CISA-KEV
CRITICAL
Langflow Authorization Bypass Through User-Controlled Key Vulnerability
Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV
CRITICAL
Joomlack Page Builder Improper Access Control Vulnerability
Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV
CRITICAL
Adobe ColdFusion Path Traversal Vulnerability
Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV
CRITICAL
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
NVD
CRITICAL
CVE-2026-54769
Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages w…
CWE: CWE-94
NVD
CRITICAL
CVE-2026-59726
Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminal_execute, obtain a…
CWE: CWE-78, CWE-306, CWE-942
NVD
CRITICAL
CVE-2026-54782
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings…
CWE: CWE-290, CWE-347
GitHub-GHSA
CRITICAL
Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE
GHSA-v5px-423j-pf7p
pkg: github.com/nuclio/nuclio
eco: go
published: Jul 8, 2026
## Summary
Nuclio controller builds a `curl` invocation string for each cron trigger and stores it as the `args` of a Kubernetes CronJob container (`/bin/sh`, `-c`, `<command>`). Two fields in the trigger specification flow into this string without adequate sanitization:
– `event.headers` keys —…
CVE-2026-52831
GitHub-GHSA
CRITICAL
9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
GHSA-vjc7-jrh9-9j86
pkg: 9router
eco: npm
published: Jul 6, 2026
—
title: Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
product: 9Router
version: <= 0.4.41
severity: critical
cve_request: true
—
## Summary
Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The `/api/providers` e…
NVD
CRITICAL
CVE-2026-57572
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together w…
CWE: CWE-88, CWE-94
GitHub-GHSA
CRITICAL
Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent
GHSA-q9p7-wqxg-mrhc
pkg: langroid
eco: pip
published: Jul 6, 2026
### Advisory Details
**Title**: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent
**Description**:
### Summary
Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities…
CVE-2026-54769
GitHub-GHSA
CRITICAL
9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover
GHSA-qvfm-67h2-2qfx
pkg: 9router
eco: npm
published: Jul 6, 2026
## Summary
The `/api/settings/database` endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the `ALWAYS_PROTECTED` middleware check, which only validates J…
CVE-2026-55500
NVD
CRITICAL
CVE-2026-34038
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution and…
CWE: CWE-78
NVD
CRITICAL
CVE-2026-13019
Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.
CWE: CWE-640
NVD
CRITICAL
CVE-2026-9182
Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts all …
CWE: CWE-434
NVD
CRITICAL
CVE-2026-9181
Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this issu…
CWE: CWE-22
NVD
CRITICAL
CVE-2026-53913
Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in Apache Camel Keycloak Component.
The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess(), which performs three check…
CWE: CWE-287, CWE-306, CWE-636
NVD
CRITICAL
CVE-2026-58422
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
CWE: CWE-284
NVD
CRITICAL
CVE-2026-20896
Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
CWE: CWE-284
NVD
CRITICAL
CVE-2026-15113
Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
GitHub-GHSA
CRITICAL
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
GHSA-xqhv-chqm-fhcc
pkg: github.com/BishopFox/joro
eco: go
published: Jul 8, 2026
# Unauthenticated Cross-Origin Plugin Upload Leads to RCE (Joro ≤ v1.1.0)
**Severity:** Critical
**CVSS v3.1:** 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
**Affected versions:** Joro ≤ v1.1.0, proxy mode (default), Linux/macOS
**Reporter:** cstover
**Date:** 2026-05-27
—
## Summary
Joro's d…
CVE-2026-53649
NVD
CRITICAL
CVE-2026-15062
SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization scope. An attacker could exploit these vulnerabilities by embedding SQL payloads in source database co…
CWE: CWE-89
GitHub-GHSA
CRITICAL
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
GHSA-26rh-24rg-j3vv
pkg: github.com/zhenorzz/goploy
eco: go
published: Jul 7, 2026
### Summary
`Project.AddFile`, `Project.EditFile`, `Project.RemoveFile`, and `Project.Edit` in `cmd/server/api/project/handler.go` accept a project or project-file row id from the JSON body and act on it without checking that the project belongs to the caller's namespace. The corresponding `model.P…
CVE-2026-53552
GitHub-GHSA
CRITICAL
@better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints
GHSA-5rr4-8452-hf4v
pkg: @better-auth/sso
eco: npm
published: Jul 7, 2026
### Am I affected?
Users are affected if all of the following are true:
– Their application uses `@better-auth/sso` at a version `>= 0.1.0, < 1.6.11` on the stable line, or any `1.7.0-beta.x` on the pre-release line.
– The `sso()` plugin is added to their application's `betterAuth({ plugins: […]…
CVE-2026-53513
NVD
CRITICAL
CVE-2026-15378
A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including c…
CWE: CWE-918
GitHub-GHSA
CRITICAL
Zebra: Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness
GHSA-ww9q-8r59-xv46
pkg: zebrad, halo2_gadgets, orchard
eco: rust
published: Jul 6, 2026
### Summary
A soundness vulnerability in the variable-base scalar multiplication gadget of `halo2_gadgets` allowed a malicious prover to produce a valid proof for an Orchard Action with an *under-constrained* base point. Because this gadget enforces the diversified-address-integrity condition of th…
CVE-2026-54496
GitHub-GHSA
CRITICAL
Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access
GHSA-3fcv-jvfp-m4q9
pkg: github.com/cilium/cilium, github.com/cilium/cilium, github.com/cilium/cilium
eco: go
published: Jul 6, 2026
### Impact
When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive info…
CVE-2026-49445
NVD
CRITICAL
CVE-2026-58122
Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to per…
CWE: CWE-348
GitHub-GHSA
CRITICAL
Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
GHSA-pw9m-5jxm-xr6h
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?
Users are affected if all of the following are true:
– Their application uses `better-auth` and has enabled at least one of: `oidcProvider()` (imported from `better-auth/plugins/oidc-provider`), or `mcp()` (imported from `better-auth/plugins/mcp`).
– Their application has at lea…
CVE-2026-53512
GitHub-GHSA
CRITICAL
Decompress: Archive extraction can create files and links outside of the target directory
GHSA-mp2f-45pm-3cg9
pkg: @xhmikosr/decompress, @xhmikosr/decompress, decompress
eco: npm
published: Jul 6, 2026
### Impact
When extracting an archive to a directory, a crafted archive can read or write files outside that directory. The flaw is in the code that writes the parsed entries, so it affects every format decompress handles: tar, tar.gz, tar.bz2, and zip by default, plus any others added through the …
CVE-2026-53486
NVD
CRITICAL
CVE-2026-26247
Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check.
CWE: CWE-284
NVD
CRITICAL
CVE-2026-26232
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange.
CWE: CWE-294
GitHub-GHSA
CRITICAL
Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
GHSA-2pq5-3q89-j7cc
pkg: langroid
eco: pip
published: Jul 6, 2026
Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection (direct user input or indirect content the agent reads back via RAG), so an attacker who can influ…
CVE-2026-55615
GitHub-GHSA
CRITICAL
Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
GHSA-6xc5-4r68-67fc
pkg: langroid
eco: pip
published: Jul 6, 2026
# SQLChatAgent `_validate_query` dangerous-pattern regex is bypassable via quoted/commented/qualified function names
## Summary
The `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) with a `sqlg…
CVE-2026-54760
NVD
HIGH
CVE-2026-59148
Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: * with write methods a…
CWE: CWE-306, CWE-352, CWE-732, CWE-942
NVD
HIGH
CVE-2026-15133
Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-15132
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
NVD
HIGH
CVE-2026-15129
Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD
HIGH
CVE-2026-15126
Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-15125
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-863
NVD
HIGH
CVE-2026-15123
Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-122
NVD
HIGH
CVE-2026-15121
Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-15118
Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-15116
Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-15114
Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)
CWE: CWE-125, CWE-787
NVD
HIGH
CVE-2026-15112
Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD
HIGH
CVE-2026-15110
Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-15107
Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-416
NVD
HIGH
CVE-2026-59257
n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated {{ … }} expression values directly into the raw SQL string without parameterization. When a workflow use…
CWE: CWE-89
NVD
HIGH
CVE-2026-34158
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker() helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a …
CWE: CWE-78
NVD
HIGH
CVE-2026-34168
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a storag…
CWE: CWE-78
NVD
HIGH
CVE-2026-42204
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an aut…
CWE: CWE-78
NVD
HIGH
CVE-2026-34599
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership (lowest privilege member role) to execute a…
CWE: CWE-78
NVD
HIGH
CVE-2026-14535
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in …
CWE: CWE-693
NVD
HIGH
CVE-2026-14534
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with…
CWE: CWE-184, CWE-502
NVD
HIGH
CVE-2025-71380
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete…
CWE: CWE-284
GitHub-GHSA
HIGH
Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding — chunked / HTTP/2 requests
GHSA-659f-rgp5-w4wf
pkg: github.com/zalando/skipper
eco: go
published: Jul 8, 2026
### Summary
`zalando/skipper`'s OpenPolicyAgent integration silently bypasses request-body
inspection on HTTP/1.1 `Transfer-Encoding: chunked` and HTTP/2 requests that
omit the `content-length` pseudo-header. When the
`opaAuthorizeRequestWithBody` filter is configured, the
`OpenPolicyAgentInstance.…
CVE-2026-50197
NVD
HIGH
CVE-2026-14891
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability, CVE…
CWE: CWE-59
GitHub-GHSA
HIGH
Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default
GHSA-9h47-pqcx-hjr4
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?
Users are affected if all of the following are true:
– Their application uses `better-auth` at a version below the patched release.
– Their application enables `oidcProvider()` from `better-auth/plugins/oidc-provider` or `mcp()` from `better-auth/plugins/mcp` (the mcp plugin del…
GitHub-GHSA
HIGH
Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
GHSA-9rjw-3gwp-f59v
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
`UpsertWorkspaceApp` overwrites an existing app's `agent_id` on a primary-key conflict and `insertAgentApp` accepts the app ID from the provisioner's `CompleteJob` payload without verifying it belongs to the workspace being built. `CompleteJob` runs under `dbauthz.AsProvisionerd` so the…
CVE-2026-55429
NVD
HIGH
CVE-2026-57573
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handle_stream_crawl_request passed seed URLs straight to the crawler with no destination validatio…
CWE: CWE-918
NVD
HIGH
CVE-2026-54765
Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only one…
CWE: CWE-284, CWE-863
GitHub-GHSA
HIGH
flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`
GHSA-h9f9-h6gm-wc85
pkg: flyto-core
eco: pip
published: Jul 6, 2026
## Unauthenticated Command Execution via HTTP MCP `execute_module`
### Summary
The HTTP MCP endpoint (`POST /mcp`) in flyto-core accepts unauthenticated JSON-RPC `tools/call` requests and dispatches them to arbitrary registered modules, including `sandbox.execute_shell`, which passes attacker-cont…
CVE-2026-55786
NVD
HIGH
CVE-2026-54424
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of …
CWE: CWE-648
NVD
HIGH
CVE-2026-47829
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation.
Affected v…
NVD
HIGH
CVE-2026-15122
Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD
HIGH
CVE-2026-15120
Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-15119
Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-362
NVD
HIGH
CVE-2026-55830
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted position…
CWE: CWE-184
GitHub-GHSA
HIGH
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
GHSA-37h2-6p4f-mp3q
pkg: serena-agent
eco: pip
published: Jul 8, 2026
### Summary
Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port (TCP 24282, hardcoded as `0x5EDA` in `constants.py`). The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage …
CVE-2026-49471
GitHub-GHSA
HIGH
@better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
GHSA-j8v8-g9cx-5qf4
pkg: @better-auth/scim
eco: npm
published: Jul 7, 2026
### Am I affected?
Users are affected if all of these hold:
– They install and register the `@better-auth/scim` plugin (`plugins: [scim()]`).
– They create SCIM providers without an `organizationId`, that is, non-organization ("personal") providers. Organization-scoped providers are not affected b…
GitHub-GHSA
HIGH
Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email
GHSA-g38m-r43w-p2q7
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?
Users are affected if all of the following are true:
– Their application uses `better-auth` at a version `< 1.6.11` on the stable line, or any current `next` pre-release.
– `emailAndPassword.enabled: true` is set in their application's `betterAuth({ … })` configuration.
– At l…
CVE-2026-53516
GitHub-GHSA
HIGH
Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write
GHSA-qrwj-vh9x-gw5v
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
`agentConn.apiClient()` used the default redirect behavior of `http.Client` while its custom transport dialed the host from the request URL as long as the port was the workspace agent HTTP API port (`4`). Agent tailnet IPs are deterministic from agent UUIDs, so a malicious workspace age…
GitHub-GHSA
HIGH
Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`
GHSA-mcqq-fqgf-rxwm
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
`coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHConfigOptions`) into the user's `~/.ssh/config` without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration.
> **Note:** P…
CVE-2026-55427
NVD
HIGH
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
CWE: CWE-424
GitHub-GHSA
HIGH
`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes
GHSA-4jhm-jv67-739f
pkg: lxml_html_clean
eco: pip
published: Jul 8, 2026
# `lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes (`xlink:href`)
**Reporter:** Guillem Lefait <guillem@datamq.com> · **Date:** 2026-05-10
**Affected:** `lxml` ≤ 6.1.0 and `lxml_html_clean` ≤ 0.4.4 (latest stable)
**Confirmed against:** lxml 6.1.0 + lx…
CVE-2026-49825
GitHub-GHSA
HIGH
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
GHSA-wrq8-fcv5-8hvp
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
The tailnet coordinator validates that an agent's `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinator forwards agent-supplied `AllowedIPs` verbatim to tunnel peers which install them into the WireGuard peer configuration.
### …
CVE-2026-55428
NVD
HIGH
CVE-2026-59195
pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under node_modules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml whose…
CWE: CWE-22
NVD
HIGH
CVE-2026-46591
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component.
The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection throu…
CWE: CWE-943
NVD
HIGH
CVE-2026-12597
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array retur…
CWE: CWE-287
NVD
HIGH
CVE-2026-12595
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /user…
CWE: CWE-287
NVD
HIGH
CVE-2026-31985
When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Re…
CWE: CWE-671
NVD
HIGH
CVE-2026-54591
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../ tra…
CWE: CWE-22
GitHub-GHSA
HIGH
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
GHSA-6h3c-r723-7fx3
pkg: nl.nl-portal:taak
eco: maven
published: Jul 8, 2026
## Impact
In versions from 1.5.0 up to and including 3.0.0, any authenticated portal user could complete and tamper with another user's open task by submitting it on their behalf. The task submission endpoint accepted a task ID and a payload, but it never checked whether the task actually belonged …
CVE-2026-49464
NVD
HIGH
CVE-2026-54652
Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and ena…
CWE: CWE-269, CWE-532, CWE-598, CWE-863
GitHub-GHSA
HIGH
@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
GHSA-7w99-5wm4-3g79
pkg: @better-auth/oauth-provider, better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?
Users are affected if all of the following are true:
– Their project depends on `@better-auth/oauth-provider` at a version `>= 1.6.0, < 1.6.11`, or uses the embedded plugin in `better-auth >= 1.4.8-beta.7, < 1.6.0`, or enables the legacy `oidc-provider` or `mcp` plugins from `be…
CVE-2026-53518
GitHub-GHSA
HIGH
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
GHSA-392p-2q2v-4372
pkg: @better-auth/oauth-provider, better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?
Users are affected if all of the following are true:
– Their project depends on `@better-auth/oauth-provider` at a version `>= 1.6.0, < 1.6.11`, or uses the embedded plugin in `better-auth >= 1.4.8-beta.7, < 1.6.0`.
– At least one OAuth client served by their application's autho…
CVE-2026-53517
NVD
HIGH
CVE-2026-13020
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an …
CWE: CWE-640
GitHub-GHSA
HIGH
Langroid: handle_message() executes user-supplied tool JSON without sender verification
GHSA-gjgq-w2m6-wr5q
pkg: langroid
eco: pip
published: Jul 6, 2026
## Summary
A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`.
## Details
`enable_message(…, use=False, handle=True)` only prevents the LLM from being instructed…
CVE-2026-54771
NVD
HIGH
CVE-2026-49297
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (ty…
CWE: CWE-22
NVD
HIGH
CVE-2026-43865
Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component.
The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself – that is, when no user…
CWE: CWE-502
NVD
HIGH
CVE-2026-40859
Deserialization of Untrusted Data vulnerability in Apache Camel.
The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter (VertxHttpHelper.deserialize…
CWE: CWE-502
NVD
HIGH
CVE-2026-12746
Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter.
The authentication_url method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting …
CWE: CWE-352
NVD
HIGH
CVE-2026-12740
Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter.
RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session (register_s…
CWE: CWE-352
NVD
HIGH
CVE-2025-71372
Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling supply-…
CWE: CWE-502
NVD
HIGH
CVE-2026-28699
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.
CWE: CWE-284, CWE-863
GitHub-GHSA
HIGH
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN
GHSA-9×82-rm84-c6x7
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview
Remote Code Execution (RCE) is possible via Velocity Templates used by DSpace for [COAR Notify/LDN messages](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126679/COAR+Notify). _This vulnerability impacts DSpace versions 8.0 <= 8.3, 9.0 <= 9.2._ The attacker MUST already have DSpace a…
CVE-2026-49832
NVD
HIGH
CVE-2026-22927
Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability.
CWE: CWE-22
GitHub-GHSA
HIGH
Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command
GHSA-798h-hpph-m24j
pkg: linuxfabrik-lib
eco: pip
published: Jul 6, 2026
### Summary
When a check plugin places user provided input inside a command which is passed to `shell_exec`, an attacker can abuse this to run arbitrary commands. This is mainly dangerous for plugins which are listed in the sudoers file, because this allows an attacker controlling the nagios user to…
CVE-2026-55426
GitHub-GHSA
HIGH
Open Babel has out-of-bounds write in MOPAC translationVectors[] (UNIT CELL TRANSLATION)
GHSA-55f6-pf8r-c2f4
pkg: openbabel
eco: pip
published: Jul 6, 2026
### Summary
A memory-safety vulnerability in Open Babel's MOPAC output parser
allowed an out-of-bounds write into the `translationVectors[]` array
when reading the "UNIT CELL TRANSLATION" block of a crafted input
file.
### Details
The MOPAC output reader stored translation vectors from the UNIT C…
CVE-2022-46292
NVD
HIGH
CVE-2026-33655
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/bl…
CWE: CWE-918
NVD
HIGH
CVE-2026-59216
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get_event_call delivered execute:python and execute:tool Socket.IO events to a client-supplied session_id after checking only that the session was connected, allowing authenticated users who learne…
CWE: CWE-94, CWE-200, CWE-639, CWE-862
GitHub-GHSA
HIGH
Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths
GHSA-52vm-mxx8-f227
pkg: phantom-audio
eco: pip
published: Jul 9, 2026
### Impact
In Phantom <= 1.3.0, when `PHANTOM_OUTPUT_DIR` was unset (the default), the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls (e.g. an AI agent driving the MCP interface) could **write or overwrite arbitrary files** the process user …
NVD
HIGH
CVE-2026-14373
HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on t…
CWE: CWE-862
NVD
HIGH
CVE-2026-60002
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
CWE: CWE-416
GitHub-GHSA
HIGH
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
GHSA-4g5x-hcwm-82jw
pkg: github.com/zhenorzz/goploy
eco: go
published: Jul 7, 2026
> [ Click here to jump to the Simplified Chinese version (点击跳转到简体中文版本)](#goploy-系统任意文件读取)
# Goploy System Arbitrary File Read Vulnerability
## Basic Information
– **Vulnerability Name**: Goploy Endpoints Arbitrary File Read via Path Traversal
– **Vulnerability …
CVE-2026-53553
GitHub-GHSA
HIGH
Better Auth has stored XSS in the auth-server origin via javascript: redirect_uri in oidc-provider and mcp
GHSA-86j7-9j95-vpqj
pkg: better-auth, better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?
Check each condition. Users are affected when all of the first three hold.
– Their application enables the `oidc-provider` plugin or the `mcp` plugin from `better-auth/plugins`. The `mcp` plugin wraps the same provider and carries the same defect. Both are on the migration path …
GitHub-GHSA
HIGH
Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin
GHSA-fmh4-wcc4-5jm3
pkg: better-auth
eco: npm
published: Jul 7, 2026
### Am I affected?
Users are affected if all of the following are true:
– Their application uses `better-auth` with the `organization` plugin (`import { organization } from "better-auth/plugins/organization"`).
– Their application enables a sign-up surface that allows arbitrary unverified email re…
CVE-2026-53514
GitHub-GHSA
HIGH
New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs
GHSA-6qcr-qxgr-m7fv
pkg: github.com/QuantumNous/new-api
eco: go
published: Jul 7, 2026
## Summary
The default SSRF protection configuration did not apply IP filtering to hostnames. With `ApplyIPFilterForDomain` disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure n…
CVE-2026-33655
GitHub-GHSA
HIGH
Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps
GHSA-v54h-cp2w-9x4g
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
`coder open app` opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the `$SESSION_TOKEN` placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler.
> **Note:** Practical explo…
CVE-2026-55431
GitHub-GHSA
HIGH
OpenRemote has Cross-Realm User Information Disclosure in UserResourceImpl
GHSA-xqr9-4wvv-gvch
pkg: io.openremote:openremote-manager
eco: maven
published: Jul 6, 2026
### Summary
A realm admin of tenant B can read the profile, client roles, and realm roles of any user in any other realm (including the master realm) by supplying the target user's UUID in the REST API path. Three read endpoints in UserResourceImpl check whether the caller holds the read:admin role…
CVE-2026-54641
NVD
HIGH
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central,…
CWE: CWE-400
GitHub-GHSA
HIGH
OpenRemote has an incomplete fix for CVE-2026-40882: XXE in KNXProtocol.startAssetImport() allows arbitrary file read via unprotected XMLInputFactory
GHSA-7v6w-c3f4-9wpq
pkg: io.openremote:openremote-agent
eco: maven
published: Jul 6, 2026
### Summary
The fix for CVE-2026-40882 addressed only the Velbus asset import handler. The KNX asset import handler (`KNXProtocol`) processes user-uploaded ETS project ZIP files through Saxon XSLT and `XMLInputFactory.newInstance()` with no XXE protection, allowing any authenticated user to read arb…
CVE-2026-54640
GitHub-GHSA
HIGH
Mistune: Potential DoS via quadratic-time parsing in parse_link_text
GHSA-qcq2-496w-v96p
pkg: mistune
eco: pip
published: Jul 9, 2026
### Summary
Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. A relatively small input consisting of repeated [ characters causes significant parsing slowdown.
### Affected component
mistune/inline_parser.py → **parse_link_text**
…
CVE-2026-49851
NVD
HIGH
CVE-2026-54695
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid fr…
CWE: CWE-862
NVD
HIGH
CVE-2026-13462
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
NVD
HIGH
CVE-2026-11404
Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthentica…
CWE: CWE-125
GitHub-GHSA
HIGH
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
GHSA-7cmj-v6x8-frvv
pkg: ca.uhn.hapi.fhir:org.hl7.fhir.dstu2, ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may, ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
eco: maven
published: Jul 9, 2026
# Summary
All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource …
CVE-2026-49485
GitHub-GHSA
HIGH
Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser
GHSA-836r-79rf-4m37
pkg: soupsieve
eco: pip
published: Jul 9, 2026
### Summary
The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the `VALUE` regex pattern in `css_parser.py` enters exponen…
CVE-2026-49477
GitHub-GHSA
HIGH
Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
GHSA-2wc2-fm75-p42x
pkg: soupsieve
eco: pip
published: Jul 9, 2026
### Summary
The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to `soupsieve.compile()` or Beautiful Soup's `.select()` / `.selec…
CVE-2026-49476
GitHub-GHSA
HIGH
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS
GHSA-387m-935m-c4vw
pkg: io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client
eco: maven
published: Jul 9, 2026
The Netty-based Micronaut HTTP Client does not impose a limit on HTTP redirections, potentially allowing an infinite redirect loop that could lead to a denial-of-service attack.
### Patches
The following versions are patched:
– For Micronaut 5, versions equal or greater than [5.0.1](https://gith…
NVD
HIGH
CVE-2026-54772
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tc…
CWE: CWE-400, CWE-835
NVD
HIGH
CVE-2026-54499
Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(…, weights_only=True) but fall back to torch.load(…, weights_o…
CWE: CWE-502, CWE-676
NVD
HIGH
CVE-2026-15117
Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-15111
Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-31309
Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.
CWE: CWE-862
NVD
HIGH
CVE-2026-49866
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronously i…
CWE: CWE-770
NVD
HIGH
CVE-2026-59939
httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small c…
CWE: CWE-409
NVD
HIGH
CVE-2026-55404
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the –write-link, –write-url-link, and –write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpage_url or filename metadata without sufficient validation or escaping, allo…
CWE: CWE-74
NVD
HIGH
CVE-2026-59928
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block_parser.py and the ref_links environment dictionary handling, allowing denial of service throu…
CWE: CWE-407, CWE-1333
NVD
HIGH
CVE-2026-59925
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching close markers from eve…
CWE: CWE-407, CWE-1333, CWE-407
NVD
HIGH
CVE-2026-59922
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from each …
CWE: CWE-407, CWE-1333, CWE-407
NVD
HIGH
CVE-2026-59892
OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx-* HTTP header values with decodeURIComponent() without handling decode errors, allowing an unauthenticated remote attacker to send a malformed …
CWE: CWE-248
NVD
HIGH
CVE-2026-10708
This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and t…
NVD
HIGH
CVE-2026-58656
Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: *, allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token fr…
CWE: CWE-598
NVD
HIGH
CVE-2026-14895
String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service.
The trim and rtrim functions stripped trailing whitespace with s/\s*$//u. Because \s* matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex e…
CWE: CWE-1333
NVD
HIGH
CVE-2026-56811
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix (Phoenix.Socket module) allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport (WebSocket or LongPoll).
This v…
CWE: CWE-770
NVD
HIGH
CVE-2026-55574
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string…
CWE: CWE-1333
NVD
HIGH
CVE-2026-55380
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. Th…
CWE: CWE-789
NVD
HIGH
CVE-2026-55379
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow's documented decompression bomb pro…
CWE: CWE-789
NVD
HIGH
CVE-2026-54060
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving…
CWE: CWE-789
NVD
HIGH
CVE-2026-54059
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocat…
CWE: CWE-789
NVD
HIGH
CVE-2026-13698
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service
CWE: CWE-401, CWE-770, CWE-401
NVD
HIGH
CVE-2026-54784
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishme…
CWE: CWE-311, CWE-523
NVD
HIGH
CVE-2026-54783
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with …
CWE: CWE-294, CWE-345, CWE-347
NVD
HIGH
CVE-2026-54781
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom c…
CWE: CWE-287, CWE-345
NVD
HIGH
CVE-2026-54774
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 S…
CWE: CWE-345, CWE-347
NVD
HIGH
CVE-2026-55436
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned…
CWE: CWE-295
NVD
HIGH
CVE-2026-55076
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string …
CWE: CWE-287, CWE-704
GitHub-GHSA
HIGH
Coder's AI Bridge Proxy skips TLS certificate verification in default configuration
GHSA-84rm-42xw-mx52
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
The AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned a secure transport when an upstream proxy was configured. In the default configuration (no upstream proxy), outbound HTTPS to the Coder access URL acc…
CVE-2026-55436
GitHub-GHSA
HIGH
Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass
GHSA-9r87-mvcw-x35f
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
Two flaws in Coder's OIDC login chained into account takeover: email-based user matching fell back to linking by email without checking for an existing link to a different IdP subject and the `email_verified` claim was only enforced when present as a boolean `false` so an absent or non-…
CVE-2026-55075
GitHub-GHSA
HIGH
Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking
GHSA-75vm-6w67-gwvp
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string `"false"`) or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-…
CVE-2026-55076
NVD
HIGH
CVE-2026-59214
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue auth…
CWE: CWE-79
GitHub-GHSA
HIGH
Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages
GHSA-vjm7-m4xh-7wrc
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
Manually modifying chat history allows setting the `embeds` property on a response message, the content of which is loaded into an iFrame with a sandbox that has `allow-scripts` and `allow-same-origin` set, ignoring the "iframe Sandbox Allow Same Origin" configuration. This enables store…
CVE-2026-26193
GitHub-GHSA
HIGH
Open WebUI vulnerable to Stored XSS via iFrame in citations model
GHSA-xc8p-9rr6-97r2
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
Manually modifying chat history allows setting the `html` property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponised document …
CVE-2026-26192
GitHub-GHSA
HIGH
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
GHSA-7cfm-pqrj-xgq7
pkg: 9router
eco: npm
published: Jul 6, 2026
## Summary
The 9router dashboard login rate limiter derives the client identity from the attacker-controlled `X-Forwarded-For` HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the `X-…
CVE-2026-55501
GitHub-GHSA
HIGH
chmod: –preserve-root bypassed by any path that resolves to root (e.g. /../)
GHSA-4c7q-4928-8445
pkg: uu_chmod
eco: rust
published: Jul 6, 2026
`Chmoder::chmod()` only compares the literal argument against `Path::new("/")`, so the `–preserve-root` guard is bypassed by any path that *resolves* to root — a symlink to `/` or simply `/../`.
“`
if self.recursive && self.preserve_root && file == Path::new("/") {
return Err(ChmodError::Pr…
CVE-2026-35338
NVD
HIGH
CVE-2026-14802
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The exploi…
CWE: CWE-77, CWE-78
NVD
HIGH
CVE-2026-59721
Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into sen…
CWE: CWE-77, CWE-78, CWE-915
GitHub-GHSA
HIGH
Coder: User-admin role can reset owner account password
GHSA-29xf-69gq-m9jx
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
The `PUT /api/v2/users/{user}/password` endpoint authorized only `ActionUpdatePersonal` and did not prevent a `user-admin` from resetting an `owner` account's password. It also did not require the current password when an admin reset another user's password.
> **Note:** Exploitation re…
CVE-2026-55077
NVD
HIGH
CVE-2026-59219
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_to…
CWE: CWE-613
NVD
HIGH
CVE-2026-47828
During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network attacker…
NVD
HIGH
CVE-2026-58583
FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Window…
CWE: CWE-269
GitHub-GHSA
HIGH
mkfifo: permissions of an existing file are changed after FIFO creation fails
GHSA-pmf6-rcx4-v53v
pkg: uu_mkfifo
eco: rust
published: Jul 6, 2026
When `mkfifo()` fails (e.g. target already exists), the code shows an error but is missing a `continue;`, so it falls through to `fs::set_permissions` and changes the permissions of the pre-existing file to the default FIFO mode (`0o666` & umask -> `0644`).
“`
$ touch secret; chmod 000 secret
$ co…
CVE-2026-35341
GitHub-GHSA
HIGH
flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
GHSA-794r-5rp2-fpg8
pkg: flyto-core
eco: pip
published: Jul 6, 2026
## Summary
`flyto-core`'s SSRF protection (`validate_url_ssrf` / `is_private_ip` in `src/core/utils.py`) blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded `PRIVATE_IP_RANGES` list. That list contains only the *native* RFC 1918 …
CVE-2026-55787
NVD
HIGH
CVE-2026-59196
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fixe…
CWE: CWE-22, CWE-73
GitHub-GHSA
HIGH
Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`
GHSA-9pmc-p236-855h
pkg: css_parser
eco: rubygems
published: Jul 9, 2026
## Summary
`CssParser::Parser#read_remote_file` (and therefore `load_uri!`, and the `@import`-following branch of `add_block!`) issues HTTP/HTTPS requests against any host, port and URI it is handed, with no scheme allowlist, no host / IP filtering, and no protection against link-local, loopback or…
CVE-2026-53727
GitHub-GHSA
HIGH
Note Mark: Path traversal via unsanitized book/note slug in migrate export (sibling of GHSA-g49p)
GHSA-rqrh-8wpv-x7hh
pkg: github.com/enchant97/note-mark/backend
eco: go
published: Jul 9, 2026
## Summary
Note Mark validates book and note `slug` values with the OpenAPI/huma tag `pattern:"[a-z0-9-]+"`. huma compiles this with `regexp.MustCompile(s.Pattern)` and tests it with `patternRe.MatchString(str)`, an UNANCHORED match. Because the pattern is not anchored (`^…$`), any string that me…
CVE-2026-50553
GitHub-GHSA
HIGH
ratex-parser panics on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice)
GHSA-4hgp-59h5-gvrj
pkg: ratex-parser
eco: rust
published: Jul 7, 2026
### Summary
The public parser entrypoint `ratex_parser::parse(&str)` panics on the **9-byte** input `\verbéxé` (i.e. `\verb` followed by the non-ASCII delimiter `é`). When handling a `\verb` command, the parser slices the verbatim argument with **byte** indices (`arg[1..arg.len() – 1]`); if the …
CVE-2026-53530
GitHub-GHSA
HIGH
uutils coreutils: cp/install/mv/ln –suffix alone does not enable backup mode (silent data loss vs GNU)
GHSA-fqf6-gxhh-2xhw
pkg: uucore
eco: rust
published: Jul 7, 2026
`determine_backup_mode` in `src/uucore/src/lib/features/backup_control.rs` only checks `–backup`/`-b` and returns `BackupMode::None` when only `–suffix` is given. GNU enables backup mode when `–suffix` is used alone (defaulting to existing/numbered, or `$VERSION_CONTROL`). Affects `cp`, `install`…
GitHub-GHSA
HIGH
Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions
GHSA-9f4f-jv96-8766
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
A vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executed in the user's browser every time that chat transcript is opened, allowing attackers to retrieve the user's a…
CVE-2025-46719
GitHub-GHSA
HIGH
XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+
GHSA-qj4x-9g63-25g6
pkg: org.xwiki.platform:xwiki-platform-oldcore, org.xwiki.platform:xwiki-platform-oldcore
eco: maven
published: Jul 7, 2026
### Impact
With Jetty 12+ a user can craft a URL to access any resource the Jetty instance is allowed to access.
For example `http://[host]/xwiki/bin/skin/..%252f/..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd` allows downloading the content of the /etc/passwd file, provided Jetty is …
CVE-2026-34151
GitHub-GHSA
HIGH
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export
GHSA-cgfv-jrfp-2r7v
pkg: io.openremote:openremote-manager
eco: maven
published: Jul 6, 2026
## Summary
The datapoint export API builds a PostgreSQL crosstab export query by concatenating asset display names into raw SQL. An authenticated user who can create or rename an asset and then request a crosstab datapoint export can inject SQL through the asset name. The injected query output is s…
GitHub-GHSA
HIGH
Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)
GHSA-7jvp-hj45-2f2m
pkg: Scriban
eco: nuget
published: Jul 6, 2026
<!– obsidian –><h2 data-heading="Description">Description</h2>
<p>When a host pushes a CLR object into a Scriban <code>TemplateContext</code> via the standard, documented pattern —</p>
<pre><code class="language-csharp">var so = new ScriptObject();
so["user"] = currentUser; // direct CLR refer…
GitHub-GHSA
MEDIUM
CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
GHSA-q6h5-q3q6-f87x
pkg: github.com/cilium/cilium, github.com/cilium/cilium, github.com/cilium/cilium
eco: go
published: Jul 6, 2026
### Impact
Users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, which enables hijacking traffic to Services in any namespace, bypassing the namespace-scoping guarantees enforced by serviceMatcher.
In addition, deleting such a policy can …
CVE-2026-53935
NVD
MEDIUM
CVE-2026-55689
OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated service…
CWE: CWE-287
NVD
MEDIUM
CVE-2026-59208
n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker w…
CWE: CWE-287, CWE-346, CWE-346
GitHub-GHSA
MEDIUM
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers
GHSA-q6gh-6v2r-hjv3
pkg: io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client, io.micronaut:micronaut-http-client
eco: maven
published: Jul 9, 2026
### Impact
> DefaultHttpClient follows redirects and forwards Authorization, Cookie, and Proxy-Authorization headers to redirect targets across domain boundaries. The blocklist only filters Host/Connection/TE/CT/CL.
> Additionally, no maximum redirect count exists, enabling infinite loop DoS.
> Aff…
GitHub-GHSA
MEDIUM
rm: –preserve-root bypassed via a symlink to / (string check instead of dev/inode)
GHSA-7cr3-h577-g38j
pkg: uu_rm
eco: rust
published: Jul 6, 2026
The `–preserve-root` check uses a path-string test (`path.has_root() && path.parent().is_none()`) rather than comparing device/inode. A symlink to `/` (e.g. `/tmp/rootlink -> /`) has a parent component, so it passes the check. GNU caches `/`'s dev/inode at startup and compares every traversed direc…
CVE-2026-35349
GitHub-GHSA
MEDIUM
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication)
GHSA-h444-6j9x-p8vh
pkg: uu_mv
eco: rust
published: Jul 6, 2026
When moving directories across filesystems, uutils `mv` dereferences symlinks inside the tree, copying their targets as real files/dirs instead of preserving the symlinks. GNU preserves symlinks by default. E.g. a `etc_link -> /etc` inside the source becomes a full copy of `/etc` at the destination.…
CVE-2026-35365
GitHub-GHSA
MEDIUM
Avo: Direct attachment upload endpoint lacks upload authorization and bypasses field-level upload policy
GHSA-pqpw-cvm4-8mv9
pkg: avo
eco: rubygems
published: Jul 9, 2026
### Summary
Avo's direct attachment upload endpoint lacks server-side upload authorization and bypasses the documented field-level upload policy methods such as `upload_{FIELD_ID}?`.
An authenticated Avo user who can reach the Avo attachment upload endpoint can replace or add attachment content, i…
CVE-2026-53769
NVD
MEDIUM
CVE-2026-59220
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed <$skillId|label> skill mentions with overlapping quantifiers, allowing an authenticat…
CWE: CWE-1333
GitHub-GHSA
MEDIUM
Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
GHSA-382c-vx95-w3p5
pkg: @jsonbored/gittensory-mcp
eco: npm
published: Jul 9, 2026
### Summary
`GET /v1/contributors/:login/profile` and the `gittensory_get_contributor_profile` MCP tool skip the contributor-scoped access check that every sibling endpoint enforces. Any authenticated session/API/MCP token holder can read any contributor's profile; for confirmed Gittensor miners t…
GitHub-GHSA
MEDIUM
pyLoad: Unbounded Memory Growth Leading to DoS and Potential DDoS in EventManager
GHSA-c2f9-4mc8-j656
pkg: pyload-ng
eco: pip
published: Jul 9, 2026
## Description:
The `EventManager` module in `pyload` manages a list of `Client` instances for subscribing to events. The addition of each unique `uuid` from the `get_events` API causes the creation of a `Client` instance that gets appended to the `clients` list. Although there is a `clean()` method…
CVE-2026-48987
NVD
MEDIUM
CVE-2026-54775
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpo…
CWE: CWE-248, CWE-754, CWE-755
NVD
MEDIUM
CVE-2026-15109
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
NVD
MEDIUM
CVE-2026-54777
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListene…
CWE: CWE-367, CWE-665
GitHub-GHSA
MEDIUM
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
GHSA-qpm9-h556-mwxm
pkg: nl.nl-portal:documenten-api, nl.nl-portal:besluiten
eco: maven
published: Jul 8, 2026
## Impact
In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user:
– **Document content.** A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver …
CVE-2026-49463
GitHub-GHSA
MEDIUM
Waku: Cross-Origin CSRF on RSC Server Action Dispatch
GHSA-75w3-gmqx-993q
pkg: waku
eco: npm
published: Jul 8, 2026
## Summary
Waku's RSC request dispatcher invokes server actions without validating the request's `Origin` (or `Sec-Fetch-Site`) header. A cross-origin web attacker can therefore cause a victim browser to issue an authenticated `POST` to a registered server action endpoint using a CORS-safelisted co…
CVE-2026-49455
NVD
MEDIUM
CVE-2026-15154
A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,…
CWE: CWE-1333
NVD
MEDIUM
CVE-2026-60001
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
CWE: CWE-770
GitHub-GHSA
MEDIUM
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path
GHSA-q855-8rh5-jfgq
pkg: ha-mcp
eco: pip
published: Jul 7, 2026
### Summary
In add-on mode, the ha-mcp settings UI routes are mounted both under the MCP secret path **and** at the bare root of the published port (`:9583`), so Home Assistant ingress can serve the "Open Web UI" button. The root-mounted routes perform no authentication — no secret, no `Origin` c…
NVD
MEDIUM
CVE-2026-55490
OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows b…
CWE: CWE-191
GitHub-GHSA
MEDIUM
Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints
GHSA-f5vp-w269-392g
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory.
> **Note:** Exploitation requires authenticated access to the AI Bridge endpoints and the imp…
CVE-2026-55434
GitHub-GHSA
MEDIUM
Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service
GHSA-2mg2-p7r7-g27f
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
`POST /api/v2/files` converts zip uploads to tar in memory via `CreateTarFromZip`, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer.
> **Note:** Exploitation requires authenticated file-upload access and…
CVE-2026-55078
GitHub-GHSA
MEDIUM
WeasyPrint has CSS Injection via Presentational Hints
GHSA-jhhc-3hcp-qhm5
pkg: weasyprint
eco: pip
published: Jul 6, 2026
### Summary
A CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input.
### Details
File: weasyprint/css/__init__…
CVE-2026-49452
GitHub-GHSA
MEDIUM
@better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators
GHSA-p2fr-6hmx-4528
pkg: @better-auth/oauth-provider
eco: npm
published: Jul 7, 2026
### Am I affected?
Users are affected if all of the following hold:
– Their application depends on `@better-auth/oauth-provider` on any stable `1.6.x` release (the stable line is not patched) or on a pre-release before `1.7.0-beta.4`.
– Their application either configures validAudiences` with mor…
NVD
MEDIUM
CVE-2026-12154
The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_id' shortcode attribute of the [fbrev] shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the Feed_Sh…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-15063
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the k…
CWE: CWE-306
NVD
MEDIUM
CVE-2026-15044
A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the clu…
GitHub-GHSA
MEDIUM
install -D: symlink race in directory creation allows arbitrary file overwrite
GHSA-gwm6-q8ch-hcfr
pkg: uu_install
eco: rust
published: Jul 6, 2026
The `-D` path runs `fs::create_dir_all` on a pathname then later opens the destination via path-based `File::create`/`fs::copy`, neither anchored to a directory fd. Between the two, an attacker can replace a path component with a symlink, redirecting the write.
**Impact:** an attacker with concurre…
CVE-2026-35356
GitHub-GHSA
MEDIUM
install: TOCTOU symlink race (unlink-then-create without O_EXCL) allows arbitrary file overwrite
GHSA-239g-2685-54×3
pkg: uu_install
eco: rust
published: Jul 6, 2026
`copy_file` in `install/src/install.rs` removes the destination then recreates it by pathname via `File::create` / `fs::copy` without `O_EXCL`/`create_new`. Between the unlink and the recreate, a local attacker with write access to the destination directory can drop in a symlink and redirect the wri…
CVE-2026-35355
NVD
MEDIUM
CVE-2026-14784
A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptance.
CWE: CWE-264, CWE-265
NVD
MEDIUM
CVE-2026-14716
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched remote…
CWE: CWE-285, CWE-863
NVD
MEDIUM
CVE-2026-54778
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to an…
CWE: CWE-362, CWE-825
NVD
MEDIUM
CVE-2026-15128
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-79
NVD
MEDIUM
CVE-2026-15127
Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-79
NVD
MEDIUM
CVE-2026-59929
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:, …
CWE: CWE-79, CWE-184
NVD
MEDIUM
CVE-2026-59926
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even …
CWE: CWE-79
NVD
MEDIUM
CVE-2026-59923
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version 3.…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-59890
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode …
CWE: CWE-176, CWE-697
GitHub-GHSA
MEDIUM
Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint
GHSA-hmj5-jm8h-h9fh
pkg: kiwitcms
eco: pip
published: Jul 6, 2026
### Summary
An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targ…
CVE-2026-54724
GitHub-GHSA
MEDIUM
GoBGP confederation validation panics on empty AS_PATH attribute
GHSA-frrj-87jh-2772
pkg: github.com/osrg/gobgp/v4
eco: go
published: Jul 9, 2026
Found through variant analysis based on `CVE-2026-41643`
## Summary
GoBGP accepts a zero-length AS_PATH during UPDATE decoding and later panics while validating that attribute for a confederation eBGP peer. The vulnerable path is in the BGP UPDATE validator: a malformed UPDATE that should be reject…
CVE-2026-49838
GitHub-GHSA
MEDIUM
GoBGP: BGP OPEN capability parser may read capability values outside declared CapLen boundaries
GHSA-gjrg-jjr3-56cm
pkg: github.com/osrg/gobgp/v4
eco: go
published: Jul 9, 2026
### Summary
GoBGP contains a BGP OPEN capability parsing issue where several concrete capability decoders may parse data from the full remaining capability buffer instead of the slice bounded by the declared capability length, `CapLen`.
A malformed BGP OPEN message can cause bytes from a fol…
CVE-2026-49837
GitHub-GHSA
MEDIUM
sigstore-go has a multi-log threshold bypass via single compromised log
GHSA-9vcr-p3rj-q5q6
pkg: github.com/sigstore/sigstore-go
eco: go
published: Jul 9, 2026
### Impact
_What kind of vulnerability is it? Who is impacted?_
A verifier configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1) expected defense-in-depth against the compromise of a single log instance. However, threshold counting counted verified witnesses per-entry or …
CVE-2026-49834
NVD
MEDIUM
CVE-2026-57022
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When an affected device initiates a TCP conne…
CWE: CWE-754
NVD
MEDIUM
CVE-2026-54779
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a capture…
CWE: CWE-294, CWE-613
NVD
MEDIUM
CVE-2026-54773
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and…
CWE: CWE-347
NVD
MEDIUM
CVE-2026-54590
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig._set_tokens that blocks /, , and .. before %u substitution in Aut…
CWE: CWE-22, CWE-639
NVD
MEDIUM
CVE-2026-58501
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed…
CWE: CWE-918
NVD
MEDIUM
CVE-2026-59924
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory whe…
CWE: CWE-22
NVD
MEDIUM
CVE-2026-59999
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
CWE: CWE-348
GitHub-GHSA
MEDIUM
Weblate SSRF: outbound URL guard misses some private ranges
GHSA-vmfc-9982-2m45
pkg: weblate
eco: pip
published: Jul 7, 2026
### Impact
Weblate's `VCS_RESTRICT_PRIVATE` did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions.
### Patches
* https://github.com/WeblateOrg/weblate/pull/19768
### Res…
CVE-2026-50127
GitHub-GHSA
MEDIUM
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
GHSA-6w3m-4hhp-775q
pkg: github.com/kedacore/keda/v2
eco: go
published: Jul 7, 2026
### Summary
`pkg/scalers/postgresql_scaler.go` builds libpq-style connection strings by concatenating `key=value` pairs separated by spaces. Each tenant-controllable field (`host`, `port`, `userName`, `dbName`, `sslmode`) is passed through `escapePostgreConnectionParameter`:
“`go
func escapePostgre…
CVE-2026-53572
NVD
MEDIUM
CVE-2026-54291
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee…
CWE: CWE-636, CWE-757
GitHub-GHSA
MEDIUM
Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing
GHSA-5wg6-jmq2-53pw
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the un…
CVE-2026-55438
GitHub-GHSA
MEDIUM
Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access
GHSA-5g4w-3vw9-478w
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
The workspace app proxy resolves the target app from `httpapi.RequestHost()` which prefers the `X-Forwarded-Host` header over the real `Host` header. No middleware strips `X-Forwarded-Host` before routing and the header is not browser-forbidden so client-side JavaScript can set it on `f…
CVE-2026-55430
GitHub-GHSA
MEDIUM
@aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)
GHSA-g84h-j7jj-x32p
pkg: @aborruso/ckan-mcp-server
eco: npm
published: Jul 7, 2026
### Summary
A known vulnerability CVE-2026-33060 indicated tools including ckan_package_search and sparql_query that accept a base_url parameter had the risk of making HTTP requests to arbitrary endpoints without restriction. A fix was applied to filter out ip addresses. However, a method to bypass …
CVE-2026-53509
GitHub-GHSA
MEDIUM
rm: 'rm -rf ./' (and ./// variants) silently deletes current directory contents, bypassing dot protection
GHSA-89p7-7cq3-hhr2
pkg: uu_rm
eco: rust
published: Jul 6, 2026
`rm -rf .` is correctly refused, but `clean_trailing_slashes` normalizes `.///` to `./` while `path_is_current_or_parent_directory` only matches `.`/`..` (and `/.`/`/..`), not `./` or `../`. So `rm -rf ./` recursively deletes the directory's contents and then prints a misleading `cannot remove './':…
CVE-2026-35363
NVD
MEDIUM
CVE-2026-14355
In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length withou…
CWE: CWE-122
NVD
MEDIUM
CVE-2026-44918
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
CWE: CWE-862
NVD
MEDIUM
CVE-2026-15165
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
CWE: CWE-122
GitHub-GHSA
MEDIUM
DSpace: Path Traversal is possible through LDN message generation
GHSA-9qm4-rh6w-pq5x
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview
A path traversal vulnerability is possible via the [COAR Notify / LDN](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126679/COAR+Notify) service in DSpace. _This vulnerability impacts DSpace versions 8.0 <= 8.3, 9.0 <= 9.2._ The attacker MUST already have DSpace administrator creden…
CVE-2026-49833
GitHub-GHSA
MEDIUM
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path
GHSA-v66x-68f2-pxf5
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview
The [Curation Task](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126845/Curation+Tasks) feature allows an output path to be used by the reporter (`-r` parameter), typically used to stream results and status of curation task operations. It is not restricted to any particular base pat…
CVE-2026-49831
NVD
MEDIUM
CVE-2026-44512
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an …
CWE: CWE-476
NVD
MEDIUM
CVE-2026-58468
NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Attacke…
CWE: CWE-918
GitHub-GHSA
MEDIUM
ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
GHSA-hwpq-hmq9-wj77
pkg: onnx
eco: pip
published: Jul 7, 2026
### Summary
Null pointer dereference (SIGSEGV) in `Upsample_6_7::adapt_upsample_6_7()` (`onnx/version_converter/adapters/upsample_6_7.h:31`) when `convert_version()` processes a model with an Upsample node that has zero inputs. The adapter accesses `node->inputs()[0]->sizes()` without checking inpu…
CVE-2026-44512
NVD
MEDIUM
CVE-2026-50135
Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat (follows symlinks) instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local m…
CWE: CWE-59
NVD
MEDIUM
CVE-2026-44362
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked…
CWE: CWE-285
GitHub-GHSA
MEDIUM
kill: 'kill -1' parsed as PID -1, sending SIGTERM to all processes (system crash / DoS)
GHSA-p6rv-2qpm-fwvg
pkg: uu_kill
eco: rust
published: Jul 6, 2026
`kill -1` is incorrectly parsed as a positional `pid = -1`; combined with the default SIGTERM this calls `kill(-1, SIGTERM)`, signaling nearly every process the caller can see. GNU `kill` recognizes `-1`/`-9` as signals and reports "not enough arguments".
“`
$ kill -1 # uutils: kill(-1, SIG…
CVE-2026-35369
GitHub-GHSA
MEDIUM
chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)
GHSA-4×34-chg5-mwjj
pkg: uu_chmod
eco: rust
published: Jul 6, 2026
In `Chmoder::chmod()` the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the *last* file processed:
“`
if self.recursive {
r = self.walk_dir_with_context(file, true); // overwrites r
} else {
r = self.chmod_file(file).and(r);
}
`…
CVE-2026-35339
NVD
MEDIUM
CVE-2026-40257
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error…
CWE: CWE-787
GitHub-GHSA
MEDIUM
Rattler vulnerable to package cache path traversal via conda package build string
GHSA-h672-p7h7-97v9
pkg: rattler_cache, py_rattler
eco: pip
published: Jul 9, 2026
`rattler_cache` and `py-rattler` were vulnerable to package-cache path traversal when handling package metadata from conda channels.
During cache materialization, the `ratter_cache` code used the package record `build` string as part of a cache key that was joined into a filesystem path. A maliciou…
CVE-2026-53956
NVD
MEDIUM
CVE-2026-60120
Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. The c…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-5005
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS.
This issue affects OKRs & Goals: from 28220 before 28398.
CWE: CWE-79
NVD
MEDIUM
CVE-2026-56359
n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth authori…
CWE: CWE-79
GitHub-GHSA
MEDIUM
Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component
GHSA-7qw2-f75v-62f7
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
The `AgentLogLine` dashboard component instantiated `ansi-to-html` without `escapeXML: true` and inserted the result via `dangerouslySetInnerHTML` so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters.
…
CVE-2026-55437
GitHub-GHSA
MEDIUM
Suspended Coder users retain access to AI Bridge LLM proxy endpoints
GHSA-wqxv-w64v-5wh6
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
AI Bridge proxy endpoints authenticate via `Server.IsAuthorized` in `coderd/aibridgedserver`, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended use…
CVE-2026-55435
GitHub-GHSA
MEDIUM
Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers
GHSA-jqj2-x4c5-jfxm
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
The devcontainer recreate endpoint relied on route middleware that checked only `ActionRead` on the workspace and, unlike the sibling delete endpoint, performed no `ActionUpdate` check before triggering the destructive rebuild.
> **Note:** Exploitation requires an existing low-privileg…
CVE-2026-55433
GitHub-GHSA
MEDIUM
Coder's sub-agent app registration bypasses template port-sharing policy enforcement
GHSA-x9qq-2qh5-8rxf
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
The `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum.
> **Note:** Exploitation requires the ability to register sub-…
CVE-2026-55432
NVD
MEDIUM
CVE-2026-44342
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing …
CWE: CWE-352
NVD
MEDIUM
CVE-2026-59817
Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing mo…
CWE: CWE-472, CWE-639
GitHub-GHSA
MEDIUM
Note Mark: Unauthenticated disclosure of soft-deleted note metadata via deleted=true on public books
GHSA-588f-fvcv-xhvf
pkg: github.com/enchant97/note-mark/backend
eco: go
published: Jul 9, 2026
Summary
GET /api/books/{bookID}/notes is an unauthenticated endpoint that accepts a "deleted" query parameter. When the request is ?deleted=true, the
service runs the query with Unscoped() (bypassing GORM's soft-delete scope) but keeps the read-authorization clause as "owner_id = ? OR is_public…
CVE-2026-50554
NVD
MEDIUM
CVE-2026-9027
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The `corvuspay_success_handler` function registers the REST endpoint `POST /wp-json/corvuspay/success/` wit…
CWE: CWE-347
GitHub-GHSA
MEDIUM
Trapster Community: Unauthenticated malformed DNS compression pointers crash per-packet honeypot handler
GHSA-mxwc-wh95-pw4g
pkg: trapster
eco: pip
published: Jul 8, 2026
## Summary
`trapster.libs.dns.decode_labels()` decodes DNS names from attacker-supplied UDP packets and recurses **once per RFC 1035 compression pointer** with **no cycle detection and no depth bound**. A single unauthenticated UDP datagram sent to the DNS honeypot drives the function past CPython'…
NVD
MEDIUM
CVE-2026-45045
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream serv…
CWE: CWE-290
NVD
MEDIUM
CVE-2026-44332
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username enum…
CWE: CWE-203
NVD
MEDIUM
CVE-2026-59927
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise RecursionErr…
CWE: CWE-674, CWE-755, CWE-674
NVD
MEDIUM
CVE-2026-59875
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is fix…
CWE: CWE-248
NVD
MEDIUM
CVE-2026-59871
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is…
CWE: CWE-704
GitHub-GHSA
MEDIUM
New API is vulnerable to CSRF through user email binding
GHSA-26v7-h57m-gh9m
pkg: github.com/QuantumNous/new-api
eco: go
published: Jul 7, 2026
## Summary
The email and WeChat account binding endpoints used GET requests for state-changing account operations. In deployments where session cookies could be sent on cross-site navigations, an attacker could trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth…
CVE-2026-44342
NVD
MEDIUM
CVE-2026-14631
webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught exc…
CWE: CWE-20, CWE-248
GitHub-GHSA
MEDIUM
pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs
GHSA-m5x5-28jr-gpjj
pkg: pyload-ng
eco: pip
published: Jul 9, 2026
## Summary
`is_global_address` in [`src/pyload/core/utils/web/check.py`](https://github.com/pyload/pyload/blob/1b12dc7f348db8c144e0f39215680415e90ca4d2/src/pyload/core/utils/web/check.py) is the central guard against SSRF-style outbound connections in pyload-ng. It tests whether a given IP is "glob…
CVE-2026-48737
NVD
MEDIUM
CVE-2026-14362
HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability (CVE-2026-14362) is fixe…
CWE: CWE-770
GitHub-GHSA
MEDIUM
Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service
GHSA-f962-qm93-mj4c
pkg: github.com/coder/coder/v2, github.com/coder/coder/v2, github.com/coder/coder/v2
eco: go
published: Jul 6, 2026
### Summary
`NewDataBuilder` in `provisionersdk/proto/dataupload.go` allocated a byte slice using the client-supplied `FileSize` from a `DataUpload` message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the `FileSize` value itself was unconstrained
### Impact
An authenticat…
CVE-2026-55079
NVD
MEDIUM
CVE-2026-53624
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol() for https instead of c.Scheme(). This issue is fix…
CWE: CWE-319
NVD
MEDIUM
CVE-2026-59998
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
CWE: CWE-573
GitHub-GHSA
MEDIUM
GoFiber never set HSTS header in helmet middleware due to incorrect protocol check
GHSA-gv83-gqw6-9j2c
pkg: github.com/gofiber/fiber
eco: go
published: Jul 6, 2026
### Summary
The `helmet` middleware in gofiber/fiber never sets the `Strict-Transport-Security` (HSTS) response header, even when `HSTSMaxAge` is explicitly configured, because the condition check at `helmet.go:67` uses `c.Protocol()` — which returns the HTTP protocol version string (e.g., `"HTTP…
CVE-2026-53624
NVD
MEDIUM
CVE-2026-14620
webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any website …
CWE: CWE-352, CWE-749
NVD
MEDIUM
CVE-2026-46672
Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global –format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not neu…
CWE: CWE-1236
NVD
MEDIUM
CVE-2026-55798
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(…, shell=True), allowing shell metacharacters in the file path to injec…
CWE: CWE-78
NVD
MEDIUM
CVE-2026-54776
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching m…
CWE: CWE-306
GitHub-GHSA
MEDIUM
DSpace: ORE resource URI does not validate scheme for non-web resources
GHSA-c827-pw3m-67w7
pkg: org.dspace:dspace-api, org.dspace:dspace-api, org.dspace:dspace-api
eco: maven
published: Jul 8, 2026
## Overview
When ingesting an aggregated ORE resource by URI (using the [OAI-ORE Harvester](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379125906/OAI#OAI-OAI-PMH/OAI-OREHarvester(Client))), the ORE Ingestion Crosswalk does not validate the URI scheme. This may allow for local file inclusion via m…
CVE-2026-49830
GitHub-GHSA
MEDIUM
printenv: environment variables with invalid UTF-8 are silently skipped (evades inspection)
GHSA-p7h3-7q52-72w8
pkg: uu_printenv
eco: rust
published: Jul 6, 2026
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows ma…
CVE-2026-35366
GitHub-GHSA
MEDIUM
cp: -R reads device nodes as streams, destroying device semantics
GHSA-8vrf-r662-2w2v
pkg: uu_cp
eco: rust
published: Jul 6, 2026
The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are dest…
CVE-2026-35358
GitHub-GHSA
MEDIUM
comm: FIFO/pipe inputs are drained before comparison (data loss / hang)
GHSA-3wfc-mgpm-9rq6
pkg: uu_comm
eco: rust
published: Jul 6, 2026
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input path…
CVE-2026-35347
GitHub-GHSA
MEDIUM
id: groups= computed from real GID instead of effective GID
GHSA-47c7-qrm7-mqw7
pkg: uu_id
eco: rust
published: Jul 6, 2026
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely…
CVE-2026-35370
NVD
MEDIUM
CVE-2026-6440
The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset_credential() function, which handles the wp_ajax_goodmeet_…
CWE: CWE-352
NVD
MEDIUM
CVE-2026-4298
The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plug…
CWE: CWE-862
NVD
MEDIUM
CVE-2026-15131
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CWE: CWE-20
NVD
MEDIUM
CVE-2026-15130
Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-602
NVD
MEDIUM
CVE-2026-15124
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD
MEDIUM
CVE-2026-15108
Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High)
CWE: CWE-190
NVD
MEDIUM
CVE-2026-59930
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with generated anchors and red…
CWE: CWE-345, CWE-1284
GitHub-GHSA
MEDIUM
Kite has an authenticated cluster RBAC bypass in /api/v1/overview
GHSA-gvhc-wv3v-7pf8
pkg: github.com/zxh326/kite
eco: go
published: Jul 7, 2026
## Summary
Authenticated Kite users with any role can request `/api/v1/overview` for a cluster that their roles do not permit by selecting that cluster with `x-cluster-name`. The overview route is registered before `middleware.RBACMiddleware()` and `GetOverview` only checks `len(user.Roles) > 0`, s…
CVE-2026-53487
NVD
MEDIUM
CVE-2026-46700
Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any au…
CWE: CWE-285
GitHub-GHSA
MEDIUM
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
GHSA-jgx9-jr5x-mvpv
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
There is a blind server side request forgery in the functionality that allows editing an image via a prompt. The affected function will perform a GET request on the URL provided by the user. There is no restriction on the domain of the provided URL allowing the local address space to be …
CVE-2026-34225
GitHub-GHSA
MEDIUM
OpenRemote read-only asset users can write predicted datapoints
GHSA-xj53-j257-hxvg
pkg: io.openremote:openremote-manager
eco: maven
published: Jul 6, 2026
# Summary
The predicted datapoint write endpoint allows users with only `read:assets` privileges to write predicted datapoints.
The endpoint:
“`text
PUT /api/{realm}/asset/predicted/{assetId}/{attributeName}
“`
accepts write requests from users lacking `write:assets`.
The implementation appea…
CVE-2026-49439
NVD
MEDIUM
CVE-2026-59997
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
CWE: CWE-1284
NVD
MEDIUM
CVE-2026-59996
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
CWE: CWE-23
NVD
MEDIUM
CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
CWE: CWE-23
NVD
MEDIUM
CVE-2026-50179
Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix neutral…
CWE: CWE-1236
NVD
MEDIUM
CVE-2026-14612
Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be a…
CWE: CWE-787
NVD
MEDIUM
CVE-2026-56360
n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data.
CWE: CWE-290
GitHub-GHSA
MEDIUM
psd-tools vulnerable to arbitrary file write via smart-object filename
GHSA-2rmg-vrx8-9j2f
pkg: psd-tools
eco: pip
published: Jul 9, 2026
# psd-tools: arbitrary file write/read via smart-object path traversal
## Summary
In `psd-tools` (all releases exposing the `SmartObject` API through **v1.17.0**), `SmartObject.save()` writes an embedded smart object to a path taken verbatim from the PSD file. Because that name is attacker-control…
CVE-2026-49836
GitHub-GHSA
MEDIUM
OpenRun: Redirect URL validation bypass using //host paths leads to Open Redirect
GHSA-h5g6-xmh4-hc37
pkg: github.com/openrundev/openrun
eco: go
published: Jul 9, 2026
### Summary
The restrictions on redirect URLs in `openrun` can be bypassed by attackers, leading to open redirect attacks.
### Details
In the current project, the referrer header value is used for subsequent redirects, so there is currently a validation for this redirect value. The current validat…
CVE-2026-55252
GitHub-GHSA
MEDIUM
pypdf: Possible infinite loop when processing threads/articles in writer
GHSA-g9xf-7f8q-9mcj
pkg: pypdf
eco: pip
published: Jul 9, 2026
### Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer.
### Patches
This has been fixed in [pypdf==6.13.1](https://github.com/py-pdf/pypdf/releases/tag/6.13.1).
### Workarounds
If users…
CVE-2026-54651
GitHub-GHSA
MEDIUM
nebula-mesh: Host revocation is not durable – blocked/offboarded hosts can regain a valid certificate
GHSA-339v-266x-79xr
pkg: github.com/forgekeep/nebula-mesh
eco: go
published: Jul 9, 2026
## Summary
Two related authorization gaps let a host that should no longer be trusted obtain a fresh, valid Nebula certificate, because nebula-mgmt does not re-evaluate revocation/authorization state at certificate *issuance* time — only at poll time.
## 1. Blocklist not enforced at sign / re-en…
CVE-2026-53602
GitHub-GHSA
MEDIUM
pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small
GHSA-8f95-v3jq-cj86
pkg: pymonocypher
eco: pip
published: Jul 9, 2026
### Impact
The argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.
### Patches
Fixed in 4.0.2.8, which now verifies th…
CVE-2026-53720
GitHub-GHSA
MEDIUM
OneRingBuf has a Use After Free Vulnerability
GHSA-q95x-7g78-rccv
pkg: oneringbuf
eco: rust
published: Jul 8, 2026
Affected versions of `oneringbuf` exposed the obsolete `IntoRef::into_ref` method through the public `IntoRef` trait. For heap-backed ring buffers, this method returned a `DroppableRef` handle.
`DroppableRef` stored an owning raw pointer created from `Box::into_raw`. Its `Clone` implementation copi…
GitHub-GHSA
MEDIUM
async-tar PAX extension-header desync enables tar entry/content smuggling
GHSA-35rm-7j9c-2f7m
pkg: async-tar
eco: rust
published: Jul 8, 2026
## Summary
`async-tar` v0.6.0 mis-applies a buffered PAX `size` extension to an intermediary
extension header (a GNU longname `L`, a GNU longlink `K`, or a PAX `x`/`g`
header) instead of to the next *file* entry. POSIX requires a PAX extended-header
record set to describe the next file entry, never…
CVE-2026-53600
GitHub-GHSA
MEDIUM
oasdiff does not enforce –allow-external-refs=false on the git-revision load path (SSRF / local file read)
GHSA-2jcc-mxv7-p3f9
pkg: github.com/oasdiff/oasdiff
eco: go
published: Jul 7, 2026
## Summary
From **v1.13.2** through **v1.18.0**, oasdiff did not enforce `–allow-external-refs=false` (library: `openapi3.Loader.IsExternalRefsAllowed = false`) when loading a spec from a **git revision** (the `rev:path` form, e.g. `main:openapi.yaml`). External `$ref`s were resolved on that load …
CVE-2026-53508
GitHub-GHSA
MEDIUM
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
GHSA-f66q-9rf6-8795
pkg: Flask-Security-Too
eco: pip
published: Jul 7, 2026
### Summary
Flask-Security-Too 5.8.0 and 5.8.1 mark a session as reauthentication-fresh after processing a WebAuthn assertion whose proven credential belongs to a different user than the currently authenticated session user. The check that `GHSA-97r5-pg8x-p63p` added on the OAuth reauthentication p…
GitHub-GHSA
MEDIUM
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
GHSA-v3q9-hj7j-63hq
pkg: aiosmtplib
eco: pip
published: Jul 7, 2026
### Summary
`aiosmtplib`'s `SMTP.mail()`, `SMTP.rcpt()`, `SMTP.vrfy()` and `SMTP.expn()` send the caller-supplied email address to the server without rejecting embedded CR/LF (`\r\n`) bytes. An address that contains a CR/LF is written verbatim onto the SMTP control connection, so the bytes after th…
CVE-2026-53533
GitHub-GHSA
MEDIUM
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)
GHSA-4w5h-hx6r-28q7
pkg: ratex-parser
eco: rust
published: Jul 7, 2026
### Summary
RaTeX’s recursive-descent parser recurses one (or more) native stack frame per nesting level at `{`, `\left`, `\sqrt{`, `^{`, etc, with **no maximum depth limit**. A short, ~10 KB input of nested groups overflows the 8 MB main-thread stack and aborts the process. With `panic = "abort…
CVE-2026-53531
GitHub-GHSA
MEDIUM
netfoil has a domain name filter bypass via multiple questions
GHSA-59qp-cfj3-rp64
pkg: github.com/tinfoil-factory/netfoil
eco: go
published: Jul 7, 2026
### Summary
Potential bypass of domain name filter by crafting a DNS request with multiple questions, with the first question being legitimate.
### Impact
Depends on a local attackers ability to craft multiple questions and the remote DoH server supporting them.
GitHub-GHSA
MEDIUM
Open WebUI allows limited stored XSS vila uploaded html file
GHSA-8gh5-qqh8-hq3x
pkg: open-webui
eco: pip
published: Jul 7, 2026
### Summary
Low privileged users can upload HTML files which contain JavaScript code via the `/api/v1/files/` backend endpoint. This endpoint returns a file id, which can be used to open the file in the browser and trigger the JavaScript code in the user's browser. Under the default settings, files …
CVE-2025-46571
GitHub-GHSA
MEDIUM
Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile
GHSA-chwm-m7g7-685g
pkg: d7y.io/dragonfly/v2
eco: go
published: Jul 6, 2026
## Summary
The Dragonfly **scheduler**'s v1 gRPC service contains an unauthenticated Server-Side Request Forgery (SSRF). When a peer reports a successful download of a TINY task, the scheduler calls `Peer.DownloadTinyFile()` and issues an HTTP `GET` to a host and port taken verbatim from the attack…
CVE-2026-54637