate limiting bypass via untrusted client IP headers
GHSA-j8h8-75h3-jg53
pkg: github.com/fleetdm/fleet/v4
eco: go
published: May 14, 2026
### Impact

Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls.

Fleet determines a client’s public IP address usin…

CVE-2026-24000
NVD

MEDIUM
CVE-2026-44003
CVE-2026-44003
pkg: vm2_project vm2

published: May 13, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal VM2_INTERNAL_STATE…
CWE: CWE-693
NVD

MEDIUM
CVE-2026-44431
CVE-2026-44431
pkg: python urllib3

published: May 13, 2026

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(…, assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
CWE: CWE-200
NVD

MEDIUM
CVE-2026-7009
CVE-2026-7009
pkg: haxx curl

published: May 13, 2026

When curl is told to use the Certificate Status Request TLS extension, often
referred to as *OCSP stapling*, to verify that the server certificate is
valid, it fails to detect OCSP problems and instead wrongly consider the
response as fine.
CWE: CWE-295
NVD

MEDIUM
CVE-2026-44341
CVE-2026-44341
pkg: go

published: May 12, 2026

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to …
CWE: CWE-284, CWE-639
NVD

MEDIUM
CVE-2026-42177
CVE-2026-42177
pkg: linux

published: May 12, 2026

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a |…
CWE: CWE-284, CWE-436
GitHub-GHSA

MEDIUM
protobuf.js: Denial of service from crafted field names in generated code
GHSA-2pr8-phx7-x9h3
pkg: protobufjs, protobufjs
eco: npm
published: May 12, 2026
## Summary

protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated function bodies. A crafted schema or JSON descriptor could therefore cause generated encode, de…

CVE-2026-44294
GitHub-GHSA

MEDIUM
protobuf.js: Prototype injection in generated message constructors
GHSA-fx83-v9x8-x52w
pkg: protobufjs, protobufjs
eco: npm
published: May 12, 2026
## Summary

protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the `__proto__` key. If an application constructed a message from an attacker-controlled plain object, an own enumerable `__proto__` property could alter the prototy…

CVE-2026-44292
GitHub-GHSA

MEDIUM
protobufjs has overlong UTF-8 decoding
GHSA-q6x5-8v7m-xcrf
pkg: protobufjs, protobufjs, @protobufjs/utf8
eco: npm
published: May 12, 2026
## Summary

protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them.

The issue concerns overlong encodings and code points outside t…

CVE-2026-44288
NVD

MEDIUM
CVE-2026-6402
CVE-2026-6402
pkg: webpack

published: May 12, 2026

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for non-trustwort…
CWE: CWE-749
NVD

MEDIUM
CVE-2026-44226
CVE-2026-44226
pkg: python

published: May 11, 2026

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/<path:filename> is reachable without authentication and renders attacker-controlled template names, an …
CWE: CWE-209
GitHub-GHSA

MEDIUM
local-deep-research is Vulnerable to HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
GHSA-fj2m-qvh9-jq4q
pkg: local-deep-research
eco: pip
published: May 11, 2026
## Summary

`PDFService._markdown_to_html()` constructs an HTML document by interpolating user-controlled values — specifically `title` (sourced from `research.title` or `research.query`) and `metadata` key-value pairs — directly into an f-string without any HTML escaping. An authenticated attac…

CVE-2026-43979
GitHub-GHSA

MEDIUM
GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content
GHSA-m5p4-gvpx-4mvr
pkg: guarddog
eco: pip
published: May 11, 2026
# Summary
GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs.

# Descri…

CVE-2026-44972
NVD

MEDIUM
CVE-2026-42780
CVE-2026-42780
pkg: ssl

published: May 13, 2026

A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.
 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CWE: CWE-22
NVD

MEDIUM
CVE-2026-42876
CVE-2026-42876
pkg: kubernetes

published: May 11, 2026

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populate w…
CWE: CWE-285
NVD

MEDIUM
CVE-2026-8367
CVE-2026-8367
pkg: tls

published: May 13, 2026

aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
CWE: CWE-295
NVD

MEDIUM
CVE-2026-42934
CVE-2026-42934
pkg: nginx

published: May 13, 2026

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers…
CWE: CWE-125
NVD

MEDIUM
CVE-2026-40701
CVE-2026-40701
pkg: ssl

published: May 13, 2026

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated …
CWE: CWE-416
NVD

MEDIUM
CVE-2026-44661
CVE-2026-44661
pkg: python

published: May 14, 2026

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. register_manual() validates the discovery URL against an HTTPS / l…
CWE: CWE-918
GitHub-GHSA

MEDIUM
@utcp/http: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol
GHSA-r8j5-8747-88cm
pkg: @utcp/http
eco: npm
published: May 14, 2026
## Summary

The `@utcp/http` package is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. `registerManual()` validates the discovery URL against an HTTPS / loopback allowlist, but `callTool()` reuses the re…

CVE-2026-45366
GitHub-GHSA

MEDIUM
Mistune Image Directive CSS Injection Vulnerability
GHSA-ccfx-mfmx-2fx9
pkg: mistune
eco: pip
published: May 14, 2026
## Summary
The Image directive plugin validates the `:width:` and `:height:` options with a regex compiled as `_num_re = re.compile(r"^\d+(?:\.\d*)?")`. This pattern is applied via `re.match()` (which anchors only at the **start** of the string, not the end). Any value that begins with one or more d…
CVE-2026-44899
NVD

MEDIUM
CVE-2026-44581
CVE-2026-44581
pkg: vercel next.js

published: May 13, 2026

Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived f…
CWE: CWE-79
GitHub-GHSA

MEDIUM
Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces
GHSA-ffhc-5mcf-pf4q
pkg: next, next
eco: npm
published: May 11, 2026
### Impact

App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from request headers could be reflected into rendered HTML in an unsafe way, allowing an attacker to p…

CVE-2026-44581
GitHub-GHSA

MEDIUM
Weblate: Stored HTML injection in editor search preview
GHSA-6wxc-8mgq-w26m
pkg: weblate
eco: pip
published: May 15, 2026
### Impact
Weblate's live search preview renders unit `source` and `context` as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search.

### Patches
* https://github.com/WeblateO…

CVE-2026-45106
GitHub-GHSA

MEDIUM
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation
GHSA-j6w6-986j-2m2m
pkg: open-webui
eco: pip
published: May 14, 2026
## Summary

An application-wide Cross-Site Request Forgery (CSRF) vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint, allowing them to perform actions on behalf of a victim user. Any authenticated user can exploit this vulner…

CVE-2026-45317
NVD

MEDIUM
CVE-2026-45736
CVE-2026-45736
pkg: node

published: May 15, 2026

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.
CWE: CWE-908
NVD

MEDIUM
CVE-2026-32209
CVE-2026-32209
pkg: microsoft windows_10_1607, microsoft windows_10_1809, microsoft windows_10_21h2

published: May 12, 2026

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
CWE: CWE-284
GitHub-GHSA

MEDIUM
Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)
GHSA-h2cw-7qw9-56xr
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
When setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt.

However users may consider their system prompt confidential, so we consider this a security issue.

Compare https://genai.owasp…

CVE-2026-45387
GitHub-GHSA

MEDIUM
Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint
GHSA-5gc6-xhv4-2wg6
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
`Pin/Unpin` is a write operation (modifies the message's `is_pinned `, `pinned_by`, `pinned_at` fields), but in standard channels it only checks `read` permission, allowing users with read-only access to pin/unpin any message.

### Details
https://github.com/open-webui/open-webui/blob/9b…

CVE-2026-45386
GitHub-GHSA

MEDIUM
Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint
GHSA-wwhq-cx22-f7vv
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
An IDOR vulnerability exists in the Channels feature of `Open WebUI`, allowing any channel member to modify messages sent by other members (including administrators) within the same channel. This vulnerability affects the latest version (`v0.8.12`) of `Open WebUI`.

### Details
In the `u…

CVE-2026-45385
GitHub-GHSA

MEDIUM
Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function
GHSA-f776-fp4w-266c
pkg: open-webui
eco: pip
published: May 14, 2026
### Summary
Blind server side request forgery (SSRF) via the PDF generate function.
The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on…
CVE-2026-45347
NVD

MEDIUM
CVE-2026-8576
CVE-2026-8576
pkg: linux

published: May 14, 2026

Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-942
NVD

MEDIUM
CVE-2026-8537
CVE-2026-8537
pkg: go

published: May 14, 2026

Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-942
NVD

MEDIUM
CVE-2026-8528
CVE-2026-8528
pkg: go

published: May 14, 2026

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20, CWE-20
GitHub-GHSA

MEDIUM
SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode
GHSA-fmh9-gpqh-g53g
pkg: github.com/siyuan-note/siyuan/kernel
eco: go
published: May 13, 2026
### Summary

The advisory `GHSA-c77m-r996-jr3q` patched `getBookmark` so that, when invoked by a publish-mode `RoleReader`, results are filtered through `FilterBlocksByPublishAccess` to remove entries from password-protected / publish-ignored notebooks. Four sibling search handlers in the same file …

CVE-2026-45148
GitHub-GHSA

MEDIUM
SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk
GHSA-6r88-8v7q-q4p2
pkg: github.com/siyuan-note/siyuan/kernel
eco: go
published: May 13, 2026
### Summary

`POST /api/tag/getTag` is registered with `model.CheckAuth` only, omitting both `model.CheckAdminRole` and `model.CheckReadonly`, despite the handler performing a configuration write that is normally guarded by both. Any authenticated user — including publish-service `RoleReader` acco…

CVE-2026-45147
NVD

MEDIUM
CVE-2026-42541
CVE-2026-42541
pkg: kubernetes

published: May 12, 2026

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions (which isn't the default) can craft a policy that makes use of the can_i host callback. The callback issues a SubjectAccessReview (SAR) requests to enumerat…
CWE: CWE-862
NVD

MEDIUM
CVE-2026-42565
CVE-2026-42565
pkg: oauth

published: May 11, 2026

@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round…
CWE: CWE-601
GitHub-GHSA

MEDIUM
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)
GHSA-88q9-cmp2-c2vq
pkg: oxidize-pdf, OxidizePdf.NET, oxidize-pdf
eco: pip
published: May 11, 2026
### Impact

`oxidize-pdf` defines `Color` as a `pub enum` with public tuple-struct variants `Rgb(f64, f64, f64)`, `Gray(f64)`, and `Cmyk(f64, f64, f64, f64)`. The constructors `Color::rgb`, `Color::gray`, and `Color::cmyk` clamp incoming
components to `[0.0, 1.0]`, but because the variants are `…

GitHub-GHSA

MEDIUM
arnika is affected by medium-severity issues in UDP rotation, PQC handling, and KMS TLS
GHSA-rc6v-5rmx-w5mv
pkg: github.com/arnika-project/arnika
eco: go
published: May 15, 2026
### Summary
Three medium-severity issues in arnika affecting the UDP key-rotation protocol, PQC key file handling, and KMS TLS client. All require specific preconditions to exploit and do not allow direct code execution or immediate key extraction. A self-contained PoC is attached.

### Details
1) A…

GitHub-GHSA

MEDIUM
rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution
GHSA-vfvv-c25p-m7mm
pkg: rkyv
eco: rust
published: May 15, 2026
`InlineVec::clear()` and `SerVec::clear()` in `rkyv` were not panic-safe. Both functions iterate over their elements and call `drop_in_place` on each, updating `self.len` only *after* the loop. If an element's `Drop` implementation panics during the loop, `self.len` is left at its original value.

A…

GitHub-GHSA

MEDIUM
slack-go `SecretsVerifier` accepts empty signing secret without precondition
GHSA-gxhx-2686-5h9g
pkg: github.com/slack-go/slack
eco: go
published: May 14, 2026
“`go
func NewSecretsVerifier(header http.Header, secret string) (SecretsVerifier, error) {
hash := hmac.New(sha256.New, []byte(secret)) // raw secret, no precondition
}
“`
GitHub-GHSA

MEDIUM
Svelte: SSR XSS via Insecure Promise Serialization in hydratable
GHSA-f3cj-j4f6-wq85
pkg: svelte
eco: npm
published: May 14, 2026
Contents of `hydratable` promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true:
– you are using `hydratable` (an experimental feature at the time of this report)
– you are passing attacker-controlled input such that a synchr…
GitHub-GHSA

MEDIUM
electerm's encrypt method not safe enough
GHSA-g29v-q6h7-76wh
pkg: electerm
eco: npm
published: May 14, 2026
### Impact
_Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to al…
CVE-2026-45787
GitHub-GHSA

MEDIUM
Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
GHSA-rcqx-6q8c-2c42
pkg: svelte
eco: npm
published: May 14, 2026
Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks.

You are vulnerable if all of the following is true:
– you are using attribute spreading on a form element
– you are using attribute spreading or allow a dynamic value for the `na…

CVE-2026-42573
GitHub-GHSA

MEDIUM
Svelte: ReDoS in `<svelte:element>` Tag Validation
GHSA-9rmh-mm8f-r9h6
pkg: svelte
eco: npm
published: May 14, 2026
An internal regex in the Svelte runtime can take exponential time to test in `<svelte:element this={tag}></svelte:element>`. You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing th…
CVE-2026-42567
GitHub-GHSA

MEDIUM
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
GHSA-r29h-37fj-x2w6
pkg: open-webui
eco: npm
published: May 14, 2026
### Summary
There is a Cross-Site Scripting vulnerability in Open WebUI SVG renderer implementation.

### Details

It is possible permanently save any HTML/JavaScript code in the application, which can be then executed in the context of the application domain. This behaviour can be used to extract …

CVE-2026-45346
GitHub-GHSA

MEDIUM
Svelte SSR vulnerable to cross-site scripting via spread attributes
GHSA-pr6f-5x2q-rwfp
pkg: svelte
eco: npm
published: May 14, 2026
When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. N…
CVE-2026-42599
GitHub-GHSA

MEDIUM
Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin
GHSA-3vcp-chfh-f6r2
pkg: github.com/kumahq/kuma, github.com/kumahq/kuma, github.com/kumahq/kuma
eco: go
published: May 14, 2026
## Summary

Default `kuma-cp` config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reachable from their browser. `CorsAllowedDomains: [".*"]` reflects any `Origin`, and `LocalhostIsAdmin: true` promotes requests from `127.0.0.1` to `me…

CVE-2026-45021
GitHub-GHSA

MEDIUM
TanStack Start – Server Core: Inbound server-function request deserialization could invoke a sibling client-referenced server function
GHSA-9m65-766c-r333
pkg: @tanstack/start-server-core
eco: npm
published: May 14, 2026
### Summary
A type-confusion bug in seroval ≤ 1.5.2 ([upstream advisory](https://github.com/lxsmnsyc/seroval/security/advisories)) allowed a crafted JSON body sent to one TanStack Start server function to trigger invocation of a different client-referenced server function as a side effect of deser…
GitHub-GHSA

MEDIUM
Portainer missing authorization on custom template file endpoint, which exposes template content
GHSA-cqpq-2fgr-8mvc
pkg: github.com/portainer/portainer, github.com/portainer/portainer
eco: go
published: May 14, 2026
## Summary
A missing authorization vulnerability in the Custom Template file endpoint (`GET /api/custom_templates/{id}/file`) allows any authenticated user to read the file content of any custom template by enumerating sequential integer IDs, bypassing Resource Control access restrictions. Template …
CVE-2026-44884
GitHub-GHSA

MEDIUM
Synapse pagination Denial of Service
GHSA-6qf2-7×63-mm6v
pkg: matrix-synapse
eco: pip
published: May 14, 2026
### Impact

In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients.

Clients could therefore fail to display room history.

### Patches

Update to Synapse 1.152.1 or later.

### Workarounds

There are no k…

CVE-2026-45076
GitHub-GHSA

MEDIUM
Fleet: IP spoofing allows bypassing API rate limiting
GHSA-mxmp-wr3w-rvqx
pkg: github.com/fleetdm/fleet/v4
eco: go
published: May 14, 2026
### Summary
A vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances exposed to the public internet.

### Impact
Fleet extracted client I…

CVE-2026-46356
GitHub-GHSA

MEDIUM
Fleet vulnerable to OS command injection in software packages
GHSA-9vcr-g537-3w5v
pkg: github.com/fleetdm/fleet/v4
eco: go
published: May 14, 2026
### Summary

A vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when an uninstall is triggered.

### Impact

When a software package (.pkg, .deb, .rpm, .exe, or .ms…

CVE-2026-26191
GitHub-GHSA

MEDIUM
Strapi Upload Plugin MIME Validation Bypass via Content API
GHSA-pcw7-5633-82vv
pkg: @strapi/upload
eco: npm
published: May 14, 2026
### Summary of CVE-2026-22707 Vulnerability Details

– CVE: CVE-2026-22707
– CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N` (5.3 — Medium)
– Affected Versions: `@strapi/upload` <=5.33.2
– How to Patch: Immediately update your Strapi to >=5.33.3

### Description…

CVE-2026-22707
GitHub-GHSA

MEDIUM
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying
GHSA-7mqx-wwh4-f9fw
pkg: @strapi/plugin-users-permissions
eco: npm
published: May 13, 2026
### Summary of CVE-2025-64526 Vulnerability Details

– CVE: CVE-2025-64526
– CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N` (6.9 — Medium)
– Affected Versions: `@strapi/plugin-users-permissions` <=5.44.0
– How to Patch: Immediately update your Strapi to >=5.45.…

CVE-2025-64526
GitHub-GHSA

MEDIUM
Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false
GHSA-96qj-4jj5-wcjc
pkg: github.com/traefik/traefik/v3, github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
eco: go
published: May 13, 2026
## Summary

There is a medium severity vulnerability in Traefik's Kubernetes Gateway API provider that allows a tenant with `HTTPRoute` creation permissions to expose the REST provider handler, bypassing the `providers.rest.insecure=false` setting. The Gateway provider accepts any `TraefikService` b…

CVE-2026-44774
GitHub-GHSA

MEDIUM
OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover
GHSA-223g-f5mq-gw33
pkg: openlearnx
eco: npm
published: May 13, 2026
### Overview

A critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. The issue has been fixed.

**Advisory**: https://github.com/th30d4y/OpenLearnX/security/advisories/GHSA-223g-f5mq-gw33

CVE-2026-44720
GitHub-GHSA

MEDIUM
SillyTavern has a SSRF vulnerability in the CORS proxy middleware
GHSA-ccfq-2454-f5xw
pkg: sillytavern
eco: npm
published: May 12, 2026
## Resolution

SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting). Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance…

CVE-2026-44652
GitHub-GHSA

MEDIUM
SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware
GHSA-xc4x-2452-5gc9
pkg: sillytavern
eco: npm
published: May 12, 2026
## Resolution

Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body.

## Overview
– Vulnerability Type: XSS
– Affected Location: `src/middleware/corsProxy.js:40`
– Trigger Scenario: reflected XSS in CORS proxy error response

## Root Cause
When `fetch(url…

CVE-2026-44651
GitHub-GHSA

MEDIUM
Mermaid: Improper sanitization of configuration leads to CSS injection
GHSA-87f9-hvmw-gh4p
pkg: mermaid, mermaid
eco: npm
published: May 11, 2026
### Impact

Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the `fontFamily`, `themeCSS`, and `altFontFamily` configuration options.

Live demo: [mermaid.live](https://mermaid.live/edit#pako:eNpNjktLxDAUhf9KvFBR6JS-60QQfODKlUvJ5k6TtsEmKTHFGUP-u-mI…

CVE-2026-41159
GitHub-GHSA

MEDIUM
Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
GHSA-6m6c-36f7-fhxh
pkg: mermaid, mermaid
eco: npm
published: May 11, 2026
### Impact

Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the [`excludes` attribute](https://mermaid.js.org/syntax/gantt.html?#excludes) to exclude all dates.

Example:

“`
gantt
excludes monday,tuesday,wednesday,thursday,friday…

CVE-2026-41150
GitHub-GHSA

MEDIUM
Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
GHSA-ghcm-xqfw-q4vr
pkg: mermaid, mermaid
eco: npm
published: May 11, 2026
### Impact

Under the default configuration, Mermaid state diagram's `classDef` allow DOM injection that escapes the SVG, although `<script>` tags are removed, preventing XSS.

#### Proof-of-concept

“`
stateDiagram-v2
classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important…

CVE-2026-41149
GitHub-GHSA

MEDIUM
Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
GHSA-xcj9-5m2h-648r
pkg: mermaid, mermaid
eco: npm
published: May 11, 2026
### Details

The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures `classDef` values with an unrestricted regex:

“`jison
// packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83
<CL…

CVE-2026-41148
GitHub-GHSA

MEDIUM
Steamworks game clients/servers using P2P authentication vulnerable to denial of service
GHSA-g588-cjg3-6g78
pkg: steamworks
eco: rust
published: May 11, 2026
Processing the raw `ValidateAuthTicketResponse_t` callback data panics when the `m_eAuthSessionResponse` field is `k_EAuthSessionResponseAuthTicketNetworkIdentityFailure`. This can lead to denial of service in game clients and servers using the `begin_authentication_session` API to authenticate play…


Vulnerability Digest — May 11, 2026 · 99 Critical · 3 Exploited






Vulnerability Digest — Monday, May 11, 2026


Security Report

Monday, May 11, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
557
Critical
99
High
259
Actively Exploited
3
CISA-KEV3
NVD179
GitHub-GHSA375
Findings sorted by severity
CISA-KEV

CRITICAL
BerriAI LiteLLM SQL Injection Vulnerability
CVE-2026-42208
pkg: BerriAI LiteLLM

published: May 8, 2026

BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised access to the proxy and the credentials it manages.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
CVE-2026-6973
pkg: Ivanti Endpoint Manager Mobile (EPMM)

published: May 7, 2026

Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
CVE-2026-0300
pkg: Palo Alto Networks PAN-OS

published: May 6, 2026

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted pa…
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: – Restrict User-ID Authentication Portal access to only trusted zones. – Disable User-ID Authentication Portal if not required.
NVD

CRITICAL
CVE-2026-42298
CVE-2026-42298
pkg: docker

published: May 8, 2026

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a hi…
CWE: CWE-94
GitHub-GHSA

CRITICAL
free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions
GHSA-rwww-x45w-p52w
pkg: github.com/free5gc/nef
eco: go
published: May 8, 2026
### Summary
free5GC's NEF mounts the `nnef-pfdmanagement` route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token (e.g. `Authorization: Bearer not-a-real-token`) to read PFD application data via `GET /a…
CVE-2026-44330
GitHub-GHSA

CRITICAL
free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers
GHSA-3258-qmv8-frp3
pkg: github.com/free5gc/smf
eco: go
published: May 8, 2026
### Summary
free5GC's SMF mounts the `UPI` management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit `UPI` endpoints with no `Authorization` header at all, and the requests reach the SMF business handlers. In the running Dock…
CVE-2026-44329
GitHub-GHSA

CRITICAL
free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler
GHSA-cmpj-2x3g-m7g3
pkg: github.com/free5gc/nef
eco: go
published: May 8, 2026
### Summary
free5GC's NEF mounts the `nnef-oam` route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no `Authorization` header at all and the handler returns `200 OK`. The current OAM handler is a stub that returns …
CVE-2026-44327
GitHub-GHSA

CRITICAL
Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery
GHSA-q6mh-rqwh-g786
pkg: github.com/enchant97/note-mark/backend
eco: go
published: May 7, 2026
#### Summary

No minimum length or entropy is enforced on the `JWT_SECRET` configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte.

HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the s…

CVE-2026-44523
NVD

CRITICAL
CVE-2026-33587
CVE-2026-33587
pkg: lfnovo open-notebook

published: May 7, 2026

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.
CWE: CWE-20
GitHub-GHSA

CRITICAL
vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
GHSA-vwrp-x96c-mhwq
pkg: vm2
eco: npm
published: May 7, 2026
### Summary
vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM m…
CVE-2026-44005
GitHub-GHSA

CRITICAL
vm2 Access to Host Object Enables Sandbox Escape
GHSA-47×8-96vw-5wg6
pkg: vm2
eco: npm
published: May 7, 2026
### Summary

It is possible to obtain the host `Object`, https://github.com/patriksimek/vm2/commit/ebcfe94ad2f864f0bc35e78cff1d921107cfd160 added some protections, but the implementation is incomplete.

### Details

There are various ways to use the host `Object`, to escape the sandbox, one example …

CVE-2026-43997
GitHub-GHSA

CRITICAL
vm2 has a Sandbox Escape Vulnerability
GHSA-qcp4-v2jj-fjx8
pkg: vm2
eco: npm
published: May 7, 2026
### Summary

It is possible to reach `BaseHandler.getPrototypeOf`, which can be used to get arbitrary prototypes

### Details

https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L655-L658

`BaseHandler` can be reached via `util.inspect` (same as https://gi…

CVE-2026-44006
NVD

CRITICAL
CVE-2026-40281
CVE-2026-40281
pkg: docker

published: May 6, 2026

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate argum…
CWE: CWE-88
NVD

CRITICAL
CVE-2026-42454
CVE-2026-42454
pkg: docker

published: May 8, 2026

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands executed v…
CWE: CWE-78
GitHub-GHSA

CRITICAL
vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape
GHSA-947f-4v7f-x2v8
pkg: vm2
eco: npm
published: May 7, 2026
## Summary
NodeVM's `builtin` allowlist can be bypassed when the `module` builtin is allowed (including via the `'*'` wildcard). The `module` builtin exposes Node's `Module._load()`, which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This all…
CVE-2026-43999
GitHub-GHSA

CRITICAL
Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
GHSA-765j-qfrp-hm3j
pkg: github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet
eco: go
published: May 7, 2026
### Impact

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.

**Helm `lookup` bypass:** The Helm…

CVE-2026-41050
GitHub-GHSA

CRITICAL
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
GHSA-mhc8-p3jx-84mm
pkg: wger
eco: pip
published: May 6, 2026
### Summary

The `reset_user_password` and `gym_permissions_user_edit` views in wger perform a gym-scope authorization check using Python object comparison (`!=`) that evaluates `None != None` as `False`, silently bypassing the guard when both the attacker and victim have no gym assignment (`gym=Non…

CVE-2026-43948
GitHub-GHSA

CRITICAL
Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API
GHSA-6j7p-qjhg-9947
pkg: rucio, rucio, rucio
eco: pip
published: May 6, 2026
### Summary

A SQL injection vulnerability in `FilterEngine.create_postgres_query` allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint (`GET /dids/<scope>/dids/search`). When the external metadata plugin `po…

CVE-2026-29090
GitHub-GHSA

CRITICAL
Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API
GHSA-vjr5-c9qv-hgm3
pkg: rucio, rucio, rucio
eco: pip
published: May 6, 2026
### Summary

A SQL injection vulnerability in the Oracle path of `FilterEngine.create_sqla_query` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids/<scope>/dids/search`). Attacker-controlled filter keys and values ar…

CVE-2026-29080
GitHub-GHSA

CRITICAL
Apache Polaris has an Improper Input Validation Issue
GHSA-vxgg-mqx2-3w59
pkg: org.apache.polaris:polaris-core
eco: maven
published: May 4, 2026
Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions.

In S3 IAM policy matching, `*` is tre…

CVE-2026-42810
GitHub-GHSA

CRITICAL
Apache Polaris has an Improper Input Validation Issue
GHSA-8ggj-j522-h5qf
pkg: org.apache.polaris:polaris-runtime-service
eco: maven
published: May 4, 2026
Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation b…
CVE-2026-42809
GitHub-GHSA

CRITICAL
Apache Polaris has an Improper Input Validation issue
GHSA-w76p-3cgp-qfcm
pkg: org.apache.polaris:polaris-runtime-service
eco: maven
published: May 4, 2026
In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read.

`write.metadata.path` is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a Po…

CVE-2026-42812
GitHub-GHSA

CRITICAL
Apache Polaris has an Improper Input Validation issue
GHSA-fc3h-c6h7-r83j
pkg: org.apache.polaris:polaris-core
eco: maven
published: May 4, 2026
In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead.

Apache Polaris builds Google Cloud Storage downscoped credentials by …

CVE-2026-42811
NVD

CRITICAL
CVE-2026-42811
CVE-2026-42811
pkg: express

published: May 4, 2026

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials
that
only work for one table's files, but a crafted namespace or table name can
cause those credentials to work across the configured bucket instead.

Apache Polaris builds Google Cloud Storage downscoped credentials by…

CWE: CWE-20, CWE-917
GitHub-GHSA

CRITICAL
@profullstack/mcp-server vulnerable to OS Command Injection in domain_lookup Module
GHSA-v6wj-c83f-v46x
pkg: @profullstack/mcp-server
eco: npm
published: May 9, 2026
<html>
<body>
<!–StartFragment–><html><head></head><body><h1>Security Advisory: OS Command Injection in <code>profullstack/mcp-server</code> <code>domain_lookup</code> Module</h1>

Field | Value
— | —
Project | profullstack/mcp-server
Repository | https://github.com/profullstack/mcp-server
Affec…

GitHub-GHSA

CRITICAL
Electerm runWidget has a path traversal that leads to arbitrary code execution
GHSA-f77v-9vpc-6pjm
pkg: electerm
eco: npm
published: May 8, 2026
### Impact
The `runWidget` function in `src/app/widgets/load-widget.js` constructs a file path by directly concatenating user‑supplied widget identifiers without any sanitisation:

“`javascript
const file = `widget-${widgetId}.js`
const widget = require(path.join(__dirname, file))
“`

Because `r…

CVE-2026-43940
GitHub-GHSA

CRITICAL
vm2 has Sandbox Breakout Through Null Proto Exception
GHSA-9vg3-4rfj-wgcm
pkg: vm2
eco: npm
published: May 8, 2026
### Summary

VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.

### Details

In `handleException` due to “// SECURITY (post-GHSA-mpf8 hardening): use `from` (not `ensureThis…

CVE-2026-44009
GitHub-GHSA

CRITICAL
vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`
GHSA-9qj6-qjgg-37qq
pkg: vm2
eco: npm
published: May 8, 2026
### Summary

VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.

### Details

The new method `neutralizeArraySpeciesBatch` works with objects from the other side but can call …

CVE-2026-44008
NVD

CRITICAL
CVE-2026-43402
CVE-2026-43402
pkg: node

published: May 8, 2026

In the Linux kernel, the following vulnerability has been resolved:

kthread: consolidate kthread exit paths to prevent use-after-free

Guillaume reported crashes via corrupted RCU callback function pointers
during KUnit testing. The crash was traced back to the pidfs rhashtable
conversion which rep…

NVD

CRITICAL
CVE-2026-41507
CVE-2026-41507
pkg: express

published: May 8, 2026

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the par…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-41497
CVE-2026-41497
pkg: praison praisonai

published: May 8, 2026

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through …
CWE: CWE-77, CWE-78
NVD

CRITICAL
CVE-2023-46453
CVE-2023-46453
pkg: express

published: May 8, 2026

Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-M…
CWE: CWE-89
GitHub-GHSA

CRITICAL
Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection
GHSA-rqgh-gxv4-6657
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 7, 2026
# Unauthenticated RCE in Gotenberg via Metadata Key Newline Injection

## Summary

Gotenberg's `/forms/pdfengines/metadata/write` HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A `\n` em…

CVE-2026-42589
NVD

CRITICAL
CVE-2026-41930
CVE-2026-41930
pkg: docker

published: May 6, 2026

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to gain…
CWE: CWE-306
GitHub-GHSA

CRITICAL
Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore
GHSA-4pvg-prr3-9cxr
pkg: github.com/0xJacky/nginx-ui
eco: go
published: May 6, 2026
**Product:** nginx-ui
**Repository:** `0xJacky/nginx-ui` (branch: `dev`)
**Vulnerability Class:** Authentication Bypass → Arbitrary File Write → OS Command Injection
**Affected Component:** `POST /api/restore`

## 1. Vulnerability Summary

nginx-ui exposes a backup restore endpoint (`POST /…

CVE-2026-42238
NVD

CRITICAL
CVE-2026-43186
CVE-2026-43186
pkg: node

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()

On the receive path, __ioam6_fill_trace_data() uses trace->nodelen
to decide how much data to write for each node. It trusts this field
as-is from the incoming pack…

NVD

CRITICAL
CVE-2026-35579
CVE-2026-35579
pkg: coredns.io coredns

published: May 5, 2026

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate …
CWE: CWE-287
NVD

CRITICAL
CVE-2026-38428
CVE-2026-38428
pkg: kestra kestra

published: May 5, 2026

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the databa…
CWE: CWE-89
NVD

CRITICAL
CVE-2026-38431
CVE-2026-38431
pkg: frappe erpnext

published: May 5, 2026

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered.
CWE: CWE-94
GitHub-GHSA

CRITICAL
VM2 Has a WASM Sandbox Escape (Node 25 only)
GHSA-ffh4-j6h5-pg66
pkg: vm2
eco: npm
published: May 5, 2026
## Summary

Full sandbox escape with arbitrary code execution. Attacker code inside `VM.run()` obtains host process object and runs host commands with zero host cooperation.

## Details

**Confirmed on:** vm2 3.10.4, Node.js v25.6.1 (x64 Linux)
**Trigger:** Attacker-controlled code passed to `VM.run…

CVE-2026-26956
GitHub-GHSA

CRITICAL
VM2 Has a Sandbox Escape Issue via SuppressedError
GHSA-55hx-c926-fr95
pkg: vm2
eco: npm
published: May 5, 2026
In vm2 v3.10.4 on Node.js v24.13.0, `SuppressedError` allows attackers to escape the sandbox and run arbitrary code.

### PoC
“`js
const { VM } = require("vm2");

const vm = new VM();

vm.run(`
const ds = new DisposableStack();
ds.defer(() => { throw null; });
ds.defer(() => {
const e = Error();

CVE-2026-26332
GitHub-GHSA

CRITICAL
VM2 Has Sandbox Breakout Through Inspect Function
GHSA-v37h-5mfm-c47c
pkg: vm2
eco: npm
published: May 5, 2026
### Summary

VM2 suffers from a sandbox breakout vulnerability through the `inspect` function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.

### Details

The node `inspect` method allows to log details of objects. To get…

CVE-2026-24781
GitHub-GHSA

CRITICAL
VM2 Has Sandbox Breakout Through Promise Species
GHSA-qvjj-29qf-hp7p
pkg: vm2
eco: npm
published: May 5, 2026
### Summary

The fix for https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.

### Details

The fix for https://gith…

CVE-2026-24120
NVD

CRITICAL
CVE-2026-43067
CVE-2026-43067
pkg: linux

published: May 5, 2026

In the Linux kernel, the following vulnerability has been resolved:

ext4: handle wraparound when searching for blocks for indirect mapped blocks

Commit 4865c768b563 ("ext4: always allocate blocks only from groups
inode can use") restricts what blocks will be allocated for indirect
block based file…

NVD

CRITICAL
CVE-2026-42238
CVE-2026-42238
pkg: nginxui nginx_ui

published: May 4, 2026

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upl…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-42233
CVE-2026-42233
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or p…
CWE: CWE-89
GitHub-GHSA

CRITICAL
Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest
GHSA-cx4m-2p55-rw7j
pkg: org.apache.opennlp:opennlp-tools, org.apache.opennlp:opennlp-tools
eco: maven
published: May 4, 2026
Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader

Versions Affected: before 2.5.9, before 3.0.0-M3

Description: 

The ExtensionLoader.instantiateExtension(Class, String) method loads a class by its fully-qualified name via Class.forName() and invokes its…

CVE-2026-42027
NVD

CRITICAL
CVE-2026-42796
CVE-2026-42796
pkg: python

published: May 4, 2026

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file throu…
CWE: CWE-306
NVD

CRITICAL
CVE-2026-42076
CVE-2026-42076
pkg: curl

published: May 4, 2026

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to…
CWE: CWE-78
NVD

CRITICAL
CVE-2026-26956
CVE-2026-26956
pkg: vm2_project vm2

published: May 4, 2026

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.
CWE: CWE-693
NVD

CRITICAL
CVE-2026-26332
CVE-2026-26332
pkg: vm2_project vm2

published: May 4, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.
CWE: CWE-94, CWE-693
NVD

CRITICAL
CVE-2026-24781
CVE-2026-24781
pkg: vm2_project vm2

published: May 4, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patc…
CWE: CWE-94, CWE-693
NVD

CRITICAL
CVE-2026-24120
CVE-2026-24120
pkg: vm2_project vm2

published: May 4, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3…
CWE: CWE-94, CWE-693
NVD

CRITICAL
CVE-2026-24118
CVE-2026-24118
pkg: vm2_project vm2

published: May 4, 2026

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0.
CWE: CWE-94, CWE-693
GitHub-GHSA

CRITICAL
Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
GHSA-5c57-rqjx-35g2
pkg: cline
eco: npm
published: May 8, 2026
## Summary

The `kanban` npm package (used by the `cline` CLI) starts a WebSocket server on `127.0.0.1:3484` with no Origin header validation. Any website a developer visits can silently connect to the kanban server via WebSocket and:

1. Leak sensitive data in real-time: workspace filesystem paths,…

CVE-2026-44211
NVD

CRITICAL
CVE-2026-44336
CVE-2026-44336
pkg: praison praisonai

published: May 8, 2026

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a …
CWE: CWE-20, CWE-22, CWE-94, CWE-829, CWE-913
NVD

CRITICAL
CVE-2026-42880
CVE-2026-42880
pkg: kubernetes

published: May 7, 2026

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kube…
CWE: CWE-200, CWE-212
GitHub-GHSA

CRITICAL
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
GHSA-3v3m-wc6v-x4x3
pkg: github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v3
eco: go
published: May 7, 2026
### Summary
There is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism.

### Details
Argo CD masks S…

CVE-2026-42880
NVD

CRITICAL
CVE-2026-7910
CVE-2026-7910
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-7908
CVE-2026-7908
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

CRITICAL
CVE-2026-42235
CVE-2026-42235
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that acc…
CWE: CWE-79, CWE-87
NVD

CRITICAL
CVE-2026-42088
CVE-2026-42088
pkg: docker

published: May 4, 2026

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the do…
CWE: CWE-250
NVD

CRITICAL
CVE-2026-42090
CVE-2026-42090
pkg: node

published: May 4, 2026

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is th…
CWE: CWE-79, CWE-94
GitHub-GHSA

CRITICAL
free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions
GHSA-3p28-73q7-45xp
pkg: github.com/free5gc/nef
eco: go
published: May 8, 2026
### Summary
free5GC's NEF mounts the `3gpp-traffic-influence` API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptions either with no `Authorization` header at all, or with a forged bear…
CVE-2026-44326
GitHub-GHSA

CRITICAL
free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions
GHSA-5f62-53r8-qrqf
pkg: github.com/free5gc/nef
eco: go
published: May 8, 2026
### Summary
free5GC's NEF mounts the `3gpp-pfd-management` API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a forged or arbitrary bearer token (e.g. `Authorization: Bearer not-a-r…
CVE-2026-44315
GitHub-GHSA

CRITICAL
Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook
GHSA-4vmc-gm8v-m35h
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 7, 2026
### Summary
The default deny-lists used by Gotenberg's `downloadFrom` feature and `webhook` feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as `http://[::ffff:127.0.0.1]:…` and reach loopback or private HTTP services th…
CVE-2026-42596
GitHub-GHSA

CRITICAL
S3-Proxy has Security Issues in its Resource Path Matching Implementation
GHSA-rfgq-wgg8-662p
pkg: github.com/oxyno-zeta/s3-proxy
eco: go
published: May 5, 2026
## Background

The original concern is functional: a resource pattern should treat a percent-encoded segment like some%2Fvalue as a single opaque token rather than splitting it into two path segments at the decoded /. Investigation into why %2F was being decoded and how routes matched against the re…

CVE-2026-42882
GitHub-GHSA

CRITICAL
Compromised version of intercom-client published to npm
GHSA-54pg-9963-v8vg
pkg: intercom-client
eco: npm
published: May 7, 2026
### Impact

On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline.

The malicious version contained an obfuscated JavaScript payload that executed during pac…

NVD

CRITICAL
CVE-2026-42560
CVE-2026-42560
pkg: oauth

published: May 9, 2026

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In …
CWE: CWE-287
GitHub-GHSA

CRITICAL
Open WebUI has an LDAP Empty Password Authentication Bypass
GHSA-2r4p-jpmg-48f4
pkg: open-webui
eco: pip
published: May 8, 2026
# LDAP Empty Password Authentication Bypass

## Affected Component

LDAP authentication endpoint:
– `backend/open_webui/routers/auths.py` (lines 468-477, user bind with empty password)
– `backend/open_webui/models/auths.py` (lines 58-60, `LdapForm` model)

## Affected Versions

Current main branch (…

CVE-2026-44551
NVD

CRITICAL
CVE-2026-44497
CVE-2026-44497
pkg: zfnd zebra-script, zfnd zebrad

published: May 8, 2026

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of retur…
CWE: CWE-347
NVD

CRITICAL
CVE-2026-41583
CVE-2026-41583
pkg: zfnd zebra-script, zfnd zebrad

published: May 8, 2026

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network up…
CWE: CWE-573
GitHub-GHSA

CRITICAL
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
GHSA-8hg8-63c5-gwmx
pkg: vm2
eco: npm
published: May 7, 2026
### Summary

When a `NodeVM` is created with `nesting: true`, sandbox code can unconditionally `require('vm2')` regardless of the outer VM's `require` configuration — including `require: false`. With access to `vm2`, the sandbox constructs a new inner `NodeVM` with its own unrestricted `require` s…

CVE-2026-44007
GitHub-GHSA

CRITICAL
FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion
GHSA-fwj3-42wh-8673
pkg: github.com/gtsteffaniak/filebrowser
eco: go
published: May 7, 2026
### **Summary**

Attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As a result, an unauthenticated attacker possessing a valid public share hash with delete permissions enabled ca…

CVE-2026-44542
GitHub-GHSA

CRITICAL
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening
GHSA-9h64-2846-7x7f
pkg: github.com/getaxonflow/axonflow
eco: go
published: May 6, 2026
## Summary

Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is…

GitHub-GHSA

CRITICAL
fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver
GHSA-gmvf-9v4p-v8jc
pkg: fast-jwt
eco: npm
published: May 6, 2026
### Summary

A critical authentication-bypass vulnerability in `fast-jwt`'s async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an empty string (`''`), for example via the common `keys[decoded…

CVE-2026-44351
GitHub-GHSA

CRITICAL
Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users
GHSA-j7j9-5253-f7vh
pkg: com.ritense.valtimo:document, com.ritense.valtimo:case, com.ritense.valtimo:contract
eco: maven
published: May 6, 2026
### Summary

Multiple classes evaluate Spring Expression Language (SpEL) expressions from user-supplied input using `StandardEvaluationContext`, which provides unrestricted access to Java types and methods. An authenticated user with the ADMIN role can achieve Remote Code Execution and credential ex…

CVE-2026-42555
NVD

CRITICAL
CVE-2026-43083
CVE-2026-43083
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

net: ioam6: fix OOB and missing lock

When trace->type.bit6 is set:

if (trace->type.bit6) {

queue = skb_get_tx_queue(dev, skb);
qdisc = rcu_dereference(queue->qdisc);

This code can lead to an out-o…

NVD

CRITICAL
CVE-2026-43071
CVE-2026-43071
pkg: linux

published: May 5, 2026

In the Linux kernel, the following vulnerability has been resolved:

dcache: Limit the minimal number of bucket to two

There is an OOB read problem on dentry_hashtable when user sets
'dhash_entries=1':
BUG: unable to handle page fault for address: ffff888b30b774b0
#PF: supervisor read access in…

NVD

CRITICAL
CVE-2026-36356
CVE-2026-36356
pkg: go

published: May 5, 2026

The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.
CWE: CWE-78, CWE-306
GitHub-GHSA

CRITICAL
OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange
GHSA-xj4f-8jjg-vx4q
pkg: org.openmrs.api:openmrs-api, org.openmrs.api:openmrs-api
eco: maven
published: May 4, 2026
### Impact

The `ConceptReferenceRangeUtility.evaluateCriteria()` method in OpenMRS Core
evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The `VelocityEngine` is initialized with only logging properties and no`SecureUberspector`, leaving the …

CVE-2026-41258
GitHub-GHSA

CRITICAL
Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing
GHSA-4v8g-86×5-3vrc
pkg: org.apache.opennlp:opennlp-tools, org.apache.opennlp:opennlp-tools
eco: maven
published: May 4, 2026
XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor

Versions Affected: before 2.5.9, before 3.0.0-M3

Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURE_SECURE_PROCES…

CVE-2026-40682
GitHub-GHSA

CRITICAL
ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases
GHSA-fxc7-fm93-6q77
pkg: com.arcadedb:arcadedb-server
eco: maven
published: May 5, 2026
### Impact
Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: (1) ServerSecurityUser.getDatabaseUser() returned a DB user with an uninitialized fileAccessMap, which requestA…
CVE-2026-44221
GitHub-GHSA

CRITICAL
Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns
GHSA-c9ph-gxww-7744
pkg: org.thymeleaf:thymeleaf, org.thymeleaf:thymeleaf-spring5, org.thymeleaf:thymeleaf-spring6
eco: maven
published: May 4, 2026
### Impact

A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed (restricted) contexts, it fails to…

CVE-2026-41901
GitHub-GHSA

CRITICAL
OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip)
GHSA-78fc-9688-w8xw
pkg: org.openmrs.web:openmrs-web, org.openmrs.web:openmrs-web
eco: maven
published: May 4, 2026
## Affected Versions

version ≤ 2.7.8 (latest version at time of disclosure)

https://github.com/openmrs/openmrs-core

## Impact

The endpoint `POST /openmrs/ws/rest/v1/module` is vulnerable to a path traversal (Zip Slip) attack. An authenticated attacker can upload a crafted `.omod` archive conta…

CVE-2026-40076
GitHub-GHSA

CRITICAL
SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)
GHSA-25rp-h46x-2hjm
pkg: github.com/siyuan-note/siyuan/kernel
eco: go
published: May 8, 2026
## Summary

The tooltip mouseover handler in `app/src/block/popover.ts` reads `aria-label` via `getAttribute` and passes it through `decodeURIComponent` before assigning to `messageElement.innerHTML` in `app/src/dialog/tooltip.ts:41`. The encoder used at the producer side, `escapeAriaLabel` in `app/…

CVE-2026-44588
GitHub-GHSA

CRITICAL
Electerm users can run dangrous code through link or command line
GHSA-mpm8-cx2p-626q
pkg: electerm
eco: npm
published: May 8, 2026
### Impact
_Arbitrary local code execution via deep links, CLI `–opts`, or crafted shortcuts. Affected users: electerm installs that accept protocol URLs or CLI options (affected versions listed in the original report). Exploit requires clicking a crafted `electerm://…` link or opening a crafted …
CVE-2026-43944
GitHub-GHSA

CRITICAL
Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output
GHSA-pvmv-cwg8-v6c8
pkg: zebrad, zebra-script
eco: rust
published: May 8, 2026
# Consensus Divergence in V5 Transparent SIGHASH_SINGLE With No Corresponding Output

## Summary

Zebra failed to enforce a ZIP-244 consensus rule for V5 transparent transactions: when an input is signed with `SIGHASH_SINGLE` and there is no transparent output at the same index as that input, valida…

GitHub-GHSA

CRITICAL
SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE
GHSA-2h64-c999-c9r6
pkg: github.com/siyuan-note/siyuan/kernel
eco: go
published: May 8, 2026
## Summary

The kernel stores Attribute View (AV / database) names without any HTML escape, then a render template uses raw `strings.ReplaceAll(tpl, "${avName}", nodeAvName)` to embed the name in HTML before pushing to all clients via WebSocket. Three independent client paths (`render.ts:120` → `o…

CVE-2026-44670
GitHub-GHSA

CRITICAL
Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs
GHSA-cwfq-rfcr-8hmp
pkg: zebrad
eco: rust
published: May 7, 2026
# `Zebra` Transparent `SIGHASH_SINGLE` Corresponding-Output Handling Diverges From `zcashd`

### Summary
For V5+ transparent spends, `Zebra` and `zcashd` disagree on the same consensus rule: `SIGHASH_SINGLE` must fail when the input index has no corresponding output. `zcashd` treats this as consensu…

GitHub-GHSA

CRITICAL
Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer
GHSA-gq4h-3grw-2rhv
pkg: zebra-script, zebrad
eco: rust
published: May 7, 2026
# CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

## Summary

The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash t…

CVE-2026-44497
GitHub-GHSA

CRITICAL
Zebra's Block Validator Undercounts Coinbase and P2SH Sigops
GHSA-jv4h-j224-23cc
pkg: zebrad
eco: rust
published: May 7, 2026
Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (`MAX_BLOCK_SIGOPS`), allowing it to accept blocks that `zcashd` rejects with `bad-blk-sigops`. A miner who produces such a block can split the network: Zebra nodes follow the offending chain whi…
CVE-2026-44498
GitHub-GHSA

CRITICAL
Compromise of PyTorch Lightning PyPi Package Versions
GHSA-w37p-236h-pfx3
pkg: pytorch-lightning, pytorch-lightning
eco: pip
published: May 7, 2026
# Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions

**Published:** 2026-04-30
**Last Updated:** 2026-04-30

Lightning AI has identified a security incident affecting certain versions of a PyPI package.

## What happened

Lightning AI has determined that one or more releas…

CVE-2026-44484
GitHub-GHSA

CRITICAL
misp-modules website – Missing CSRF protection in the website home blueprint
GHSA-j4rh-7jcr-qm69
pkg: misp-modules
eco: pip
published: May 6, 2026
A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session …
CVE-2026-44364
GitHub-GHSA

CRITICAL
DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header
GHSA-2g9v-7mr5-fgjg
pkg: github.com/l3montree-dev/devguard
eco: go
published: May 5, 2026
### Impact
The `SessionMiddleware` accepts a client-supplied `X-Admin-Token` HTTP request header and uses its raw string value as the authenticated `userID` when no Kratos session cookie is present. An unauthenticated attacker who knows or can guess a target user's Kratos identity UUID can issue req…
CVE-2026-42300
GitHub-GHSA

CRITICAL
MagicMirror vulnerable to unauthenticated SSRF via /cors endpoint
GHSA-ph6f-2cvq-79hq
pkg: magicmirror
eco: npm
published: May 5, 2026
### Summary

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the `/cors` endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands en…

CVE-2026-42281
GitHub-GHSA

CRITICAL
django-s3file is vulnerable to relative path traversal
GHSA-67qg-7284-2277
pkg: django-s3file
eco: pip
published: May 5, 2026
### Impact
`S3FileMiddleware` is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into `request.FILES`

Depending on how files are handled, this may lead …

CVE-2026-42196
GitHub-GHSA

CRITICAL
`mysten-metrics` was removed from crates.io for malicious code
GHSA-g38r-8gmr-ghrf
pkg: mysten-metrics
eco: rust
published: May 4, 2026
`mysten-metrics` included a build script that attempted to exfiltrate data from the build machine.

The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io.

GitHub-GHSA

CRITICAL
`sui-execution-cut` was removed from crates.io for malicious code
GHSA-qprh-m6p3-hwxc
pkg: sui-execution-cut
eco: rust
published: May 4, 2026
`sui-execution-cut` included a build script that attempted to exfiltrate data from the build machine.

The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io.

GitHub-GHSA

HIGH
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor
GHSA-q4p8-8j9m-8hxj
pkg: electerm
eco: npm
published: May 8, 2026
### Impact

A code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitizatio…

CVE-2026-43943
GitHub-GHSA

HIGH
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click
GHSA-fwf6-j56g-m97c
pkg: electerm
eco: npm
published: May 8, 2026
### Impact

Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to `shell.openExternal` without any protocol validation.

When a user connects to a malicious SSH server, the attacker can print a crafted URI in the terminal output. If the victim clicks the link, `she…

CVE-2026-43941
NVD

HIGH
CVE-2026-42215
CVE-2026-42215
pkg: python

published: May 7, 2026

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as –upload-pack and –receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an appli…
CWE: CWE-78
NVD

HIGH
CVE-2025-63705
CVE-2025-63705
pkg: node

published: May 7, 2026

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.
CWE: CWE-78
NVD

HIGH
CVE-2026-41139
CVE-2026-41139
pkg: mathjs mathjs

published: May 7, 2026

Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.
CWE: CWE-915
GitHub-GHSA

HIGH
Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components
GHSA-98h9-4798-4q5v
pkg: diffusers
eco: pip
published: May 7, 2026
### Impact

A `trust_remote_code` bypass in `DiffusionPipeline.from_pretrained` allows arbitrary remote code execution despite the user passing `trust_remote_code=False` (or omitting it, which is the default). The vulnerability has three variants, all sharing the same root cause — the `trust_remot…

CVE-2026-44513
GitHub-GHSA

HIGH
Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components
GHSA-j7w6-vpvq-j3gm
pkg: diffusers
eco: pip
published: May 7, 2026
## Background

This vulnerability is found in the `DiffusionPipeline.from_pretrained` flow, which is used to load a pipeline from the HuggingFace Hub.

This function accepts an optional `custom_pipeline` keyword argument: the name of a Python file in the repo that contains a custom class inheriting …

CVE-2026-44827
GitHub-GHSA

HIGH
rmcp Streamable HTTP server transport has a DNS rebinding vulnerability
GHSA-89vp-x53w-74fx
pkg: rmcp
eco: rust
published: May 6, 2026
## Summary

Prior to version 1.4.0, the `rmcp` crate's Streamable HTTP server transport (`crates/rmcp/src/transport/streamable_http_server/`) did not validate the incoming `Host` header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP ser…

CVE-2026-42559
NVD

HIGH
CVE-2026-8000
CVE-2026-8000
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CWE: CWE-20
NVD

HIGH
CVE-2026-7973
CVE-2026-7973
pkg: google chrome, microsoft windows

published: May 6, 2026

Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-472
NVD

HIGH
CVE-2026-7928
CVE-2026-7928
pkg: google chrome, microsoft windows

published: May 6, 2026

Use after free in WebRTC in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7907
CVE-2026-7907
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7906
CVE-2026-7906
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7903
CVE-2026-7903
pkg: google chrome, apple macos, microsoft windows

published: May 6, 2026

Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-472
NVD

HIGH
CVE-2026-7902
CVE-2026-7902
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-787, CWE-125
NVD

HIGH
CVE-2026-7901
CVE-2026-7901
pkg: google chrome, apple macos

published: May 6, 2026

Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7899
CVE-2026-7899
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125, CWE-787
NVD

HIGH
CVE-2026-7898
CVE-2026-7898
pkg: google chrome, linux linux_kernel

published: May 6, 2026

Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-7896
CVE-2026-7896
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-472
NVD

HIGH
CVE-2026-42503
CVE-2026-42503
pkg: go

published: May 6, 2026

gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.
If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopls will listen on 0.0.0.0. 
As a result, users might inadvertently cause gopls to bind 0.0.0.0.
This…
CWE: CWE-1327
NVD

HIGH
CVE-2026-43158
CVE-2026-43158
pkg: go

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

xfs: fix freemap adjustments when adding xattrs to leaf blocks

xfs/592 and xfs/794 both trip this assertion in the leaf block freemap
adjustment code after ~20 minutes of running on my test VMs:

ASSERT(ichdr->firstused >= ichdr-…

GitHub-GHSA

HIGH
@evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)
GHSA-cfcj-hqpf-hccf
pkg: @evomap/evolver
eco: npm
published: May 5, 2026
## Summary

The `evolver fetch` subcommand in `index.js` writes Hub-supplied `bundled_files[]` into a directory derived from a Hub-supplied `skill_id`. When `–out` is not used, the path-sanitizing regex permits `.` characters, allowing a `skill_id` of `..` to escape the `skills/` subdirectory and r…

GitHub-GHSA

HIGH
Hysteria: A specially constructed quic package can crash the server OOM when the sniff is enabled
GHSA-9fw6-xgg2-mq9q
pkg: github.com/apernet/hysteria/core/v2
eco: go
published: May 5, 2026
### Summary

A specially constructed quic package can crash the server OOM when the sniff is enabled.

### Details

When the server has sniff enabled, a valid connection can request the server to forward UDP traffic and construct a huge crypto length. The server will allocate memory according to thi…

GitHub-GHSA

HIGH
JupyterHub has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
GHSA-37w4-hwhx-4rc4
pkg: jupyterlab
eco: pip
published: May 5, 2026
The allow-list of extensions that can be installed from PyPI Extension Manager (`allowed_extensions_uris`) is not correctly enforced by JupyterLab prior to 4.5.X. The PyPI Extension Manager was not contained to packages listed on the default PyPI index.

This has security implications for deployment…

CVE-2026-42266
GitHub-GHSA

HIGH
YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`
GHSA-xhw7-j96h-c3g5
pkg: YAFNET.Core
eco: nuget
published: May 5, 2026
**Issue Details:**
YAFNET's only admin authorization gate is `PageSecurityCheckAttribute`, implemented as a `ResultFilterAttribute` that runs *after* the page handler completes rather than before it. No other gate exists. Any admin `OnPost…` handler therefore executes its side effects before the f…
CVE-2026-43937
NVD

HIGH
CVE-2026-34464
CVE-2026-34464
pkg: sandboxie-plus sandboxie

published: May 5, 2026

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer using wcscat without verifying null termination. The handler only…
CWE: CWE-121, CWE-170
NVD

HIGH
CVE-2026-34459
CVE-2026-34459
pkg: sandboxie-plus sandboxie

published: May 5, 2026

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request with…
CWE: CWE-121
NVD

HIGH
CVE-2026-34458
CVE-2026-34458
pkg: sandboxie-plus sandboxie

published: May 5, 2026

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions (EditAdminOnly and ConfigPassword) and inject arbitrary directives into the global Sandbox…
CWE: CWE-93
GitHub-GHSA

HIGH
OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes
GHSA-cwj3-vqpp-pmxr
pkg: openclaw
eco: npm
published: May 5, 2026
## Summary

The agent-facing `gateway` tool protects `config.apply` and `config.patch` with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gate…

NVD

HIGH
CVE-2026-42434
CVE-2026-42434
pkg: node

published: May 5, 2026

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.
CWE: CWE-863
NVD

HIGH
CVE-2026-42237
CVE-2026-42237
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and …
CWE: CWE-89
NVD

HIGH
CVE-2026-42234
CVE-2026-42234
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue…
CWE: CWE-94
NVD

HIGH
CVE-2026-42232
CVE-2026-42232
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pol…
CWE: CWE-1321
NVD

HIGH
CVE-2026-42231
CVE-2026-42231
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify …
CWE: CWE-1321
NVD

HIGH
CVE-2026-42229
CVE-2026-42229
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows wher…
CWE: CWE-89
NVD

HIGH
CVE-2026-29514
CVE-2026-29514
pkg: express

published: May 4, 2026

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the env…
CWE: CWE-183
GitHub-GHSA

HIGH
Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning
GHSA-3x8w-4f7p-xxc2
pkg: open-webui
eco: pip
published: May 8, 2026
# Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

## Affected Component

Tool server and terminal server Redis cache:
– `backend/open_webui/utils/tools.py` (line 841, tool_servers SET)
– `backend/open_webui/utils/tools.py` (line 850, …

CVE-2026-44552
GitHub-GHSA

HIGH
netbox-data-flows has stored XSS in ObjectAlias names rendered inside DataFlow tables
GHSA-v7qw-hx66-4w9x
pkg: netbox-data-flows
eco: pip
published: May 7, 2026
### Summary
An authenticated user who can create or edit `ObjectAlias` objects can store arbitrary HTML/JavaScript in an alias name. That payload is later rendered unescaped in `DataFlow` table views, causing a stored XSS when another user views the affected page.

### Details
The issue is caused by…

NVD

HIGH
CVE-2026-42352
CVE-2026-42352
pkg: python

published: May 8, 2026

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3.
CWE: CWE-918
NVD

HIGH
CVE-2026-41690
CVE-2026-41690
pkg: express

published: May 8, 2026

18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated entry points that reach…
CWE: CWE-22, CWE-1321
NVD

HIGH
CVE-2026-41683
CVE-2026-41683
pkg: express

published: May 8, 2026

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape(), which i…
CWE: CWE-79, CWE-113
NVD

HIGH
CVE-2026-42047
CVE-2026-42047
pkg: express

published: May 7, 2026

Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serv…
CWE: CWE-200, CWE-497
GitHub-GHSA

HIGH
vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
GHSA-hw58-p9xv-2mjh
pkg: vm2
eco: npm
published: May 7, 2026
### Summary
A sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2) only sanitized the `onRejected` callback in `.then…
CVE-2026-44001
GitHub-GHSA

HIGH
Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
GHSA-pgh9-mpwc-8jjf
pkg: github.com/harvester/harvester
eco: go
published: May 6, 2026
### Impact

A vulnerability has been identified in the [SUSE Virtualization (Harvester) Rancher integration mechanism](https://docs.harvesterhci.io/v1.7/rancher/rancher-integration) where by default the registration client uses an insecure TLS option that fails to verify the remote server’s certi…

CVE-2025-71261
GitHub-GHSA

HIGH
PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope
GHSA-89g2-xw5c-v95p
pkg: pptagent
eco: pip
published: May 5, 2026
## Summary

> This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00.

`CodeExecutor.execute_actions` (pptagent/apis.py:126-205) processes LLM-generated slide editing actions using Python's `eval()`:

“`python
# pptagent/apis.py:18…

CVE-2026-42079
GitHub-GHSA

HIGH
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
GHSA-2jf5-6wwv-vhxx
pkg: inngest
eco: npm
published: May 5, 2026
# Summary

A vulnerability in the Inngest TypeScript SDK versions `3.22.0` through `3.53.1` allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the `serve()` HTTP handler.

The `serve()` handler implements `GET`, `POST`, and `PUT` methods. Requests u…

CVE-2026-42047
NVD

HIGH
CVE-2026-42079
CVE-2026-42079
pkg: python

published: May 4, 2026

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.
CWE: CWE-95
NVD

HIGH
CVE-2026-42449
CVE-2026-42449
pkg: node

published: May 7, 2026

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and validateInstanceContext()), the synchronous URL validator in SSR…
CWE: CWE-918
GitHub-GHSA

HIGH
vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape
GHSA-cp6g-6699-wx9c
pkg: vm2
eco: npm
published: May 7, 2026
## Summary
NodeVM's `require.root` path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses `path.resolve()` (which does not dereference symlinks) but module loading uses …
CVE-2026-43998
GitHub-GHSA

HIGH
Rancher Extensions have arbitrary file access via path traversal
GHSA-5v3h-x4wf-5c35
pkg: github.com/rancher/rancher, github.com/rancher/rancher, github.com/rancher/rancher
eco: go
published: May 7, 2026
### Impact

A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A m…

CVE-2026-25705
GitHub-GHSA

HIGH
PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
GHSA-xcmw-grxf-wjhj
pkg: praisonai
eco: pip
published: May 6, 2026
## TL;DR

CVE-2026-40287's fix gated `tools.py` auto-import behind `PRAISONAI_ALLOW_LOCAL_TOOLS=true` in **two** files (`tool_resolver.py`, `api/call.py`). A **third** import sink in `praisonai/templates/tool_override.py` was missed and remains unguarded. It is reached by the recipe runner on every …

CVE-2026-44334
GitHub-GHSA

HIGH
Velocity.js has a Prototype Pollution vulnerability through #set path assignment
GHSA-j658-c2gf-x6pq
pkg: velocityjs
eco: npm
published: May 9, 2026
### Summary
A prototype pollution vulnerability was discovered in Velocity.js <= 2.1.5. This issue occurs during the processing of #set directives in Velocity templates. If an application renders a template controlled by an attacker, it is possible to modify Object.prototype, potentially leading to …
CVE-2026-44966
GitHub-GHSA

HIGH
n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure
GHSA-8g7g-hmwm-6rv2
pkg: n8n-mcp
eco: npm
published: May 8, 2026
## Impact

`n8n-mcp` versions before 2.50.1 contained three independently-reported issues affecting deployments that run the n8n API integration:

1. **Caller-supplied identifiers were not validated before being used as URL path segments** by the n8n API client. An authenticated MCP caller passing a…

NVD

HIGH
CVE-2026-41422
CVE-2026-41422
pkg: express

published: May 7, 2026

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed a…
CWE: CWE-89
NVD

HIGH
CVE-2026-7917
CVE-2026-7917
pkg: google chrome, microsoft windows

published: May 6, 2026

Use after free in Fullscreen in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7914
CVE-2026-7914
pkg: google chrome, microsoft windows

published: May 6, 2026

Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-843
NVD

HIGH
CVE-2026-7911
CVE-2026-7911
pkg: google chrome, microsoft windows

published: May 6, 2026

Use after free in Aura in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7905
CVE-2026-7905
pkg: google chrome, google android

published: May 6, 2026

Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-7900
CVE-2026-7900
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-122
GitHub-GHSA

HIGH
LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists
GHSA-pjwx-r37v-7724
pkg: langchain-core, langchain-core
eco: pip
published: May 8, 2026
LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call `load()` with `allowed_objects="all"`. This does not enable arbitrary Python object deserialization, but it does a…
CVE-2026-44843
GitHub-GHSA

HIGH
free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating
GHSA-p9mg-74mg-cwwr
pkg: github.com/free5gc/smf
eco: go
published: May 8, 2026
### Summary
free5GC's SMF mounts the `UPI` management route group without inbound OAuth2 middleware (same root cause as the broader UPI auth gap reported in free5gc/free5gc#887). On top of that, the `DELETE /upi/v1/upNodesLinks/{upNodeRef}` handler unconditionally dereferences `upNode.UPF` after the…
CVE-2026-44328
GitHub-GHSA

HIGH
@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input
GHSA-fv7c-fp4j-7gwp
pkg: @babel/plugin-transform-modules-systemjs, @babel/plugin-transform-modules-systemjs
eco: npm
published: May 8, 2026
### Impact

Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code.

Known affected plugins are:
– `@babel/plugin-transform-modules-systemjs`
– `@babel/preset-env` when using the [`modules: "systemjs"` option](htt…

CVE-2026-44728
NVD

HIGH
CVE-2026-42353
CVE-2026-42353
pkg: express

published: May 8, 2026

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.load(languag…
CWE: CWE-22, CWE-918
GitHub-GHSA

HIGH
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
GHSA-6rgm-gr97-x3j5
pkg: github.com/free5gc/pcf
eco: go
published: May 7, 2026
### Summary
PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI
### Details
In `NewServer()`, the `smPolicyGroup` route group is created and routes are applied without attaching the router authorization midd…
CVE-2026-42083
GitHub-GHSA

HIGH
Gotenberg has a Server-Side Request Forgery (SSRF) Issue
GHSA-rm4c-xj6x-49mw
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 7, 2026
### Summary

The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint (`/forms/libreoffice/convert`) passes uploaded documents directly to LibreOffice without …

CVE-2026-42591
GitHub-GHSA

HIGH
Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist
GHSA-7v3r-m9c8-r855
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 7, 2026
**Summary**

The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m.

**Details**

The blocklist in `pkg/module…

CVE-2026-42590
NVD

HIGH
CVE-2026-39852
CVE-2026-39852
pkg: quarkus quarkus

published: May 5, 2026

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP pat…
CWE: CWE-863
GitHub-GHSA

HIGH
open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`
GHSA-v228-72c7-fx8j
pkg: open-websearch
eco: npm
published: May 5, 2026
### Summary
`src/utils/urlSafety.ts` exposes `isPublicHttpUrl` / `assertPublicHttpUrl`, used to gate the MCP `fetchWebContent` tool against private-network targets. The check has two defects that together allow **non-blind SSRF with the response body returned to the caller**:

1. **Bracketed IPv6 li…

CVE-2026-42260
GitHub-GHSA

HIGH
ssrfcheck Vulnerable to Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs
GHSA-j4rj-2jr5-m439
pkg: ssrfcheck
eco: npm
published: May 5, 2026
### Summary

`ssrfcheck` v1.3.0 (latest) fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address (e.g. `http://[::ffff:127.0.0.1]/`). The WHATWG URL parser built into Node.js silently normalizes the IPv4 notation inside the brac…

CVE-2026-43929
GitHub-GHSA

HIGH
exiftool-vendored vulnerable to argument injection via newline characters in tag names
GHSA-cw26-7653-2rp5
pkg: exiftool-vendored
eco: npm
published: May 5, 2026
### Impact

`exiftool-vendored` starts ExifTool in `-stay_open True -@ -` mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one…

CVE-2026-43893
GitHub-GHSA

HIGH
Quarkus has Authentication/Authorization bypasses
GHSA-rc95-pcm8-65v9
pkg: io.quarkus:quarkus-vertx-http, io.quarkus:quarkus-vertx-http, io.quarkus:quarkus-vertx-http
eco: maven
published: May 4, 2026
Quarkus version 3.32.4 is vulnerable to an authorization bypass issue (GHSL-2026-099), in which semicolons (matrix parameters) in HTTP requests can be used to bypass security constraints, potentially allowing unauthorized access to protected resources.

Unauthenticated or lower-privileged users can …

CVE-2026-39852
NVD

HIGH
CVE-2026-42296
CVE-2026-42296
pkg: kubernetes

published: May 9, 2026

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod securit…
CWE: CWE-863
GitHub-GHSA

HIGH
epa4all-client has a VAU Signature bypass
GHSA-g8r3-5hwf-qp96
pkg: com.oviva.telematik:epa4all-client
eco: maven
published: May 8, 2026
### Impact
In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify(). The method performs certificate chain validation, OCSP check, and signature algorithm setup, but never checks whether the signature actua…
CVE-2026-44900
NVD

HIGH
CVE-2026-42452
CVE-2026-42452
pkg: jwt

published: May 8, 2026

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow…
CWE: CWE-304
GitHub-GHSA

HIGH
Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite
GHSA-7r82-qhg4-6wvj
pkg: open-webui
eco: pip
published: May 8, 2026
# Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

## Affected Component

Retrieval web/YouTube processing endpoints:
– `backend/open_webui/routers/retrieval.py` (lines 1810-1837, `process_web`)
– `backend/open_webui/routers/retrieval.py` (the parallel `process_you…

CVE-2026-44554
GitHub-GHSA

HIGH
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
GHSA-45m8-cpm2-3v65
pkg: open-webui
eco: pip
published: May 8, 2026
# Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

## Affected Component

Socket.IO session state and role-check callsites:
– `backend/open_webui/socket/main.py` (lines 330-351, `connect` handler — role snapshotted into SESSION_POOL)
– `backend/open_webui/so…

CVE-2026-44553
NVD

HIGH
CVE-2026-41883
CVE-2026-41883
pkg: express

published: May 8, 2026

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution (RCE). This affects applications that use CDNResourceHandler with a wildcard CDN mapping (e.g. libraryName:*=https://cdn.example…
CWE: CWE-917
NVD

HIGH
CVE-2026-42239
CVE-2026-42239
pkg: jwt

published: May 7, 2026

Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full acco…
CWE: CWE-1004
NVD

HIGH
CVE-2026-42284
CVE-2026-42284
pkg: gitpython_project gitpython

published: May 7, 2026

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "–branch main –config core.hooksPath=/x" passes validation (starts with –branch),…
CWE: CWE-88
NVD

HIGH
CVE-2026-33588
CVE-2026-33588
pkg: lfnovo open-notebook

published: May 7, 2026

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
CWE: CWE-20
GitHub-GHSA

HIGH
opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
GHSA-pjv4-3c63-699f
pkg: github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension
eco: go
published: May 6, 2026
### Summary

A server-side authentication bypass in `azureauthextension` allows any party who holds a single valid Azure access token for *any scope the collector's configured identity can mint for* to authenticate to any OpenTelemetry receiver that uses `auth: azure_auth`. The extension's `Authenti…

CVE-2026-42602
GitHub-GHSA

HIGH
Lemur: LDAP Filter Injection enables post-authentication privilege escalation
GHSA-3r34-vq8m-39gh
pkg: lemur
eco: pip
published: May 6, 2026
## Description

### Overview

Lemur's LDAP authentication module (`lemur/auth/ldap.py`) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to manipulate group members…

CVE-2026-44304
GitHub-GHSA

HIGH
Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover
GHSA-mxqh-q9h6-v8pq
pkg: github.com/0xJacky/nginx-ui
eco: go
published: May 6, 2026
## Summary

An unauthenticated bootstrap takeover exists in `nginx-ui` during the initial installation window exposed by `POST /api/install`.

When the instance is still uninitialized, `POST /api/install` is reachable without authentication and accepts attacker-controlled bootstrap data. The handler…

CVE-2026-42222
GitHub-GHSA

HIGH
Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim
GHSA-h27v-ph7w-m9fp
pkg: github.com/0xJacky/Nginx-UI
eco: go
published: May 6, 2026
### Summary
An unauthenticated network attacker can claim the initial administrator account on a fresh `nginx-ui` instance during the first-run setup window. The public `/api/install` endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality …
CVE-2026-42221
GitHub-GHSA

HIGH
PyLoad vulnerable to Path Traversal via Package Folder Name in set_package_data
GHSA-838g-gr43-qqg9
pkg: pyload-ng
eco: pip
published: May 5, 2026
### Summary
No sanitization of package folder name allows writing files anywhere outside the intended download directory.

#### Affected Component
– `src/pyload/core/api/__init__.py`
– Function: `set_package_data()`

### Details
When passing a folder name in the `set_package_data()` API function cal…

CVE-2026-42315
GitHub-GHSA

HIGH
@evomap/evolver's validator sandbox allowlist permits `npm`/`npx`, yielding RCE from Hub-delivered validation tasks via lifecycle scripts
GHSA-jxh8-jh77-xh6g
pkg: @evomap/evolver
eco: npm
published: May 5, 2026
## Summary

The validator-mode sandbox executor (`src/gep/validator/sandboxExecutor.js`) places `npm` and `npx` in its hard executable allowlist. Because `npm install <pkg>` and `npx -y -p <pkg> <bin>` execute arbitrary code by design (preinstall/install/postinstall lifecycle scripts and remote-pack…

GitHub-GHSA

HIGH
YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header
GHSA-33gv-fc78-qgf5
pkg: YAFNET.Core, YAFNET.Core
eco: nuget
published: May 5, 2026
**Description:**
Stored (second-order) Cross-Site Scripting (XSS) occurs when attacker-controlled input is persisted through one component of an application and later rendered, without proper sanitization or contextual output encoding, by a completely different component — often one that implicitl…
CVE-2026-43938
GitHub-GHSA

HIGH
@tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin
GHSA-g485-8j3v-p6x8
pkg: @tdurieux/anonymous_github
eco: npm
published: May 5, 2026
### Summary

Anonymous GitHub fetches repository content (e.g., markdown files) from GitHub's API and renders it without sanitization. On the client side, markdown is parsed with `marked` (with `sanitize: false`) and injected into the DOM via `$sce.trustAsHtml()` + `ng-bind-html`, bypassing AngularJ…

NVD

HIGH
CVE-2026-42222
CVE-2026-42222
pkg: nginxui nginx_ui

published: May 4, 2026

Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.
CWE: CWE-284, CWE-306
NVD

HIGH
CVE-2026-42221
CVE-2026-42221
pkg: nginxui nginx_ui

published: May 4, 2026

Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without…
CWE: CWE-306
GitHub-GHSA

HIGH
Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft
GHSA-p64j-f4x9-wq66
pkg: github.com/lin-snow/Ech0
eco: go
published: May 7, 2026
## Summary

`parseAndValidateClientRedirect` at `internal/service/auth/auth.go:448` validates OAuth client-redirect URIs by comparing only scheme and host against the admin-configured allowlist. Path, query, and fragment are ignored. The initiator at `/oauth/:provider/login` embeds the caller-suppli…

NVD

HIGH
CVE-2026-42301
CVE-2026-42301
pkg: python

published: May 9, 2026

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so…
CWE: CWE-20, CWE-94
NVD

HIGH
CVE-2026-8148
CVE-2026-8148
pkg: windows

published: May 8, 2026

NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
CWE: CWE-266
NVD

HIGH
CVE-2022-26522
CVE-2022-26522
pkg: windows

published: May 8, 2026

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xc4a3.
CWE: CWE-367
NVD

HIGH
CVE-2026-44244
CVE-2026-44244
pkg: python

published: May 7, 2026

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \n\…
CWE: CWE-94
GitHub-GHSA

HIGH
gix-fs: Symlink prefix-reuse allows worktree escape during checkout
GHSA-f89h-2fjh-2r9q
pkg: gix-fs
eco: rust
published: May 7, 2026
### Summary

A malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to.

### Details

During checkout, all symlink index entries are deferred and created after regular files us…

CVE-2026-44471
GitHub-GHSA

HIGH
GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath
GHSA-v87r-6q3f-2j67
pkg: GitPython
eco: pip
published: May 6, 2026
`GitConfigParser.set_value()` passes values to Python's `configparser` without validating for newlines. GitPython's own `_write()` converts embedded newlines into indented continuation lines (e.g. `\n` becomes `\n\t`), but Git still accepts an indented `[core]` stanza as a section header — so the …
CVE-2026-44244
NVD

HIGH
CVE-2026-7994
CVE-2026-7994
pkg: google chrome, microsoft windows

published: May 6, 2026

Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
CWE: CWE-269
NVD

HIGH
CVE-2026-7990
CVE-2026-7990
pkg: google chrome, microsoft windows

published: May 6, 2026

Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
CWE: CWE-20
NVD

HIGH
CVE-2026-7925
CVE-2026-7925
pkg: google chrome, microsoft windows

published: May 6, 2026

Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7913
CVE-2026-7913
pkg: google chrome, google android

published: May 6, 2026

Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
CWE: CWE-693
NVD

HIGH
CVE-2026-43236
CVE-2026-43236
pkg: node

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release

The atmel_hlcdc_plane_atomic_duplicate_state() callback was copying
the atmel_hlcdc_plane state structure without properly duplicating the
drm_plane_state. In pa…

NVD

HIGH
CVE-2026-43211
CVE-2026-43211
pkg: go

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix pci_slot_trylock() error handling

Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in
pci_slot_trylock(), but it forgets to remove…

NVD

HIGH
CVE-2026-43178
CVE-2026-43178
pkg: go

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

procfs: fix possible double mmput() in do_procmap_query()

When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY
we return with -ENAMETOOLONG error. After recent changes this condition
happens later, after we …

NVD

HIGH
CVE-2026-43150
CVE-2026-43150
pkg: node

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

perf/arm-cmn: Reject unsupported hardware configurations

So far we've been fairly lax about accepting both unknown CMN models
(at least with a warning), and unknown revisions of those which we
do know, as although things do freque…

NVD

HIGH
CVE-2026-43116
CVE-2026-43116
pkg: linux linux_kernel

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: ensure safe access to master conntrack

Holding reference on the expectation is not sufficient, the master
conntrack object can just go away, making exp->master invalid.

To access exp->master safely:

– Grab …

CWE: CWE-362
NVD

HIGH
CVE-2026-43106
CVE-2026-43106
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: fix incorrect dentry refcount in cachefiles_cull()

The patch mentioned below changed cachefiles_bury_object() to expect 2
references to the 'rep' dentry. Three of the callers were changed to
use start_removing_dentry(…

NVD

HIGH
CVE-2026-43093
CVE-2026-43093
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

xsk: tighten UMEM headroom validation to account for tailroom and min frame

The current headroom validation in xdp_umem_reg() could leave us with
insufficient space dedicated to even receive minimum-sized ethernet
frame. Furthermo…

NVD

HIGH
CVE-2026-43091
CVE-2026-43091
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Wait for RCU readers during policy netns exit

xfrm_policy_fini() frees the policy_bydst hash tables after flushing the
policy work items and deleting all policies, but it does not wait for
concurrent RCU readers to leave the…

NVD

HIGH
CVE-2026-43084
CVE-2026-43084
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_queue: make hash table per queue

Sharing a global hash table among all queues is tempting, but
it can cause crash:

BUG: KASAN: slab-use-after-free in nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue]
[..]
n…

NVD

HIGH
CVE-2026-43078
CVE-2026-43078
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg – Fix page reassignment overflow in af_alg_pull_tsgl

When page reassignment was added to af_alg_pull_tsgl the original
loop wasn't updated so it may try to reassign one more page than
necessary.

Add the check to th…

NVD

HIGH
CVE-2026-43076
CVE-2026-43076
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: validate inline data i_size during inode read

When reading an inode from disk, ocfs2_validate_inode_block() performs
various sanity checks but does not validate the size of inline data. If
the filesystem is corrupted, an i…

NVD

HIGH
CVE-2026-43075
CVE-2026-43075
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix out-of-bounds write in ocfs2_write_end_inline

KASAN reports a use-after-free write of 4086 bytes in
ocfs2_write_end_inline, called from ocfs2_write_end_nolock during a
copy_file_range splice fallback on a corrupted ocfs…

NVD

HIGH
CVE-2026-43074
CVE-2026-43074
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: defer struct eventpoll free to RCU grace period

In certain situations, ep_free() in eventpoll.c will kfree the epi->ep
eventpoll struct while it still being used by another concurrent thread.
Defer the kfree() to an RCU…

NVD

HIGH
CVE-2026-34462
CVE-2026-34462
pkg: sandboxie-plus sandboxie

published: May 5, 2026

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandler) copy a WCHAR boxname[34] field from request structures into WCHAR[40] stack buffers using wcscpy …
CWE: CWE-121, CWE-170
NVD

HIGH
CVE-2026-34461
CVE-2026-34461
pkg: sandboxie-plus sandboxie

published: May 5, 2026

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_INI_RUN_SBIE_CTRL message is handled before normal sandbox and impersonation checks, and for non-sandb…
CWE: CWE-121
GitHub-GHSA

HIGH
gitoxide: CommandForbiddenInModulesConfiguration Bypass in gix_submodule::File::update() Enables Arbitrary Command Execution via .gitmodules
GHSA-f26g-jm89-4g65
pkg: gix
eco: rust
published: May 5, 2026
### Summary

[`gix_submodule::File::update()`](https://github.com/GitoxideLabs/gitoxide/blob/main/gix-submodule/src/access.rs#L168) is the API that gates whether an attacker-supplied `.gitmodules` file may set `update = !<shell command>`. The function is designed to return `Err(CommandForbiddenInMod…

GitHub-GHSA

HIGH
OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution
GHSA-r39h-4c2p-3jxp
pkg: openclaw
eco: npm
published: May 5, 2026
## Summary

OpenClaw's bundled plugin setup resolver could fall back to `process.cwd()` while resolving provider setup metadata. If a user ran an OpenClaw command from an attacker-controlled repository containing `extensions/<plugin>/setup-api.js`, OpenClaw could load and execute that JavaScript dur…

NVD

HIGH
CVE-2026-43070
CVE-2026-43070
pkg: linux

published: May 5, 2026

In the Linux kernel, the following vulnerability has been resolved:

bpf: Reset register ID for BPF_END value tracking

When a register undergoes a BPF_END (byte swap) operation, its scalar
value is mutated in-place. If this register previously shared a scalar ID
with another register (e.g., after a…

NVD

HIGH
CVE-2026-43063
CVE-2026-43063
pkg: linux

published: May 5, 2026

In the Linux kernel, the following vulnerability has been resolved:

xfs: don't irele after failing to iget in xfs_attri_recover_work

xlog_recovery_iget* never set @ip to a valid pointer if they return
an error, so this irele will walk off a dangling pointer. Fix that.

NVD

HIGH
CVE-2026-43060
CVE-2026-43060
pkg: linux

published: May 5, 2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: drop pending enqueued packets on removal

Packets sitting in nfqueue might hold a reference to:

– templates that specify the conntrack zone, because a percpu area is
used and module removal is possible.
– conn…

NVD

HIGH
CVE-2026-7791
CVE-2026-7791
pkg: windows

published: May 4, 2026

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading …
CWE: CWE-367
GitHub-GHSA

HIGH
Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo
GHSA-8mc6-xjpr-h98x
pkg: github.com/lin-snow/ech0
eco: go
published: May 7, 2026
## Summary
The `fetchPeerConnectInfo` function in `internal/service/connect/connect.go:214-239` uses `httpUtil.SendRequest` (no SSRF protection) instead of `SendSafeRequest` (which has `ValidatePublicHTTPURL` with private IP blocking). This allows authenticated users to make the server request arbit…
NVD

HIGH
CVE-2026-41905
CVE-2026-41905
pkg: curl

published: May 7, 2026

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final redirect destination. An a…
CWE: CWE-918
NVD

HIGH
CVE-2026-41688
CVE-2026-41688
pkg: curl

published: May 7, 2026

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the original hostname to cURL without CURLOPT_RESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS…
CWE: CWE-918
GitHub-GHSA

HIGH
DevSpace UI Server WebSocket CheckOrigin does not validate source
GHSA-hqwm-7x7x-8379
pkg: github.com/loft-sh/devspace
eco: go
published: May 6, 2026
### Description

DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use th…

CVE-2026-42283
GitHub-GHSA

HIGH
OpenStack Ironic has an Incorrect Resource Transfer Between Spheres
GHSA-54w4-233h-x86g
pkg: ironic-python-agent, ironic-python-agent, ironic-python-agent
eco: pip
published: May 5, 2026
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or…
CVE-2026-42997
GitHub-GHSA

HIGH
Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining
GHSA-9vvh-qmjx-p4q8
pkg: open-webui
eco: pip
published: May 8, 2026
# Base Model Routing Bypasses Access Control via Model Chaining

## Affected Component

Model chaining via `base_model_id`:
– `backend/open_webui/routers/models.py` (lines 170-214, `create_new_model`)
– `backend/open_webui/routers/models.py` (lines 254-308, `import_models`)
– `backend/open_webui/mai…

CVE-2026-44555
GitHub-GHSA

HIGH
MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys
GHSA-cfw5-68c4-ffqp
pkg: @mikro-orm/sql, @mikro-orm/knex
eco: npm
published: May 8, 2026
## Summary

MikroORM's identifier-quoting helper (`Platform.quoteIdentifier` and the postgres/mssql overrides) and its JSON-path emitters (`Platform.getSearchJsonPropertyKey`, `quoteJsonKey`) did not properly escape characters that delimit the SQL identifier or string-literal context they emit into.…

CVE-2026-44680
NVD

HIGH
CVE-2026-42351
CVE-2026-42351
pkg: python

published: May 8, 2026

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories wit…
CWE: CWE-22
GitHub-GHSA

HIGH
free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types
GHSA-f8qv-7x5w-qr48
pkg: github.com/free5gc/nrf
eco: go
published: May 8, 2026
### Summary
free5GC's NRF root SBI endpoint `POST /oauth2/token` contains a parser-level type-confusion bug family. The handler in `NFs/nrf/internal/sbi/api_accesstoken.go` reflects over `models.NrfAccessTokenAccessTokenReq`, special-cases only plain `string` and `NrfNfManagementNfType` fields, and …
CVE-2026-44325
GitHub-GHSA

HIGH
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference
GHSA-j59f-x285-69jx
pkg: github.com/free5gc/nef
eco: go
published: May 8, 2026
### Summary
free5GC's NEF `PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId}` handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns `err != nil` together with a nil `*ProblemDetails`. The handler's `errPfdData !…
CVE-2026-44322
GitHub-GHSA

HIGH
free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)
GHSA-44qj-cghf-9p97
pkg: github.com/free5gc/smf
eco: go
published: May 8, 2026
### Summary
free5GC's SMF mounts the `UPI` management route group without inbound OAuth2 middleware (same root cause as free5gc/free5gc#887). The `POST /upi/v1/upNodesLinks` create-or-update handler accepts attacker-controlled JSON and passes it directly into `UpNodesFromConfiguration()`, which call…
CVE-2026-44321
GitHub-GHSA

HIGH
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
GHSA-rxrq-fv76-26pr
pkg: github.com/free5gc/nef
eco: go
published: May 8, 2026
### Summary
free5GC's NEF terminates the entire process when a stored PFD-subscription `notifyUri` cannot be reached. In `PfdChangeNotifier.FlushNotifications()`, the notifier calls `NnefPFDmanagementNotify(…)` and on any delivery error invokes `logger.PFDManageLog.Fatal(err)`, which is `os.Exit(1…
CVE-2026-44319
GitHub-GHSA

HIGH
free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference
GHSA-wr8j-6chw-gm6p
pkg: github.com/free5gc/pcf
eco: go
published: May 8, 2026
### Summary
free5GC's PCF `POST /npcf-smpolicycontrol/v1/sm-policies` handler (`HandleCreateSmPolicyRequest`) panics with a nil-pointer dereference when a downstream OpenAPI consumer call (UDR lookup) returns `404 Not Found` and the consumer wrapper returns `err != nil` together with a nil response …
CVE-2026-44316
GitHub-GHSA

HIGH
banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI
GHSA-gphh-9q3h-jgpp
pkg: banks
eco: pip
published: May 8, 2026
## Summary

`banks <= 2.4.1` uses `jinja2.Environment()` (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to `Prompt()` are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host sy…

CVE-2026-44209
GitHub-GHSA

HIGH
fast-uri vulnerable to host confusion via percent-encoded authority delimiters
GHSA-v39h-62p7-jpjc
pkg: fast-uri
eco: npm
published: May 8, 2026
### Impact

`fast-uri` v3.1.1 and earlier decodes percent-encoded authority delimiters (`%40` as `@`, `%3A` as `:`) inside the host component and serializes them back as raw characters. This changes the URI structure, turning a hostname into userinfo plus a different host.

For example, `http://trus…

CVE-2026-6322
GitHub-GHSA

HIGH
bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass
GHSA-hfcf-v2f8-x9pc
pkg: org.bitcoinj:bitcoinj-core
eco: maven
published: May 8, 2026
### Summary
`ScriptExecution.correctlySpends()` contains two fast-path verification bugs for standard `P2PKH` and native `P2WPKH` spends in `core/src/main/java/org/bitcoinj/script/ScriptExecution.java`.

In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails t…

CVE-2026-44714
GitHub-GHSA

HIGH
fast-uri vulnerable to path traversal via percent-encoded dot segments
GHSA-q3j6-qgpj-74h6
pkg: fast-uri
eco: npm
published: May 8, 2026
### Impact

`fast-uri` v3.1.0 and earlier decodes percent-encoded path separators (`%2F`) and dot segments (`%2E`) before applying dot-segment removal in `normalize()` and `equal()`. This makes encoded path data behave like real `/` and `..`, so distinct URIs collapse onto the same normalized path.

CVE-2026-6321
GitHub-GHSA

HIGH
@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth
GHSA-qxhc-wx3p-2wmg
pkg: @fastify/accepts-serializer
eco: npm
published: May 8, 2026
### Impact

`@fastify/accepts-serializer` cached serializer-selection results keyed by the request `Accept` header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching `Accept` header variants to make the cache grow unbounded. Under sustained…

CVE-2026-7768
GitHub-GHSA

HIGH
ZITADEL has LDAP Filter Injection in Login Flow
GHSA-rxvx-hhpj-q6px
pkg: github.com/zitadel/zitadel, github.com/zitadel/zitadel, github.com/zitadel/zitadel
eco: go
published: May 8, 2026
## Summary

A vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allows unauthenticated attackers to perform LDAP Filter Injection during the login process.

CVE-2026-44671
NVD

HIGH
CVE-2026-44498
CVE-2026-44498
pkg: zfnd zebrad

published: May 8, 2026

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block…
CWE: CWE-682
NVD

HIGH
CVE-2026-41584
CVE-2026-41584
pkg: zfnd zebra-chain, zfnd zebrad

published: May 8, 2026

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity (a "zero" v…
CWE: CWE-617
NVD

HIGH
CVE-2024-46508
CVE-2024-46508
pkg: yeti-platform yeti

published: May 8, 2026

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).
CWE: CWE-798
NVD

HIGH
CVE-2026-39836
CVE-2026-39836
pkg: windows

published: May 7, 2026

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
GitHub-GHSA

HIGH
vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion
GHSA-6785-pvv7-mvg7
pkg: vm2
eco: npm
published: May 7, 2026
### Summary
Sandboxed code can call `Buffer.alloc()` with an arbitrary size to allocate memory directly on the host heap. Because `Buffer.alloc` is a synchronous C++ native call, vm2's `timeout` option cannot interrupt it. A single request can exhaust host memory and crash the process with a `FATAL …
CVE-2026-44004
NVD

HIGH
CVE-2026-41640
CVE-2026-41640
pkg: node

published: May 7, 2026

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using paramete…
CWE: CWE-89
GitHub-GHSA

HIGH
Talos Linux has a local privilege escalation from untrusted workloads
GHSA-m38g-vww2-mvgx
pkg: github.com/siderolabs/talos
eco: go
published: May 7, 2026
### Summary

A vulnerability in the Linux kernel's algif_aead subsystem (CVE-2026-31431, "copy.fail") allows an unprivileged container workload to corrupt arbitrary file page-cache pages via the AF_ALG crypto interface and splice(). On Talos Linux, this vulnerability can be chained into a complete n…

GitHub-GHSA

HIGH
rust-zserio has Unbounded Memory Allocation
GHSA-fpf5-4jw8-67×8
pkg: rust-zserio
eco: rust
published: May 7, 2026
### Impact

When deserializing arrays, strings or bytes (blob) types zserio first reads the size of the variable, and then allocates sufficient memory to load data. Since the size is always trusted this can be abused by creating a data file with a large size value, causing the zserio runtime to allo…

GitHub-GHSA

HIGH
Gotenberg has an unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine
GHSA-r33j-c622-r6qp
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 7, 2026
## Summary

The webhook middleware spawns a goroutine that holds a reference to the request's `echo.Context` after the synchronous handler returns `ErrAsyncProcess` and Echo recycles the context back to its `sync.Pool`. When a concurrent request claims the recycled context, `c.Reset()` clears the st…

CVE-2026-42594
GitHub-GHSA

HIGH
Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
GHSA-f6hv-jmp6-3vwv
pkg: io.netty:netty-codec-http, io.netty:netty-codec-http2, io.netty:netty-codec-http
eco: maven
published: May 7, 2026
## Summary

`HttpContentDecompressor` accepts a `maxAllocation` parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via `ZlibDecoder`, but is silently ignored when the content encoding is `br` (Brotli), …

CVE-2026-42587
GitHub-GHSA

HIGH
Netty Lz4FrameDecoder is vulnerable to resource exhaustion
GHSA-mj4r-2hfc-f8p6
pkg: io.netty:netty-codec-compression, io.netty:netty-codec
eco: maven
published: May 7, 2026
### Summary
Lz4FrameDecoder allocates a ByteBuf of size `decompressedLength` (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus `compressedLength` payload bytes – 22 bytes if `compressedLength == 1` – to force that allocation.

### Details
io.netty.handler.codec.compres…

CVE-2026-42583
GitHub-GHSA

HIGH
Netty HTTP/3 QPACK literal unbounded allocation
GHSA-2c5c-chwr-9hqw
pkg: io.netty:netty-codec-http3
eco: maven
published: May 7, 2026
### Summary
When Netty decodes HTTP/3 headers, it sometimes runs `new byte[length]` using a length from the wire before checking that many bytes are really there. A small malicious header can claim a huge length (on the order of a gigabyte).

### Details
When decoding header blocks, the non-Huffman …

CVE-2026-42582
GitHub-GHSA

HIGH
Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)
GHSA-cm33-6792-r9fm
pkg: io.netty:netty-codec-dns, io.netty:netty-codec-dns
eco: maven
published: May 7, 2026
# Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)

## 1. Vulnerability Summary

| Field | Value |
|——-|——-|
| **Product** | Netty |
| **Version** | 4.2.12.Final (and all prior versions with codec-dns) |
| **Component** | `io.netty.handler.codec.d…

CVE-2026-42579
GitHub-GHSA

HIGH
Netty epoll transport denial of service via RST on half-closed TCP connection
GHSA-rwm7-x88c-3g2p
pkg: io.netty:netty-transport-native-epoll
eco: maven
published: May 6, 2026
## Summary

Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread.

## Affected versions

All versions of 4.2.x `netty-tr…

CVE-2026-42577
GitHub-GHSA

HIGH
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
GHSA-2cwq-pwfr-wcw3
pkg: Nerdbank.MessagePack
eco: nuget
published: May 6, 2026
### Summary

Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a …

CVE-2026-44375
GitHub-GHSA

HIGH
python-multipart has Denial of Service via unbounded multipart part headers
GHSA-pp6c-gr5w-3c5g
pkg: python-multipart
eco: pip
published: May 6, 2026
### Summary

`python-multipart` has a denial of service vulnerability in multipart part header parsing. When parsing `multipart/form-data`, `MultipartParser` previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either m…

CVE-2026-42561
GitHub-GHSA

HIGH
Granian vulnerable to unauthenticated DoS via WebSocket subprotocol header panic
GHSA-vrg7-482j-p6f6
pkg: granian
eco: pip
published: May 6, 2026
### Summary

Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose `Sec-WebSocket-Protocol` header contains non-ASCII bytes.

The crash happens in Granian's WebSocket scope construction path, before the ASGI application is invoked.

This is a single-r…

CVE-2026-42544
GitHub-GHSA

HIGH
Snappier has an infinite loop during SnappyStream decompression with malformed framed input
GHSA-pggp-6c3x-2xmx
pkg: Snappier
eco: nuget
published: May 6, 2026
### Summary
`Snappier.SnappyStream` enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes.

### Details
The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The ex…

CVE-2026-44302
GitHub-GHSA

HIGH
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header
GHSA-8hjv-92q9-g4xj
pkg: io.micronaut:micronaut-context
eco: maven
published: May 6, 2026
## Summary

`TimeConverterRegistrar` caches `DateTimeFormatter` instances in an unbounded `ConcurrentHashMap<String, DateTimeFormatter>` whose key is derived from the `@Format` annotation pattern concatenated with the locale from the HTTP `Accept-Language` header. Because `Locale.forLanguageTag()` a…

CVE-2026-44241
GitHub-GHSA

HIGH
basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
GHSA-rpmf-866q-6p89
pkg: basic-ftp
eco: npm
published: May 6, 2026
## Summary

`basic-ftp` is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses.

A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before authentication. The client keeps appending attac…

CVE-2026-44240
NVD

HIGH
CVE-2026-7948
CVE-2026-7948
pkg: google chrome, microsoft windows

published: May 6, 2026

Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
CWE: CWE-362
NVD

HIGH
CVE-2026-7897
CVE-2026-7897
pkg: google chrome, apple iphone_os

published: May 6, 2026

Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
GitHub-GHSA

HIGH
Nokogiri CSS selector tokenizer has regular expression backtracking
GHSA-c4rq-3m3g-8wgx
pkg: nokogiri
eco: rubygems
published: May 6, 2026
## Summary

Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release:

1. String-literal tokenization on certain unterminated quoted-string input.
2. Stri…

NVD

HIGH
CVE-2026-23870
CVE-2026-23870
pkg: react

published: May 6, 2026

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel, react…
NVD

HIGH
CVE-2026-43226
CVE-2026-43226
pkg: linux linux_kernel

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

net/rds: No shortcut out of RDS_CONN_ERROR

RDS connections carry a state "rds_conn_path::cp_state"
and transitions from one state to another and are conditional
upon an expected state: "rds_conn_path_transition."

There is one exc…

NVD

HIGH
CVE-2026-43164
CVE-2026-43164
pkg: go

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb().

syzbot reported null-ptr-deref of udp_sk(sk)->udp_prod_queue. [0]

Since the cited commit, udp_lib_init_sock() can fail, as can
udp_init_sock() and udpv6_init_sock().

L…

NVD

HIGH
CVE-2026-43101
CVE-2026-43101
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

We need to check __in6_dev_get() for possible NULL value, as
suggested by Yiming Qian.

Also add skb_dst_dev_rcu() instead of skb_dst_dev(),
and two missing …

NVD

HIGH
CVE-2026-43099
CVE-2026-43099
pkg: linux

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

ipv4: icmp: fix null-ptr-deref in icmp_build_probe()

ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the
IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing
this error pointer to dev_hold() will …

GitHub-GHSA

HIGH
Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection
GHSA-wpg9-53fq-2r8h
pkg: mongoose, mongoose, mongoose
eco: npm
published: May 5, 2026
### Impact

This vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the `$nor` operator.

When sanitizeFilter is enabled, Mongoose wraps query operators in `$eq` to neutralize them. However, prior to the fix, `$nor` was not included in the set of logical oper…

CVE-2026-42334
GitHub-GHSA

HIGH
changedetection.io has an Arbitrary Local File Read via a crafted backup restore
GHSA-8757-69j2-hx56
pkg: changedetection.io
eco: pip
published: May 5, 2026
### Details
The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files.

The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into …

CVE-2026-43891
GitHub-GHSA

HIGH
Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
GHSA-grgv-6hw6-v9g4
pkg: Twisted
eco: pip
published: May 5, 2026
### Details

The twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses pr…

CVE-2026-42304
GitHub-GHSA

HIGH
GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
GHSA-p3w2-64xm-833j
pkg: github.com/osrg/gobgp/v4
eco: go
published: May 5, 2026
### Summary
Remote Denial of Service (DoS) via Nil Pointer Dereference in BGP Update Processing
An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improper…
CVE-2026-42285
GitHub-GHSA

HIGH
ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid
GHSA-p4hc-9pjh-55c8
pkg: ssrfcheck
eco: npm
published: May 5, 2026
# SSRF Bypass in `ssrfcheck` – fails to classify reserved IP address space as invalid

`ssrfcheck` is an npm package that serves to provide protection from SSRF by validating URLs or hostname inputs.

Resources:
* Project's GitHub code repository: https://github.com/felippe-regazio/ssrfcheck
* Pr…

CVE-2025-8267
NVD

HIGH
CVE-2026-40280
CVE-2026-40280
pkg: thecodingmachine gotenberg

published: May 5, 2026

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the –webhook-deny-list and –api-download-from-deny-list flags use a case-sensitive regular expression (^https?://) to match URL schemes. Because Go's net/url.Parse() normalizes…
CWE: CWE-918
NVD

HIGH
CVE-2026-32934
CVE-2026-32934
pkg: coredns.io coredns

published: May 5, 2026

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full, CoreDNS still spawns a gor…
CWE: CWE-770
GitHub-GHSA

HIGH
pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
GHSA-98qh-xjc8-98pq
pkg: org.postgresql:postgresql
eco: maven
published: May 5, 2026
## Summary
pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication.

### Impact
A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count.
With a large enough value, the client spends an unbounded amount of CPU ti…

CVE-2026-42198
GitHub-GHSA

HIGH
Prometheus: Remote read endpoint allows denial of service via crafted snappy payload
GHSA-8rm2-7qqf-34qm
pkg: github.com/prometheus/prometheus
eco: go
published: May 5, 2026
### Impact

The remote read endpoint (`/api/v1/read`) does not validate the declared decoded length in a snappy-compressed request body before allocating memory.
An unauthenticated attacker can send a small payload that causes a huge heap allocation per request. Under concurrent load this can exhaus…

CVE-2026-42154
GitHub-GHSA

HIGH
Prometheus Azure AD remote write OAuth client secret exposed via config API
GHSA-wg65-39gg-5wfj
pkg: github.com/prometheus/prometheus
eco: go
published: May 5, 2026
### Impact

Users who use Azure AD remote write with OAuth authentication are impacted.

The `client_secret` field in the Azure AD remote write OAuth configuration (`storage/remote/azuread`) was typed as `string` instead of `Secret`. Prometheus redacts fields of type `Secret` when serving the config…

CVE-2026-42151
NVD

HIGH
CVE-2026-30923
CVE-2026-30923
pkg: owasp modsecurity

published: May 5, 2026

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a si…
CWE: CWE-125
NVD

HIGH
CVE-2026-7776
CVE-2026-7776
pkg: tls

published: May 4, 2026

Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate …
CWE: CWE-770
NVD

HIGH
CVE-2026-7768
CVE-2026-7768
pkg: node

published: May 4, 2026

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the Node.js…
CWE: CWE-770
NVD

HIGH
CVE-2026-42236
CVE-2026-42236
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory r…
CWE: CWE-770
NVD

HIGH
CVE-2026-42226
CVE-2026-42226
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supply …
CWE: CWE-862
NVD

HIGH
CVE-2026-42151
CVE-2026-42151
pkg: oauth

published: May 4, 2026

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving …
CWE: CWE-200, CWE-312
GitHub-GHSA

HIGH
Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation
GHSA-659w-93r5-9j6m
pkg: org.apache.opennlp:opennlp-tools, org.apache.opennlp:opennlp-tools
eco: maven
published: May 4, 2026
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader 

Versions Affected: 

Before 2.5.9

Before 3.0.0-M3 

Description:

The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed integer count field f…

CVE-2026-42440
GitHub-GHSA

HIGH
OpenMRS ModuleResourcesServlet has Path Traversal that Leads to Arbitrary File Read
GHSA-jjgj-cx3q-pw4w
pkg: org.openmrs.web:openmrs-web, org.openmrs.web:openmrs-web
eco: maven
published: May 4, 2026
## Affected Versions

version ≤ 2.7.8 (latest version at time of disclosure)

https://github.com/openmrs/openmrs-core

## Impact

The `/openmrs/moduleResources/{moduleid}` endpoint in OpenMRS Core is vulnerable to a path traversal attack. The `ModuleResourcesServlet` does not properly validate use…

CVE-2026-40075
NVD

HIGH
CVE-2026-37461
CVE-2026-37461
pkg: go

published: May 4, 2026

An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
CWE: CWE-125
NVD

HIGH
CVE-2026-34354
CVE-2026-34354
pkg: windows

published: May 8, 2026

Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the Handl…
CWE: CWE-367
NVD

HIGH
CVE-2026-42264
CVE-2026-42264
pkg: axios

published: May 8, 2026

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct property access without hasOwnProperty guards, making the…
CWE: CWE-1321
NVD

HIGH
CVE-2026-40213
CVE-2026-40213
pkg: node

published: May 7, 2026

OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet…
CWE: CWE-863
GitHub-GHSA

HIGH
ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI
GHSA-fpw6-hrg5-q5x5
pkg: github.com/lin-snow/Ech0
eco: go
published: May 7, 2026
## Summary

Access tokens created with the "never expire" option have no `exp` JWT claim. Three independent revocation mechanisms fail for this token type. Logout at `internal/handler/auth/auth.go:154` and `:163` dereferences `claims.ExpiresAt.Time`, panicking on the nil field so the token never hit…

GitHub-GHSA

HIGH
katalyst-koi: Session cookies can be replayed after user logout
GHSA-4cx3-3c38-j9vv
pkg: katalyst-koi, katalyst-koi
eco: rubygems
published: May 7, 2026
### Impact

Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated.

This affects applications using Koi admi…

CVE-2026-44511
GitHub-GHSA

HIGH
wger: CSV/TSV formula injection in gym member export (first_name/last_name)
GHSA-xq9m-hmp9-fw87
pkg: wger
eco: pip
published: May 6, 2026
### Summary

The gym member TSV export endpoint in wger writes `first_name` and `last_name` profile fields verbatim to TSV cells with no formula-prefix sanitization. Any gym member (including newly self-registered users) can pre-load a spreadsheet formula into their own profile. When a gym admin lat…

GitHub-GHSA

HIGH
Axios: Prototype Pollution Gadgets – Response Tampering, Data Exfiltration, and Request Hijacking
GHSA-pf86-5×62-jrwf
pkg: axios, axios
eco: npm
published: May 5, 2026
## Summary

When `Object.prototype` has been polluted by any co-dependency with keys that axios reads without a `hasOwnProperty` guard, an attacker can (a) silently intercept and modify every JSON response before the application sees it, or (b) fully hijack the underlying HTTP transport, gaining acc…

CVE-2026-42033
GitHub-GHSA

HIGH
Axios: Header Injection via Prototype Pollution
GHSA-6chq-wfr3-2hj9
pkg: axios, axios
eco: npm
published: May 5, 2026
### Summary

A prototype pollution gadget exists in the Axios HTTP adapter (lib/adapters/http.js) that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders,…

CVE-2026-42035
GitHub-GHSA

HIGH
Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
GHSA-q8qp-cvcw-x6jj
pkg: axios
eco: npm
published: May 5, 2026
## Summary

Five config properties in the HTTP adapter are read via direct property access without `hasOwnProperty` guards, making them exploitable as prototype pollution gadgets. When `Object.prototype` is polluted by another dependency in the same process, axios silently picks up these polluted va…

CVE-2026-42264
GitHub-GHSA

HIGH
smallbitvec: Integer overflow in safe API leads to heap buffer overflow
GHSA-97wc-2hqc-cjgr
pkg: smallbitvec
eco: rust
published: May 9, 2026
### Summary
An integer overflow in the internal capacity calculation of `smallbitvec` can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption without requiring `unsafe` code from the caller.

### Details
The issue originate…

CVE-2026-44983
GitHub-GHSA

HIGH
free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path
GHSA-wqfh-gq79-j8mf
pkg: github.com/free5gc/nef
eco: go
published: May 8, 2026
### Summary
free5GC's NEF mounts the `nnef-callback` route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g. `Authorization: Bearer not-a-real-token`) is enough to reach the SMF-callback handler — the callback body is parsed and dispatched into NEF bu…
CVE-2026-44320
GitHub-GHSA

HIGH
Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal
GHSA-9pgh-j74g-qj6m
pkg: open-webui
eco: pip
published: May 8, 2026
# **CONFIDENTIAL**

# KL-CAN-2024-002

## Vulnerability Details

| # | Field | Value |
|—|——-|——-|
| 1 | **Discoverer** | Jaggar Henry & Sean Segreti of KoreLogic, Inc. |
| 2 | **Date Submitted** | 2024.03.12 |
| 3 | **Title** | Open WebUI Arbitrary File Upload + Path Traversal |
| 5 | **A…

CVE-2026-44566
GitHub-GHSA

HIGH
Open WebUI has Improper Authorization Control
GHSA-4vg5-rp28-gvjf
pkg: open-webui
eco: pip
published: May 8, 2026
# **CONFIDENTIAL**

# Vulnerability Disclosure Analysis Documentation

## Vulnerability Details

| # | Field | Value |
|—|——-|——-|
| 1 | **Discoverer** | Taylor Pennington of KoreLogic, Inc. |
| 2 | **Date Submitted** | June 11, 2024 |
| 3 | **Title** | Open WebUI Improper Authorizati…

CVE-2026-44567
GitHub-GHSA

HIGH
Open WebUI has stored XSS in Excel file preview
GHSA-jwf8-pv5p-vhmc
pkg: open-webui
eco: pip
published: May 8, 2026
### Summary
Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the [sheetjs](https://git.sheetjs.com/sheetjs/sheetjs) function [sheet_to_html](https://git.sheetjs.com/sheetjs/sheetjs/src/commit/66cf8d2117d271f89e4f47b5fed35a3e1ea93f67/bits/79_html…
CVE-2026-44549
GitHub-GHSA

HIGH
open-webui Vulnerable to Stored XSS via Model Description
GHSA-gf5m-wcrh-7928
pkg: open-webui, open-webui
eco: npm
published: May 8, 2026
> [!IMPORTANT]
> Relationship to CVE-2024-7990

> CVE-2024-7990 (issued by huntr.dev, March 2025) describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag place…

CVE-2026-44721
NVD

HIGH
CVE-2025-55449
CVE-2025-55449
pkg: jwt

published: May 8, 2026

AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.
CWE: CWE-321
GitHub-GHSA

HIGH
Netty has HttpClientCodec response desynchronization
GHSA-57rv-r2g8-2cj3
pkg: io.netty:netty-codec-http, io.netty:netty-codec-http
eco: maven
published: May 7, 2026
### Summary
If HttpClientCodec is configured, there are use cases when a response body from one request, can be parsed as another's.

### Details
HttpClientCodec pairs each inbound response with an outbound request by `queue.poll()` once per response, including for `1xx`. If the client pipelines GE…

CVE-2026-42584
GitHub-GHSA

HIGH
YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers
GHSA-8rq5-wwpp-fmj2
pkg: YAFNET.Core, YAFNET.Core
eco: nuget
published: May 5, 2026
**Description:**
Stored Cross-Site Scripting (XSS) occurs when user-supplied input is persisted by the application and later rendered in another user's browser without proper sanitization or contextual output encoding. When the vulnerable sink is a high-traffic surface such as a public forum thread,…
CVE-2026-43939
GitHub-GHSA

HIGH
Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption
GHSA-526f-jxpj-jmg2
pkg: thrift
eco: npm
published: May 5, 2026
Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift.

This issue affects Apache Thrift:…

CVE-2026-43870
GitHub-GHSA

HIGH
Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
GHSA-7pwc-h2j2-rjgj
pkg: org.apache.thrift:libthrift
eco: maven
published: May 5, 2026
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version [0.23.0](https://github.com/apache/thrift/releases/tag/v0.23.0), which fixes the issue.

CVE-2026-43869
NVD

HIGH
CVE-2026-7810
CVE-2026-7810
pkg: python

published: May 5, 2026

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit …
CWE: CWE-22
GitHub-GHSA

HIGH
Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure
GHSA-fc67-c4hg-q653
pkg: github.com/aws/amazon-ecs-agent
eco: go
published: May 7, 2026
### Summary
[Amazon Elastic Container Service (Amazon ECS)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certai…
NVD

HIGH
CVE-2026-39383
CVE-2026-39383
pkg: thecodingmachine gotenberg

published: May 5, 2026

Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a crafted URL in the Gotenberg-Webhook-Url request header. The F…
CWE: CWE-918
GitHub-GHSA

HIGH
Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
GHSA-pmwg-cvhr-8vh7
pkg: axios, axios
eco: npm
published: May 5, 2026
**1. Executive Summary**
This report documents an **incomplete security patch** for the previously disclosed vulnerability **GHSA-3p68-rc4w-qgx5 (CVE-2025-62718)**, which affects the `NO_PROXY` hostname resolution logic in the Axios HTTP library.

**Background — The Original Vulnerability**
The or…

CVE-2026-42043
GitHub-GHSA

HIGH
Open WebUI's responses passthrough endpoint lacks access control authorization
GHSA-hp5m-24vp-vq2q
pkg: open-webui
eco: pip
published: May 8, 2026
## Summary

The /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the primary chat completion endpoint (generate_chat_completion) checks model ownership, group membership,…

CVE-2026-44556
GitHub-GHSA

HIGH
Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install
GHSA-xhrw-5qxx-jpwr
pkg: apm-cli
eco: pip
published: May 7, 2026
### Summary
Microsoft APM normalizes marketplace plugins by copying plugin components referenced in `plugin.json` into `.apm/`. The manifest fields `agents`, `skills`, `commands`, and `hooks` are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin d…
CVE-2026-44641
NVD

HIGH
CVE-2026-44243
CVE-2026-44243
pkg: gitpython_project gitpython

published: May 7, 2026

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory …
CWE: CWE-22
GitHub-GHSA

HIGH
GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository
GHSA-7545-fcxq-7j24
pkg: GitPython
eco: pip
published: May 6, 2026
## 🧾 Summary

A vulnerability in **GitPython** allows **attackers who can supply a crafted reference path to an application using GitPython** to **write, overwrite, move, or delete files outside the repository’s `.git` directory** via **insufficient validation of reference paths in reference cr…

CVE-2026-44243
GitHub-GHSA

HIGH
Auth.js SDK has Improper Permission Checking
GHSA-8qjv-jj2q-x832
pkg: auth0-js
eco: npm
published: May 6, 2026
### Description
Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided.

### Am I Affected?
Users are affected if they meet each of the following preconditions:
– Applications b…

CVE-2026-42280
NVD

HIGH
CVE-2026-43062
CVE-2026-43062
pkg: linux

published: May 5, 2026

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()

l2cap_ecred_reconf_rsp() casts the incoming data to struct
l2cap_ecred_conn_rsp (the ECRED *connection* response, 8 bytes with
result at offset 6) instead of struct …

GitHub-GHSA

HIGH
Apache Atlas has a Code Injection Vulnerability
GHSA-35xx-9xrg-gwhf
pkg: org.apache.atlas:apache-atlas
eco: maven
published: May 4, 2026
### Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas.

Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data.

##…

CVE-2026-40563
GitHub-GHSA

HIGH
GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath
GHSA-mv93-w799-cj2w
pkg: GitPython
eco: pip
published: May 8, 2026
Summary

The patch for CVE-2026-42215 (GitPython 3.1.49) validates newlines only in the value parameter of set_value(). The section and option parameters are passed to configparser without any newline validation. An attacker who controls the section argument can inject \n to write arbitrary section …

NVD

HIGH
CVE-2026-34596
CVE-2026-34596
pkg: sandboxie-plus sandboxie

published: May 5, 2026

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by Sbi…
CWE: CWE-367
GitHub-GHSA

HIGH
awslabs/tough is Missing Delegated Metadata Validation
GHSA-4v58-8p28-2rq3
pkg: tough, tuftool
eco: rust
published: May 5, 2026
### Summary
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local meta…
CVE-2026-6967
GitHub-GHSA

HIGH
awslabs/tough Delegated Roles have a Signature Threshold Bypass
GHSA-8m7c-8m39-rv4x
pkg: tough, tuftool
eco: rust
published: May 5, 2026
### Summary
Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegat…
CVE-2026-6966
GitHub-GHSA

HIGH
@yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools
GHSA-8jr5-6gvj-rfpf
pkg: @yoda.digital/gitlab-mcp-server
eco: npm
published: May 9, 2026
## SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab Tools Including Destructive Operations

A review of `mcp-gitlab-server` at commit `80a7b4cf3fba6b55389c0ef491a48190f7c8996a` uncovered that the SSE HTTP transport — advertised in the README and comparison table as a d…

CVE-2026-44895
GitHub-GHSA

HIGH
Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning
GHSA-h9hm-m2xj-4rq9
pkg: zebrad
eco: rust
published: May 8, 2026
## Summary

A composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent weaknesses in the gossip, syncer, and download subsystems — al…

CVE-2026-44499
GitHub-GHSA

HIGH
n8n-mcp webhook and API client paths has an authenticated SSRF
GHSA-cmrh-wvq6-wm9r
pkg: n8n-mcp
eco: npm
published: May 8, 2026
### Summary

Authenticated Server-Side Request Forgery affecting the webhook trigger tools, the n8n API client (`N8N_API_URL`), and per-request URLs supplied via the `x-n8n-url` header in multi-tenant HTTP mode.

### Impact

A caller with access to the MCP session can drive HTTP requests from the n8…

CVE-2026-44694
GitHub-GHSA

HIGH
gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense
GHSA-52cq-7v8r-62c6
pkg: gmaps-mcp
eco: pip
published: May 8, 2026
## Unauthenticated HTTP Transport Allows Unlimited Google Maps API Calls at Operator Expense

The `gmaps-mcp` codebase was reviewed at commit `e671db68c804c9e67d51582d3280839ffa65f127` and three issues worth flagging were discovered — one high-severity, one medium, one structural. There were no pr…

GitHub-GHSA

HIGH
fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes
GHSA-5wm8-gmm8-39j9
pkg: fast-xml-builder
eco: npm
published: May 8, 2026
# Summary
When an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML.

## Detail

Malicious Input
“`
{
a: {
"@_attr": '…

CVE-2026-44665
GitHub-GHSA

HIGH
mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening
GHSA-j7h9-2jh7-g967
pkg: mcp-ssh-tool
eco: npm
published: May 7, 2026
## Summary

`mcp-ssh-tool` has released version `2.1.1` with security hardening for transfer path authorization and HTTP bearer authentication.

The release addresses:

– insufficient local path policy enforcement in transfer-related filesystem handling
– incomplete canonicalization and segment-boun…

GitHub-GHSA

HIGH
Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution
GHSA-g49p-4qxj-88v3
pkg: github.com/enchant97/note-mark/backend
eco: go
published: May 7, 2026
### Description

The Note Mark application allows authenticated users to upload assets to notes via `POST /api/notes/{noteID}/assets`, where the asset filename is provided through the `X-Name` HTTP request header. This value is stored directly in the database without any sanitization or validation -…

CVE-2026-44522
GitHub-GHSA

HIGH
Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker
GHSA-j944-w549-3453
pkg: cinny
eco: npm
published: May 7, 2026
### Impact
A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker f…
CVE-2026-42553
GitHub-GHSA

HIGH
hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
GHSA-3v94-mw7p-v465
pkg: hickory-proto, hickory-net
eco: rust
published: May 7, 2026
The NSEC3 closest-encloser proof validation in `hickory-proto`'s (0.25.0-alpha.3 … 0.25.2) and `hickory-net`'s (0.26.0-alpha.1 .. 0.26.0) `DnssecDnsHandle` walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descenda…
GitHub-GHSA

HIGH
Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information
GHSA-585v-hcgf-jhfr
pkg: github.com/free5gc/udm
eco: go
published: May 7, 2026
## Summary

The free5GC UDM component fails to validate the `supi` path parameter in six GET handlers of the `nudm-sdm` (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and retur…

CVE-2026-42459
GitHub-GHSA

HIGH
Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR)
GHSA-m98r-6667-4wq7
pkg: aegra-api
eco: pip
published: May 7, 2026
## Impact

Aegra deployments running 0.9.0 through 0.9.6 with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated user (User A), given another user's `thread_id` (User B), can:

– Execute graph runs against User B's thread via `POST /threads/{th…

CVE-2026-44504
GitHub-GHSA

HIGH
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
GHSA-7j59-v9qr-6fq9
pkg: com.microsoft.kiota:microsoft-kiota-abstractions, Microsoft.Kiota.Abstractions, microsoft-kiota-http
eco: npm
published: May 7, 2026
### Summary
The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme.

This vulnerability is present in the RedirectHandl…

CVE-2026-44503
GitHub-GHSA

HIGH
ldap3_proto has LDAP Filter stack exhaustion
GHSA-qcxq-75wr-5cm8
pkg: ldap3_proto
eco: rust
published: May 6, 2026
### Impact
LDAP queries are not validated for depth, which can cause the parser (both PEG and ASN) to exhaust the stack. This *may* cause a denial of service in applications that process queries.

### Workarounds
N/A

### Resources
Related to GHSA-r5fr-9gmv-jggh

GitHub-GHSA

HIGH
scim_proton and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion
GHSA-r5fr-9gmv-jggh
pkg: scim_proto, kanidm_proto
eco: rust
published: May 6, 2026
### Summary

A single unauthenticated `GET` to any `/scim/v1/…` endpoint with a `?filter=` query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with `std::process::abort(…

GitHub-GHSA

HIGH
Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)
GHSA-mgx6-5cf9-rr43
pkg: keras, keras
eco: pip
published: May 6, 2026
### Summary
Keras’s model loader (KerasFileEditor) unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares a…
CVE-2026-0897
GitHub-GHSA

HIGH
Daptin fuzzy search injects unvalidated column name into raw SQL
GHSA-pwqg-q8pg-pp6r
pkg: github.com/daptin/daptin
eco: go
published: May 6, 2026
## Summary

`processFuzzySearch` in `server/resource/resource_findallpaginated.go:1484` splits the user-supplied `column` parameter by comma and interpolates each segment directly into `goqu.L(fmt.Sprintf("LOWER(%s) LIKE ?", prefix+col))` raw SQL with no column whitelist check. The entry point is `G…

CVE-2026-44349
GitHub-GHSA

HIGH
PraisonAI has an SSRF bypass
GHSA-q9pw-vmhh-384g
pkg: praisonaiagents
eco: pip
published: May 6, 2026
### Summary
The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks.

### Details
The current PraisonAI project uses _validate_url to validate the input URL. The main logic is to perform security checks on the host portion of the URL extrac…

CVE-2026-44335
GitHub-GHSA

HIGH
Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
GHSA-2h4p-vjrc-8xpq
pkg: Mako
eco: pip
published: May 6, 2026
## Summary

On Windows, a URI using backslash traversal (e.g. `\..\..\ secret.txt`) bypasses the directory traversal check in `Template.__init__` and the `posixpath`-based normalization in `TemplateLookup.get_template()`, allowing reads of files outside the configured template directory.

## Detail…

CVE-2026-44307
GitHub-GHSA

HIGH
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content
GHSA-mqcg-5×36-vfcg
pkg: jupyterlab, notebook
eco: pip
published: May 6, 2026
JupyterLab's HTML sanitizer allowlists `data-commandlinker-command` and `data-commandlinker-args` on `button` elements, while `CommandLinker` listens for all click events on `document.body` and executes the named command without checking whether the element came from trusted JupyterLab UI. A noteboo…
CVE-2026-42557
GitHub-GHSA

HIGH
Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain
GHSA-6447-269v-g68m
pkg: github.com/mezo-org/mezod
eco: go
published: May 6, 2026
**Note: the fixed version of the validator client has been deployed for some time.**

### Impact

Potential full drain of L1 bridge without changing bridged balance on Mezo.

## Brief/Intro

A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the `bridgeOut` pr…

GitHub-GHSA

HIGH
dssrf: every IPv6 category bypasses is_url_safe
GHSA-8p33-q827-ghj5
pkg: dssrf
eco: npm
published: May 6, 2026
A vulnerability in dssrf allows an attacker to bypass its SSRF protections by supplying one of the following IPv6 addresses, resulting in a successful SSRF. This contradicts dssrf documentation, which incorrectly claims that IPv6 is disabled entirely. See below:

“`rust
Input Category
http://[::1]/…

CVE-2026-44232
GitHub-GHSA

HIGH
QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0
GHSA-v5c3-6wvc-pc2q
pkg: github.com/QuantumNous/new-api
eco: go
published: May 6, 2026
# SSRF Filter Bypass via `0.0.0.0`

### Summary

The SSRF protection introduced in v0.9.0.5 (CVE-2025-59146) and hardened in v0.9.6 (CVE-2025-62155) does not block the unspecified address `0.0.0.0`. A regular (non-admin) user holding any valid API token can send a multimodal request to `/v1/chat/co…

CVE-2026-42339
GitHub-GHSA

HIGH
Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
GHSA-hjph-f4mc-wx4c
pkg: mistune
eco: pip
published: May 6, 2026
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references.

### Original Description

### Summary
**Denial-of-Service (DoS)** vulnerability in the Mistune Markdown parser. The issue occurs when pr…

GitHub-GHSA

HIGH
Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
GHSA-8mp2-v27r-99xp
pkg: mistune
eco: pip
published: May 6, 2026
### Summary

A ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds (measured on Apple M2, Python 3.14.3), wit…

CVE-2026-33079
GitHub-GHSA

HIGH
jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine
GHSA-mggx-p7jf-jgw4
pkg: org.jdbi:jdbi3-freemarker
eco: maven
published: May 5, 2026
# Summary

**Description**

An Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Jdbi allows arbitrary command execution when an application using `jdbi3-freemarker` permits attacker-influenced text to reach `FreemarkerEngine.parse()` as template sourc…

GitHub-GHSA

HIGH
authd: Primary group ID is incorrectly set to value of UID
GHSA-fg3j-5w9g-hmg7
pkg: github.com/canonical/authd
eco: go
published: May 5, 2026
authd 0.6.0 contains [a bug](https://github.com/canonical/authd/issues/1482) which can lead to an incorrect primary group ID.

It affects users whose primary group ID (i.e. the GID in the user record) differs from their UID. There are two ways which can lead to this:

1. The user was created with au…

CVE-2026-6970
GitHub-GHSA

HIGH
rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
GHSA-xp3w-r5p5-63rr
pkg: openssl
eco: rust
published: May 5, 2026
`X509Ref::ocsp_responders` returns OCSP responder URLs from a certificate's AIA extension as `OpensslString`, whose `Deref<Target = str>` wraps the raw bytes with `str::from_utf8_unchecked`. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its…
CVE-2026-42327
GitHub-GHSA

HIGH
RustFS: ListServiceAccount authorizes against wrong admin action, enabling cross-user enumeration and root service account takeover
GHSA-mm2q-qcmx-gw4w
pkg: rustfs
eco: rust
published: May 5, 2026
## Summary

`ListServiceAccount` (`GET /rustfs/admin/v3/list-service-accounts?user=<other>`) authorizes cross-user requests against `UpdateServiceAccountAdminAction` instead of `ListServiceAccountsAdminAction` at `rustfs/src/admin/handlers/service_account.rs:936`. The handler accepts the **wrong** a…

GitHub-GHSA

HIGH
link-preview-js vulnerable to IPv6 and internal loopback attacks
GHSA-4gp8-rjrq-ch6q
pkg: link-preview-js
eco: npm
published: May 5, 2026
### Impact
The library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks.

### Patches
Problem has been patched in version 4.0.1. However, it cannot be completely solved by the package al…

CVE-2026-43897
GitHub-GHSA

HIGH
gix and gitoxide: unvalidated submodule name traverses out of .git/modules and redirects state() / open() to another repository
GHSA-fr8x-3vfx-f45h
pkg: gitoxide, gix
eco: rust
published: May 5, 2026
## **Summary**
attachments:
[pocs.zip](https://github.com/user-attachments/files/26431422/pocs.zip)

Submodule names coming from `.gitmodules` are exposed as unvalidated names and are later reused to derive the submodule git directory as:

“`
<superproject common_dir>/modules/<submodule name>
“`

GitHub-GHSA

HIGH
gix and gitoxide's symlinked .gitmodules are followed and parsed from outside of the repository
GHSA-pg4w-g64p-qwhj
pkg: gitoxide, gix
eco: rust
published: May 5, 2026
## Summary
attachments:
[pocs.zip](https://github.com/user-attachments/files/26431422/pocs.zip)

When `Repository::submodules()` loads submodule metadata, it prefers the worktree `.gitmodules` file if that path exists. In the current implementation, the path is read with `std::fs::read()`, which fo…

GitHub-GHSA

HIGH
gix-pack has multiple DoS vectors: unchecked indexing panics and uncapped OOM allocations from crafted pack data
GHSA-x494-mj8g-cj27
pkg: gix-pack
eco: rust
published: May 5, 2026
### Summary

Multiple denial-of-service vectors in `gix-pack`: unchecked array indexing causes panics on crafted delta data, and uncapped attacker-controlled size headers enable OOM process kills. Both are triggered by malicious pack data received during clone/fetch.

### Details

**Bug 1: Unchecked…

GitHub-GHSA

HIGH
gix's submodule name validation bypass + trust inheritance flaw enables path traversal and credential disclosure
GHSA-p3hw-mv63-rf9w
pkg: gix, gix-validate
eco: rust
published: May 5, 2026
### Summary

Submodule name validation bypass plus missing validation in production code paths allows path traversal via crafted `.gitmodules`. Combined with a trust inheritance flaw in `Submodule::open()`, this enables reading arbitrary git repository configs (including credentials) from traversed …

GitHub-GHSA

HIGH
Diesel's SQLite backend has possible UTF-8 corruption
GHSA-h5x4-m2qf-r4f2
pkg: diesel
eco: rust
published: May 5, 2026
Diesel uses the `sqlite3_value_text` function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding [SQLite](https://sqlite.org/c3ref/value_blob.html) documentation that this function always returns a UTF-8 encoded string values as `*const c_char`. Bas…
GitHub-GHSA

HIGH
Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls
GHSA-fj4g-2p96-q6m3
pkg: network-ai
eco: npm
published: May 5, 2026
# Security Advisory: Missing Authentication for Critical Function in `Jovancoding/Network-AI`

| Field | Value |
|—|—|
| Project | `Jovancoding/Network-AI` |
| Repository | https://github.com/Jovancoding/Network-AI |
| Affected commit | `c344f2053eb0d49395988f803bf92f2a86b2a0d0` |
| Affected tes…

CVE-2026-42856
GitHub-GHSA

HIGH
net-imap vulnerable to STARTTLS stripping via invalid response timing
GHSA-vcgp-9326-pqcp
pkg: net-imap, net-imap, net-imap
eco: rubygems
published: May 4, 2026
### Summary

A man-in-the-middle attacker can cause `Net::IMAP#starttls` to return "successfully", without starting TLS.

### Details

When using `Net::IMAP#starttls` to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged `OK` response with an easily predictab…

CVE-2026-42246
GitHub-GHSA

MEDIUM
Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
GHSA-62hf-57xw-28j9
pkg: axios, axios
eco: npm
published: May 5, 2026
### Summary
toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError.

### Details
lib/helpers/toFormData.js:210 defines an inner `build(value, path)` that recurses into every object/array child (li…

CVE-2026-42039
GitHub-GHSA

MEDIUM
Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body size
GHSA-8wxp-xxp2-rcgx
pkg: volcano.sh/volcano, volcano.sh/volcano, volcano.sh/volcano
eco: go
published: May 8, 2026
### Impact
The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook…
CVE-2026-44247
NVD

MEDIUM
CVE-2026-42194
CVE-2026-42194
pkg: curl

published: May 7, 2026

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes the original hostname-based URL to curl_init(), leaving a DNS rebinding TOCTOU window that allows redirecting requests to i…
CWE: CWE-918
GitHub-GHSA

MEDIUM
Netty Redis Codec Encoder has a CRLF Injection Issue
GHSA-rgrr-p7gp-5xj7
pkg: io.netty:netty-codec-redis, io.netty:netty-codec-redis
eco: maven
published: May 7, 2026
# Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder

## 1. Vulnerability Summary

| Field | Value |
|——-|——-|
| **Product** | Netty |
| **Version** | 4.2.12.Final (and all prior versions with codec-redis) |
| **Component** | `io.netty.handler.codec.redis.RedisEncoder…

CVE-2026-42586
GitHub-GHSA

MEDIUM
Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled
GHSA-vr7c-r5gj-j3w5
pkg: lemur
eco: pip
published: May 6, 2026
## Description

### Overview

When LDAP TLS is enabled (`LDAP_USE_TLS = True`), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the **global** `ldap` module level. This allows a man-in-the-middle attacker positioned between Lemur and the LDAP server to int…

CVE-2026-44305
GitHub-GHSA

MEDIUM
wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
GHSA-3r68-x3xc-rxpg
pkg: wireshark-mcp
eco: pip
published: May 5, 2026
## Description

### Impact

`wireshark-mcp` exposes a `wireshark_export_objects` MCP tool that accepts an attacker-controlled `dest_dir` parameter and passes it to tshark's `–export-objects` flag with **no mandatory path restriction**.

The path sandbox (`_allowed_dirs`) is `None` by default and on…

CVE-2026-43901
GitHub-GHSA

MEDIUM
gix-transport: HTTP credentials leaked to redirected host in curl backend
GHSA-9857-6mw7-fq2m
pkg: gix-transport
eco: rust
published: May 5, 2026
## Summary

The curl-based HTTP transport in `gix-transport` sends user credentials (passwords, tokens) to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial `GET /info/refs`, gitoxide records the redirected base URL and rewrites all s…

GitHub-GHSA

MEDIUM
Axios: no_proxy bypass via IP alias allows SSRF
GHSA-m7pr-hjqh-92cm
pkg: axios, axios
eco: npm
published: May 5, 2026
The fix for no_proxy hostname normalization bypass (#10661) is incomplete.When no_proxy=localhost is set, requests to 127.0.0.1 and [::1] still route through the proxy instead of bypassing it.

The shouldBypassProxy() function does pure string matching — it does not
resolve IP aliases or loopback…

CVE-2026-42038
GitHub-GHSA

MEDIUM
view_component: Preview Route Can Dispatch Inherited Helper Methods
GHSA-7f3r-gwc9-2995
pkg: view_component
eco: rubygems
published: May 8, 2026
### Summary

The preview route derives an example name from the URL and calls it with `public_send`. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class.

As a result, inherited public methods on `ViewComponent::Preview` are route…

CVE-2026-44836
GitHub-GHSA

MEDIUM
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)
GHSA-jqfc-gwj5-3w63
pkg: github.com/free5gc/udr
eco: go
published: May 8, 2026
### Summary
free5GC's UDR `nudr-dr` `DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions` handler panics on a single authenticated request against a fresh UDR instance when the supplied `ueId` does not exist in `UESubsCollection`. The processor checks `value,…
CVE-2026-44324
GitHub-GHSA

MEDIUM
free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions
GHSA-27ph-8q4f-h7m7
pkg: github.com/free5gc/bsf
eco: go
published: May 8, 2026
### Summary
free5GC's BSF `PUT /nbsf-management/v1/subscriptions/{subId}` handler has an unsynchronized write on the global `Subscriptions` map. The handler first reads the map under `RLock()` via `BSFContext.GetSubscription(subId)`, but if the subscription does not exist, `ReplaceIndividualSubcript…
CVE-2026-44318
GitHub-GHSA

MEDIUM
free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference
GHSA-wwqh-7jm5-gj7w
pkg: github.com/free5gc/pcf
eco: go
published: May 8, 2026
### Summary
free5GC's PCF `POST /npcf-policyauthorization/v1/app-sessions` handler panics on a single authenticated request whose `ascReqData.suppFeat == "1"` (enabling traffic-routing feature negotiation) and whose `medComponents` entries supply an `afAppId` but NO `AfRoutReq`. The create path then…
CVE-2026-44317
GitHub-GHSA

MEDIUM
OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured
GHSA-wfr5-454p-mjc2
pkg: OpenTelemetry.Exporter.Instana
eco: nuget
published: May 8, 2026
### Summary

The `OpenTelemetry.Exporter.Instana` NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the `INSTANA_ENDPOINT_PROXY` environment variable.

If a network attacker can Man-in-the-Middle …

CVE-2026-44213
GitHub-GHSA

MEDIUM
Wagtail has improper permission handling when copying pages
GHSA-67rv-mg8q-5pf3
pkg: wagtail, wagtail
eco: pip
published: May 8, 2026
### Impact

A CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once copied, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page.

###…

CVE-2026-44200
GitHub-GHSA

MEDIUM
Wagtail has improper permission handling when deleting form submissions
GHSA-pwm3-7fv4-g6xx
pkg: wagtail, wagtail
eco: pip
published: May 8, 2026
### Impact

A CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't.

The vulnerability is not exploitable by an ordinary site visito…

CVE-2026-44199
GitHub-GHSA

MEDIUM
Wagtail has improper permission handling when comparing revisions
GHSA-c6wj-9vcj-75pj
pkg: wagtail, wagtail
eco: pip
published: May 8, 2026
### Impact

A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information.

### Patches

Patched versions have been released as Wag…

CVE-2026-44197
GitHub-GHSA

MEDIUM
Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search
GHSA-h36f-rqpx-j5wx
pkg: open-webui
eco: pip
published: May 8, 2026
# Unauthorized File and Knowledge Base Content Access via RAG Vector Search

## Affected Component

RAG source resolution in chat completion pipeline:
– `backend/open_webui/retrieval/utils.py` (lines 963-965, 1063-1068, 1126-1131 in `get_sources_from_items`)

## Affected Versions

Current main branc…

CVE-2026-44560
GitHub-GHSA

MEDIUM
Open WebUI's Model Import Overwrites Any Model Without Ownership Check
GHSA-mqq6-cqcx-38vg
pkg: open-webui
eco: pip
published: May 8, 2026
# Model Import Overwrites Any Model Without Ownership Check

## Affected Component

Model import endpoint:
– `backend/open_webui/routers/models.py` (lines 254-308, `import_models`)

## Affected Versions

Current main branch (commit `6fdd19bf1`) and likely all versions with model import functionality…

CVE-2026-44562
GitHub-GHSA

MEDIUM
Electerm's full process.env exposed to renderer via window.pre.env
GHSA-37j4-88rp-2f6h
pkg: electerm
eco: npm
published: May 8, 2026
### Impact

The `getConstants()` IPC handler in `src/app/lib/ipc-sync.js` serialises the entire `process.env` object and sends it to the renderer. The data is stored as `window.pre.env` and is accessible from any JavaScript running in the renderer (e.g., via the DevTools console or a compromised web…

CVE-2026-43942
NVD

MEDIUM
CVE-2026-41585
CVE-2026-41585
pkg: zfnd zebra-rpc, zfnd zebrad

published: May 8, 2026

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the requ…
CWE: CWE-248, CWE-617
GitHub-GHSA

MEDIUM
Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count
GHSA-pj6q-4vq4-r8cg
pkg: github.com/lin-snow/Ech0
eco: go
published: May 7, 2026
## Summary

`PUT /api/echo/like/:id` at `internal/router/echo.go:12` is registered on `PublicRouterGroup` with no authentication and no rate limit. Anonymous callers increment the `fav_count` counter on any echo (including private echoes) by UUID, repeat the request without deduplication, and trigge…

NVD

MEDIUM
CVE-2026-33589
CVE-2026-33589
pkg: lfnovo open-notebook

published: May 7, 2026

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
CWE: CWE-20
GitHub-GHSA

MEDIUM
vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary
GHSA-mpf8-4hx2-7cjg
pkg: vm2
eco: npm
published: May 7, 2026
### Summary

A sandbox boundary violation in **vm2** allows host object identity to cross into the sandbox through host Promise resolution.

When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox `.then()` callback preserves host identit…

CVE-2026-44000
GitHub-GHSA

MEDIUM
ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check
GHSA-vwx9-7qcf-gg7f
pkg: github.com/shellhub-io/shellhub
eco: go
published: May 7, 2026
## Summary
`GET /api/namespaces/:tenant` returns the full namespace object — including the members list (user IDs, e-mails, roles), settings, and device counts — to any caller authenticated by an **API Key**, for any tenant, regardless of the API Key's own tenant scope.

The handler conditionall…

CVE-2026-44426
GitHub-GHSA

MEDIUM
Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change
GHSA-258c-965c-p3hc
pkg: github.com/daptin/daptin
eco: go
published: May 7, 2026
### Summary

A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens (JWTs) remain fully valid after a user changes their password. The JWT validation middleware (`CheckJWT`) only verifies token signature, expiry, issuer, and signing algorithm — it does …

GitHub-GHSA

MEDIUM
Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users
GHSA-v8j7-hp7c-738f
pkg: github.com/kubetail-org/kubetail/modules/dashboard, github.com/kubetail-org/kubetail/modules/cli
eco: go
published: May 7, 2026
### Summary

Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. T…

CVE-2026-44514
GitHub-GHSA

MEDIUM
Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
GHSA-38f8-5428-x5cv
pkg: io.netty:netty-codec-http, io.netty:netty-codec-http
eco: maven
published: May 7, 2026
### Summary
Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks.

### Details
Netty incorrectly marks a request as chunked when malformed "Transfer-Encoding: chunked, identity" is present.
According to RFC https://datatracker.ietf.org/doc/html/rfc9112#name-messag…

CVE-2026-42585
GitHub-GHSA

MEDIUM
Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing
GHSA-m4cv-j2px-7723
pkg: io.netty:netty-codec-http, io.netty:netty-codec-http
eco: maven
published: May 7, 2026
### Summary
Netty's chunk size parser silently overflows int, enabling request smuggling attacks.

### Details
io.netty.handler.codec.http.HttpObjectDecoder#getChunkSize silently overflows int.

The size is accumulated as follows:

result *= 16;
result += digit;

The result is checked only for negat…

CVE-2026-42580
GitHub-GHSA

MEDIUM
Hono: bodyLimit() can be bypassed for chunked / unknown-length requests
GHSA-9vqf-7f2p-gf9v
pkg: hono
eco: npm
published: May 6, 2026
## Summary

`bodyLimit()` does not reliably enforce `maxSize` for requests without a usable `Content-Length` (e.g. `Transfer-Encoding: chunked`). Oversized requests can reach handlers and return `200` instead of `413`.

## Details

For chunked / unknown-length requests, `bodyLimit()` wraps the body …

CVE-2026-44456
GitHub-GHSA

MEDIUM
ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data
GHSA-9w9c-9w8m-w89q
pkg: github.com/shellhub-io/shellhub
eco: go
published: May 6, 2026
## Summary
`GET /api/sessions/:uid` returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records (SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps) belonging to any other namespa…
CVE-2026-44423
GitHub-GHSA

MEDIUM
ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace
GHSA-j72x-xfwg-783f
pkg: github.com/shellhub-io/shellhub
eco: go
published: May 6, 2026
## Summary
`GET /api/devices/:uid` returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace (tenant). Any authenticated user (JWT or API Key) who knows or can guess a device UID can read device metadata from any other na…
CVE-2026-44424
GitHub-GHSA

MEDIUM
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
GHSA-83vm-p52w-f9pw
pkg: vllm
eco: pip
published: May 6, 2026
### Summary

The `extract_hidden_states` speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a `RuntimeError` that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters (`r…

CVE-2026-44223
NVD

MEDIUM
CVE-2026-40197
CVE-2026-40197
pkg: linuxcontainers incus

published: May 6, 2026

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem contains…
CWE: CWE-476
GitHub-GHSA

MEDIUM
Nginx-UI Settings API Exposes Protected Secrets
GHSA-q4w7-56hr-83rm
pkg: github.com/0xJacky/nginx-ui
eco: go
published: May 6, 2026
### Summary
The `GetSettings` API handler (`api/settings/settings.go:24-65`) serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with `protected:"true"` – however, this tag is only enforced during writes (via `ProtectedFill` in `SaveSetti…
CVE-2026-42223
GitHub-GHSA

MEDIUM
vLLM Vulnerable to Remote DoS via Special-Token Placeholders
GHSA-hpv8-x276-m59f
pkg: vllm
eco: pip
published: May 5, 2026
## Summary
This report explains a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during…
CVE-2026-44222
GitHub-GHSA

MEDIUM
PyLoad Vulnerable to Path Traversal via Package Folder Name
GHSA-97r3-5w84-r4q8
pkg: pyload-ng
eco: pip
published: May 5, 2026
Insufficient sanitization of package folder names allows writing files outside the intended download directory.

## Affected Component
– `src/pyload/core/api/__init__.py`
– Function: `add_package()`

## Description
Package folder names are sanitized using insufficient string replacement:

“`python

CVE-2026-42314
GitHub-GHSA

MEDIUM
Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback
GHSA-7jrr-xw9c-mj39
pkg: github.com/0xJacky/Nginx-UI
eco: go
published: May 5, 2026
## Summary
An authenticated user can call `GET /api/settings` and retrieve sensitive configuration values, including `node.secret`. The same `node.secret` is accepted by `AuthRequired()` through the `X-Node-Secret` header (or `node_secret` query parameter), causing the request to be treated as authe…
CVE-2026-42220
NVD

MEDIUM
CVE-2026-32603
CVE-2026-32603
pkg: sandboxie-plus sandboxie

published: May 5, 2026

Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the \Device\SandboxieDriver…
CWE: CWE-20
GitHub-GHSA

MEDIUM
requests-hardened is Vulnerable to Server-Side Request Forgery
GHSA-vh75-fwv3-pqrh
pkg: requests-hardened
eco: pip
published: May 5, 2026
The SSRF protection in `requests-hardened` prior to version 1.2.1 fails to block IP addresses within the RFC 6598 Shared Address Space (`100.64.0.0/10`). An attacker who can supply arbitrary URLs to `requests-hardened` could exploit this gap to access internal services hosted within `100.64.0.0/10`.…
CVE-2026-42175
NVD

MEDIUM
CVE-2026-30246
CVE-2026-30246
pkg: go

published: May 5, 2026

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key an…
CWE: CWE-436
GitHub-GHSA

MEDIUM
OpenClaw contains a symlink traversal vulnerability
GHSA-35mw-5vvr-vrxc
pkg: openclaw
eco: npm
published: May 5, 2026
OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended reposi…
CVE-2026-43570
GitHub-GHSA

MEDIUM
Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
GHSA-3w6x-2g7m-8v23
pkg: axios
eco: npm
published: May 5, 2026
# Vulnerability Disclosure: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

## Summary

The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any `Object.prototype` pollution in the application's dependency tree to be escalated into …

CVE-2026-42044
NVD

MEDIUM
CVE-2026-42223
CVE-2026-42223
pkg: nginxui nginx_ui

published: May 4, 2026

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" – however, this tag …
CWE: CWE-200
NVD

MEDIUM
CVE-2026-42220
CVE-2026-42220
pkg: nginxui nginx_ui

published: May 4, 2026

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired() through the X-Node-Secret header (or node_secret …
CWE: CWE-200, CWE-863
NVD

MEDIUM
CVE-2026-42228
CVE-2026-42228
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated rem…
CWE: CWE-862
NVD

MEDIUM
CVE-2026-42092
CVE-2026-42092
pkg: go

published: May 4, 2026

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as google_secret, openai_apikey, and goog…
CWE: CWE-200
NVD

MEDIUM
CVE-2026-42091
CVE-2026-42091
pkg: go

published: May 4, 2026

goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CSRF token validation that was added to the POST upload handler during the CVE-2026-40883 fix. Combined with the unconditional Access-Control-Allow-Origin: * on the OPTIONS pref…
CWE: CWE-352
GitHub-GHSA

MEDIUM
kube-router: GoBGP gRPC Admin Port Exposed on Node Primary IP Without Authentication, Allowing Cluster-Wide BGP Route Injection
GHSA-v5mh-h5hx-7v92
pkg: github.com/cloudnativelabs/kube-router
eco: go
published: May 6, 2026
## Summary

When the kube-router routing controller starts (`–run-router`), it binds the GoBGP gRPC management server to the node's primary IP (e.g., `192.168.1.10:50051`) in addition to `127.0.0.1:50051`. The default admin port is `50051` and the server is enabled by default with no TLS and no aut…

GitHub-GHSA

MEDIUM
go-ipld-prime's DAG-CBOR and DAG-JSON decoders have unbounded recursion depth
GHSA-w239-58×2-q8p5
pkg: github.com/ipld/go-ipld-prime
eco: go
published: May 7, 2026
The DAG-CBOR and DAG-JSON decoders recurse on each nested map or list without a depth limit. A payload containing deeply nested collections causes the decoder to recurse once per level, growing the goroutine stack until the Go runtime terminates the process with a fatal stack overflow (distinct from…
CVE-2026-42328
GitHub-GHSA

MEDIUM
@evomap/evolver has an unbounded request body in proxy /asset/submit that causes persistent disk-exhaustion DoS
GHSA-7xp7-m392-h92c
pkg: @evomap/evolver
eco: npm
published: May 5, 2026
## Summary

The EvoMap proxy daemon's HTTP body parser accepts requests of any size, and the `POST /asset/submit` route persists the full request body — verbatim and uncapped — as a JSONL line in `<dataDir>/messages.jsonl`. An unauthenticated local attacker (other local user, container neighbor,…

GitHub-GHSA

MEDIUM
LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution
GHSA-xq4x-622m-q8fq
pkg: @lobehub/lobehub
eco: npm
published: May 5, 2026
### Summary
The vulnerability was automatically discovered by an ai agent and then manually verified.

LobeChat's message rendering mechanism has a stored cross-site scripting (XSS) vulnerability. Combined with the Electron main process's exposed insecure IPC interface, attackers can construct malic…

CVE-2026-42045
GitHub-GHSA

MEDIUM
Mistune Heading ID Attribute has Injection XSS
GHSA-v87v-83h2-53w7
pkg: mistune
eco: pip
published: May 9, 2026
## Summary
`HTMLRenderer.heading()` builds the opening `<hN>` tag by string-concatenating the `id` attribute value directly into the HTML — with no call to `escape()`, `safe_entity()`, or any other sanitisation function. A double-quote character `"` in the `id` value terminates the attribute, allo…
CVE-2026-44897
GitHub-GHSA

MEDIUM
Mistune Math Plugin has an XSS Escape Bypass
GHSA-8g87-j6q8-g93x
pkg: mistune
eco: pip
published: May 8, 2026
## Summary
The mistune math plugin renders inline math (`$…$`) and block math (`$$…$$`) by concatenating the raw user-supplied content directly into the HTML output **without any HTML escaping**. This occurs even when the parser is explicitly created with `escape=True`, which is supposed to guar…
CVE-2026-44708
GitHub-GHSA

MEDIUM
fast-xml-builder Comment Value regex can be bypassed
GHSA-45c6-75p6-83cc
pkg: fast-xml-builder
eco: npm
published: May 8, 2026
# Summary
The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes `–` sequences in XML comment content using .replace(/–/g, '- -'). This skip the values containing three consecutive dashes (e.g., —>…), allowing an attacker to break out of an XML comment and i…
CVE-2026-44664
GitHub-GHSA

MEDIUM
Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler
GHSA-jp94-3292-c3xv
pkg: devise
eco: rubygems
published: May 8, 2026
## Summary

When the `Timeoutable` module is enabled in Devise, the `FailureApp#redirect_url` method returns `request.referrer` — the HTTP `Referer` header, which is attacker-controllable — without validation for any non-GET request that results in a session timeout. An attacker who hosts a page…

CVE-2026-40295
GitHub-GHSA

MEDIUM
Free5GC AMF Bypasses UE Security Capabilities on NGAP PathSwitchRequest
GHSA-77×9-rf64-92gv
pkg: github.com/free5gc/amf
eco: go
published: May 7, 2026
### Summary
The AMF in Free5GC v4.2.1 does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the AMF's stored UE security capabilities with arbitrary values, wh…
CVE-2026-42081
GitHub-GHSA

MEDIUM
Kanidm: Stored HTML injection in "passkey-enrolment" partial via displayname → htmx-driven authenticated request forgery
GHSA-gpxg-fx2g-qxj2
pkg: kanidm
eco: rust
published: May 6, 2026
### Summary

The kanidmd web UI renders the WebAuthn passkey-registration challenge as raw JSON inside an inline `<script id="data">` element using the Askama `|safe` filter. The challenge embeds the account's `displayname`, which `serde_json` serialises without escaping `<`/`>`. A `displayname` con…

GitHub-GHSA

MEDIUM
Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component
GHSA-q98m-7w8c-w388
pkg: github.com/kyverno/policy-reporter-ui
eco: go
published: May 6, 2026
### Summary
Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that {{ }} interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flow…
CVE-2026-44245
NVD

MEDIUM
CVE-2026-42230
CVE-2026-42230
pkg: n8n n8n

published: May 4, 2026

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, t…
CWE: CWE-601
GitHub-GHSA

MEDIUM
OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload
GHSA-q8ff-7ffm-m3r9
pkg: openclaw
eco: npm
published: May 5, 2026
## Summary

OpenClaw webhooks allowed route secrets to be backed by `SecretRef` values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran `openclaw secrets reload`, the previous resolved webhook secret could remain valid until the plugin or gateway r…

GitHub-GHSA

MEDIUM
SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant)
GHSA-6c8g-7p36-r338
pkg: SharpCompress
eco: nuget
published: May 8, 2026
### Summary

A path traversal vulnerability in `IArchive.WriteToDirectory()` allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the …

CVE-2026-44788
GitHub-GHSA

MEDIUM
view_component: System Test Entry Point Path Check Allows Sibling Directory Escape
GHSA-hg3h-g7xc-f7vp
pkg: view_component
eco: rubygems
published: May 8, 2026
### Summary

The system test entrypoint canonicalizes a user-controlled file path with `File.realpath`, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix.

Severity: Medium; tes…

CVE-2026-44837
GitHub-GHSA

MEDIUM
Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme
GHSA-g924-cjx7-2rjw
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 7, 2026
## Summary

The `/forms/chromium/convert/url` and `/forms/chromium/screenshot/url` routes accept `url=file:///tmp/…` from anonymous callers. The default Chromium deny-list intentionally exempts `file:///tmp/` so HTML/Markdown routes can load their own request-local assets, and those routes apply a…

CVE-2026-42597
GitHub-GHSA

MEDIUM
axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
GHSA-248h-974q-xrc2
pkg: com.getaxonflow:axonflow-sdk
eco: maven
published: May 6, 2026
## Summary

The AxonFlow SDK's `WebhookSubscription` (or equivalent) type did not expose the HMAC-SHA256 signing key returned by the platform's `CreateWebhook` endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the `X-AxonFlow-Signature` header on incomin…

GitHub-GHSA

MEDIUM
axonflow-sdk-typescript: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
GHSA-mph8-9v29-pm42
pkg: @axonflow/sdk
eco: npm
published: May 6, 2026
## Summary

The AxonFlow SDK's `WebhookSubscription` (or equivalent) type did not expose the HMAC-SHA256 signing key returned by the platform's `CreateWebhook` endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the `X-AxonFlow-Signature` header on incomin…

GitHub-GHSA

MEDIUM
axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
GHSA-mhc4-qq83-fmrr
pkg: github.com/getaxonflow/axonflow-sdk-go/v5
eco: go
published: May 6, 2026
## Summary

The AxonFlow SDK's `WebhookSubscription` (or equivalent) type did not expose the HMAC-SHA256 signing key returned by the platform's `CreateWebhook` endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the `X-AxonFlow-Signature` header on incomin…

GitHub-GHSA

MEDIUM
axonflow-sdk-python: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
GHSA-7f4h-6264-89fr
pkg: axonflow
eco: pip
published: May 6, 2026
## Summary

The AxonFlow SDK's `WebhookSubscription` (or equivalent) type did not expose the HMAC-SHA256 signing key returned by the platform's `CreateWebhook` endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the `X-AxonFlow-Signature` header on incomin…

GitHub-GHSA

MEDIUM
Granian vulnerable to DoS via WSGI response header panic
GHSA-f5p7-9fr5-8jmj
pkg: granian
eco: pip
published: May 6, 2026
### Summary

Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses `.unwrap()` on both the header name and header value constructors, so malformed output from the application becomes a process abort instead…

CVE-2026-42545
GitHub-GHSA

MEDIUM
OpAMP client reads unbounded HTTP response bodies
GHSA-w2jh-77fq-7gp8
pkg: OpenTelemetry.OpAmp.Client
eco: nuget
published: May 5, 2026
### Summary

When receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed.

This could cause memory exhaustion in the consuming application if the configured OpAMP serve…

CVE-2026-42348
GitHub-GHSA

MEDIUM
eventsource-encoder vulnerable to SSE event injection via unsanitized `event` and `id` fields
GHSA-m9g3-3g99-mhpx
pkg: eventsource-encoder
eco: npm
published: May 8, 2026
### Summary

`eventsource-encoder` does not sanitize the `event` or `id` fields of an `EventSourceMessage` before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Events line terminators (`\n`, `\r`, or `\r\n`) and thereby forge additional SSE fields or entire…

CVE-2026-44214
GitHub-GHSA

MEDIUM
vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak
GHSA-v27g-jcqj-v8rw
pkg: vm2
eco: npm
published: May 7, 2026
### Summary
vm2's `CallSite` wrapper class (intended as a safe wrapper for V8's native CallSite) blocks `getThis()` and `getFunction()` to prevent host object leakage, but allows `getFileName()` to return unsanitized host absolute paths. Any sandboxed code can extract the full directory structure, l…
CVE-2026-44002
GitHub-GHSA

MEDIUM
CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content
GHSA-ff6c-w6qf-7xqc
pkg: css_parser, css_parser
eco: rubygems
published: May 7, 2026
### Summary

The CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with `OpenSSL::SSL::VERIFY_NONE`, meaning any HTTPS certificate—even entirely untru…

CVE-2026-44312
GitHub-GHSA

MEDIUM
Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization
GHSA-xxqh-mfjm-7mv9
pkg: io.netty:netty-codec-http, io.netty:netty-codec-http
eco: maven
published: May 7, 2026
# NETTY HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

| Field | Value |
|———–|——-|
| Library | `io.netty:netty-codec-http` |
| Component | `codec-http` — `HttpObjectDecoder` |
| Severity | **HIGH** |
| Affects | HEAD, commit `4f3533ae` confirmed |

## Summary…

CVE-2026-42581
GitHub-GHSA

MEDIUM
docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler
GHSA-fqph-j6v6-jvgx
pkg: docling-graph
eco: pip
published: May 7, 2026
### Impact

The `URLInputHandler` class in `docling_graph/core/input/handlers.py` makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The `URLValidator` only checks for a valid scheme and non-empty `netloc`, perfo…

CVE-2026-44520
GitHub-GHSA

MEDIUM
BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
GHSA-mcfx-4vc6-qgxv
pkg: bentoml
eco: pip
published: May 7, 2026
### Summary
BentoML's `bentoml build` packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento artifact.

If a victim builds an untrusted repository or other attacker-supplied build context, the attacker can pla…

CVE-2026-40610
NVD

MEDIUM
CVE-2026-40004
CVE-2026-40004
pkg: openssl

published: May 7, 2026

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.
CWE: CWE-427
GitHub-GHSA

MEDIUM
Vercel: Non-interactive mode includes CLI arguments in suggested command output
GHSA-pgf8-2hgj-grqg
pkg: vercel
eco: npm
published: May 7, 2026
# Summary

When the Vercel CLI runs in non-interactive mode (`–non-interactive` or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via `–token` or `-t` on the command line, the token value is includ…

CVE-2026-44479
GitHub-GHSA

MEDIUM
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening
GHSA-cqmh-pcgr-q42f
pkg: @axonflow/openclaw
eco: npm
published: May 6, 2026
## Summary

Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional `0755` mode.

## Affected versions

Versions 1.3.2 and below.

## Impact

1…

NVD

MEDIUM
CVE-2026-43277
CVE-2026-43277
pkg: linux linux_kernel

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

APEI/GHES: ensure that won't go past CPER allocated record

The logic at ghes_new() prevents allocating too large records, by
checking if they're bigger than GHES_ESTATUS_MAX_SIZE (currently, 64KB).
Yet, the allocation is done with…

NVD

MEDIUM
CVE-2026-43271
CVE-2026-43271
pkg: linux linux_kernel

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

md-cluster: fix NULL pointer dereference in process_metadata_update

The function process_metadata_update() blindly dereferences the 'thread'
pointer (acquired via rcu_dereference_protected) within the wait_event()
macro.

While th…

CWE: CWE-476
NVD

MEDIUM
CVE-2026-43266
CVE-2026-43266
pkg: linux linux_kernel

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

EFI/CPER: don't go past the ARM processor CPER record buffer

There's a logic inside GHES/CPER to detect if the section_length
is too small, but it doesn't detect if it is too big.

Currently, if the firmware receives an ARM proces…

NVD

MEDIUM
CVE-2026-43265
CVE-2026-43265
pkg: linux linux_kernel

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()

Ignore -EBUSY when checking nested events after exiting a blocking state
while L2 is active, as exiting to userspace will generate a spurious
userspace exit, us…

NVD

MEDIUM
CVE-2026-43264
CVE-2026-43264
pkg: linux linux_kernel

published: May 6, 2026

In the Linux kernel, the following vulnerability has been resolved:

fbdev: of: display_timing: fix refcount leak in of_get_display_timings()

of_parse_phandle() returns a device_node with refcount incremented,
which is stored in 'entry' and then copied to 'native_mode'. When the
error paths at line…

NVD

MEDIUM
CVE-2026-42192
CVE-2026-42192
pkg: react

published: May 8, 2026

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XSS) vulnerability exists in the campaign management feature, where the email body content created by authenticated project members is stored and later rendered in the admin dashboa…
CWE: CWE-79
GitHub-GHSA

MEDIUM
Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels
GHSA-hmgr-67hw-j2cq
pkg: open-webui
eco: pip
published: May 8, 2026
# Deactivated Channel Members Retain Full Access to Group/DM Channels

## Affected Component

Channel membership authorization check:
– `backend/open_webui/models/channels.py` (lines 663-673, `is_user_channel_member`)
– Used at 15 locations in `backend/open_webui/routers/channels.py`

## Affected Ve…

CVE-2026-44561
GitHub-GHSA

MEDIUM
Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO
GHSA-vrfh-rj4q-rmhr
pkg: open-webui
eco: pip
published: May 8, 2026
# Read-Only Users Can Modify Collaborative Documents via Socket.IO

## Affected Component

Socket.IO collaborative document editing handler:
– `backend/open_webui/socket/main.py` (lines 667-721, `ydoc:document:update` handler)

## Affected Versions

Current main branch and likely all versions with c…

CVE-2026-44564
GitHub-GHSA

MEDIUM
Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show
GHSA-rcvp-6fgw-c7fh
pkg: open-webui
eco: pip
published: May 8, 2026
# Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

## Affected Component

Ollama proxy endpoints missing model access control:
– `backend/open_webui/routers/ollama.py` (lines 955-995, `generate_completion`)
– `backend/open_webui/routers/ollama.py` (li…

CVE-2026-44563
GitHub-GHSA

MEDIUM
Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants
GHSA-7rjh-px4v-5w55
pkg: open-webui
eco: pip
published: May 8, 2026
# Channel Access Grants Bypass filter_allowed_access_grants

## Affected Component

Channel creation and update endpoints:
– `backend/open_webui/routers/channels.py` (lines 291-340, `create_new_channel`)
– `backend/open_webui/routers/channels.py` (lines 617-638, `update_channel_by_id`)
– `backend/op…

CVE-2026-44558
GitHub-GHSA

MEDIUM
gitsign –verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers
GHSA-7c37-gx6w-8vc5
pkg: github.com/sigstore/gitsign
eco: go
published: May 8, 2026
## Summary

`CertVerifier.Verify()` in `pkg/git/verifier.go` unconditionally dereferences `certs[0]` after `sd.GetCertificates()` without checking the slice length. A CMS/PKCS7 signed message with an empty certificate set is a structurally valid DER payload; `GetCertificates()` returns an empty slic…

CVE-2026-44310
GitHub-GHSA

MEDIUM
FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP Header)
GHSA-mmpx-jh39-wrv6
pkg: github.com/gtsteffaniak/filebrowser
eco: go
published: May 7, 2026
## Summary

FileBrowser Quantum serves inline SVG files without a `Content-Security-Policy` header, allowing embedded JavaScript in SVG files to execute when accessed via public share links.

Verified on v1.3.0-stable.

## Affected product

– **Product:** FileBrowser Quantum (`gtsteffaniak/filebrows…

GitHub-GHSA

MEDIUM
ShellHub has crash-DoS via field injection in filter and sort-by parameters
GHSA-47r2-v3x6-wff9
pkg: github.com/shellhub-io/shellhub
eco: go
published: May 6, 2026
## Summary
The device list endpoint accepts user-controlled identifiers in two places that are passed directly as BSON/SQL keys in the database layer without validation:

1. The `name` field of each filter property in the base64-encoded `filter`
query parameter.
2. The `sort_by` query param…

CVE-2026-44425
GitHub-GHSA

MEDIUM
wger: trainer_login open redirect – ?next= parameter not validated against host
GHSA-vqv8-j3mj-wjxj
pkg: wger
eco: pip
published: May 6, 2026
### Summary

The `trainer_login` view in wger redirects to `request.GET['next']` directly via `HttpResponseRedirect()` without calling `url_has_allowed_host_and_scheme()`. After the trainer successfully enters impersonation mode, their browser is redirected to any attacker-controlled URL supplied in…

GitHub-GHSA

MEDIUM
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
GHSA-xx6v-rp6x-q39c
pkg: axios, axios
eco: npm
published: May 5, 2026
# Vulnerability Disclosure: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

## Summary

The Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the `withXSRFToken` config prope…

CVE-2026-42042
NVD

MEDIUM
CVE-2026-1677
CVE-2026-1677
pkg: tls

published: May 11, 2026

Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via `mbedtls_ssl_conf_min_tls_version`). The ClientHello advertises both versions and t…
CWE: CWE-757
GitHub-GHSA

MEDIUM
Vert.x has a DoS via unbounded server-side SNI SslContext cache growth
GHSA-3g76-f9xq-8vp6
pkg: io.vertx:vertx-core, io.vertx:vertx-core, io.vertx:vertx-core
eco: maven
published: May 9, 2026
Potential unbounded server-side SNI `SslContext` cache growth in Vert.x TLS handling, with possible resource-exhaustion / DoS impact.

On affected versions, matching server-side SNI names are cached via `computeIfAbsent(serverName, …)` in a serverName-keyed `SslContext` cache, and I could not find…

CVE-2026-6860
GitHub-GHSA

MEDIUM
Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
GHSA-p77w-8qqv-26rm
pkg: hono
eco: npm
published: May 9, 2026
### Summary

Cache Middleware does not skip caching for responses that declare per-user variance via `Vary: Authorization` or `Vary: Cookie`. As a result, a response cached for one authenticated user may be served to subsequent requests from different users.

### Details

The Cache Middleware skips …

CVE-2026-44457
GitHub-GHSA

MEDIUM
gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits
GHSA-7rmh-48mx-2vwc
pkg: github.com/sigstore/gitsign
eco: go
published: May 8, 2026
## Summary

`gitsign verify` and `gitsign verify-tag` re-encode commit/tag objects through go-git's `EncodeWithoutSignature` before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate `tree` headers, git-core and go-git parse different …

CVE-2026-44309
GitHub-GHSA

MEDIUM
Wagtail has improper restriction handling on Documents and Images API
GHSA-p5gm-92h4-6pv6
pkg: wagtail, wagtail
eco: pip
published: May 8, 2026
### Impact

The Documents and Images [API](https://docs.wagtail.org/en/stable/advanced_topics/api/index.html) incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections.

### Patches

Patched versions …

CVE-2026-44201
NVD

MEDIUM
CVE-2026-42190
CVE-2026-42190
pkg: react

published: May 8, 2026

RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the vic…
CWE: CWE-352
GitHub-GHSA

MEDIUM
vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`
GHSA-2cm2-m3w5-gp2f
pkg: vm2
eco: npm
published: May 8, 2026
### Summary

https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7 is not fully patched.

### Details

It is still possible to get access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`.

### PoC

“`js
const {VM} = require("vm2");
const vm = new VM();
console.log(vm.run…

NVD

MEDIUM
CVE-2026-44500
CVE-2026-44500
pkg: zfnd zebra-chain, zfnd zebra-network, zfnd zebrad

published: May 8, 2026

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter prot…
CWE: CWE-770
NVD

MEDIUM
CVE-2022-26523
CVE-2022-26523
pkg: windows

published: May 8, 2026

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xbb94.
CWE: CWE-400
NVD

MEDIUM
CVE-2026-41645
CVE-2026-41645
pkg: projectdiscovery nuclei

published: May 8, 2026

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response da…
CWE: CWE-94
GitHub-GHSA

MEDIUM
Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation
GHSA-rgj7-vg8v-j4wr
pkg: github.com/lin-snow/ech0
eco: go
published: May 7, 2026
### Summary

**No authentication** is required to invoke **`PUT /api/echo/like/:id`**. The handler is registered on the **public** router group. The service increments **`fav_count`** for the given echo **without** checking identity, **without** a per-user limit, and **without** CSRF tokens. A remot…

GitHub-GHSA

MEDIUM
Ech0 comment model's Email field returned on public /api/comments endpoints
GHSA-rj4g-rqgh-rx9h
pkg: github.com/lin-snow/Ech0
eco: go
published: May 7, 2026
## Summary

The `Comment` model serializes its `Email` field through the public comment-listing API. `internal/model/comment/comment.go:33` uses `json:"email"`, while adjacent PII fields (`IPHash`, `UserAgent`) correctly use `json:"-"`. The public endpoints `GET /api/comments?echo_id=X` and `GET /ap…

GitHub-GHSA

MEDIUM
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers
GHSA-438q-jx8f-cccv
pkg: zebra-network, zebrad, zebra-chain
eco: rust
published: May 7, 2026
# CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers

## Summary

Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or post-h…

CVE-2026-44500
GitHub-GHSA

MEDIUM
Netty MQTT: Resource exhaustion in MqttDecoder
GHSA-jfg9-48mv-9qgx
pkg: io.netty:netty-codec-mqtt, io.netty:netty-codec-mqtt
eco: maven
published: May 7, 2026
### Impact
The MQTT 5 header Properties section is parsed and buffered _before_ any message size limit is applied.

Specifically, in `MqttDecoder`, the `decodeVariableHeader()` method is called before the `bytesRemainingBeforeVariableHeader > maxBytesInMessage` check. The `decodeVariableHeader()` ca…

CVE-2026-44248
GitHub-GHSA

MEDIUM
vm2's Transformer Fast-Path Bypass Exposes Internal State Variable
GHSA-wp5r-2gw5-m7q7
pkg: vm2
eco: npm
published: May 7, 2026
### Summary
vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain `catch`, `import`, or `async` keywords. This fast-path bypass allows sandboxed code to directly access the internal `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL` variable, …
CVE-2026-44003
GitHub-GHSA

MEDIUM
Goteberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes
GHSA-3cv5-q585-h563
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 7, 2026
## Summary

Six conversion routes (`pdfengines/merge`, `pdfengines/split`, `libreoffice/convert`, `chromium/convert/url`, `chromium/convert/html`, `chromium/convert/markdown`) accept `stampSource=pdf` + `stampExpression=/path` and `watermarkSource=pdf` + `watermarkExpression=/path` from anonymous ca…

CVE-2026-42593
GitHub-GHSA

MEDIUM
Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes
GHSA-2pmr-289p-44r3
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: May 7, 2026
## Summary

`FilterOutboundURL` resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostna…

CVE-2026-42592
GitHub-GHSA

MEDIUM
OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation
GHSA-x83w-23jp-g6pw
pkg: org.opensearch.plugin:opensearch-security, org.opensearch.plugin:opensearch-security
eco: maven
published: May 7, 2026
### Description

A flaw was identified in the OpenSearch Security plugin's document-level security (DLS) implementation. DLS restrictions were not correctly applied to search queries that use has_parent or has_child join relations. This could allow an authenticated user to access document contents t…

GitHub-GHSA

MEDIUM
Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`
GHSA-5w89-w975-hf9q
pkg: nitro, nitropack
eco: npm
published: May 6, 2026
A proxy route rule like:

“`ts
routeRules: {
"/api/orders/**": { proxy: { to: "http://upstream/orders/**" } }
}
“`

is intended to limit the proxy to URLs under `/api/orders/`. Before the patch, an attacker could bypass that scope by sending percent-encoded path traversal (`..%2f`) in the URL, c…

CVE-2026-44373
GitHub-GHSA

MEDIUM
Lemmy may expose private community data through community, saved, liked, and modlog API views
GHSA-95q8-x6r6-672m
pkg: lemmy_api
eco: rust
published: May 6, 2026
## Summary

Lemmy applies private-community checks in `PostView` and `CommentView`, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community `sidebar` and `summary` fields. Alice, a former accepted follower, …

GitHub-GHSA

MEDIUM
Private Lemmy instances expose multi-community metadata without authentication
GHSA-jmxc-hhwx-gvv3
pkg: lemmy_api
eco: rust
published: May 6, 2026
## Summary

`read_multi_community()` does not enforce the private-instance setting. On a private instance, an unauthenticated visitor can read multi-community names, titles, summaries, sidebars, owner identities, and member community lists.

## Details

Other read handlers load `local_site` and call…

GitHub-GHSA

MEDIUM
Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds`
GHSA-55gc-6fmc-fpx9
pkg: github.com/hatchet-dev/hatchet
eco: go
published: May 6, 2026
## Summary

A missing authorization directive on the `GET /api/v1/stable/dags/tasks` endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belo…

CVE-2026-42572
GitHub-GHSA

MEDIUM
Nokogiri XSLT transform has a memory leak
GHSA-v2fc-qm4h-8hqv
pkg: nokogiri
eco: rubygems
published: May 6, 2026
## Summary

Nokogiri's `Nokogiri::XSLT::Stylesheet#transform` leaks a small heap allocation when passed a Ruby string parameter containing a null byte.

For applications that pass attacker-controlled input through `XSLT.transform` parameters, this may be a vector for a denial of service attack again…

GitHub-GHSA

MEDIUM
PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI
GHSA-c3gc-9pf2-84gg
pkg: pyload-ng
eco: pip
published: May 6, 2026
### Summary
`pyload-ng` WebUI returns full Python traceback details to clients on unhandled exceptions.

Because `/web/<path:filename>` is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception (for example by …

CVE-2026-44226
GitHub-GHSA

MEDIUM
GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens
GHSA-3h96-34p3-xm76
pkg: graphql, graphql, graphql
eco: rubygems
published: May 5, 2026
GraphQL-Ruby's `max_query_string_tokens` configuration didn't count comment tokens against the limit, allowing strings to be processed even after the configured maximum had actually been reached.

In patched versions, the Ruby lexer does count these tokens.

GraphQL-CParser is not affected by this…

NVD

MEDIUM
CVE-2026-34527
CVE-2026-34527
pkg: sandboxie-plus sandboxie

published: May 5, 2026

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit valu…
CWE: CWE-328
GitHub-GHSA

MEDIUM
OpenStack Horizon has Incorrect Behavior Order
GHSA-vxvf-xvm3-p8j5
pkg: horizon
eco: pip
published: May 5, 2026
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.
CVE-2026-43002
GitHub-GHSA

MEDIUM
Django has an Improper Handling of Length Parameter Inconsistency
GHSA-w26r-rmm8-9c29
pkg: Django, Django
eco: pip
published: May 5, 2026
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially loading large files into memory and causing service degradation.

As a reminder, Django expects a li…

CVE-2026-5766
GitHub-GHSA

MEDIUM
Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
GHSA-v8h7-rr48-vmmv
pkg: io.netty:netty-codec-http, io.netty:netty-codec-http
eco: maven
published: May 5, 2026
### Summary
Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`.

The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does not apply…

CVE-2026-41417
GitHub-GHSA

MEDIUM
ots has a negative expire override that can bypass its secret retention policy
GHSA-h5fq-653g-gxrm
pkg: github.com/Luzifer/ots
eco: go
published: May 5, 2026
## Summary

The `/api/create` endpoint accepted negative `expire` query values. For the memory storage backend, negative values were passed to secret creation as a negative duration and treated as no expiry, allowing callers to create secrets that persisted longer than intended.

## Impact

Unauthen…

GitHub-GHSA

MEDIUM
Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability
GHSA-2f9f-gq7v-9h6m
pkg: thrift
eco: rust
published: May 5, 2026
Memory Allocation with Excessive Size Value vulnerability in Apache Thrift.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version [0.23.0](https://github.com/apache/thrift/releases/tag/v0.23.0), which fixes the issue.

CVE-2026-43868
GitHub-GHSA

MEDIUM
Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
GHSA-445q-vr5w-6q77
pkg: axios
eco: npm
published: May 5, 2026
### Summary
The `FormDataPart` constructor in `lib/helpers/formDataToStream.js` interpolates `value.type` directly into the `Content-Type` header of each multipart part without sanitizing CRLF (`\r\n`) sequences. An attacker who controls the `.type` property of a Blob/File-like object (e.g., via a u…
CVE-2026-42037
GitHub-GHSA

MEDIUM
Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0
GHSA-5c9x-8gcm-mpgx
pkg: axios, axios
eco: npm
published: May 5, 2026
### Summary

For stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 (native http/https transport path). Oversized streamed uploads are sent fully even when the caller sets strict body limits.

### Details

Relevant flow in lib/adapters/http.js:
– 556-564: maxBodyLength …

CVE-2026-42034
GitHub-GHSA

MEDIUM
Axios: HTTP adapter streamed responses bypass maxContentLength
GHSA-vf2m-468p-8v99
pkg: axios, axios
eco: npm
published: May 5, 2026
### Summary

When responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption.

### Details
In lib/adapters/http.js:
– 786-789: for responseType === 'stream', Axios i…

CVE-2026-42036
NVD

MEDIUM
CVE-2026-41572
CVE-2026-41572
pkg: go

published: May 4, 2026

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note …
CWE: CWE-285
GitHub-GHSA

MEDIUM
`potato-annotation` has a Project-Boundary Bypass
GHSA-q9m2-fhv9-3jcf
pkg: potato-annotation
eco: pip
published: May 8, 2026
## Summary
`validate_path_security` uses string-prefix containment (`startswith`) for boundary checks. This allows paths that are **outside** the intended project directory but share its prefix string (e.g., `/tmp/potato_proj_demo_evil/…` vs `/tmp/potato_proj_demo`) to be accepted.

## Details
###…

GitHub-GHSA

MEDIUM
Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts
GHSA-hr43-rjmr-7wmm
pkg: open-webui
eco: pip
published: May 8, 2026
# Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

## Affected Component

Folder creation endpoint and form model:
– `backend/open_webui/models/folders.py` (lines 72-77, `FolderForm` with `extra='allow'`)
– `backend/open_webui/models/folders.py` (lines 95-…

CVE-2026-44550
GitHub-GHSA

MEDIUM
ExternalSecrets vulnerable to privilege escalation with secret overwriting
GHSA-fq7h-9×26-6j22
pkg: github.com/external-secrets/external-secrets/apis
eco: go
published: May 8, 2026
ExternalSecrets allows users to craft Service Account tokens for misconfigured Service Accounts in namespaces the users have access to.

### Impact

A user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populate…

CVE-2026-42876
GitHub-GHSA

MEDIUM
Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order
GHSA-fq3v-xjjx-95rc
pkg: open-webui
eco: pip
published: May 8, 2026
## Vulnerability Details

**CWE-79**: Cross-site Scripting (XSS)

The `AccountPending.svelte` component renders the admin-configured "Pending User Overlay Content" using `marked.parse()` inside `{@html}` with an incorrect DOMPurify application order:

### Vulnerable Code

**`src/lib/components/layou…

CVE-2026-44568
GitHub-GHSA

MEDIUM
Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribers
GHSA-3v85-fqvh-7rxf
pkg: github.com/lin-snow/Ech0
eco: go
published: May 7, 2026
## Summary

The public RSS/Atom feed at `/rss` renders two attacker-controlled surfaces without HTML escaping. Tag names flow through `fmt.Appendf(renderedContent, "<br /><span class=\"tag\">#%s</span>", tag.Name)` at `internal/service/common/common.go:120`, and the Markdown renderer at `internal/ut…

NVD

MEDIUM
CVE-2026-40243
CVE-2026-40243
pkg: linuxcontainers incus

published: May 6, 2026

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with cust…
CWE: CWE-295
GitHub-GHSA

MEDIUM
Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
GHSA-w9j2-pvgh-6h63
pkg: axios, axios
eco: npm
published: May 5, 2026
# Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

## Summary

The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any `Object.prototype` pollution to **silently suppress all HTTP error responses** (40…

CVE-2026-42041
GitHub-GHSA

MEDIUM
utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol
GHSA-39j6-4867-gg4w
pkg: utcp-http
eco: pip
published: May 7, 2026
## Summary

The `utcp-http` plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. `register_manual()` validates the discovery URL against an HTTPS / loopback allowlist, but `call_tool()` and `call_too…

CVE-2026-44661
GitHub-GHSA

MEDIUM
hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection
GHSA-69xw-7hcm-h432
pkg: hono
eco: npm
published: May 6, 2026
## Summary

Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output.

When untrusted input is used as a tag name via the programmatic `jsx()` or `createElement()` APIs during server-side rendering, specially crafted …

CVE-2026-44455
GitHub-GHSA

MEDIUM
PPTAgent: Arbitrary File Write via `save_generated_slides`
GHSA-pxhg-7xr2-w7xg
pkg: pptagent
eco: pip
published: May 5, 2026
## Summary

> This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00.

The `save_generated_slides` MCP tool accepts a pptx_path argument and writes the generated PPTX file to that path without any workspace restriction or path valida…

CVE-2026-42080
GitHub-GHSA

MEDIUM
PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
GHSA-hrcw-xc63-g29m
pkg: pptagent
eco: pip
published: May 5, 2026
### Summary

The `markdown_table_to_image` tool accepts a caller-controlled path parameter and passes it directly to `get_html_table_image`:

“`python
# pptagent/mcp_server.py:127-143
def markdown_table_to_image(markdown_table: str, path: str, css: str) -> str:
"""
Args:
path (str):…

CVE-2026-42078
NVD

MEDIUM
CVE-2026-7572
CVE-2026-7572
pkg: linux

published: May 6, 2026

An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx V…
CWE: CWE-193
GitHub-GHSA

MEDIUM
XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter
GHSA-42fc-7w97-8vrc
pkg: org.xwiki.contrib.plantuml:macro-plantuml-macro
eco: maven
published: May 5, 2026
### Impact

The [PlantUML Macro](https://extensions.xwiki.org/xwiki/bin/view/Extension/PlantUML+Macro) is vulnerable to Server-Side Request Forgery (SSRF). The macro allows users to specify an alternative PlantUML server via the `server` parameter. However, the application does not validate the supp…

CVE-2026-42140
NVD

MEDIUM
CVE-2026-8194
CVE-2026-8194
pkg: react

published: May 9, 2026

A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument _method leads to cross-site request forgery. Remote exploitation of the attack is possible. The …
CWE: CWE-352, CWE-862
GitHub-GHSA

MEDIUM
Hono has CSS Declaration Injection via Style Object Values in JSX SSR
GHSA-qp7p-654g-cw7p
pkg: hono
eco: npm
published: May 9, 2026
### Summary

The JSX renderer escapes `style` attribute object values for HTML but not for CSS. Untrusted input in a `style` object value or property name can therefore inject additional CSS declarations into the rendered `style` attribute. The impact is limited to CSS and does not allow JavaScript …

CVE-2026-44458
GitHub-GHSA

MEDIUM
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)
GHSA-4rqf-grm6-vf75
pkg: github.com/free5gc/udr
eco: go
published: May 8, 2026
### Summary
free5GC's UDR `nudr-dr` `DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions` handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks …
CVE-2026-44323
GitHub-GHSA

MEDIUM
Wagtail has improper permission handling when viewing page history
GHSA-c4mr-889m-vgf6
pkg: wagtail, wagtail
eco: pip
published: May 8, 2026
### Impact

A CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information.

### Patches
Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates t…

CVE-2026-44198
NVD

MEDIUM
CVE-2026-42282
CVE-2026-42282
pkg: oauth

published: May 8, 2026

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to server logs by the requ…
CWE: CWE-532
GitHub-GHSA

MEDIUM
Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels
GHSA-c7wp-3qh5-55pv
pkg: open-webui
eco: pip
published: May 8, 2026
# Missing Access Check on Channel Members Endpoint for Standard Channels

## Affected Component

Channel members listing endpoint:
– `backend/open_webui/routers/channels.py` (lines 445-507, `get_channel_members_by_id`)

## Affected Versions

Current main branch and likely all versions with the chann…

CVE-2026-44559
GitHub-GHSA

MEDIUM
Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection
GHSA-6c2x-gcp3-gp73
pkg: open-webui
eco: pip
published: May 8, 2026
# Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

## Affected Component

Retrieval collection access validation:
– `backend/open_webui/routers/retrieval.py` (lines 2330-2355, `_validate_collection_access`)
– `backend/open_webui/routers/retrieval.py` (query endpoints, e.g. `POS…

CVE-2026-44557
GitHub-GHSA

MEDIUM
Bunsink has an SSRF bypass in `validate_webhook_url`
GHSA-fp53-qcf8-2xx2
pkg: bugsink
eco: pip
published: May 8, 2026
## Summary

Bugsink’s webhook URL validation in versions 2.1.2 and earlier could be (partially) bypassed because of a mismatch in URL parsing.

In some malformed URLs, Python’s standard URL parser (urllib) and the HTTP client stack (requests / urllib3) do not agree on which host is actually bei…

CVE-2026-44502
GitHub-GHSA

MEDIUM
Weblate vulnerable to XSS via crafted Markdown
GHSA-5cmv-3rc4-7279
pkg: weblate
eco: pip
published: May 7, 2026
### Impact
The Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes.

### Patches
* https://github.com/WeblateOrg/weblate/pull/19259

### Workarounds
Even though the attacker might be able to inject code into the HTML, the Weblate's strict …

CVE-2026-44264
GitHub-GHSA

MEDIUM
Weblate Vulnerable to Private Translation Enumeration via Screenshot API
GHSA-gcg5-86jr-f7jg
pkg: weblate
eco: pip
published: May 7, 2026
### Impact

The screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user.

### Patches
* https://github.com/WeblateOrg/weblate/pull/19258

### Acknowledgement
Weblate thanks Luay for reporting this vulnerability according to the org…

CVE-2026-44263
GitHub-GHSA

MEDIUM
Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks
GHSA-p7g9-rp3g-mgfg
pkg: @backstage/plugin-catalog-unprocessed-entities-common, @backstage/plugin-catalog-unprocessed-entities, @backstage/plugin-catalog-backend-module-unprocessed
eco: npm
published: May 6, 2026
### Impact

The unprocessed entities read endpoints in `@backstage/plugin-catalog-backend-module-unprocessed` do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is
an information disclosure vulnerability …

CVE-2026-44374
NVD

MEDIUM
CVE-2026-7946
CVE-2026-7946
pkg: google chrome, apple macos, google chrome_os

published: May 6, 2026

Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-693
NVD

MEDIUM
CVE-2026-7904
CVE-2026-7904
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Out of bounds read in Fonts in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125
GitHub-GHSA

MEDIUM
Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call
GHSA-wqcw-g35j-j578
pkg: github.com/kubewarden/kubewarden-controller
eco: go
published: May 5, 2026
### Impact
Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe mann…
CVE-2026-42541
GitHub-GHSA

MEDIUM
@workos/authkit-session has an Open Redirect via state-derived redirect target
GHSA-vvvv-983w-r7pv
pkg: @workos/authkit-session
eco: npm
published: May 5, 2026
An open redirect vulnerability exists in `AuthService.handleCallback` due to insufficient validation of the `returnPathname` value derived from the OAuth `state` parameter.

The `state` parameter is round-tripped through the identity provider (IdP) and can be influenced by an attacker. The handleCal…

CVE-2026-42565
NVD

MEDIUM
CVE-2026-7996
CVE-2026-7996
pkg: google chrome, apple macos, linux linux_kernel

published: May 6, 2026

Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CWE: CWE-20
NVD

MEDIUM
CVE-2026-7912
CVE-2026-7912
pkg: google chrome, google android

published: May 6, 2026

Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-472
GitHub-GHSA

MEDIUM
next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys
GHSA-4c35-wcg5-mm9h
pkg: next-intl
eco: npm
published: May 6, 2026
## Summary

`setNestedProperty` in `packages/next-intl/src/extractor/utils.tsx` walks a dotted key path and assigns the final value without blocking the reserved keys `__proto__`, `constructor`, or `prototype`. When the next-intl Next.js plugin is configured with `experimental.messages` and `message…

GitHub-GHSA

MEDIUM
in-toto-golang and in-toto-python have inconsistent negation behavior
GHSA-pmwq-pjrm-6p5r
pkg: github.com/in-toto/in-toto-golang
eco: go
published: May 8, 2026
### Impact
_What kind of vulnerability is it? Who is impacted?_

in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should *not* be matched, but they used differ…

GitHub-GHSA

MEDIUM
ciguard: SCA HTTP client reads response body without size cap
GHSA-xw8c-rrvx-f7xq
pkg: ciguard
eco: pip
published: May 5, 2026
## Summary

Both SCA HTTP clients (`src/ciguard/analyzer/sca/osv.py` and `src/ciguard/analyzer/sca/endoflife.py`) call `payload = json.loads(resp.read().decode('utf-8'))` without a maximum-bytes cap. A hostile or compromised endoflife.date / OSV.dev (or a successful TLS MITM) could return a multi-GB…

CVE-2026-44219
GitHub-GHSA

MEDIUM
Mistune has XSS via unescaped figclass/figwidth in Figure directive
GHSA-58cw-g322-p94v
pkg: mistune
eco: pip
published: May 8, 2026
In `src/mistune/directives/image.py`, the `render_figure()` function concatenates `figclass` and `figwidth` options directly into HTML attributes without escaping (lines 152-168).

This allows attribute injection and XSS even when `HTMLRenderer(escape=True)` is used, because these values bypass the …

CVE-2026-44896
GitHub-GHSA

MEDIUM
eml_parser has recursion DoS via nested message/rfc822 attachments
GHSA-g47v-rwmh-r9f8
pkg: eml_parser
eco: pip
published: May 8, 2026
### Summary

`EmlParser.get_raw_body_text()` recurses unconditionally for every nested `message/rfc822` attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested `message/rfc822` parts triggers an unhandled `RecursionError` and aborts parsi…

CVE-2026-44844
GitHub-GHSA

MEDIUM
@cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to a different registry
GHSA-qhh4-458h-xwh2
pkg: @cyclonedx/cdxgen
eco: npm
published: May 8, 2026
# Docker registry auth substring match forwards credentials to a different registry

## Repository

`cdxgen/cdxgen`

## Affected product/package

– Ecosystem: npm
– Package: `@cyclonedx/cdxgen`
– Reviewed tree version: `12.3.3`
– Reviewed commit: `b1e179869fd7c6032c3d483c3f7bd4d7154ec22b`
– Affected…

GitHub-GHSA

MEDIUM
MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist
GHSA-r48c-v28r-pf6v
pkg: github.com/modelcontextprotocol/registry
eco: go
published: May 8, 2026
### Summary

The Registry's HTTP-based namespace verification (`POST /v0/auth/http`, `POST /v0.1/auth/http`) uses `safeDialContext` (`internal/api/handlers/v0/auth/http.go:67-110`) to refuse dialling private/internal addresses when fetching the well-known public-key file from a publisher-supplied do…

CVE-2026-44430
GitHub-GHSA

MEDIUM
MCP Registry vulnerable to stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`
GHSA-rqv2-m695-f8j4
pkg: github.com/modelcontextprotocol/registry
eco: go
published: May 8, 2026
## Summary

The public catalogue UI served at `GET /` (file `internal/api/handlers/v0/ui_index.html`) is vulnerable to stored cross-site scripting via the `server.websiteUrl` field of any published `server.json`. Server-side validation in `internal/validators/validators.go` (`validateWebsiteURL`) on…

CVE-2026-44429
GitHub-GHSA

MEDIUM
MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
GHSA-v8vw-gw5j-w7m6
pkg: github.com/modelcontextprotocol/registry
eco: go
published: May 8, 2026
### Summary
The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path (e.g., //evil.com/) that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an …
CVE-2026-44427
GitHub-GHSA

MEDIUM
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding
GHSA-xv59-967r-8726
pkg: openssl
eco: rust
published: May 7, 2026
`CipherCtxRef::cipher_update`, `CipherCtxRef::cipher_update_vec`, and `symm::Crypter::update` incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (`EVP_aes_{128,192,256}_wrap_pad`). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's…
CVE-2026-44662
GitHub-GHSA

MEDIUM
gittuf's policy can be rolled back to prior valid versions
GHSA-vxvc-cg7j-rwqj
pkg: github.com/gittuf/gittuf
eco: go
published: May 7, 2026
## Summary

An attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted by the current set of root keys.

## Impact

gittuf determines the policy to load by inspecting the RSL. Except for the very first policy (which is automatic…

CVE-2026-44544
GitHub-GHSA

MEDIUM
imageproc: integer overflow in kernel size check leads to out-of-bounds read
GHSA-w5p8-4jcx-2j6r
pkg: imageproc, imageproc, imageproc
eco: rust
published: May 7, 2026
A bounds verification of a slice storage of a 2-dimensional matrix's coefficients (a kernel) would compare the total size against the product of individual dimensions. This would erroneously cast *after* the multiplication and consequently fail to detect possible violations when overflow occurs.

Af…

GitHub-GHSA

MEDIUM
imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling
GHSA-qg8r-f7x3-25f7
pkg: imageproc, imageproc, imageproc
eco: rust
published: May 7, 2026
A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered `NaN` cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected proj…
GitHub-GHSA

MEDIUM
imageproc has fragile bounds check when sampling from image
GHSA-5qv7-j6w5-fr4m
pkg: imageproc, imageproc, imageproc
eco: rust
published: May 7, 2026
A read of pixels was coded as modifying coordinates to lie within the image bounds. It would calculate a coordinate by adding a constant to an input and taking the minimum of the resulting coordinate and 'dimension – 1'. This would not protect against malicious inputs that could overflow the additio…
GitHub-GHSA

MEDIUM
hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression
GHSA-q2qq-hmj6-3wpp
pkg: hickory-proto
eco: rust
published: May 7, 2026
During message encoding, `hickory-proto`'s `BinEncoder` stores pointers to labels that are candidates for name compression in a `Vec<(usize, Vec<u8>)>`. The name compression logic then searches for matches with a linear scan.

A malicious message with many records can both introduce many candidate l…

GitHub-GHSA

MEDIUM
wasmtime has a panic when allocating a table exceeding the size of the host's address space
GHSA-p8xm-42r7-89xg
pkg: wasmtime, wasmtime
eco: rust
published: May 7, 2026
### Impact

Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is allocated. This is possible with the WebAssembly memory64 proposal where tables …

CVE-2026-44216
GitHub-GHSA

MEDIUM
Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications
GHSA-r4w4-wv68-qv85
pkg: io.awspring.cloud:spring-cloud-aws-sns, io.awspring.cloud:spring-cloud-aws-sns
eco: maven
published: May 7, 2026
### Impact

Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) did not verify the signature of incoming SNS messages.

An unauthenticated attacker who knows the endpoint …

CVE-2026-44308
GitHub-GHSA

MEDIUM
Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users
GHSA-qxrw-f6fh-34r7
pkg: lemmy_api
eco: rust
published: May 6, 2026
## Summary

The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to `/api/v4/account/auth/resend_verification_email` and distinguish accounts from misses.

## Details

`res…

GitHub-GHSA

MEDIUM
Playwright Capture permits access to local files and internal network resources during page capture
GHSA-687h-xw6f-q2qw
pkg: PlaywrightCapture
eco: pip
published: May 6, 2026
Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on priv…
CVE-2026-44439
GitHub-GHSA

MEDIUM
Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix
GHSA-69xr-m8h6-h664
pkg: @angular/ssr, @angular/ssr, @angular/ssr
eco: npm
published: May 6, 2026
### Description
A vulnerability exists in the `X-Forwarded-Prefix` header processing logic within Angular SSR. The internal validation mechanism fails to properly account for URL-encoded characters, specifically dots (`%2e%2e`). This allows an attacker to bypass security filters by injecting encoded…
CVE-2026-44437
GitHub-GHSA

MEDIUM
kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input
GHSA-84jc-3hj2-hwc7
pkg: kanidmd_lib
eco: rust
published: May 6, 2026
### Summary
The `POST /v1/domain/_image` and `POST /v1/oauth2/{rs_name}/_image` handlers call `validate_image()` on the uploaded body **before** the ACL check that restricts image upload to admins. Any bug in an image validator is therefore reachable by an unauthenticated remote client rather than b…
GitHub-GHSA

MEDIUM
Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
GHSA-9phm-9p8f-hw5m
pkg: nitro, nitropack
eco: npm
published: May 6, 2026
A redirect route rule like:

“`ts
routeRules: {
"/legacy/**": { redirect: "/**" }
}
“`

is intended to rewrite paths within the same host. Before the patch, an attacker could turn the rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. Example exploit:

“`
GET…

CVE-2026-44372
GitHub-GHSA

MEDIUM
pyquorum: Timing side‑channel in mul_mod
GHSA-7r92-3jgr-r65q
pkg: pyquorum
eco: pip
published: May 6, 2026
### Impact
The `mul_mod` function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recove…
CVE-2026-44368
GitHub-GHSA

MEDIUM
misp-modules has nsafe remote resource fetching in expansion
GHSA-fhq3-2gf3-8f3j
pkg: misp-modules
eco: pip
published: May 6, 2026
An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrary HTTP(S) URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionall…
CVE-2026-44363
GitHub-GHSA

MEDIUM
Hugo's Node tool execution allows file system access outside the project directory
GHSA-x597-9fr4-5857
pkg: github.com/gohugoio/hugo
eco: go
published: May 6, 2026
## Impact
When building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could allow code running through these tools to read or wr…
CVE-2026-44301
GitHub-GHSA

MEDIUM
astral-tokio-tar is Vulnerable to PAX Header Desynchronization
GHSA-fp55-jw48-c537
pkg: astral-tokio-tar
eco: rust
published: May 6, 2026
### Impact

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle une…

GitHub-GHSA

MEDIUM
Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands
GHSA-7gmj-67g7-phm9
pkg: tauri
eco: rust
published: May 6, 2026
### Summary
A flaw in Tauri's `is_local_url()` function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to `http://<scheme>.localhost/` because those platforms' WebView implementations cannot serv…
CVE-2026-42184
GitHub-GHSA

MEDIUM
sse-channel: SSE Injection via unsanitized event fields
GHSA-84hm-wfh8-c5pg
pkg: sse-channel
eco: npm
published: May 5, 2026
### Impact

Implementations that allows user-provided values to be passed to `event`, `retry` or `id` fields would be susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream.

– **Event Spoofing:** Attacker can inject arbitrary SSE events into the stream
– **…

CVE-2026-44217
GitHub-GHSA

MEDIUM
Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display
GHSA-fw8g-cg8f-9j28
pkg: github.com/prometheus/prometheus
eco: go
published: May 5, 2026
### Impact

In the Prometheus server's legacy web UI (enabled via the command-line flag `–enable-feature=old-ui`), the histogram heatmap chart view does not escape `le` label values when inserting them into the HTML for use as axis tick mark labels.

An attacker who can inject crafted metrics (e.g.…

GitHub-GHSA

MEDIUM
ip-address has XSS in Address6 HTML-emitting methods
GHSA-v2v4-37r5-5v8g
pkg: ip-address
eco: npm
published: May 5, 2026
### Summary

`Address6.group()` and `Address6.link()` do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and `AddressError.parseMessage` (emitted by the `Address6` constructor for invalid input) can contain unescaped attacker-controlled content in one…

CVE-2026-42338
GitHub-GHSA

MEDIUM
PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
GHSA-pq7p-mc74-g65w
pkg: github.com/pocketbase/pocketbase, github.com/pocketbase/pocketbase
eco: go
published: May 5, 2026
A pre-hijacking issue was discovered with the OAuth2 autolinking by [Alardiians](https://github.com/Alardiians).

In some situations, if an attacker knows the email address of the victim they can create and link an **unverified** PocketBase user in advance by authenticating with one of the OAuth2 ap…

CVE-2026-44166
GitHub-GHSA

MEDIUM
Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
GHSA-qx5f-ghc2-7g5c
pkg: ethyca-fides
eco: pip
published: May 5, 2026
### Summary

Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized delet…

CVE-2026-42303
GitHub-GHSA

MEDIUM
Fiber vulnerable to XSS in AutoFormat Content Negotiation
GHSA-qjv7-627w-8qjv
pkg: github.com/gofiber/fiber/v3, github.com/gofiber/fiber/v2
eco: go
published: May 5, 2026
## Summary

**Description**

A Cross-Site Scripting (CWE-79) vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying `Accept: text/html` on any request whose handler passes attacker-influenced data to the AutoFormat() feature. This affects `github.com/gofi…

CVE-2026-42554
GitHub-GHSA

MEDIUM
MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
GHSA-xh8f-g2qw-gcm7
pkg: github.com/minio/minio
eco: go
published: May 5, 2026
### Impact

_What kind of vulnerability is it? Who is impacted?_

A path traversal vulnerability in MinIO's `ReadMultiple` internode storage-REST
endpoint allows a caller holding the cluster root JWT to read files from
outside the configured drive roots, bounded only by the MinIO process UID.

Distr…

CVE-2026-42600
GitHub-GHSA

MEDIUM
net-imap vulnerable to command Injection via "raw" arguments to multiple commands
GHSA-hm49-wcqc-g2xg
pkg: net-imap, net-imap, net-imap
eco: rubygems
published: May 4, 2026
### Summary
Several `Net::IMAP` commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain `CRLF` sequences, which an attacker can use to inject arbitrary IMAP commands.

### Details

CVE-2026-42257
GitHub-GHSA

MEDIUM
net-imap vulnerable to command Injection via unvalidated Symbol inputs
GHSA-75xq-5h9v-w6px
pkg: net-imap, net-imap, net-imap
eco: rubygems
published: May 4, 2026
### Summary

Symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands.

### Details

Symbol arguments represent IMAP "system flags", which are formatted as "atoms" (with no quoting) with a `"\"` prefix. Vulnerable versions…

CVE-2026-42258
GitHub-GHSA

MEDIUM
net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication
GHSA-87pf-fpwv-p7m7
pkg: net-imap, net-imap, net-imap
eco: rubygems
published: May 4, 2026
### Summary

When authenticating a connection with `SCRAM-SHA1` or `SCRAM-SHA256`, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value.

### Details

A hostile IMAP server can send an arbitrarily large PBKDF2 iteration co…

CVE-2026-42256
GitHub-GHSA

MEDIUM
quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations
GHSA-fr8f-rwjx-f32v
pkg: io.quarkiverse.openapi.generator:quarkus-openapi-generator, io.quarkiverse.openapi.generator:quarkus-openapi-generator
eco: maven
published: May 4, 2026
### Summary

The generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security scheme configured for one operation can therefore be applied to a different same-method operation whose path only partially resembles the protected temp…

CVE-2026-42333
GitHub-GHSA

MEDIUM
OpenClaw's Gateway Control UI bootstrap config required Gateway auth
GHSA-93rg-2xm5-2p9v
pkg: openclaw
eco: npm
published: May 4, 2026
## Summary
Gateway Control UI bootstrap config required Gateway auth.

## Affected Packages / Versions
– Package: openclaw (npm)
– Affected versions: <= 2026.4.21
– Fixed version: 2026.4.22

## Impact
When Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be re…

GitHub-GHSA

MEDIUM
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
GHSA-5h3g-6xhh-rg6p
pkg: openclaw
eco: npm
published: May 4, 2026
## Summary
OpenShell FS bridge reads pin and verify the opened file before returning bytes

## Affected Packages / Versions
– Package: openclaw (npm)
– Affected versions: <= 2026.4.21
– Fixed version: 2026.4.22

## Impact
A time-of-check/time-of-use race around OpenShell sandbox filesystem reads cou…

GitHub-GHSA

MEDIUM
jOpenDocument has an improper restriction of XML external entity reference vulnerability
GHSA-j9rh-p96m-mhhp
pkg: org.jopendocument:jOpenDocument
eco: maven
published: May 4, 2026
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.

This issue affects jOpenDocument: 1.5.

CVE-2026-6501


Vulnerability Digest — May 4, 2026 · 20 Critical · 4 Exploited






Vulnerability Digest — Monday, May 4, 2026


Security Report

Monday, May 4, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
175
Critical
20
High
99
Actively Exploited
4
CISA-KEV4
NVD117
GitHub-GHSA54
Findings sorted by severity
CISA-KEV

CRITICAL
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
CVE-2026-31431
pkg: Linux Kernel

published: May 1, 2026

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
Required action: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
CVE-2026-41940
pkg: WebPros cPanel & WHM and WP2 (WordPress Squared)

published: Apr 30, 2026

WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
ConnectWise ScreenConnect Path Traversal Vulnerability
CVE-2024-1708
pkg: ConnectWise ScreenConnect

published: Apr 28, 2026

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA-KEV

CRITICAL
Microsoft Windows Protection Mechanism Failure Vulnerability
CVE-2026-32202
pkg: Microsoft Windows

published: Apr 28, 2026

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
GitHub-GHSA

CRITICAL
Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix)
GHSA-q7r4-hc83-hf2q
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: Apr 30, 2026
## Vulnerability Details

**CWE**: CWE-20 – Improper Input Validation

The metadata value sanitization introduced in v8.30.1 (commit 405f106) only validates metadata KEYS via safeKeyPattern regex. Metadata VALUES are passed unsanitized to go-exiftool SetString(), which writes them as fmt.Fprintln(e.…

CVE-2026-40281
GitHub-GHSA

CRITICAL
n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE
GHSA-q5f4-99jv-pgg5
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
A flaw in the `xml2js` library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining…
CVE-2026-42231
GitHub-GHSA

CRITICAL
n8n has XML Node Prototype Pollution that to RCE
GHSA-hqr4-h3xv-9m3r
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution.

## Patches
The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1.…

CVE-2026-42232
NVD

CRITICAL
CVE-2026-31718
CVE-2026-31718
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger

When a durable file handle survives session disconnect (TCP close without
SMB2_LOGOFF), session_fd_check() sets fp->conn = NULL to preserve the
handle for later…

NVD

CRITICAL
CVE-2026-31705
CVE-2026-31705
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment

smb2_get_ea() applies 4-byte alignment padding via memset() after
writing each EA entry. The bounds check on buf_free_len is performed
before the value memcpy, but the a…

NVD

CRITICAL
CVE-2018-25316
CVE-2018-25316
pkg: go

published: Apr 29, 2026

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS ser…
CWE: CWE-290
NVD

CRITICAL
CVE-2026-41873
CVE-2026-41873
pkg: apache pony_mail

published: Apr 28, 2026

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover.

This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development u…

CWE: CWE-444
NVD

CRITICAL
CVE-2026-32644
CVE-2026-32644
pkg: ssl

published: Apr 28, 2026

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
CWE: CWE-321
NVD

CRITICAL
CVE-2026-41462
CVE-2026-41462
pkg: express

published: Apr 27, 2026

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username fie…
CWE: CWE-89
NVD

CRITICAL
CVE-2026-7333
CVE-2026-7333
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
GitHub-GHSA

CRITICAL
Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection
GHSA-5q7p-7jgv-ww56
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: Apr 30, 2026
## Vulnerability Details

**CWE**: CWE-918 – Server-Side Request Forgery (SSRF)

The default private-IP deny-lists for –webhook-deny-list and –api-download-from-deny-list use a case-sensitive regex (^https?://). Any uppercase URL scheme variant (HTTP://, HTTPS://, Http://) bypasses the pattern. Go…

CVE-2026-40280
GitHub-GHSA

CRITICAL
auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation
GHSA-f6qq-3m3h-4g42
pkg: github.com/go-pkgz/auth, github.com/go-pkgz/auth/v2
eco: go
published: Apr 30, 2026
### Summary
The Patreon OAuth provider maps every authenticated Patreon account to the same local `user.ID`, instead of deriving a unique ID from the Patreon account returned by Patreon.

In practice, this means all Patreon-authenticated users of an application using this library are collapsed into …

CVE-2026-42560
GitHub-GHSA

CRITICAL
Sentry's improper authentication on SAML SSO process allows user identity linking
GHSA-rcmw-7mc7-3rj7
pkg: sentry
eco: pip
published: Apr 30, 2026
### Impact
A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via Sentry's private bug bounty program.

The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the …

CVE-2026-42354
NVD

CRITICAL
CVE-2026-7381
CVE-2026-7381
pkg: express

published: Apr 29, 2026

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.

Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Pl…

CWE: CWE-200, CWE-441, CWE-913
NVD

CRITICAL
CVE-2026-30893
CVE-2026-30893
pkg: wazuh wazuh

published: Apr 29, 2026

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the in…
CWE: CWE-22, CWE-73
GitHub-GHSA

CRITICAL
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE
GHSA-prf8-cf2x-rhx7
pkg: org.hyperledger.fabric-sdk-java:fabric-sdk-java
eco: maven
published: Apr 29, 2026
## Summary

This advisory covers the deprecated `fabric-sdk-java` client SDK. `Channel.java` implements `readObject()` and exposes `deSerializeChannel()` which call `ObjectInputStream.readObject()` on untrusted byte arrays without configuring an `ObjectInputFilter`. This is the classic Java deserial…

CVE-2026-41586
NVD

HIGH
CVE-2026-2052
CVE-2026-2052
pkg: express

published: May 2, 2026

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval() on user-supplied Display Logic e…
CWE: CWE-94
NVD

HIGH
CVE-2026-43048
CVE-2026-43048
pkg: go

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

HID: core: Mitigate potential OOB by removing bogus memset()

The memset() in hid_report_raw_event() has the good intention of
clearing out bogus data by zeroing the area from the end of the incoming
data string to the assumed end …

NVD

HIGH
CVE-2026-31735
CVE-2026-31735
pkg: go

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

iommupt: Fix short gather if the unmap goes into a large mapping

unmap has the odd behavior that it can unmap more than requested if the
ending point lands within the middle of a large or contiguous IOPTE.

In this case the gather…

NVD

HIGH
CVE-2026-31717
CVE-2026-31717
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate owner of durable handle on reconnect

Currently, ksmbd does not verify if the user attempting to reconnect
to a durable handle is the same user who originally opened the file.
This allows any authenticated user to h…

NVD

HIGH
CVE-2026-31709
CVE-2026-31709
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

smb: client: validate the whole DACL before rewriting it in cifsacl

build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a
server-supplied dacloffset and then use the incoming ACL to rebuild the
chmod/chown securi…

NVD

HIGH
CVE-2026-31706
CVE-2026-31706
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()

smb_inherit_dacl() trusts the on-disk num_aces value from the parent
directory's DACL xattr and uses it to size a heap allocation:

aces_base = kmalloc(sizeof(st…

NVD

HIGH
CVE-2026-5402
CVE-2026-5402
pkg: wireshark wireshark

published: Apr 30, 2026

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution
CWE: CWE-122
NVD

HIGH
CVE-2026-7466
CVE-2026-7466
pkg: python

published: Apr 29, 2026

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to lo…
CWE: CWE-94
NVD

HIGH
CVE-2026-7363
CVE-2026-7363
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-7361
CVE-2026-7361
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-7359
CVE-2026-7359
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416, CWE-416
NVD

HIGH
CVE-2026-7358
CVE-2026-7358
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7356
CVE-2026-7356
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7355
CVE-2026-7355
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-7354
CVE-2026-7354
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-125, CWE-787
NVD

HIGH
CVE-2026-7348
CVE-2026-7348
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7344
CVE-2026-7344
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-7342
CVE-2026-7342
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7341
CVE-2026-7341
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7339
CVE-2026-7339
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-122
NVD

HIGH
CVE-2026-7337
CVE-2026-7337
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-843
NVD

HIGH
CVE-2026-7336
CVE-2026-7336
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7335
CVE-2026-7335
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7334
CVE-2026-7334
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-42426
CVE-2026-42426
pkg: openclaw openclaw

published: Apr 28, 2026

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing …
CWE: CWE-863
NVD

HIGH
CVE-2026-41378
CVE-2026-41378
pkg: openclaw openclaw

published: Apr 28, 2026

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging unrestricted agent.reque…
CWE: CWE-862
GitHub-GHSA

HIGH
Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL
GHSA-5vh4-rgv7-p9g4
pkg: github.com/gotenberg/gotenberg/v8
eco: go
published: Apr 30, 2026
# CVE Report — Unauthenticated SSRF via Unfiltered Webhook URL in Gotenberg

## Severity

| Field | Value |
|———–|—————————————-|
| CVSS v3.1 | **8.6 High** |
| Vector | `AV:N/AC:L/PR:N/UI:N/S:C/C:H/…

CVE-2026-39383
GitHub-GHSA

HIGH
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API – Processes Subscriber
GHSA-jgvc-94c8-3chc
pkg: pygeoapi
eco: pip
published: Apr 29, 2026
### Impact
OGC API – Process execution requests can use the `subscriber` object to requests to internal HTTP services.

### Patches
The issue has been patched in master branch and made available as part of the 0.23.3 release. The patch disables any HTTP requests made to internal resources by defaul…

CVE-2026-42352
NVD

HIGH
CVE-2026-40967
CVE-2026-40967
pkg: vmware spring_ai

published: Apr 28, 2026

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query.

Affected versions:
Spring AI: 1.0.0 -…

CWE: CWE-94
GitHub-GHSA

HIGH
n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders
GHSA-56c3-vfp2-5qqj
pkg: n8n-mcp
eco: npm
published: Apr 30, 2026
### Impact

In the SDK embedder path (`N8NDocumentationMCPServer` constructor, `getN8nApiClient()`, and `validateInstanceContext()`), the synchronous URL validator in `SSRFProtection.validateUrlSync()` had no IPv6 checks. IPv4-mapped IPv6 addresses such as `http://[::ffff:169.254.169.254]` bypassed …

CVE-2026-42449
GitHub-GHSA

HIGH
n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay
GHSA-r4v6-9fqc-w5jr
pkg: n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
The `dynamic-node-parameters` endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supply a foreign credential ID in the request body, causing the backend to decrypt and…
CVE-2026-42226
GitHub-GHSA

HIGH
Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services
GHSA-wr32-99hh-6f35
pkg: github.com/0xJacky/Nginx-UI
eco: go
published: Apr 29, 2026
### Summary

An authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the `X-Node-ID` header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypas…

NVD

HIGH
CVE-2026-31712
CVE-2026-31712
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: require minimum ACE size in smb_check_perm_dacl()

Both ACE-walk loops in smb_check_perm_dacl() only guard against an
under-sized remaining buffer, not against an ACE whose declared
`ace->size` is smaller than the struct it …

NVD

HIGH
CVE-2026-7353
CVE-2026-7353
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-122
NVD

HIGH
CVE-2026-7352
CVE-2026-7352
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7350
CVE-2026-7350
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7345
CVE-2026-7345
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
GitHub-GHSA

HIGH
i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters
GHSA-jfgf-83c5-2c4m
pkg: i18next-http-middleware
eco: npm
published: Apr 29, 2026
### Summary

Versions of `i18next-http-middleware` prior to 3.9.3 pass the user-controlled `lng` and `ns` values from `getResourcesHandler` directly into `i18next.services.backendConnector.load(languages, namespaces, …)` without any sanitisation. Depending on which backend is configured, the unval…

CVE-2026-42353
GitHub-GHSA

HIGH
n8n Vulnerable to XSS via MCP OAuth client
GHSA-537j-gqpc-p7fq
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
An unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would exec…
CVE-2026-42235
NVD

HIGH
CVE-2026-38651
CVE-2026-38651
pkg: jwt

published: Apr 28, 2026

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network, g…
CWE: CWE-347
NVD

HIGH
CVE-2026-40022
CVE-2026-40022
pkg: apache camel

published: Apr 27, 2026

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and JWTAuthenticationCon…
CWE: CWE-288
NVD

HIGH
CVE-2026-31708
CVE-2026-31708
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path

smb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL
and the default QUERY_INFO path. The QUERY_INFO branch clamps
qi.input_buffer_length to the…

GitHub-GHSA

HIGH
Contras Affected by CopyFile Policy Subversion via Symlinks
GHSA-rh99-wc69-c255
pkg: github.com/edgelesssys/contrast
eco: go
published: Apr 30, 2026
### Impact

The [Kata agent policies](https://docs.edgeless.systems/contrast/architecture/components/policies) generated by the Contrast CLI had an issue in the `CopyFile` verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to…

NVD

HIGH
CVE-2026-7347
CVE-2026-7347
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7346
CVE-2026-7346
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-119
NVD

HIGH
CVE-2026-42431
CVE-2026-42431
pkg: openclaw openclaw

published: Apr 28, 2026

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.
CWE: CWE-863
NVD

HIGH
CVE-2026-43003
CVE-2026-43003
pkg: python

published: May 1, 2026

An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
CWE: CWE-829
NVD

HIGH
CVE-2026-43016
CVE-2026-43016
pkg: go

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready().

syzbot reported use-after-free of AF_UNIX socket's sk->sk_socket
in sk_psock_verdict_data_ready(). [0]

In unix_stream_sendmsg(), the peer socket'…

NVD

HIGH
CVE-2026-31716
CVE-2026-31716
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: validate rec->used in journal-replay file record check

check_file_record() validates rec->total against the record size but
never validates rec->used. The do_action() journal-replay handlers read
rec->used from disk and…

NVD

HIGH
CVE-2026-31703
CVE-2026-31703
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

writeback: Fix use after free in inode_switch_wbs_work_fn()

inode_switch_wbs_work_fn() has a loop like:

wb_get(new_wb);
while (1) {
list = llist_del_all(&new_wb->switch_wbs_ctxs);
/* Nothing to do? */
if (!list)

NVD

HIGH
CVE-2026-31700
CVE-2026-31700
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()

In tpacket_snd(), when PACKET_VNET_HDR is enabled, vnet_hdr points
directly into the mmap'd TX ring buffer shared with userspace. The
kernel validates the header via …

NVD

HIGH
CVE-2026-31695
CVE-2026-31695
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free

Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` for
the virt_wifi net devices. However, unregistering a virt_wifi device in
netdev_run_todo() can happ…

NVD

HIGH
CVE-2026-31694
CVE-2026-31694
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

fuse: reject oversized dirents in page cache

fuse_add_dirent_to_cache() computes a serialized dirent size from the
server-controlled namelen field and copies the dirent into a single
page-cache page. The existing logic only checks…

NVD

HIGH
CVE-2026-7584
CVE-2026-7584
pkg: python

published: May 1, 2026

The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target …
CWE: CWE-502
NVD

HIGH
CVE-2026-31693
CVE-2026-31693
pkg: linux

published: Apr 30, 2026

In the Linux kernel, the following vulnerability has been resolved:

cifs: some missing initializations on replay

In several places in the code, we have a label to signify
the start of the code where a request can be replayed if
necessary. However, some of these places were missing the
necessary re…

NVD

HIGH
CVE-2026-31786
CVE-2026-31786
pkg: linux

published: Apr 30, 2026

In the Linux kernel, the following vulnerability has been resolved:

Buffer overflow in drivers/xen/sys-hypervisor.c

The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is
neither NUL terminated nor a string.

The first causes a buffer overflow as sprintf in buildid_show will
read and …

NVD

HIGH
CVE-2026-42432
CVE-2026-42432
pkg: openclaw openclaw

published: Apr 28, 2026

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.
CWE: CWE-863
NVD

HIGH
CVE-2026-43824
CVE-2026-43824
pkg: kubernetes

published: May 2, 2026

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
CWE: CWE-212
NVD

HIGH
CVE-2026-37554
CVE-2026-37554
pkg: openssl

published: May 1, 2026

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not proper…
CWE: CWE-248
NVD

HIGH
CVE-2026-31719
CVE-2026-31719
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

crypto: krb5enc – fix async decrypt skipping hash verification

krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher
callback, which is the caller's own completion handler. When the
skcipher completes asynchronously, …

NVD

HIGH
CVE-2026-31711
CVE-2026-31711
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

smb: server: fix active_num_conn leak on transport allocation failure

Commit 77ffbcac4e56 ("smb: server: fix leak of active_num_conn in
ksmbd_tcp_new_connection()") addressed the kthread_run() failure
path. The earlier alloc_tran…

NVD

HIGH
CVE-2026-40595
CVE-2026-40595
pkg: go

published: Apr 30, 2026

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. The r…
CWE: CWE-284
GitHub-GHSA

HIGH
pygeoapi 0.23.x: Path Traversal in STAC FileSystemProvider
GHSA-f6pr-83pg-ghh6
pkg: pygeoapi
eco: pip
published: Apr 29, 2026
### Impact
A raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories without authentication. The issue manifests when pygeoapi is deployed without a proxy or web front end that would n…
CVE-2026-42351
GitHub-GHSA

HIGH
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer
GHSA-6v9c-7cg6-27q7
pkg: marked
eco: npm
published: Apr 29, 2026
### Summary
A critical Denial of Service (DoS) vulnerability exists in `marked@18.0.0`. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (`\x09\x0b\n`)—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memor…
CVE-2026-41680
GitHub-GHSA

HIGH
n8n has a Python Task Runner Sandbox Escape Vulnerability
GHSA-44v6-jhgm-p3m4
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.

– This issue only affects instances where the Python Task Runner is enabled.

## Patches
The issue …

CVE-2026-42234
GitHub-GHSA

HIGH
GoBGP has Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE
GHSA-8rxh-r2p6-7f2q
pkg: github.com/osrg/gobgp/v4
eco: go
published: Apr 29, 2026
### Summary
A remote Denial of Service (DoS) vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during the processing of 4-byte AS attributes when the message structure causes an internal slice index shift that is not…
CVE-2026-41643
GitHub-GHSA

HIGH
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
GHSA-7235-89m6-f4px
pkg: github.com/osrg/gobgp/v4
eco: go
published: Apr 29, 2026
### Summary
A remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory …
CVE-2026-41642
NVD

HIGH
CVE-2026-42520
CVE-2026-42520
pkg: node

published: Apr 29, 2026

Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins i…
CWE: CWE-22
NVD

HIGH
CVE-2026-7357
CVE-2026-7357
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7349
CVE-2026-7349
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-7343
CVE-2026-7343
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-7338
CVE-2026-7338
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)
CWE: CWE-416
GitHub-GHSA

HIGH
CoreDNS has TSIG authentication bypass on gRPC and QUIC transports
GHSA-vp29-5652-4fw9
pkg: github.com/coredns/coredns
eco: go
published: Apr 28, 2026
### Summary

The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication.

For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, `tsigStatus` remains nil and the tsig plugi…

CVE-2026-35579
GitHub-GHSA

HIGH
CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
GHSA-qhmp-q7xh-99rh
pkg: github.com/coredns/coredns
eco: go
published: Apr 28, 2026
### Summary
CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus() instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG (NOTAUTH), while the same invalid-TSIG request is accepte…
CVE-2026-33190
GitHub-GHSA

HIGH
CoreDNS' transfer stanza selection uses lexicographic compare (subzone ACL bypass)
GHSA-h8mm-c463-wjq3
pkg: github.com/coredns/coredns
eco: go
published: Apr 28, 2026
### Summary
CoreDNS' transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. A permissive parent-zone transfer rule can override a restrictive subzone rule (name-dependent), allowing an unauthorized client to perform AXFR/IXFR for the subzo…
CVE-2026-33489
GitHub-GHSA

HIGH
CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification
GHSA-63cw-r7xf-jmwr
pkg: github.com/coredns/coredns
eco: go
published: Apr 28, 2026
### Summary

CoreDNS's DNS-over-HTTPS (DoH) GET path accepts oversized `dns=` query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning `400 Bad Request`.

A remote, unauthenticated attacker can repeatedly send oversized DoH…

CVE-2026-32936
GitHub-GHSA

HIGH
CoreDNS' DoQ worker pool does not bound stream backlog
GHSA-2wpx-qpw2-g5h5
pkg: github.com/coredns/coredns
eco: go
published: Apr 28, 2026
### Summary
CoreDNS' DNS-over-QUIC (DoQ) server can be driven into large goroutine and memory growth by a remote client that opens many QUIC streams and stalls after sending only 1 byte. Even with a small configured quic { worker_pool_size … }, CoreDNS still spawns a goroutine per accepted stream …
CVE-2026-32934
NVD

HIGH
CVE-2026-42423
CVE-2026-42423
pkg: openclaw openclaw

published: Apr 28, 2026

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval, circumventing…
CWE: CWE-636
NVD

HIGH
CVE-2026-41405
CVE-2026-41405
pkg: openclaw openclaw

published: Apr 28, 2026

OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicious Teams webhook payloads to exhaust server resources by bypassing authentication checks.
CWE: CWE-408
NVD

HIGH
CVE-2026-41636
CVE-2026-41636
pkg: apache thrift

published: Apr 28, 2026

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CWE: CWE-674
NVD

HIGH
CVE-2026-41602
CVE-2026-41602
pkg: apache thrift

published: Apr 28, 2026

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CWE: CWE-190
NVD

HIGH
CVE-2026-42800
CVE-2026-42800
pkg: linux

published: Apr 30, 2026

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.

This vulnerability is associated with program files sip/utils/src/sipuri.c.

CWE: CWE-476
NVD

HIGH
CVE-2026-7710
CVE-2026-7710
pkg: jwt

published: May 4, 2026

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation…
CWE: CWE-287
NVD

HIGH
CVE-2026-7505
CVE-2026-7505
pkg: go

published: Apr 30, 2026

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.9…
CWE: CWE-266, CWE-285
NVD

HIGH
CVE-2025-50328
CVE-2025-50328
pkg: windows

published: Apr 29, 2026

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data…
CWE: CWE-290
NVD

HIGH
CVE-2026-7146
CVE-2026-7146
pkg: axios

published: Apr 27, 2026

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to server-s…
CWE: CWE-918
NVD

HIGH
CVE-2026-7461
CVE-2026-7461
pkg: windows

published: Apr 30, 2026

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a special…
CWE: CWE-78
GitHub-GHSA

HIGH
appsmith has SQL Injection in FilterDataService via Unsafe DROP TABLE Execution
GHSA-h8cj-hpmg-636v
pkg: com.appsmith:interfaces
eco: maven
published: Apr 29, 2026
### Summary
A SQL injection vulnerability exists in `FilterDataServiceCE.java` where the `dropTable` method constructs a SQL `DROP TABLE` statement using string concatenation with the table name. If the table name is derived from user input, this allows for arbitrary SQL command execution.

### Deta…

NVD

HIGH
CVE-2026-7191
CVE-2026-7191
pkg: express

published: Apr 27, 2026

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content D…
CWE: CWE-94
NVD

HIGH
CVE-2026-31707
CVE-2026-31707
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate response sizes in ipc_validate_msg()

ipc_validate_msg() computes the expected message size for each
response type by adding (or multiplying) attacker-controlled fields
from the daemon response to a fixed struct siz…

NVD

HIGH
CVE-2026-31699
CVE-2026-31699
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed

When retrieving the PEK CSR, don't attempt to copy the blob to userspace
if the firmware command failed. If the failure was due to an invalid
length, i.e. …

NVD

HIGH
CVE-2026-31698
CVE-2026-31698
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed

When retrieving the PDH cert, don't attempt to copy the blobs to userspace
if the firmware command failed. If the failure was due to an invalid
length…

NVD

HIGH
CVE-2026-31697
CVE-2026-31697
pkg: linux

published: May 1, 2026

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed

When retrieving the ID for the CPU, don't attempt to copy the ID blob to
userspace if the firmware command failed. If the failure was due to an
invalid leng…

GitHub-GHSA

HIGH
Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)
GHSA-cxx3-hr75-4q96
pkg: github.com/getarcaneapp/arcane/backend
eco: go
published: Apr 30, 2026
### Summary
Four `GET` endpoints under `/api/templates*` in Arcane's Huma backend are registered without any `Security` requirement, allowing any unauthenticated network client to list and read the full Compose YAML and `.env` content of every custom template stored in the instance. Because Arcane's…
CVE-2026-42461
GitHub-GHSA

HIGH
Clerk has an authorization bypass when combining organization, billing, or reverification checks
GHSA-w24r-5266-9c3c
pkg: @clerk/shared, @clerk/shared, @clerk/backend
eco: npm
published: Apr 30, 2026
### Summary

`has()`, `auth.protect()`, and related authorization predicates in `@clerk/shared`, `@clerk/nextjs`, `@clerk/backend`, and other framework SDKs can return true for certain combined authorization checks when the result should be false, allowing a gated action to proceed for a user who do…

CVE-2026-42349
GitHub-GHSA

HIGH
Hickory DNS's Record Cache Accepts AUTHORITY-Section NS from Sibling Zone via Parent-Pool Zone-Context Elevation
GHSA-83hf-93m4-rgwq
pkg: hickory-recursor, hickory-recursor
eco: rust
published: Apr 30, 2026
# Summary

The Hickory DNS project's experimental `hickory-recursor` crate's record cache (`DnsLru`) stores records from DNS responses keyed by each record's own (name, type), not by the query that triggered the response. `cache_response()` in `crates/recursor/src/lib.rs` chains `ANSWER`, `AUTHORITY…

GitHub-GHSA

HIGH
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
GHSA-rch3-82jr-f9w9
pkg: @jupyter-notebook/help-extension, notebook, jupyterlab
eco: npm
published: Apr 30, 2026
### Impact

A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interacti…

CVE-2026-40171
GitHub-GHSA

HIGH
CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
GHSA-h7j7-3rx6-xvcg
pkg: ckan, ckan
eco: pip
published: Apr 29, 2026
### Impact

A vulnerability in `datastore_search_sql` allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information.

### Patches
The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5

### Workarounds
Disable the DataStore SQL search (`ckan.datas…

CVE-2026-42031
GitHub-GHSA

HIGH
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
GHSA-49m9-pgww-9vq6
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
The MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. T…
CVE-2026-42236
GitHub-GHSA

MEDIUM
n8n has SQL Injection in Snowflake and MySQL Nodes
GHSA-hp3c-vfpm-q4f7
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
The fix for [GHSA-f3f2-mcxc-pwjx](https://github.com/advisories/GHSA-f3f2-mcxc-pwjx) did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings withou…
CVE-2026-42237
GitHub-GHSA

MEDIUM
n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure
GHSA-756q-gq9h-fp22
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
An authenticated user with a valid API key scoped to `variable:list` could read variables from projects they are not a member of by supplying an arbitrary `projectId` query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforci…
CVE-2026-42227
GitHub-GHSA

MEDIUM
n8n has SQL Injection in SeaTable Node
GHSA-mp4j-h6gh-f6mp
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
A flaw in the SeaTable node's `row:search` and `row:get` operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row…
CVE-2026-42229
NVD

MEDIUM
CVE-2026-7714
CVE-2026-7714
pkg: react

published: May 4, 2026

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The explo…
CWE: CWE-287, CWE-306
NVD

MEDIUM
CVE-2026-23863
CVE-2026-23863
pkg: windows

published: May 1, 2026

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exp…
CWE: CWE-158
NVD

MEDIUM
CVE-2026-1577
CVE-2026-1577
pkg: ibm db2

published: Apr 30, 2026

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
CWE: CWE-1284
NVD

MEDIUM
CVE-2025-36122
CVE-2025-36122
pkg: ibm db2

published: Apr 30, 2026

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources.
CWE: CWE-770
NVD

MEDIUM
CVE-2026-35514
CVE-2026-35514
pkg: jwt

published: Apr 30, 2026

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoint …
CWE: CWE-306
GitHub-GHSA

MEDIUM
OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter
GHSA-4625-4j76-fww9
pkg: OpenTelemetry.Exporter.OpenTelemetryProtocol
eco: nuget
published: Apr 30, 2026
### Summary

The OTLP disk retry feature in `OpenTelemetry.Exporter.OpenTelemetryProtocol` silently fell back to `Path.GetTempPath()` when `OTEL_DOTNET_EXPERIMENTAL_OTLP_RETRY=disk` was set but `OTEL_DOTNET_EXPERIMENTAL_OTLP_DISK_RETRY_DIRECTORY_PATH` was not configured.

The exporter stored and loa…

CVE-2026-42191
GitHub-GHSA

MEDIUM
Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters
GHSA-35hp-hqmv-8qg8
pkg: github.com/gofiber/fiber/v3
eco: go
published: Apr 28, 2026
### Summary
Fiber cache middleware's default key generator uses only `c.Path()` and does not include the query string.
As a result, requests like `/?id=1` and `/?id=2` can map to the same cache key and share the same cached response.

This can cause response mix-up (cache poisoning-like behavior) fo…

CVE-2026-30246
NVD

MEDIUM
CVE-2026-41369
CVE-2026-41369
pkg: openclaw openclaw

published: Apr 28, 2026

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system configurat…
CWE: CWE-668
NVD

MEDIUM
CVE-2026-41081
CVE-2026-41081
pkg: apache storm

published: Apr 27, 2026

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm

Versions Affected: up to 2.8.7

Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication (the default configuration), the TlsTranspo…

CWE: CWE-287
NVD

MEDIUM
CVE-2026-41174
CVE-2026-41174
pkg: traefik traefik

published: Apr 30, 2026

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects dire…
CWE: CWE-653, CWE-863
NVD

MEDIUM
CVE-2026-7716
CVE-2026-7716
pkg: windows

published: May 4, 2026

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made public a…
CWE: CWE-74, CWE-89
NVD

MEDIUM
CVE-2026-7629
CVE-2026-7629
pkg: react

published: May 2, 2026

A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has bee…
CWE: CWE-74, CWE-77
NVD

MEDIUM
CVE-2026-7628
CVE-2026-7628
pkg: react

published: May 2, 2026

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The exp…
CWE: CWE-74, CWE-77
NVD

MEDIUM
CVE-2026-7595
CVE-2026-7595
pkg: react

published: May 1, 2026

A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the component Tailwind Config Generator. This manipulation causes code injection. The atta…
CWE: CWE-74, CWE-94
NVD

MEDIUM
CVE-2026-7305
CVE-2026-7305
pkg: go

published: Apr 28, 2026

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes server-…
CWE: CWE-918
NVD

MEDIUM
CVE-2026-7163
CVE-2026-7163
pkg: jwt

published: Apr 30, 2026

A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hu…
CWE: CWE-312
GitHub-GHSA

MEDIUM
CKAN has CSRF exemption primed by anonymous requests
GHSA-mcvf-jxcw-vj73
pkg: ckan, ckan
eco: pip
published: Apr 29, 2026
Views can be marked as exempt from CSRF protection

Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection.

The marking was a member variable in flask-wtf.csrf.CSRFProtect(), which was stored as a module level variable in the flask_app midd…

CVE-2026-41255
NVD

MEDIUM
CVE-2026-41016
CVE-2026-41016
pkg: apache airflow

published: Apr 30, 2026

Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS…
CWE: CWE-295
GitHub-GHSA

MEDIUM
OpenTelemetry.Resources.Azure has an unbounded HTTP response body read
GHSA-vc24-j8c5-2vw4
pkg: OpenTelemetry.Resources.Azure
eco: nuget
published: Apr 29, 2026
### Summary

`OpenTelemetry.Resources.Azure` reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory.

This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle (MitM) to cause excessive memory allocation and possible p…

CVE-2026-41483
NVD

MEDIUM
CVE-2026-7669
CVE-2026-7669
pkg: python

published: May 2, 2026

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trust_remote_code with the input False as part of Boo…
CWE: CWE-74, CWE-94
NVD

MEDIUM
CVE-2026-7292
CVE-2026-7292
pkg: node

published: Apr 28, 2026

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitabil…
CWE: CWE-266, CWE-285
NVD

MEDIUM
CVE-2026-7113
CVE-2026-7113
pkg: react

published: Apr 27, 2026

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument _INSECURE_NO_AUTH results in missing authentication. The attack can be laun…
CWE: CWE-287, CWE-306
NVD

MEDIUM
CVE-2026-7112
CVE-2026-7112
pkg: react

published: Apr 27, 2026

A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KEY Handler. The manipulation leads to improper authentication. The attack can be initiated remotely. …
CWE: CWE-287
NVD

MEDIUM
CVE-2026-6528
CVE-2026-6528
pkg: wireshark wireshark

published: Apr 30, 2026

TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service
CWE: CWE-835
NVD

MEDIUM
CVE-2026-6446
CVE-2026-6446
pkg: oauth

published: May 2, 2026

The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttp_get_accounts' AJAX action. This is due to the complete absence of authorization checks (no capability verification) and nonce veri…
CWE: CWE-522
GitHub-GHSA

MEDIUM
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution
GHSA-f77h-j2v7-g6mw
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
The `/chat` WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state c…
CVE-2026-42228
NVD

MEDIUM
CVE-2026-37504
CVE-2026-37504
pkg: node

published: May 1, 2026

Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be rec…
CWE: CWE-598
NVD

MEDIUM
CVE-2025-14688
CVE-2025-14688
pkg: ibm db2

published: Apr 30, 2026

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist.
CWE: CWE-1284
GitHub-GHSA

MEDIUM
OneCollector exporter reads unbounded HTTP response bodies
GHSA-55m9-299j-53c7
pkg: OpenTelemetry.Exporter.OneCollector
eco: nuget
published: Apr 29, 2026
### Summary

When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request (i.e. HTTP 4xx or 5xx), the response is read into memory with no upper-bound on the number of bytes consumed.

This could c…

CVE-2026-41484
NVD

MEDIUM
CVE-2026-22745
CVE-2026-22745
pkg: windows

published: Apr 29, 2026

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources.

More precisely, an application can be vulnerable when all the following are true:

* the application is using Spring MVC or Spring WebFlux
* the application is serving static reso…

CWE: CWE-400
GitHub-GHSA

MEDIUM
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
GHSA-88hf-wf7h-7w4m
pkg: OpenTelemetry.Exporter.Zipkin
eco: nuget
published: Apr 28, 2026
### Summary

The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability.

### Details

– Introduce a bounded, thread-safe LRU cache for remote endpoin…

CVE-2026-41310
NVD

MEDIUM
CVE-2026-41391
CVE-2026-41391
pkg: openclaw openclaw

published: Apr 28, 2026

OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management operations by injecting m…
CWE: CWE-184
NVD

MEDIUM
CVE-2026-22726
CVE-2026-22726
pkg: go

published: May 1, 2026

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable…
CWE: CWE-923
NVD

MEDIUM
CVE-2026-40974
CVE-2026-40974
pkg: ssl

published: Apr 28, 2026

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra.

Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); Ca…

CWE: CWE-295
NVD

MEDIUM
CVE-2026-40971
CVE-2026-40971
pkg: ssl

published: Apr 27, 2026

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.

Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14) per vendor advisory.

CWE: CWE-295
NVD

MEDIUM
CVE-2026-40970
CVE-2026-40970
pkg: ssl

published: Apr 27, 2026

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server.

Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.

CWE: CWE-295
NVD

MEDIUM
CVE-2026-1858
CVE-2026-1858
pkg: tls

published: Apr 29, 2026

wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
CWE: CWE-20
NVD

MEDIUM
CVE-2025-10539
CVE-2025-10539
pkg: tls

published: Apr 28, 2026

Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the attack…
CWE: CWE-295, CWE-296, CWE-494
NVD

MEDIUM
CVE-2026-40557
CVE-2026-40557
pkg: ssl

published: Apr 27, 2026

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter

Versions Affected: from 2.6.3 to 2.8.6

Description: 

In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validation (by default it…

CWE: CWE-295
GitHub-GHSA

MEDIUM
n8n has Open Redirect in MCP OAuth Consent Flow
GHSA-f6x8-65q6-j9m9
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
The `/mcp-oauth/register` endpoint accepted OAuth client registrations without authentication, allowing arbitrary `redirect_uri` values to be registered. When a user denies the MCP OAuth consent dialog, the `handleDeny` handler redirects the user to the registered `redirect_uri` without va…
CVE-2026-42230
NVD

MEDIUM
CVE-2026-7596
CVE-2026-7596
pkg: react

published: May 1, 2026

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be …
CWE: CWE-79, CWE-94
NVD

MEDIUM
CVE-2026-7340
CVE-2026-7340
pkg: google chrome, apple macos, linux linux_kernel

published: Apr 28, 2026

Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-472
GitHub-GHSA

MEDIUM
Weblate Doesn't Invalidate API Token on Password Change
GHSA-6j8j-4qp3-36p2
pkg: weblate
eco: pip
published: Apr 30, 2026
### Impact
When a user changes their password, browser sessions are correctly invalidated via `cycle_session_keys()`, but DRF API tokens (`wlu_*` prefix) stored in `authtoken_token` are not revoked.

### Patches
* https://github.com/WeblateOrg/weblate/pull/19057

### Resources
Weblate thanks Sang Yu…

CVE-2026-41519
GitHub-GHSA

MEDIUM
CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
GHSA-cg4x-64p3-x59h
pkg: ckan, ckan
eco: pip
published: Apr 30, 2026
### Impact

A vulnerability in `datastore_search_sql` allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information

### Patches
The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5

### Workarounds
Disable the DataStore SQL search (`c…

CVE-2026-42032
GitHub-GHSA

MEDIUM
Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
GHSA-cwcx-382v-8m9g
pkg: weblate
eco: pip
published: Apr 30, 2026
### Impact
An authenticated user with `project.add` permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose `components/<name>.json` contains an attacker-chosen `repo` URL pointing at a **private address** (e.g. …
CVE-2026-41654
GitHub-GHSA

MEDIUM
Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool
GHSA-p7fg-763f-g4gf
pkg: @anthropic-ai/sdk
eco: npm
published: Apr 29, 2026
The `BetaLocalFilesystemMemoryTool` in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes (`0o666` for files, `0o777` for directories), leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive uma…
CVE-2026-41686
GitHub-GHSA

MEDIUM
netfoil's optional seccomp sandboxing was not applied
GHSA-vjgj-42f6-7997
pkg: github.com/tinfoil-factory/netfoil
eco: go
published: Apr 29, 2026
### Summary
The optional flag `–filter-system-calls` was not applied even if specified.

### Details
This is a defense in depth feature to apply additional seccomp filters after the binary has started. The example config also sandboxes the binary with systemd.

### Impact
Reduced sandboxing of the …

GitHub-GHSA

MEDIUM
Netfoil has incorrect allowlist enforcement
GHSA-84g5-x8j3-7235
pkg: github.com/tinfoil-factory/netfoil
eco: go
published: Apr 29, 2026
### Summary
Rules could be bypassed by changing the first character: `example.com` could be be bypassed by e.g. `fxample.com`.

### Details
Off-by-one error in the suffixtrie implementation.

### Impact
The domain filter could be bypassed. Please note that DNS filtering alone is not enough to block …

GitHub-GHSA

MEDIUM
OpenClaw: Webchat audio embedding could read local files without local-root containment
GHSA-gfg9-5357-hv4c
pkg: openclaw
eco: npm
published: Apr 29, 2026
## Impact

OpenClaw deployments before `2026.4.15` could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths.

If an attacker could influence an agent or tool-produced `ReplyPayload.mediaUrl`, the webchat audio…

GitHub-GHSA

MEDIUM
OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners
GHSA-c28g-vh7m-fm7v
pkg: openclaw
eco: npm
published: Apr 29, 2026
## Impact

OpenClaw deployments before `2026.4.21` could treat a non-owner sender as authorized for owner-enforced slash commands when all of the following were true:

– a channel plugin declared `commands.enforceOwnerForCommands: true`;
– the channel accepted wildcard inbound senders with `allowFro…

GitHub-GHSA

MEDIUM
n8n has SQL Injection in Oracle Database Node via Limit Field
GHSA-r6jc-mpqw-m755
pkg: n8n, n8n, n8n
eco: npm
published: Apr 29, 2026
## Impact
A flaw in the Oracle Database node's select operation allowed user-controlled input passed into the `Limit` field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the `Limit` field (e.g…
CVE-2026-42233
GitHub-GHSA

MEDIUM
CKAN has no certificate validation on STMP connection
GHSA-mpfm-fpgx-647q
pkg: ckan, ckan
eco: pip
published: Apr 29, 2026
### Impact
Configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks.

### Patches
The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5

CVE-2026-41132
GitHub-GHSA

MEDIUM
beets has a Cross-site Scripting vulnerability
GHSA-3gxm-wfjx-m847
pkg: beets
eco: pip
published: Apr 29, 2026
During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered.

## Overview
– Verified Version: `80cd21554124da07d17a4f962c7d770a4f70d0f2`
– Vulnerability Type: Stored XSS
– Affected Location: `beetsplug/web/templates/index.html:42`
– Trigger Scena…

CVE-2026-42052