Vulnerability Digest — July 10, 2026 · 34 Critical · 4 Exploited






Vulnerability Digest — Friday, July 10, 2026


Security Report

Friday, July 10, 2026  ·  Last 7 days  ·  Min severity: MEDIUM
Total Findings
308
Critical
34
High
140
Actively Exploited
4
CISA-KEV4
NVD178
GitHub-GHSA126
Findings sorted by severity
CISA-KEV

CRITICAL
Langflow Authorization Bypass Through User-Controlled Key Vulnerability
CVE-2026-55255
pkg: Langflow Langflow

published: Jul 7, 2026

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Joomlack Page Builder Improper Access Control Vulnerability
CVE-2026-56290
pkg: Joomlack Page Builder

published: Jul 7, 2026

Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
Adobe ColdFusion Path Traversal Vulnerability
CVE-2026-48282
pkg: Adobe ColdFusion

published: Jul 7, 2026

Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV

CRITICAL
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-48908
pkg: JoomShaper SP Page Builder

published: Jul 7, 2026

JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
NVD

CRITICAL
CVE-2026-54769
CVE-2026-54769
pkg: python

published: Jul 10, 2026

Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages w…
CWE: CWE-94
NVD

CRITICAL
CVE-2026-59726
CVE-2026-59726
pkg: docker

published: Jul 9, 2026

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminal_execute, obtain a…
CWE: CWE-78, CWE-306, CWE-942
NVD

CRITICAL
CVE-2026-54782
CVE-2026-54782
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings…
CWE: CWE-290, CWE-347
GitHub-GHSA

CRITICAL
Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE
GHSA-v5px-423j-pf7p
pkg: github.com/nuclio/nuclio
eco: go
published: Jul 8, 2026
## Summary

Nuclio controller builds a `curl` invocation string for each cron trigger and stores it as the `args` of a Kubernetes CronJob container (`/bin/sh`, `-c`, `<command>`). Two fields in the trigger specification flow into this string without adequate sanitization:

– `event.headers` keys —…

CVE-2026-52831
GitHub-GHSA

CRITICAL
9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
GHSA-vjc7-jrh9-9j86
pkg: 9router
eco: npm
published: Jul 6, 2026

title: Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
product: 9Router
version: <= 0.4.41
severity: critical
cve_request: true

## Summary

Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The `/api/providers` e…

NVD

CRITICAL
CVE-2026-57572
CVE-2026-57572
pkg: kidocode crawl4ai

published: Jul 6, 2026

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together w…
CWE: CWE-88, CWE-94
GitHub-GHSA

CRITICAL
Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent
GHSA-q9p7-wqxg-mrhc
pkg: langroid
eco: pip
published: Jul 6, 2026
### Advisory Details
**Title**: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

**Description**:
### Summary
Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities…

CVE-2026-54769
GitHub-GHSA

CRITICAL
9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover
GHSA-qvfm-67h2-2qfx
pkg: 9router
eco: npm
published: Jul 6, 2026
## Summary

The `/api/settings/database` endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the `ALWAYS_PROTECTED` middleware check, which only validates J…

CVE-2026-55500
NVD

CRITICAL
CVE-2026-34038
CVE-2026-34038
pkg: docker

published: Jul 6, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution and…
CWE: CWE-78
NVD

CRITICAL
CVE-2026-13019
CVE-2026-13019
pkg: esri portal_for_arcgis, kubernetes kubernetes, linux linux_kernel

published: Jul 7, 2026

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.
CWE: CWE-640
NVD

CRITICAL
CVE-2026-9182
CVE-2026-9182
pkg: esri arcgis_server, linux linux_kernel, microsoft windows

published: Jul 6, 2026

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts all …
CWE: CWE-434
NVD

CRITICAL
CVE-2026-9181
CVE-2026-9181
pkg: esri arcgis_server, linux linux_kernel, microsoft windows

published: Jul 6, 2026

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this issu…
CWE: CWE-22
NVD

CRITICAL
CVE-2026-53913
CVE-2026-53913
pkg: apache camel

published: Jul 6, 2026

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in Apache Camel Keycloak Component.

The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess(), which performs three check…

CWE: CWE-287, CWE-306, CWE-636
NVD

CRITICAL
CVE-2026-58422
CVE-2026-58422
pkg: oauth

published: Jul 3, 2026

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
CWE: CWE-284
NVD

CRITICAL
CVE-2026-20896
CVE-2026-20896
pkg: docker

published: Jul 3, 2026

Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
CWE: CWE-284
NVD

CRITICAL
CVE-2026-15113
CVE-2026-15113
pkg: google chrome, google android

published: Jul 8, 2026

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
GitHub-GHSA

CRITICAL
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
GHSA-xqhv-chqm-fhcc
pkg: github.com/BishopFox/joro
eco: go
published: Jul 8, 2026
# Unauthenticated Cross-Origin Plugin Upload Leads to RCE (Joro ≤ v1.1.0)

**Severity:** Critical
**CVSS v3.1:** 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
**Affected versions:** Joro ≤ v1.1.0, proxy mode (default), Linux/macOS
**Reporter:** cstover
**Date:** 2026-05-27

## Summary

Joro's d…

CVE-2026-53649
NVD

CRITICAL
CVE-2026-15062
CVE-2026-15062
pkg: python

published: Jul 8, 2026

SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization scope. An attacker could exploit these vulnerabilities by embedding SQL payloads in source database co…
CWE: CWE-89
GitHub-GHSA

CRITICAL
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
GHSA-26rh-24rg-j3vv
pkg: github.com/zhenorzz/goploy
eco: go
published: Jul 7, 2026
### Summary

`Project.AddFile`, `Project.EditFile`, `Project.RemoveFile`, and `Project.Edit` in `cmd/server/api/project/handler.go` accept a project or project-file row id from the JSON body and act on it without checking that the project belongs to the caller's namespace. The corresponding `model.P…

CVE-2026-53552
GitHub-GHSA

CRITICAL
@better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints
GHSA-5rr4-8452-hf4v
pkg: @better-auth/sso
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `@better-auth/sso` at a version `>= 0.1.0, < 1.6.11` on the stable line, or any `1.7.0-beta.x` on the pre-release line.
– The `sso()` plugin is added to their application's `betterAuth({ plugins: […]…

CVE-2026-53513
NVD

CRITICAL
CVE-2026-15378
CVE-2026-15378
pkg: kubernetes

published: Jul 10, 2026

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including c…
CWE: CWE-918
GitHub-GHSA

CRITICAL
Zebra: Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness
GHSA-ww9q-8r59-xv46
pkg: zebrad, halo2_gadgets, orchard
eco: rust
published: Jul 6, 2026
### Summary

A soundness vulnerability in the variable-base scalar multiplication gadget of `halo2_gadgets` allowed a malicious prover to produce a valid proof for an Orchard Action with an *under-constrained* base point. Because this gadget enforces the diversified-address-integrity condition of th…

CVE-2026-54496
GitHub-GHSA

CRITICAL
Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access
GHSA-3fcv-jvfp-m4q9
pkg: github.com/cilium/cilium, github.com/cilium/cilium, github.com/cilium/cilium
eco: go
published: Jul 6, 2026
### Impact

When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive info…

CVE-2026-49445
NVD

CRITICAL
CVE-2026-58122
CVE-2026-58122
pkg: oauth

published: Jul 9, 2026

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to per…
CWE: CWE-348
GitHub-GHSA

CRITICAL
Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
GHSA-pw9m-5jxm-xr6h
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `better-auth` and has enabled at least one of: `oidcProvider()` (imported from `better-auth/plugins/oidc-provider`), or `mcp()` (imported from `better-auth/plugins/mcp`).
– Their application has at lea…

CVE-2026-53512
GitHub-GHSA

CRITICAL
Decompress: Archive extraction can create files and links outside of the target directory
GHSA-mp2f-45pm-3cg9
pkg: @xhmikosr/decompress, @xhmikosr/decompress, decompress
eco: npm
published: Jul 6, 2026
### Impact

When extracting an archive to a directory, a crafted archive can read or write files outside that directory. The flaw is in the code that writes the parsed entries, so it affects every format decompress handles: tar, tar.gz, tar.bz2, and zip by default, plus any others added through the …

CVE-2026-53486
NVD

CRITICAL
CVE-2026-26247
CVE-2026-26247
pkg: oauth

published: Jul 3, 2026

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check.
CWE: CWE-284
NVD

CRITICAL
CVE-2026-26232
CVE-2026-26232
pkg: oauth

published: Jul 3, 2026

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange.
CWE: CWE-294
GitHub-GHSA

CRITICAL
Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
GHSA-2pq5-3q89-j7cc
pkg: langroid
eco: pip
published: Jul 6, 2026
Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection (direct user input or indirect content the agent reads back via RAG), so an attacker who can influ…
CVE-2026-55615
GitHub-GHSA

CRITICAL
Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
GHSA-6xc5-4r68-67fc
pkg: langroid
eco: pip
published: Jul 6, 2026
# SQLChatAgent `_validate_query` dangerous-pattern regex is bypassable via quoted/commented/qualified function names

## Summary

The `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) with a `sqlg…

CVE-2026-54760
NVD

HIGH
CVE-2026-59148
CVE-2026-59148
pkg: express

published: Jul 9, 2026

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: * with write methods a…
CWE: CWE-306, CWE-352, CWE-732, CWE-942
NVD

HIGH
CVE-2026-15133
CVE-2026-15133
pkg: google chrome

published: Jul 8, 2026

Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15132
CVE-2026-15132
pkg: google chrome

published: Jul 8, 2026

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
NVD

HIGH
CVE-2026-15129
CVE-2026-15129
pkg: google chrome

published: Jul 8, 2026

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-15126
CVE-2026-15126
pkg: google chrome

published: Jul 8, 2026

Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15125
CVE-2026-15125
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-863
NVD

HIGH
CVE-2026-15123
CVE-2026-15123
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-122
NVD

HIGH
CVE-2026-15121
CVE-2026-15121
pkg: google chrome

published: Jul 8, 2026

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15118
CVE-2026-15118
pkg: google chrome

published: Jul 8, 2026

Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15116
CVE-2026-15116
pkg: google chrome

published: Jul 8, 2026

Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15114
CVE-2026-15114
pkg: google chrome

published: Jul 8, 2026

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)
CWE: CWE-125, CWE-787
NVD

HIGH
CVE-2026-15112
CVE-2026-15112
pkg: google chrome

published: Jul 8, 2026

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD

HIGH
CVE-2026-15110
CVE-2026-15110
pkg: google chrome

published: Jul 8, 2026

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15107
CVE-2026-15107
pkg: google chrome

published: Jul 8, 2026

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD

HIGH
CVE-2026-59257
CVE-2026-59257
pkg: n8n n8n

published: Jul 8, 2026

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated {{ … }} expression values directly into the raw SQL string without parameterization. When a workflow use…
CWE: CWE-89
NVD

HIGH
CVE-2026-34158
CVE-2026-34158
pkg: docker

published: Jul 7, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker() helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a …
CWE: CWE-78
NVD

HIGH
CVE-2026-34168
CVE-2026-34168
pkg: docker

published: Jul 7, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a storag…
CWE: CWE-78
NVD

HIGH
CVE-2026-42204
CVE-2026-42204
pkg: docker

published: Jul 6, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an aut…
CWE: CWE-78
NVD

HIGH
CVE-2026-34599
CVE-2026-34599
pkg: docker

published: Jul 6, 2026

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership (lowest privilege member role) to execute a…
CWE: CWE-78
NVD

HIGH
CVE-2026-14535
CVE-2026-14535
pkg: node

published: Jul 4, 2026

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in …
CWE: CWE-693
NVD

HIGH
CVE-2026-14534
CVE-2026-14534
pkg: python

published: Jul 4, 2026

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with…
CWE: CWE-184, CWE-502
NVD

HIGH
CVE-2025-71380
CVE-2025-71380
pkg: node

published: Jul 4, 2026

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete…
CWE: CWE-284
GitHub-GHSA

HIGH
Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding — chunked / HTTP/2 requests
GHSA-659f-rgp5-w4wf
pkg: github.com/zalando/skipper
eco: go
published: Jul 8, 2026
### Summary

`zalando/skipper`'s OpenPolicyAgent integration silently bypasses request-body
inspection on HTTP/1.1 `Transfer-Encoding: chunked` and HTTP/2 requests that
omit the `content-length` pseudo-header. When the
`opaAuthorizeRequestWithBody` filter is configured, the
`OpenPolicyAgentInstance.…

CVE-2026-50197
NVD

HIGH
CVE-2026-14891
CVE-2026-14891
pkg: docker

published: Jul 8, 2026

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability, CVE…
CWE: CWE-59
GitHub-GHSA

HIGH
Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default
GHSA-9h47-pqcx-hjr4
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `better-auth` at a version below the patched release.
– Their application enables `oidcProvider()` from `better-auth/plugins/oidc-provider` or `mcp()` from `better-auth/plugins/mcp` (the mcp plugin del…

GitHub-GHSA

HIGH
Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
GHSA-9rjw-3gwp-f59v
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`UpsertWorkspaceApp` overwrites an existing app's `agent_id` on a primary-key conflict and `insertAgentApp` accepts the app ID from the provisioner's `CompleteJob` payload without verifying it belongs to the workspace being built. `CompleteJob` runs under `dbauthz.AsProvisionerd` so the…

CVE-2026-55429
NVD

HIGH
CVE-2026-57573
CVE-2026-57573
pkg: kidocode crawl4ai

published: Jul 6, 2026

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handle_stream_crawl_request passed seed URLs straight to the crawler with no destination validatio…
CWE: CWE-918
NVD

HIGH
CVE-2026-54765
CVE-2026-54765
pkg: traefik traefik

published: Jul 6, 2026

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only one…
CWE: CWE-284, CWE-863
GitHub-GHSA

HIGH
flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`
GHSA-h9f9-h6gm-wc85
pkg: flyto-core
eco: pip
published: Jul 6, 2026
## Unauthenticated Command Execution via HTTP MCP `execute_module`

### Summary

The HTTP MCP endpoint (`POST /mcp`) in flyto-core accepts unauthenticated JSON-RPC `tools/call` requests and dispatches them to arbitrary registered modules, including `sandbox.execute_shell`, which passes attacker-cont…

CVE-2026-55786
NVD

HIGH
CVE-2026-54424
CVE-2026-54424
pkg: windows

published: Jul 4, 2026

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of …
CWE: CWE-648
NVD

HIGH
CVE-2026-47829
CVE-2026-47829
pkg: openssh

published: Jul 9, 2026

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation.
Affected v…
NVD

HIGH
CVE-2026-15122
CVE-2026-15122
pkg: google chrome, microsoft windows

published: Jul 8, 2026

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

HIGH
CVE-2026-15120
CVE-2026-15120
pkg: google chrome, microsoft windows

published: Jul 8, 2026

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15119
CVE-2026-15119
pkg: google chrome

published: Jul 8, 2026

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-362
NVD

HIGH
CVE-2026-55830
CVE-2026-55830
pkg: python

published: Jul 8, 2026

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted position…
CWE: CWE-184
GitHub-GHSA

HIGH
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
GHSA-37h2-6p4f-mp3q
pkg: serena-agent
eco: pip
published: Jul 8, 2026
### Summary

Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port (TCP 24282, hardcoded as `0x5EDA` in `constants.py`). The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage …

CVE-2026-49471
GitHub-GHSA

HIGH
@better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
GHSA-j8v8-g9cx-5qf4
pkg: @better-auth/scim
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of these hold:

– They install and register the `@better-auth/scim` plugin (`plugins: [scim()]`).
– They create SCIM providers without an `organizationId`, that is, non-organization ("personal") providers. Organization-scoped providers are not affected b…

GitHub-GHSA

HIGH
Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email
GHSA-g38m-r43w-p2q7
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `better-auth` at a version `< 1.6.11` on the stable line, or any current `next` pre-release.
– `emailAndPassword.enabled: true` is set in their application's `betterAuth({ … })` configuration.
– At l…

CVE-2026-53516
GitHub-GHSA

HIGH
Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write
GHSA-qrwj-vh9x-gw5v
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`agentConn.apiClient()` used the default redirect behavior of `http.Client` while its custom transport dialed the host from the request URL as long as the port was the workspace agent HTTP API port (`4`). Agent tailnet IPs are deterministic from agent UUIDs, so a malicious workspace age…

GitHub-GHSA

HIGH
Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`
GHSA-mcqq-fqgf-rxwm
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHConfigOptions`) into the user's `~/.ssh/config` without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration.

> **Note:** P…

CVE-2026-55427
NVD

HIGH
CVE-2026-54423
CVE-2026-54423
pkg: node

published: Jul 10, 2026

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
CWE: CWE-424
GitHub-GHSA

HIGH
`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes
GHSA-4jhm-jv67-739f
pkg: lxml_html_clean
eco: pip
published: Jul 8, 2026
# `lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes (`xlink:href`)

**Reporter:** Guillem Lefait <guillem@datamq.com> · **Date:** 2026-05-10
**Affected:** `lxml` ≤ 6.1.0 and `lxml_html_clean` ≤ 0.4.4 (latest stable)
**Confirmed against:** lxml 6.1.0 + lx…

CVE-2026-49825
GitHub-GHSA

HIGH
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
GHSA-wrq8-fcv5-8hvp
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The tailnet coordinator validates that an agent's `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinator forwards agent-supplied `AllowedIPs` verbatim to tunnel peers which install them into the WireGuard peer configuration.

### …

CVE-2026-55428
NVD

HIGH
CVE-2026-59195
CVE-2026-59195
pkg: pnpm pnpm

published: Jul 6, 2026

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under node_modules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml whose…
CWE: CWE-22
NVD

HIGH
CVE-2026-46591
CVE-2026-46591
pkg: apache camel

published: Jul 6, 2026

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component.

The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection throu…

CWE: CWE-943
NVD

HIGH
CVE-2026-12597
CVE-2026-12597
pkg: oauth

published: Jul 10, 2026

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array retur…
CWE: CWE-287
NVD

HIGH
CVE-2026-12595
CVE-2026-12595
pkg: oauth

published: Jul 10, 2026

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /user…
CWE: CWE-287
NVD

HIGH
CVE-2026-31985
CVE-2026-31985
pkg: tls

published: Jul 9, 2026

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Re…
CWE: CWE-671
NVD

HIGH
CVE-2026-54591
CVE-2026-54591
pkg: python

published: Jul 8, 2026

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../ tra…
CWE: CWE-22
GitHub-GHSA

HIGH
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
GHSA-6h3c-r723-7fx3
pkg: nl.nl-portal:taak
eco: maven
published: Jul 8, 2026
## Impact

In versions from 1.5.0 up to and including 3.0.0, any authenticated portal user could complete and tamper with another user's open task by submitting it on their behalf. The task submission endpoint accepted a task ID and a payload, but it never checked whether the task actually belonged …

CVE-2026-49464
NVD

HIGH
CVE-2026-54652
CVE-2026-54652
pkg: nginx

published: Jul 8, 2026

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and ena…
CWE: CWE-269, CWE-532, CWE-598, CWE-863
GitHub-GHSA

HIGH
@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
GHSA-7w99-5wm4-3g79
pkg: @better-auth/oauth-provider, better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their project depends on `@better-auth/oauth-provider` at a version `>= 1.6.0, < 1.6.11`, or uses the embedded plugin in `better-auth >= 1.4.8-beta.7, < 1.6.0`, or enables the legacy `oidc-provider` or `mcp` plugins from `be…

CVE-2026-53518
GitHub-GHSA

HIGH
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
GHSA-392p-2q2v-4372
pkg: @better-auth/oauth-provider, better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their project depends on `@better-auth/oauth-provider` at a version `>= 1.6.0, < 1.6.11`, or uses the embedded plugin in `better-auth >= 1.4.8-beta.7, < 1.6.0`.
– At least one OAuth client served by their application's autho…

CVE-2026-53517
NVD

HIGH
CVE-2026-13020
CVE-2026-13020
pkg: esri portal_for_arcgis, kubernetes kubernetes, linux linux_kernel

published: Jul 7, 2026

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an …
CWE: CWE-640
GitHub-GHSA

HIGH
Langroid: handle_message() executes user-supplied tool JSON without sender verification
GHSA-gjgq-w2m6-wr5q
pkg: langroid
eco: pip
published: Jul 6, 2026
## Summary

A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`.

## Details

`enable_message(…, use=False, handle=True)` only prevents the LLM from being instructed…

CVE-2026-54771
NVD

HIGH
CVE-2026-49297
CVE-2026-49297
pkg: apache apache-airflow-providers-google

published: Jul 6, 2026

Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (ty…
CWE: CWE-22
NVD

HIGH
CVE-2026-43865
CVE-2026-43865
pkg: apache camel

published: Jul 6, 2026

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component.

The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself – that is, when no user…

CWE: CWE-502
NVD

HIGH
CVE-2026-40859
CVE-2026-40859
pkg: apache camel

published: Jul 6, 2026

Deserialization of Untrusted Data vulnerability in Apache Camel.

The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter (VertxHttpHelper.deserialize…

CWE: CWE-502
NVD

HIGH
CVE-2026-12746
CVE-2026-12746
pkg: oauth

published: Jul 4, 2026

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter.

The authentication_url method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting …

CWE: CWE-352
NVD

HIGH
CVE-2026-12740
CVE-2026-12740
pkg: oauth

published: Jul 4, 2026

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter.

RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session (register_s…

CWE: CWE-352
NVD

HIGH
CVE-2025-71372
CVE-2025-71372
pkg: python

published: Jul 4, 2026

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling supply-…
CWE: CWE-502
NVD

HIGH
CVE-2026-28699
CVE-2026-28699
pkg: oauth

published: Jul 3, 2026

Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.
CWE: CWE-284, CWE-863
GitHub-GHSA

HIGH
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN
GHSA-9×82-rm84-c6x7
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview

Remote Code Execution (RCE) is possible via Velocity Templates used by DSpace for [COAR Notify/LDN messages](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126679/COAR+Notify). _This vulnerability impacts DSpace versions 8.0 <= 8.3, 9.0 <= 9.2._ The attacker MUST already have DSpace a…

CVE-2026-49832
NVD

HIGH
CVE-2026-22927
CVE-2026-22927
pkg: windows

published: Jul 8, 2026

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability.
CWE: CWE-22
GitHub-GHSA

HIGH
Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command
GHSA-798h-hpph-m24j
pkg: linuxfabrik-lib
eco: pip
published: Jul 6, 2026
### Summary
When a check plugin places user provided input inside a command which is passed to `shell_exec`, an attacker can abuse this to run arbitrary commands. This is mainly dangerous for plugins which are listed in the sudoers file, because this allows an attacker controlling the nagios user to…
CVE-2026-55426
GitHub-GHSA

HIGH
Open Babel has out-of-bounds write in MOPAC translationVectors[] (UNIT CELL TRANSLATION)
GHSA-55f6-pf8r-c2f4
pkg: openbabel
eco: pip
published: Jul 6, 2026
### Summary

A memory-safety vulnerability in Open Babel's MOPAC output parser
allowed an out-of-bounds write into the `translationVectors[]` array
when reading the "UNIT CELL TRANSLATION" block of a crafted input
file.

### Details

The MOPAC output reader stored translation vectors from the UNIT C…

CVE-2022-46292
NVD

HIGH
CVE-2026-33655
CVE-2026-33655
pkg: go

published: Jul 9, 2026

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/bl…
CWE: CWE-918
NVD

HIGH
CVE-2026-59216
CVE-2026-59216
pkg: python

published: Jul 9, 2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get_event_call delivered execute:python and execute:tool Socket.IO events to a client-supplied session_id after checking only that the session was connected, allowing authenticated users who learne…
CWE: CWE-94, CWE-200, CWE-639, CWE-862
GitHub-GHSA

HIGH
Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths
GHSA-52vm-mxx8-f227
pkg: phantom-audio
eco: pip
published: Jul 9, 2026
### Impact

In Phantom <= 1.3.0, when `PHANTOM_OUTPUT_DIR` was unset (the default), the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls (e.g. an AI agent driving the MCP interface) could **write or overwrite arbitrary files** the process user …

NVD

HIGH
CVE-2026-14373
CVE-2026-14373
pkg: docker

published: Jul 8, 2026

HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on t…
CWE: CWE-862
NVD

HIGH
CVE-2026-60002
CVE-2026-60002
pkg: openbsd openssh

published: Jul 8, 2026

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
CWE: CWE-416
GitHub-GHSA

HIGH
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
GHSA-4g5x-hcwm-82jw
pkg: github.com/zhenorzz/goploy
eco: go
published: Jul 7, 2026
> [ Click here to jump to the Simplified Chinese version (点击跳转到简体中文版本)](#goploy-系统任意文件读取)
# Goploy System Arbitrary File Read Vulnerability

## Basic Information
– **Vulnerability Name**: Goploy Endpoints Arbitrary File Read via Path Traversal
– **Vulnerability …

CVE-2026-53553
GitHub-GHSA

HIGH
Better Auth has stored XSS in the auth-server origin via javascript: redirect_uri in oidc-provider and mcp
GHSA-86j7-9j95-vpqj
pkg: better-auth, better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Check each condition. Users are affected when all of the first three hold.

– Their application enables the `oidc-provider` plugin or the `mcp` plugin from `better-auth/plugins`. The `mcp` plugin wraps the same provider and carries the same defect. Both are on the migration path …

GitHub-GHSA

HIGH
Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin
GHSA-fmh4-wcc4-5jm3
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following are true:

– Their application uses `better-auth` with the `organization` plugin (`import { organization } from "better-auth/plugins/organization"`).
– Their application enables a sign-up surface that allows arbitrary unverified email re…

CVE-2026-53514
GitHub-GHSA

HIGH
New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs
GHSA-6qcr-qxgr-m7fv
pkg: github.com/QuantumNous/new-api
eco: go
published: Jul 7, 2026
## Summary

The default SSRF protection configuration did not apply IP filtering to hostnames. With `ApplyIPFilterForDomain` disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure n…

CVE-2026-33655
GitHub-GHSA

HIGH
Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps
GHSA-v54h-cp2w-9x4g
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`coder open app` opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the `$SESSION_TOKEN` placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler.

> **Note:** Practical explo…

CVE-2026-55431
GitHub-GHSA

HIGH
OpenRemote has Cross-Realm User Information Disclosure in UserResourceImpl
GHSA-xqr9-4wvv-gvch
pkg: io.openremote:openremote-manager
eco: maven
published: Jul 6, 2026
### Summary

A realm admin of tenant B can read the profile, client roles, and realm roles of any user in any other realm (including the master realm) by supplying the target user's UUID in the REST API path. Three read endpoints in UserResourceImpl check whether the caller holds the read:admin role…

CVE-2026-54641
NVD

HIGH
CVE-2026-9165
CVE-2026-9165
pkg: kubernetes

published: Jul 6, 2026

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central,…
CWE: CWE-400
GitHub-GHSA

HIGH
OpenRemote has an incomplete fix for CVE-2026-40882: XXE in KNXProtocol.startAssetImport() allows arbitrary file read via unprotected XMLInputFactory
GHSA-7v6w-c3f4-9wpq
pkg: io.openremote:openremote-agent
eco: maven
published: Jul 6, 2026
### Summary
The fix for CVE-2026-40882 addressed only the Velbus asset import handler. The KNX asset import handler (`KNXProtocol`) processes user-uploaded ETS project ZIP files through Saxon XSLT and `XMLInputFactory.newInstance()` with no XXE protection, allowing any authenticated user to read arb…
CVE-2026-54640
GitHub-GHSA

HIGH
Mistune: Potential DoS via quadratic-time parsing in parse_link_text
GHSA-qcq2-496w-v96p
pkg: mistune
eco: pip
published: Jul 9, 2026
### Summary
Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. A relatively small input consisting of repeated [ characters causes significant parsing slowdown.

### Affected component
mistune/inline_parser.py → **parse_link_text**

CVE-2026-49851
NVD

HIGH
CVE-2026-54695
CVE-2026-54695
pkg: python

published: Jul 9, 2026

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid fr…
CWE: CWE-862
NVD

HIGH
CVE-2026-13462
CVE-2026-13462
pkg: ssl

published: Jul 9, 2026

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
NVD

HIGH
CVE-2026-11404
CVE-2026-11404
pkg: tls

published: Jul 9, 2026

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthentica…
CWE: CWE-125
GitHub-GHSA

HIGH
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
GHSA-7cmj-v6x8-frvv
pkg: ca.uhn.hapi.fhir:org.hl7.fhir.dstu2, ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may, ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
eco: maven
published: Jul 9, 2026
# Summary
All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource …
CVE-2026-49485
GitHub-GHSA

HIGH
Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser
GHSA-836r-79rf-4m37
pkg: soupsieve
eco: pip
published: Jul 9, 2026
### Summary

The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the `VALUE` regex pattern in `css_parser.py` enters exponen…

CVE-2026-49477
GitHub-GHSA

HIGH
Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
GHSA-2wc2-fm75-p42x
pkg: soupsieve
eco: pip
published: Jul 9, 2026
### Summary

The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to `soupsieve.compile()` or Beautiful Soup's `.select()` / `.selec…

CVE-2026-49476
GitHub-GHSA

HIGH
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS
GHSA-387m-935m-c4vw
pkg: io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client
eco: maven
published: Jul 9, 2026
The Netty-based Micronaut HTTP Client does not impose a limit on HTTP redirections, potentially allowing an infinite redirect loop that could lead to a denial-of-service attack.

### Patches

The following versions are patched:

– For Micronaut 5, versions equal or greater than [5.0.1](https://gith…

NVD

HIGH
CVE-2026-54772
CVE-2026-54772
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tc…
CWE: CWE-400, CWE-835
NVD

HIGH
CVE-2026-54499
CVE-2026-54499
pkg: python

published: Jul 8, 2026

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(…, weights_only=True) but fall back to torch.load(…, weights_o…
CWE: CWE-502, CWE-676
NVD

HIGH
CVE-2026-15117
CVE-2026-15117
pkg: google chrome

published: Jul 8, 2026

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-15111
CVE-2026-15111
pkg: google chrome

published: Jul 8, 2026

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD

HIGH
CVE-2026-31309
CVE-2026-31309
pkg: node

published: Jul 8, 2026

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.
CWE: CWE-862
NVD

HIGH
CVE-2026-49866
CVE-2026-49866
pkg: node

published: Jul 8, 2026

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronously i…
CWE: CWE-770
NVD

HIGH
CVE-2026-59939
CVE-2026-59939
pkg: python

published: Jul 8, 2026

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small c…
CWE: CWE-409
NVD

HIGH
CVE-2026-55404
CVE-2026-55404
pkg: linux

published: Jul 8, 2026

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the –write-link, –write-url-link, and –write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpage_url or filename metadata without sufficient validation or escaping, allo…
CWE: CWE-74
NVD

HIGH
CVE-2026-59928
CVE-2026-59928
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block_parser.py and the ref_links environment dictionary handling, allowing denial of service throu…
CWE: CWE-407, CWE-1333
NVD

HIGH
CVE-2026-59925
CVE-2026-59925
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching close markers from eve…
CWE: CWE-407, CWE-1333, CWE-407
NVD

HIGH
CVE-2026-59922
CVE-2026-59922
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from each …
CWE: CWE-407, CWE-1333, CWE-407
NVD

HIGH
CVE-2026-59892
CVE-2026-59892
pkg: node

published: Jul 8, 2026

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx-* HTTP header values with decodeURIComponent() without handling decode errors, allowing an unauthenticated remote attacker to send a malformed …
CWE: CWE-248
NVD

HIGH
CVE-2026-10708
CVE-2026-10708
pkg: jwt

published: Jul 8, 2026

This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and t…
NVD

HIGH
CVE-2026-58656
CVE-2026-58656
pkg: jwt

published: Jul 8, 2026

Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: *, allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token fr…
CWE: CWE-598
NVD

HIGH
CVE-2026-14895
CVE-2026-14895
pkg: express

published: Jul 7, 2026

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service.

The trim and rtrim functions stripped trailing whitespace with s/\s*$//u. Because \s* matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex e…

CWE: CWE-1333
NVD

HIGH
CVE-2026-56811
CVE-2026-56811
pkg: phoenixframework phoenix

published: Jul 7, 2026

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix (Phoenix.Socket module) allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport (WebSocket or LongPoll).

This v…

CWE: CWE-770
NVD

HIGH
CVE-2026-55574
CVE-2026-55574
pkg: vllm vllm

published: Jul 6, 2026

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string…
CWE: CWE-1333
NVD

HIGH
CVE-2026-55380
CVE-2026-55380
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. Th…
CWE: CWE-789
NVD

HIGH
CVE-2026-55379
CVE-2026-55379
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow's documented decompression bomb pro…
CWE: CWE-789
NVD

HIGH
CVE-2026-54060
CVE-2026-54060
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving…
CWE: CWE-789
NVD

HIGH
CVE-2026-54059
CVE-2026-54059
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocat…
CWE: CWE-789
NVD

HIGH
CVE-2026-13698
CVE-2026-13698
pkg: openvpn openvpn

published: Jul 6, 2026

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service
CWE: CWE-401, CWE-770, CWE-401
NVD

HIGH
CVE-2026-54784
CVE-2026-54784
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishme…
CWE: CWE-311, CWE-523
NVD

HIGH
CVE-2026-54783
CVE-2026-54783
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with …
CWE: CWE-294, CWE-345, CWE-347
NVD

HIGH
CVE-2026-54781
CVE-2026-54781
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom c…
CWE: CWE-287, CWE-345
NVD

HIGH
CVE-2026-54774
CVE-2026-54774
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 S…
CWE: CWE-345, CWE-347
NVD

HIGH
CVE-2026-55436
CVE-2026-55436
pkg: coder coder

published: Jul 8, 2026

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned…
CWE: CWE-295
NVD

HIGH
CVE-2026-55076
CVE-2026-55076
pkg: coder coder

published: Jul 7, 2026

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string …
CWE: CWE-287, CWE-704
GitHub-GHSA

HIGH
Coder's AI Bridge Proxy skips TLS certificate verification in default configuration
GHSA-84rm-42xw-mx52
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned a secure transport when an upstream proxy was configured. In the default configuration (no upstream proxy), outbound HTTPS to the Coder access URL acc…

CVE-2026-55436
GitHub-GHSA

HIGH
Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass
GHSA-9r87-mvcw-x35f
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

Two flaws in Coder's OIDC login chained into account takeover: email-based user matching fell back to linking by email without checking for an existing link to a different IdP subject and the `email_verified` claim was only enforced when present as a boolean `false` so an absent or non-…

CVE-2026-55075
GitHub-GHSA

HIGH
Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking
GHSA-75vm-6w67-gwvp
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string `"false"`) or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-…

CVE-2026-55076
NVD

HIGH
CVE-2026-59214
CVE-2026-59214
pkg: python

published: Jul 9, 2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue auth…
CWE: CWE-79
GitHub-GHSA

HIGH
Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages
GHSA-vjm7-m4xh-7wrc
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
Manually modifying chat history allows setting the `embeds` property on a response message, the content of which is loaded into an iFrame with a sandbox that has `allow-scripts` and `allow-same-origin` set, ignoring the "iframe Sandbox Allow Same Origin" configuration. This enables store…
CVE-2026-26193
GitHub-GHSA

HIGH
Open WebUI vulnerable to Stored XSS via iFrame in citations model
GHSA-xc8p-9rr6-97r2
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
Manually modifying chat history allows setting the `html` property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponised document …
CVE-2026-26192
GitHub-GHSA

HIGH
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
GHSA-7cfm-pqrj-xgq7
pkg: 9router
eco: npm
published: Jul 6, 2026
## Summary

The 9router dashboard login rate limiter derives the client identity from the attacker-controlled `X-Forwarded-For` HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the `X-…

CVE-2026-55501
GitHub-GHSA

HIGH
chmod: –preserve-root bypassed by any path that resolves to root (e.g. /../)
GHSA-4c7q-4928-8445
pkg: uu_chmod
eco: rust
published: Jul 6, 2026
`Chmoder::chmod()` only compares the literal argument against `Path::new("/")`, so the `–preserve-root` guard is bypassed by any path that *resolves* to root — a symlink to `/` or simply `/../`.

“`
if self.recursive && self.preserve_root && file == Path::new("/") {
return Err(ChmodError::Pr…

CVE-2026-35338
NVD

HIGH
CVE-2026-14802
CVE-2026-14802
pkg: react

published: Jul 6, 2026

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The exploi…
CWE: CWE-77, CWE-78
NVD

HIGH
CVE-2026-59721
CVE-2026-59721
pkg: node

published: Jul 9, 2026

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into sen…
CWE: CWE-77, CWE-78, CWE-915
GitHub-GHSA

HIGH
Coder: User-admin role can reset owner account password
GHSA-29xf-69gq-m9jx
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The `PUT /api/v2/users/{user}/password` endpoint authorized only `ActionUpdatePersonal` and did not prevent a `user-admin` from resetting an `owner` account's password. It also did not require the current password when an admin reset another user's password.

> **Note:** Exploitation re…

CVE-2026-55077
NVD

HIGH
CVE-2026-59219
CVE-2026-59219
pkg: jwt

published: Jul 9, 2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_to…
CWE: CWE-613
NVD

HIGH
CVE-2026-47828
CVE-2026-47828
pkg: tls

published: Jul 9, 2026

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network attacker…
NVD

HIGH
CVE-2026-58583
CVE-2026-58583
pkg: windows

published: Jul 7, 2026

FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Window…
CWE: CWE-269
GitHub-GHSA

HIGH
mkfifo: permissions of an existing file are changed after FIFO creation fails
GHSA-pmf6-rcx4-v53v
pkg: uu_mkfifo
eco: rust
published: Jul 6, 2026
When `mkfifo()` fails (e.g. target already exists), the code shows an error but is missing a `continue;`, so it falls through to `fs::set_permissions` and changes the permissions of the pre-existing file to the default FIFO mode (`0o666` & umask -> `0644`).

“`
$ touch secret; chmod 000 secret
$ co…

CVE-2026-35341
GitHub-GHSA

HIGH
flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
GHSA-794r-5rp2-fpg8
pkg: flyto-core
eco: pip
published: Jul 6, 2026
## Summary

`flyto-core`'s SSRF protection (`validate_url_ssrf` / `is_private_ip` in `src/core/utils.py`) blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded `PRIVATE_IP_RANGES` list. That list contains only the *native* RFC 1918 …

CVE-2026-55787
NVD

HIGH
CVE-2026-59196
CVE-2026-59196
pkg: pnpm pnpm

published: Jul 6, 2026

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fixe…
CWE: CWE-22, CWE-73
GitHub-GHSA

HIGH
Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`
GHSA-9pmc-p236-855h
pkg: css_parser
eco: rubygems
published: Jul 9, 2026
## Summary

`CssParser::Parser#read_remote_file` (and therefore `load_uri!`, and the `@import`-following branch of `add_block!`) issues HTTP/HTTPS requests against any host, port and URI it is handed, with no scheme allowlist, no host / IP filtering, and no protection against link-local, loopback or…

CVE-2026-53727
GitHub-GHSA

HIGH
Note Mark: Path traversal via unsanitized book/note slug in migrate export (sibling of GHSA-g49p)
GHSA-rqrh-8wpv-x7hh
pkg: github.com/enchant97/note-mark/backend
eco: go
published: Jul 9, 2026
## Summary

Note Mark validates book and note `slug` values with the OpenAPI/huma tag `pattern:"[a-z0-9-]+"`. huma compiles this with `regexp.MustCompile(s.Pattern)` and tests it with `patternRe.MatchString(str)`, an UNANCHORED match. Because the pattern is not anchored (`^…$`), any string that me…

CVE-2026-50553
GitHub-GHSA

HIGH
ratex-parser panics on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice)
GHSA-4hgp-59h5-gvrj
pkg: ratex-parser
eco: rust
published: Jul 7, 2026
### Summary

The public parser entrypoint `ratex_parser::parse(&str)` panics on the **9-byte** input `\verbéxé` (i.e. `\verb` followed by the non-ASCII delimiter `é`). When handling a `\verb` command, the parser slices the verbatim argument with **byte** indices (`arg[1..arg.len() – 1]`); if the …

CVE-2026-53530
GitHub-GHSA

HIGH
uutils coreutils: cp/install/mv/ln –suffix alone does not enable backup mode (silent data loss vs GNU)
GHSA-fqf6-gxhh-2xhw
pkg: uucore
eco: rust
published: Jul 7, 2026
`determine_backup_mode` in `src/uucore/src/lib/features/backup_control.rs` only checks `–backup`/`-b` and returns `BackupMode::None` when only `–suffix` is given. GNU enables backup mode when `–suffix` is used alone (defaulting to existing/numbered, or `$VERSION_CONTROL`). Affects `cp`, `install`…
GitHub-GHSA

HIGH
Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions
GHSA-9f4f-jv96-8766
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary

A vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executed in the user's browser every time that chat transcript is opened, allowing attackers to retrieve the user's a…

CVE-2025-46719
GitHub-GHSA

HIGH
XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+
GHSA-qj4x-9g63-25g6
pkg: org.xwiki.platform:xwiki-platform-oldcore, org.xwiki.platform:xwiki-platform-oldcore
eco: maven
published: Jul 7, 2026
### Impact

With Jetty 12+ a user can craft a URL to access any resource the Jetty instance is allowed to access.

For example `http://[host]/xwiki/bin/skin/..%252f/..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd` allows downloading the content of the /etc/passwd file, provided Jetty is …

CVE-2026-34151
GitHub-GHSA

HIGH
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export
GHSA-cgfv-jrfp-2r7v
pkg: io.openremote:openremote-manager
eco: maven
published: Jul 6, 2026
## Summary

The datapoint export API builds a PostgreSQL crosstab export query by concatenating asset display names into raw SQL. An authenticated user who can create or rename an asset and then request a crosstab datapoint export can inject SQL through the asset name. The injected query output is s…

GitHub-GHSA

HIGH
Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)
GHSA-7jvp-hj45-2f2m
pkg: Scriban
eco: nuget
published: Jul 6, 2026
<!– obsidian –><h2 data-heading="Description">Description</h2>
<p>When a host pushes a CLR object into a Scriban <code>TemplateContext</code> via the standard, documented pattern —</p>
<pre><code class="language-csharp">var so = new ScriptObject();
so["user"] = currentUser; // direct CLR refer…
GitHub-GHSA

MEDIUM
CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
GHSA-q6h5-q3q6-f87x
pkg: github.com/cilium/cilium, github.com/cilium/cilium, github.com/cilium/cilium
eco: go
published: Jul 6, 2026
### Impact

Users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, which enables hijacking traffic to Services in any namespace, bypassing the namespace-scoping guarantees enforced by serviceMatcher.

In addition, deleting such a policy can …

CVE-2026-53935
NVD

MEDIUM
CVE-2026-55689
CVE-2026-55689
pkg: jwt

published: Jul 9, 2026

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated service…
CWE: CWE-287
NVD

MEDIUM
CVE-2026-59208
CVE-2026-59208
pkg: n8n n8n

published: Jul 9, 2026

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker w…
CWE: CWE-287, CWE-346, CWE-346
GitHub-GHSA

MEDIUM
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers
GHSA-q6gh-6v2r-hjv3
pkg: io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client
eco: maven
published: Jul 9, 2026
### Impact

> DefaultHttpClient follows redirects and forwards Authorization, Cookie, and Proxy-Authorization headers to redirect targets across domain boundaries. The blocklist only filters Host/Connection/TE/CT/CL.
> Additionally, no maximum redirect count exists, enabling infinite loop DoS.
> Aff…

GitHub-GHSA

MEDIUM
rm: –preserve-root bypassed via a symlink to / (string check instead of dev/inode)
GHSA-7cr3-h577-g38j
pkg: uu_rm
eco: rust
published: Jul 6, 2026
The `–preserve-root` check uses a path-string test (`path.has_root() && path.parent().is_none()`) rather than comparing device/inode. A symlink to `/` (e.g. `/tmp/rootlink -> /`) has a parent component, so it passes the check. GNU caches `/`'s dev/inode at startup and compares every traversed direc…
CVE-2026-35349
GitHub-GHSA

MEDIUM
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication)
GHSA-h444-6j9x-p8vh
pkg: uu_mv
eco: rust
published: Jul 6, 2026
When moving directories across filesystems, uutils `mv` dereferences symlinks inside the tree, copying their targets as real files/dirs instead of preserving the symlinks. GNU preserves symlinks by default. E.g. a `etc_link -> /etc` inside the source becomes a full copy of `/etc` at the destination.…
CVE-2026-35365
GitHub-GHSA

MEDIUM
Avo: Direct attachment upload endpoint lacks upload authorization and bypasses field-level upload policy
GHSA-pqpw-cvm4-8mv9
pkg: avo
eco: rubygems
published: Jul 9, 2026
### Summary

Avo's direct attachment upload endpoint lacks server-side upload authorization and bypasses the documented field-level upload policy methods such as `upload_{FIELD_ID}?`.

An authenticated Avo user who can reach the Avo attachment upload endpoint can replace or add attachment content, i…

CVE-2026-53769
NVD

MEDIUM
CVE-2026-59220
CVE-2026-59220
pkg: express

published: Jul 9, 2026

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed <$skillId|label> skill mentions with overlapping quantifiers, allowing an authenticat…
CWE: CWE-1333
GitHub-GHSA

MEDIUM
Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
GHSA-382c-vx95-w3p5
pkg: @jsonbored/gittensory-mcp
eco: npm
published: Jul 9, 2026
### Summary

`GET /v1/contributors/:login/profile` and the `gittensory_get_contributor_profile` MCP tool skip the contributor-scoped access check that every sibling endpoint enforces. Any authenticated session/API/MCP token holder can read any contributor's profile; for confirmed Gittensor miners t…

GitHub-GHSA

MEDIUM
pyLoad: Unbounded Memory Growth Leading to DoS and Potential DDoS in EventManager
GHSA-c2f9-4mc8-j656
pkg: pyload-ng
eco: pip
published: Jul 9, 2026
## Description:
The `EventManager` module in `pyload` manages a list of `Client` instances for subscribing to events. The addition of each unique `uuid` from the `get_events` API causes the creation of a `Client` instance that gets appended to the `clients` list. Although there is a `clean()` method…
CVE-2026-48987
NVD

MEDIUM
CVE-2026-54775
CVE-2026-54775
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpo…
CWE: CWE-248, CWE-754, CWE-755
NVD

MEDIUM
CVE-2026-15109
CVE-2026-15109
pkg: google chrome

published: Jul 8, 2026

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
NVD

MEDIUM
CVE-2026-54777
CVE-2026-54777
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListene…
CWE: CWE-367, CWE-665
GitHub-GHSA

MEDIUM
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
GHSA-qpm9-h556-mwxm
pkg: nl.nl-portal:documenten-api, nl.nl-portal:besluiten
eco: maven
published: Jul 8, 2026
## Impact

In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user:

– **Document content.** A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver …

CVE-2026-49463
GitHub-GHSA

MEDIUM
Waku: Cross-Origin CSRF on RSC Server Action Dispatch
GHSA-75w3-gmqx-993q
pkg: waku
eco: npm
published: Jul 8, 2026
## Summary

Waku's RSC request dispatcher invokes server actions without validating the request's `Origin` (or `Sec-Fetch-Site`) header. A cross-origin web attacker can therefore cause a victim browser to issue an authenticated `POST` to a registered server action endpoint using a CORS-safelisted co…

CVE-2026-49455
NVD

MEDIUM
CVE-2026-15154
CVE-2026-15154
pkg: express

published: Jul 8, 2026

A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,…
CWE: CWE-1333
NVD

MEDIUM
CVE-2026-60001
CVE-2026-60001
pkg: openbsd openssh

published: Jul 8, 2026

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
CWE: CWE-770
GitHub-GHSA

MEDIUM
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path
GHSA-q855-8rh5-jfgq
pkg: ha-mcp
eco: pip
published: Jul 7, 2026
### Summary

In add-on mode, the ha-mcp settings UI routes are mounted both under the MCP secret path **and** at the bare root of the published port (`:9583`), so Home Assistant ingress can serve the "Open Web UI" button. The root-mounted routes perform no authentication — no secret, no `Origin` c…

NVD

MEDIUM
CVE-2026-55490
CVE-2026-55490
pkg: linux

published: Jul 7, 2026

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows b…
CWE: CWE-191
GitHub-GHSA

MEDIUM
Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints
GHSA-f5vp-w269-392g
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory.

> **Note:** Exploitation requires authenticated access to the AI Bridge endpoints and the imp…

CVE-2026-55434
GitHub-GHSA

MEDIUM
Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service
GHSA-2mg2-p7r7-g27f
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`POST /api/v2/files` converts zip uploads to tar in memory via `CreateTarFromZip`, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer.

> **Note:** Exploitation requires authenticated file-upload access and…

CVE-2026-55078
GitHub-GHSA

MEDIUM
WeasyPrint has CSS Injection via Presentational Hints
GHSA-jhhc-3hcp-qhm5
pkg: weasyprint
eco: pip
published: Jul 6, 2026
### Summary
A CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input.

### Details
File: weasyprint/css/__init__…

CVE-2026-49452
GitHub-GHSA

MEDIUM
@better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators
GHSA-p2fr-6hmx-4528
pkg: @better-auth/oauth-provider
eco: npm
published: Jul 7, 2026
### Am I affected?

Users are affected if all of the following hold:

– Their application depends on `@better-auth/oauth-provider` on any stable `1.6.x` release (the stable line is not patched) or on a pre-release before `1.7.0-beta.4`.
– Their application either configures validAudiences` with mor…

NVD

MEDIUM
CVE-2026-12154
CVE-2026-12154
pkg: go

published: Jul 6, 2026

The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_id' shortcode attribute of the [fbrev] shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the Feed_Sh…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-15063
CVE-2026-15063
pkg: go

published: Jul 8, 2026

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the k…
CWE: CWE-306
NVD

MEDIUM
CVE-2026-15044
CVE-2026-15044
pkg: go

published: Jul 8, 2026

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the clu…
GitHub-GHSA

MEDIUM
install -D: symlink race in directory creation allows arbitrary file overwrite
GHSA-gwm6-q8ch-hcfr
pkg: uu_install
eco: rust
published: Jul 6, 2026
The `-D` path runs `fs::create_dir_all` on a pathname then later opens the destination via path-based `File::create`/`fs::copy`, neither anchored to a directory fd. Between the two, an attacker can replace a path component with a symlink, redirecting the write.

**Impact:** an attacker with concurre…

CVE-2026-35356
GitHub-GHSA

MEDIUM
install: TOCTOU symlink race (unlink-then-create without O_EXCL) allows arbitrary file overwrite
GHSA-239g-2685-54×3
pkg: uu_install
eco: rust
published: Jul 6, 2026
`copy_file` in `install/src/install.rs` removes the destination then recreates it by pathname via `File::create` / `fs::copy` without `O_EXCL`/`create_new`. Between the unlink and the recreate, a local attacker with write access to the destination directory can drop in a symlink and redirect the wri…
CVE-2026-35355
NVD

MEDIUM
CVE-2026-14784
CVE-2026-14784
pkg: docker

published: Jul 6, 2026

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptance.
CWE: CWE-264, CWE-265
NVD

MEDIUM
CVE-2026-14716
CVE-2026-14716
pkg: go

published: Jul 5, 2026

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched remote…
CWE: CWE-285, CWE-863
NVD

MEDIUM
CVE-2026-54778
CVE-2026-54778
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to an…
CWE: CWE-362, CWE-825
NVD

MEDIUM
CVE-2026-15128
CVE-2026-15128
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-79
NVD

MEDIUM
CVE-2026-15127
CVE-2026-15127
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-79
NVD

MEDIUM
CVE-2026-59929
CVE-2026-59929
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:, …
CWE: CWE-79, CWE-184
NVD

MEDIUM
CVE-2026-59926
CVE-2026-59926
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even …
CWE: CWE-79
NVD

MEDIUM
CVE-2026-59923
CVE-2026-59923
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version 3.…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-59890
CVE-2026-59890
pkg: python

published: Jul 8, 2026

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode …
CWE: CWE-176, CWE-697
GitHub-GHSA

MEDIUM
Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint
GHSA-hmj5-jm8h-h9fh
pkg: kiwitcms
eco: pip
published: Jul 6, 2026
### Summary

An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targ…

CVE-2026-54724
GitHub-GHSA

MEDIUM
GoBGP confederation validation panics on empty AS_PATH attribute
GHSA-frrj-87jh-2772
pkg: github.com/osrg/gobgp/v4
eco: go
published: Jul 9, 2026
Found through variant analysis based on `CVE-2026-41643`

## Summary
GoBGP accepts a zero-length AS_PATH during UPDATE decoding and later panics while validating that attribute for a confederation eBGP peer. The vulnerable path is in the BGP UPDATE validator: a malformed UPDATE that should be reject…

CVE-2026-49838
GitHub-GHSA

MEDIUM
GoBGP: BGP OPEN capability parser may read capability values outside declared CapLen boundaries
GHSA-gjrg-jjr3-56cm
pkg: github.com/osrg/gobgp/v4
eco: go
published: Jul 9, 2026
### Summary
GoBGP contains a BGP OPEN capability parsing issue where several concrete capability decoders may parse data from the full remaining capability buffer instead of the slice bounded by the declared capability length, `CapLen`.
A malformed BGP OPEN message can cause bytes from a fol…
CVE-2026-49837
GitHub-GHSA

MEDIUM
sigstore-go has a multi-log threshold bypass via single compromised log
GHSA-9vcr-p3rj-q5q6
pkg: github.com/sigstore/sigstore-go
eco: go
published: Jul 9, 2026
### Impact
_What kind of vulnerability is it? Who is impacted?_

A verifier configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1) expected defense-in-depth against the compromise of a single log instance. However, threshold counting counted verified witnesses per-entry or …

CVE-2026-49834
NVD

MEDIUM
CVE-2026-57022
CVE-2026-57022
pkg: ssl

published: Jul 9, 2026

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When an affected device initiates a TCP conne…

CWE: CWE-754
NVD

MEDIUM
CVE-2026-54779
CVE-2026-54779
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a capture…
CWE: CWE-294, CWE-613
NVD

MEDIUM
CVE-2026-54773
CVE-2026-54773
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and…
CWE: CWE-347
NVD

MEDIUM
CVE-2026-54590
CVE-2026-54590
pkg: python

published: Jul 8, 2026

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig._set_tokens that blocks /, , and .. before %u substitution in Aut…
CWE: CWE-22, CWE-639
NVD

MEDIUM
CVE-2026-58501
CVE-2026-58501
pkg: python

published: Jul 8, 2026

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed…
CWE: CWE-918
NVD

MEDIUM
CVE-2026-59924
CVE-2026-59924
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory whe…
CWE: CWE-22
NVD

MEDIUM
CVE-2026-59999
CVE-2026-59999
pkg: openbsd openssh

published: Jul 8, 2026

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
CWE: CWE-348
GitHub-GHSA

MEDIUM
Weblate SSRF: outbound URL guard misses some private ranges
GHSA-vmfc-9982-2m45
pkg: weblate
eco: pip
published: Jul 7, 2026
### Impact

Weblate's `VCS_RESTRICT_PRIVATE` did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions.

### Patches

* https://github.com/WeblateOrg/weblate/pull/19768

### Res…

CVE-2026-50127
GitHub-GHSA

MEDIUM
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
GHSA-6w3m-4hhp-775q
pkg: github.com/kedacore/keda/v2
eco: go
published: Jul 7, 2026
### Summary
`pkg/scalers/postgresql_scaler.go` builds libpq-style connection strings by concatenating `key=value` pairs separated by spaces. Each tenant-controllable field (`host`, `port`, `userName`, `dbName`, `sslmode`) is passed through `escapePostgreConnectionParameter`:
“`go
func escapePostgre…
CVE-2026-53572
NVD

MEDIUM
CVE-2026-54291
CVE-2026-54291
pkg: postgresql postgresql_jdbc_driver

published: Jul 6, 2026

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee…
CWE: CWE-636, CWE-757
GitHub-GHSA

MEDIUM
Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing
GHSA-5wg6-jmq2-53pw
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the un…

CVE-2026-55438
GitHub-GHSA

MEDIUM
Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access
GHSA-5g4w-3vw9-478w
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The workspace app proxy resolves the target app from `httpapi.RequestHost()` which prefers the `X-Forwarded-Host` header over the real `Host` header. No middleware strips `X-Forwarded-Host` before routing and the header is not browser-forbidden so client-side JavaScript can set it on `f…

CVE-2026-55430
GitHub-GHSA

MEDIUM
@aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)
GHSA-g84h-j7jj-x32p
pkg: @aborruso/ckan-mcp-server
eco: npm
published: Jul 7, 2026
### Summary
A known vulnerability CVE-2026-33060 indicated tools including ckan_package_search and sparql_query that accept a base_url parameter had the risk of making HTTP requests to arbitrary endpoints without restriction. A fix was applied to filter out ip addresses. However, a method to bypass …
CVE-2026-53509
GitHub-GHSA

MEDIUM
rm: 'rm -rf ./' (and ./// variants) silently deletes current directory contents, bypassing dot protection
GHSA-89p7-7cq3-hhr2
pkg: uu_rm
eco: rust
published: Jul 6, 2026
`rm -rf .` is correctly refused, but `clean_trailing_slashes` normalizes `.///` to `./` while `path_is_current_or_parent_directory` only matches `.`/`..` (and `/.`/`/..`), not `./` or `../`. So `rm -rf ./` recursively deletes the directory's contents and then prints a misleading `cannot remove './':…
CVE-2026-35363
NVD

MEDIUM
CVE-2026-14355
CVE-2026-14355
pkg: php php, debian debian_linux

published: Jul 3, 2026

In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length withou…
CWE: CWE-122
NVD

MEDIUM
CVE-2026-44918
CVE-2026-44918
pkg: node

published: Jul 10, 2026

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
CWE: CWE-862
NVD

MEDIUM
CVE-2026-15165
CVE-2026-15165
pkg: wireshark wireshark

published: Jul 8, 2026

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
CWE: CWE-122
GitHub-GHSA

MEDIUM
DSpace: Path Traversal is possible through LDN message generation
GHSA-9qm4-rh6w-pq5x
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview

A path traversal vulnerability is possible via the [COAR Notify / LDN](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126679/COAR+Notify) service in DSpace. _This vulnerability impacts DSpace versions 8.0 <= 8.3, 9.0 <= 9.2._ The attacker MUST already have DSpace administrator creden…

CVE-2026-49833
GitHub-GHSA

MEDIUM
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path
GHSA-v66x-68f2-pxf5
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview

The [Curation Task](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126845/Curation+Tasks) feature allows an output path to be used by the reporter (`-r` parameter), typically used to stream results and status of curation task operations. It is not restricted to any particular base pat…

CVE-2026-49831
NVD

MEDIUM
CVE-2026-44512
CVE-2026-44512
pkg: node

published: Jul 8, 2026

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an …
CWE: CWE-476
NVD

MEDIUM
CVE-2026-58468
CVE-2026-58468
pkg: node

published: Jul 7, 2026

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Attacke…
CWE: CWE-918
GitHub-GHSA

MEDIUM
ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
GHSA-hwpq-hmq9-wj77
pkg: onnx
eco: pip
published: Jul 7, 2026
### Summary

Null pointer dereference (SIGSEGV) in `Upsample_6_7::adapt_upsample_6_7()` (`onnx/version_converter/adapters/upsample_6_7.h:31`) when `convert_version()` processes a model with an Upsample node that has zero inputs. The adapter accesses `node->inputs()[0]->sizes()` without checking inpu…

CVE-2026-44512
NVD

MEDIUM
CVE-2026-50135
CVE-2026-50135
pkg: gohugo hugo

published: Jul 6, 2026

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made  RootMappingFs.statRoot  use  Stat  (follows symlinks) instead of  Lstat , so a direct  resources.Get  of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local m…
CWE: CWE-59
NVD

MEDIUM
CVE-2026-44362
CVE-2026-44362
pkg: trustedfirmware op-tee

published: Jul 6, 2026

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked…
CWE: CWE-285
GitHub-GHSA

MEDIUM
kill: 'kill -1' parsed as PID -1, sending SIGTERM to all processes (system crash / DoS)
GHSA-p6rv-2qpm-fwvg
pkg: uu_kill
eco: rust
published: Jul 6, 2026
`kill -1` is incorrectly parsed as a positional `pid = -1`; combined with the default SIGTERM this calls `kill(-1, SIGTERM)`, signaling nearly every process the caller can see. GNU `kill` recognizes `-1`/`-9` as signals and reports "not enough arguments".

“`
$ kill -1 # uutils: kill(-1, SIG…

CVE-2026-35369
GitHub-GHSA

MEDIUM
chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)
GHSA-4×34-chg5-mwjj
pkg: uu_chmod
eco: rust
published: Jul 6, 2026
In `Chmoder::chmod()` the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the *last* file processed:

“`
if self.recursive {
r = self.walk_dir_with_context(file, true); // overwrites r
} else {
r = self.chmod_file(file).and(r);
}
`…

CVE-2026-35339
NVD

MEDIUM
CVE-2026-40257
CVE-2026-40257
pkg: trustedfirmware op-tee

published: Jul 6, 2026

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error…
CWE: CWE-787
GitHub-GHSA

MEDIUM
Rattler vulnerable to package cache path traversal via conda package build string
GHSA-h672-p7h7-97v9
pkg: rattler_cache, py_rattler
eco: pip
published: Jul 9, 2026
`rattler_cache` and `py-rattler` were vulnerable to package-cache path traversal when handling package metadata from conda channels.

During cache materialization, the `ratter_cache` code used the package record `build` string as part of a cache key that was joined into a filesystem path. A maliciou…

CVE-2026-53956
NVD

MEDIUM
CVE-2026-60120
CVE-2026-60120
pkg: vue

published: Jul 9, 2026

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. The c…
CWE: CWE-79
NVD

MEDIUM
CVE-2026-5005
CVE-2026-5005
pkg: go

published: Jul 9, 2026

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS.

This issue affects OKRs & Goals: from 28220 before 28398.

CWE: CWE-79
NVD

MEDIUM
CVE-2026-56359
CVE-2026-56359
pkg: n8n n8n

published: Jul 8, 2026

n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth authori…
CWE: CWE-79
GitHub-GHSA

MEDIUM
Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component
GHSA-7qw2-f75v-62f7
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The `AgentLogLine` dashboard component instantiated `ansi-to-html` without `escapeXML: true` and inserted the result via `dangerouslySetInnerHTML` so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters.

CVE-2026-55437
GitHub-GHSA

MEDIUM
Suspended Coder users retain access to AI Bridge LLM proxy endpoints
GHSA-wqxv-w64v-5wh6
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

AI Bridge proxy endpoints authenticate via `Server.IsAuthorized` in `coderd/aibridgedserver`, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended use…

CVE-2026-55435
GitHub-GHSA

MEDIUM
Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers
GHSA-jqj2-x4c5-jfxm
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The devcontainer recreate endpoint relied on route middleware that checked only `ActionRead` on the workspace and, unlike the sibling delete endpoint, performed no `ActionUpdate` check before triggering the destructive rebuild.

> **Note:** Exploitation requires an existing low-privileg…

CVE-2026-55433
GitHub-GHSA

MEDIUM
Coder's sub-agent app registration bypasses template port-sharing policy enforcement
GHSA-x9qq-2qh5-8rxf
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

The `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum.

> **Note:** Exploitation requires the ability to register sub-…

CVE-2026-55432
NVD

MEDIUM
CVE-2026-44342
CVE-2026-44342
pkg: oauth

published: Jul 9, 2026

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing …
CWE: CWE-352
NVD

MEDIUM
CVE-2026-59817
CVE-2026-59817
pkg: node

published: Jul 9, 2026

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing mo…
CWE: CWE-472, CWE-639
GitHub-GHSA

MEDIUM
Note Mark: Unauthenticated disclosure of soft-deleted note metadata via deleted=true on public books
GHSA-588f-fvcv-xhvf
pkg: github.com/enchant97/note-mark/backend
eco: go
published: Jul 9, 2026
Summary

GET /api/books/{bookID}/notes is an unauthenticated endpoint that accepts a "deleted" query parameter. When the request is ?deleted=true, the
service runs the query with Unscoped() (bypassing GORM's soft-delete scope) but keeps the read-authorization clause as "owner_id = ? OR is_public…

CVE-2026-50554
NVD

MEDIUM
CVE-2026-9027
CVE-2026-9027
pkg: go

published: Jul 9, 2026

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The `corvuspay_success_handler` function registers the REST endpoint `POST /wp-json/corvuspay/success/` wit…
CWE: CWE-347
GitHub-GHSA

MEDIUM
Trapster Community: Unauthenticated malformed DNS compression pointers crash per-packet honeypot handler
GHSA-mxwc-wh95-pw4g
pkg: trapster
eco: pip
published: Jul 8, 2026
## Summary

`trapster.libs.dns.decode_labels()` decodes DNS names from attacker-supplied UDP packets and recurses **once per RFC 1035 compression pointer** with **no cycle detection and no depth bound**. A single unauthenticated UDP datagram sent to the DNS honeypot drives the function past CPython'…

NVD

MEDIUM
CVE-2026-45045
CVE-2026-45045
pkg: express

published: Jul 8, 2026

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream serv…
CWE: CWE-290
NVD

MEDIUM
CVE-2026-44332
CVE-2026-44332
pkg: express

published: Jul 8, 2026

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username enum…
CWE: CWE-203
NVD

MEDIUM
CVE-2026-59927
CVE-2026-59927
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise RecursionErr…
CWE: CWE-674, CWE-755, CWE-674
NVD

MEDIUM
CVE-2026-59875
CVE-2026-59875
pkg: node

published: Jul 8, 2026

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is fix…
CWE: CWE-248
NVD

MEDIUM
CVE-2026-59871
CVE-2026-59871
pkg: node

published: Jul 8, 2026

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is…
CWE: CWE-704
GitHub-GHSA

MEDIUM
New API is vulnerable to CSRF through user email binding
GHSA-26v7-h57m-gh9m
pkg: github.com/QuantumNous/new-api
eco: go
published: Jul 7, 2026
## Summary

The email and WeChat account binding endpoints used GET requests for state-changing account operations. In deployments where session cookies could be sent on cross-site navigations, an attacker could trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth…

CVE-2026-44342
NVD

MEDIUM
CVE-2026-14631
CVE-2026-14631
pkg: webpack.js webpack-dev-server

published: Jul 3, 2026

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught exc…
CWE: CWE-20, CWE-248
GitHub-GHSA

MEDIUM
pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs
GHSA-m5x5-28jr-gpjj
pkg: pyload-ng
eco: pip
published: Jul 9, 2026
## Summary

`is_global_address` in [`src/pyload/core/utils/web/check.py`](https://github.com/pyload/pyload/blob/1b12dc7f348db8c144e0f39215680415e90ca4d2/src/pyload/core/utils/web/check.py) is the central guard against SSRF-style outbound connections in pyload-ng. It tests whether a given IP is "glob…

CVE-2026-48737
NVD

MEDIUM
CVE-2026-14362
CVE-2026-14362
pkg: node

published: Jul 8, 2026

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability (CVE-2026-14362) is fixe…
CWE: CWE-770
GitHub-GHSA

MEDIUM
Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service
GHSA-f962-qm93-mj4c
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary

`NewDataBuilder` in `provisionersdk/proto/dataupload.go` allocated a byte slice using the client-supplied `FileSize` from a `DataUpload` message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the `FileSize` value itself was unconstrained

### Impact

An authenticat…

CVE-2026-55079
NVD

MEDIUM
CVE-2026-53624
CVE-2026-53624
pkg: express

published: Jul 8, 2026

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol() for https instead of c.Scheme(). This issue is fix…
CWE: CWE-319
NVD

MEDIUM
CVE-2026-59998
CVE-2026-59998
pkg: openbsd openssh

published: Jul 8, 2026

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
CWE: CWE-573
GitHub-GHSA

MEDIUM
GoFiber never set HSTS header in helmet middleware due to incorrect protocol check
GHSA-gv83-gqw6-9j2c
pkg: github.com/gofiber/fiber
eco: go
published: Jul 6, 2026
### Summary

The `helmet` middleware in gofiber/fiber never sets the `Strict-Transport-Security` (HSTS) response header, even when `HSTSMaxAge` is explicitly configured, because the condition check at `helmet.go:67` uses `c.Protocol()` — which returns the HTTP protocol version string (e.g., `"HTTP…

CVE-2026-53624
NVD

MEDIUM
CVE-2026-14620
CVE-2026-14620
pkg: webpack.js webpack-dev-server

published: Jul 3, 2026

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any website …
CWE: CWE-352, CWE-749
NVD

MEDIUM
CVE-2026-46672
CVE-2026-46672
pkg: go

published: Jul 7, 2026

Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global –format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not neu…
CWE: CWE-1236
NVD

MEDIUM
CVE-2026-55798
CVE-2026-55798
pkg: python pillow

published: Jul 6, 2026

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(…, shell=True), allowing shell metacharacters in the file path to injec…
CWE: CWE-78
NVD

MEDIUM
CVE-2026-54776
CVE-2026-54776
pkg: windows

published: Jul 8, 2026

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching m…
CWE: CWE-306
GitHub-GHSA

MEDIUM
DSpace: ORE resource URI does not validate scheme for non-web resources
GHSA-c827-pw3m-67w7
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview

When ingesting an aggregated ORE resource by URI (using the [OAI-ORE Harvester](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379125906/OAI#OAI-OAI-PMH/OAI-OREHarvester(Client))), the ORE Ingestion Crosswalk does not validate the URI scheme. This may allow for local file inclusion via m…

CVE-2026-49830
GitHub-GHSA

MEDIUM
printenv: environment variables with invalid UTF-8 are silently skipped (evades inspection)
GHSA-p7h3-7q52-72w8
pkg: uu_printenv
eco: rust
published: Jul 6, 2026
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows ma…
CVE-2026-35366
GitHub-GHSA

MEDIUM
cp: -R reads device nodes as streams, destroying device semantics
GHSA-8vrf-r662-2w2v
pkg: uu_cp
eco: rust
published: Jul 6, 2026
The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are dest…
CVE-2026-35358
GitHub-GHSA

MEDIUM
comm: FIFO/pipe inputs are drained before comparison (data loss / hang)
GHSA-3wfc-mgpm-9rq6
pkg: uu_comm
eco: rust
published: Jul 6, 2026
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input path…
CVE-2026-35347
GitHub-GHSA

MEDIUM
id: groups= computed from real GID instead of effective GID
GHSA-47c7-qrm7-mqw7
pkg: uu_id
eco: rust
published: Jul 6, 2026
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely…
CVE-2026-35370
NVD

MEDIUM
CVE-2026-6440
CVE-2026-6440
pkg: oauth

published: Jul 10, 2026

The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset_credential() function, which handles the wp_ajax_goodmeet_…
CWE: CWE-352
NVD

MEDIUM
CVE-2026-4298
CVE-2026-4298
pkg: go

published: Jul 9, 2026

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plug…
CWE: CWE-862
NVD

MEDIUM
CVE-2026-15131
CVE-2026-15131
pkg: google chrome

published: Jul 8, 2026

Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-20
NVD

MEDIUM
CVE-2026-15130
CVE-2026-15130
pkg: google chrome

published: Jul 8, 2026

Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-602
NVD

MEDIUM
CVE-2026-15124
CVE-2026-15124
pkg: google chrome

published: Jul 8, 2026

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD

MEDIUM
CVE-2026-15108
CVE-2026-15108
pkg: google chrome

published: Jul 8, 2026

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High)
CWE: CWE-190
NVD

MEDIUM
CVE-2026-59930
CVE-2026-59930
pkg: mistune_project mistune

published: Jul 8, 2026

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with generated anchors and red…
CWE: CWE-345, CWE-1284
GitHub-GHSA

MEDIUM
Kite has an authenticated cluster RBAC bypass in /api/v1/overview
GHSA-gvhc-wv3v-7pf8
pkg: github.com/zxh326/kite
eco: go
published: Jul 7, 2026
## Summary

Authenticated Kite users with any role can request `/api/v1/overview` for a cluster that their roles do not permit by selecting that cluster with `x-cluster-name`. The overview route is registered before `middleware.RBACMiddleware()` and `GetOverview` only checks `len(user.Roles) > 0`, s…

CVE-2026-53487
NVD

MEDIUM
CVE-2026-46700
CVE-2026-46700
pkg: go

published: Jul 7, 2026

Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any au…
CWE: CWE-285
GitHub-GHSA

MEDIUM
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
GHSA-jgx9-jr5x-mvpv
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
There is a blind server side request forgery in the functionality that allows editing an image via a prompt. The affected function will perform a GET request on the URL provided by the user. There is no restriction on the domain of the provided URL allowing the local address space to be …
CVE-2026-34225
GitHub-GHSA

MEDIUM
OpenRemote read-only asset users can write predicted datapoints
GHSA-xj53-j257-hxvg
pkg: io.openremote:openremote-manager
eco: maven
published: Jul 6, 2026
# Summary

The predicted datapoint write endpoint allows users with only `read:assets` privileges to write predicted datapoints.

The endpoint:

“`text
PUT /api/{realm}/asset/predicted/{assetId}/{attributeName}
“`

accepts write requests from users lacking `write:assets`.

The implementation appea…

CVE-2026-49439
NVD

MEDIUM
CVE-2026-59997
CVE-2026-59997
pkg: openbsd openssh

published: Jul 8, 2026

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
CWE: CWE-1284
NVD

MEDIUM
CVE-2026-59996
CVE-2026-59996
pkg: openbsd openssh

published: Jul 8, 2026

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
CWE: CWE-23
NVD

MEDIUM
CVE-2026-59995
CVE-2026-59995
pkg: openbsd openssh

published: Jul 8, 2026

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
CWE: CWE-23
NVD

MEDIUM
CVE-2026-50179
CVE-2026-50179
pkg: go

published: Jul 7, 2026

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix neutral…
CWE: CWE-1236
NVD

MEDIUM
CVE-2026-14612
CVE-2026-14612
pkg: oauth

published: Jul 3, 2026

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be a…
CWE: CWE-787
NVD

MEDIUM
CVE-2026-56360
CVE-2026-56360
pkg: n8n n8n

published: Jul 8, 2026

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data.
CWE: CWE-290
GitHub-GHSA

MEDIUM
psd-tools vulnerable to arbitrary file write via smart-object filename
GHSA-2rmg-vrx8-9j2f
pkg: psd-tools
eco: pip
published: Jul 9, 2026
# psd-tools: arbitrary file write/read via smart-object path traversal

## Summary

In `psd-tools` (all releases exposing the `SmartObject` API through **v1.17.0**), `SmartObject.save()` writes an embedded smart object to a path taken verbatim from the PSD file. Because that name is attacker-control…

CVE-2026-49836
GitHub-GHSA

MEDIUM
OpenRun: Redirect URL validation bypass using  //host  paths leads to Open Redirect
GHSA-h5g6-xmh4-hc37
pkg: github.com/openrundev/openrun
eco: go
published: Jul 9, 2026
### Summary
The restrictions on redirect URLs in `openrun` can be bypassed by attackers, leading to open redirect attacks.

### Details

In the current project, the referrer header value is used for subsequent redirects, so there is currently a validation for this redirect value. The current validat…

CVE-2026-55252
GitHub-GHSA

MEDIUM
pypdf: Possible infinite loop when processing threads/articles in writer
GHSA-g9xf-7f8q-9mcj
pkg: pypdf
eco: pip
published: Jul 9, 2026
### Impact

An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer.

### Patches

This has been fixed in [pypdf==6.13.1](https://github.com/py-pdf/pypdf/releases/tag/6.13.1).

### Workarounds

If users…

CVE-2026-54651
GitHub-GHSA

MEDIUM
nebula-mesh: Host revocation is not durable – blocked/offboarded hosts can regain a valid certificate
GHSA-339v-266x-79xr
pkg: github.com/forgekeep/nebula-mesh
eco: go
published: Jul 9, 2026
## Summary

Two related authorization gaps let a host that should no longer be trusted obtain a fresh, valid Nebula certificate, because nebula-mgmt does not re-evaluate revocation/authorization state at certificate *issuance* time — only at poll time.

## 1. Blocklist not enforced at sign / re-en…

CVE-2026-53602
GitHub-GHSA

MEDIUM
pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small
GHSA-8f95-v3jq-cj86
pkg: pymonocypher
eco: pip
published: Jul 9, 2026
### Impact
The argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.

### Patches
Fixed in 4.0.2.8, which now verifies th…

CVE-2026-53720
GitHub-GHSA

MEDIUM
OneRingBuf has a Use After Free Vulnerability
GHSA-q95x-7g78-rccv
pkg: oneringbuf
eco: rust
published: Jul 8, 2026
Affected versions of `oneringbuf` exposed the obsolete `IntoRef::into_ref` method through the public `IntoRef` trait. For heap-backed ring buffers, this method returned a `DroppableRef` handle.

`DroppableRef` stored an owning raw pointer created from `Box::into_raw`. Its `Clone` implementation copi…

GitHub-GHSA

MEDIUM
async-tar PAX extension-header desync enables tar entry/content smuggling
GHSA-35rm-7j9c-2f7m
pkg: async-tar
eco: rust
published: Jul 8, 2026
## Summary

`async-tar` v0.6.0 mis-applies a buffered PAX `size` extension to an intermediary
extension header (a GNU longname `L`, a GNU longlink `K`, or a PAX `x`/`g`
header) instead of to the next *file* entry. POSIX requires a PAX extended-header
record set to describe the next file entry, never…

CVE-2026-53600
GitHub-GHSA

MEDIUM
oasdiff does not enforce –allow-external-refs=false on the git-revision load path (SSRF / local file read)
GHSA-2jcc-mxv7-p3f9
pkg: github.com/oasdiff/oasdiff
eco: go
published: Jul 7, 2026
## Summary

From **v1.13.2** through **v1.18.0**, oasdiff did not enforce `–allow-external-refs=false` (library: `openapi3.Loader.IsExternalRefsAllowed = false`) when loading a spec from a **git revision** (the `rev:path` form, e.g. `main:openapi.yaml`). External `$ref`s were resolved on that load …

CVE-2026-53508
GitHub-GHSA

MEDIUM
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
GHSA-f66q-9rf6-8795
pkg: Flask-Security-Too
eco: pip
published: Jul 7, 2026
### Summary

Flask-Security-Too 5.8.0 and 5.8.1 mark a session as reauthentication-fresh after processing a WebAuthn assertion whose proven credential belongs to a different user than the currently authenticated session user. The check that `GHSA-97r5-pg8x-p63p` added on the OAuth reauthentication p…

GitHub-GHSA

MEDIUM
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
GHSA-v3q9-hj7j-63hq
pkg: aiosmtplib
eco: pip
published: Jul 7, 2026
### Summary

`aiosmtplib`'s `SMTP.mail()`, `SMTP.rcpt()`, `SMTP.vrfy()` and `SMTP.expn()` send the caller-supplied email address to the server without rejecting embedded CR/LF (`\r\n`) bytes. An address that contains a CR/LF is written verbatim onto the SMTP control connection, so the bytes after th…

CVE-2026-53533
GitHub-GHSA

MEDIUM
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)
GHSA-4w5h-hx6r-28q7
pkg: ratex-parser
eco: rust
published: Jul 7, 2026
### Summary

RaTeX’s recursive-descent parser recurses one (or more) native stack frame per nesting level at `{`, `\left`, `\sqrt{`, `^{`, etc, with **no maximum depth limit**. A short, ~10 KB input of nested groups overflows the 8 MB main-thread stack and aborts the process. With `panic = "abort…

CVE-2026-53531
GitHub-GHSA

MEDIUM
netfoil has a domain name filter bypass via multiple questions
GHSA-59qp-cfj3-rp64
pkg: github.com/tinfoil-factory/netfoil
eco: go
published: Jul 7, 2026
### Summary
Potential bypass of domain name filter by crafting a DNS request with multiple questions, with the first question being legitimate.

### Impact
Depends on a local attackers ability to craft multiple questions and the remote DoH server supporting them.

GitHub-GHSA

MEDIUM
Open WebUI allows limited stored XSS vila uploaded html file
GHSA-8gh5-qqh8-hq3x
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
Low privileged users can upload HTML files which contain JavaScript code via the `/api/v1/files/` backend endpoint. This endpoint returns a file id, which can be used to open the file in the browser and trigger the JavaScript code in the user's browser. Under the default settings, files …
CVE-2025-46571
GitHub-GHSA

MEDIUM
Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile
GHSA-chwm-m7g7-685g
pkg: d7y.io/dragonfly/v2
eco: go
published: Jul 6, 2026
## Summary

The Dragonfly **scheduler**'s v1 gRPC service contains an unauthenticated Server-Side Request Forgery (SSRF). When a peer reports a successful download of a TINY task, the scheduler calls `Peer.DownloadTinyFile()` and issues an HTTP `GET` to a host and port taken verbatim from the attack…

CVE-2026-54637