CISA-KEV
CRITICAL
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV
CRITICAL
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system tha…
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV
CRITICAL
Lantronix EDS5000 Code Injection Vulnerability
Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV
CRITICAL
Ubiquiti UniFi OS Improper Input Validation Vulnerability
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV
CRITICAL
Ubiquiti UniFi OS Path Traversal Vulnerability
Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA-KEV
CRITICAL
Ubiquiti UniFi OS Improper Access Control Vulnerability
Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
NVD
CRITICAL
CVE-2026-53576
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addre…
CWE: CWE-94, CWE-288
GitHub-GHSA
CRITICAL
mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind
GHSA-73cv-556c-w3g6
pkg: mcp-pinot-server
eco: pip
published: Jun 26, 2026
## Resolution
Fixed in [v3.1.0](https://github.com/startreedata/mcp-pinot/releases/tag/v3.1.0), released 2026-05-25. The fix was merged in [PR #95](https://github.com/startreedata/mcp-pinot/pull/95) at commit [`1c7d3f9`](https://github.com/startreedata/mcp-pinot/commit/1c7d3f9cd384854bf72c127d230bd…
CVE-2026-49257
GitHub-GHSA
CRITICAL
golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement
GHSA-x527-x647-q7gg
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
CVE-2026-46595
NVD
CRITICAL
CVE-2026-53622
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake sele…
CWE: CWE-288
NVD
CRITICAL
CVE-2026-48491
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard …
CWE: CWE-288
GitHub-GHSA
CRITICAL
Budibase has nonymous NoSQL operator injection via published-app query templates
GHSA-8qv3-p479-cj62
pkg: @budibase/server
eco: npm
published: Jun 23, 2026
## Summary
`enrichContext` at `packages/server/src/sdk/workspace/queries/queries.ts:121-138` substitutes parameter values into the raw JSON body of a query, then `JSON.parse`s the result. The validator `validateQueryInputs` at `packages/server/src/api/controllers/query/index.ts:61-71` rejects only …
CVE-2026-54350
GitHub-GHSA
CRITICAL
Gogs has Path Traversal in organization name that results in RCE through Git hooks
GHSA-c39w-43gm-34h5
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary
Organization names containing path traversal sequences (`../`) are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem.
By creating nested struct…
CVE-2026-52813
NVD
CRITICAL
CVE-2026-10561
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
CWE: CWE-94
NVD
CRITICAL
CVE-2026-58053
Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as –pid=host, –cap-add, and –security-op…
CWE: CWE-269
GitHub-GHSA
CRITICAL
Nezha vulnerable to cross-tenant terminal/file-manager session hijack via WebSocket stream UUID without ownership check
GHSA-q6xx-5vr8-p898
pkg: github.com/nezhahq/nezha, github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
### Summary
In nezha **v1.14.13–v1.14.14** and **v2.0.0–v2.0.9**, the WebSocket endpoints `GET /ws/terminal/:id` and `GET /ws/file/:id` authenticate the caller only by the presence of a valid stream UUID, with no ownership check tying that UUID to the user who created the stream. Any authentica…
GitHub-GHSA
CRITICAL
deepstream is vulnerable to prototype pollution
GHSA-9v98-6g37-x9g6
pkg: @deepstream/server
eco: npm
published: Jun 26, 2026
### Impact
Prototype pollution in deepstream server v <=10.0.4. Potential privilege escalation from any authenticated user with write permission to any record.
### Patches
Yes, upgrade to v10.0.5
### Workarounds
Filter out all messages containing the path `__proto__`, `constructor`, `prototype`, *…
CVE-2026-49252
NVD
CRITICAL
CVE-2026-46386
OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERWRITE_ME as the default Rails master key. Combined with cookies_serializer = :marshal, this gives any logged-in user a deterministic Marshal-d…
CWE: CWE-502, CWE-798, CWE-1188, CWE-1392
GitHub-GHSA
CRITICAL
Incus has an arbitrary file write on its client due to trusted image hash
GHSA-f6m5-xw2g-xc4x
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary
An arbitrary file write exists in the Incus client when a malicious image server returns a crafted `Incus-Image-Hash` header. This can lead to arbitrary command execution as root on the server.
### Details
– `cmd/incusd/images.go:611-684` handles `source.type=url` by HEADing the user…
CVE-2026-48769
GitHub-GHSA
CRITICAL
Incus has an argument injection in backup compression algorithm leading to AFW and ACE
GHSA-v6mj-8pf4-hhw4
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary
Improper validation of user-provided backup compression algorithm leads to argument injection in the constructed command line. This leads to an arbitrary file write on the host, possibly leading to arbitrary command execution.
### Details
Incus validates `compression_algorithm` by pa…
CVE-2026-48755
GitHub-GHSA
CRITICAL
Incus has an arbitrary file write via path traversal in S3 multipart upload
GHSA-ccjc-4qc3-jxqc
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
## Summary
The S3 protocol upload endpoint is vulnerable to path traversal and allows creation of arbitrary files on the host. This behavior could lead to arbitrary command execution.
In `internal/server/storage/s3/local/multipart.go`, user-controlled upload ID is appended to the uploads directory…
CVE-2026-48753
GitHub-GHSA
CRITICAL
Incus has arbitrary file read+write on host via templates/ symlink in malicious image
GHSA-vxp5-584q-c479
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary
A specially crafted image or instance backup can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution.
### Details
For container images, `internal/server/storage/utils.go` calls `archive.Unpack(imageFile, destPath, …)`. The ta…
CVE-2026-48752
GitHub-GHSA
CRITICAL
Incus has a restricted project bypass leading to arbitrary command execution
GHSA-48q5-w887-33wv
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary
Instance snapshots ignore the `restricted.containers.lowlevel=block` setting; allowing for arbitrary command execution on the Incus server by abusing lowlevel hooks such as `raw.lxc` and `raw.qemu`.
### Details
Instance snapshots ignore the `restricted.containers.lowlevel=block` sett…
CVE-2026-48751
GitHub-GHSA
CRITICAL
Incus has an arbitrary file write on host via `exec-output` symlink in crafted image
GHSA-73hr-m85f-64v9
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary
The `record-output` parameter of the `/instances/$name/exec` endpoint stores the output of the command in the `exec-output` directory of the instance. If `exec-output` is a symlink, file named `exec_UUID.stdout` and `exec_UUID.stderr` can be written to an arbitrary location where the `.…
CVE-2026-48750
GitHub-GHSA
CRITICAL
Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image
GHSA-2q3f-q5pq-g8wv
pkg: github.com/lxc/incus/v7/cmd/incusd
eco: go
published: Jun 26, 2026
### Summary
A specially crafted image can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution.
### Details
Incus validates an image as soon as it sees a normal `metadata.yaml` and a `rootfs/` entry, but full extraction can later process a …
CVE-2026-48749
GitHub-GHSA
CRITICAL
Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise
GHSA-v2wp-frmc-5q3v
pkg: lemur
eco: pip
published: Jun 25, 2026
<!– obsidian –><h1 data-heading="Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acme_url SSRF and creator-equality IDOR">Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acme_url SSR…
CVE-2026-55166
NVD
CRITICAL
CVE-2026-55454
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by docker-co…
CWE: CWE-749, CWE-1188
NVD
CRITICAL
CVE-2026-54305
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticate…
CWE: CWE-200, CWE-284
NVD
CRITICAL
CVE-2026-44791
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulne…
CWE: CWE-1321
NVD
CRITICAL
CVE-2026-44789
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques thi…
CWE: CWE-1321
GitHub-GHSA
CRITICAL
Gogs vulnerable to RCE via git rebase –exec argument injection in pull request merge
GHSA-qf6p-p7ww-cwr9
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
# Gogs: RCE via `git rebase –exec` Argument Injection in PR Merge
## Summary
Gogs allows authenticated users to achieve Remote Code Execution (RCE) on the server by creating a pull request with a specially crafted branch name that injects the `–exec` flag into the `git rebase` command during the…
CVE-2026-52806
NVD
CRITICAL
CVE-2026-54310
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the con…
CWE: CWE-89
GitHub-GHSA
CRITICAL
xwiki-pro-macros has remote code execution from page title and content via excerpt-include macro
GHSA-w56x-9778-rppx
pkg: com.xwiki.pro:xwiki-pro-macros
eco: maven
published: Jun 22, 2026
### Summary
The excerpt-include macro does not properly escape the title of the included page and executes the content of the excerpt with the macro's rights. Therefore, it is vulnerable to XWiki syntax injection via the included page's title and content, allowing remote code execution for any user …
CVE-2026-44179
GitHub-GHSA
CRITICAL
Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder
GHSA-44hj-4m45-frj3
pkg: fluentd
eco: rubygems
published: Jun 26, 2026
Fluentd allows dynamically constructing file paths using the `${tag}` placeholder.
It was discovered that validation for this placeholder was insufficient.
If a Fluentd instance is configured to receive logs from untrusted sources and uses the `${tag}` placeholder in file configurations (such as th…
CVE-2026-44024
NVD
CRITICAL
CVE-2026-0685
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
NVD
CRITICAL
CVE-2026-48930
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
CWE: CWE-284
NVD
CRITICAL
CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.
CWE: CWE-416
NVD
CRITICAL
CVE-2026-52955
In the Linux kernel, the following vulnerability has been resolved:
libceph: Fix potential out-of-bounds access in crush_decode()
A message of type CEPH_MSG_OSD_MAP containing a crush map with at least
one bucket has two fields holding the bucket algorithm. If the values
in these two fields differ…
NVD
CRITICAL
CVE-2026-56121
Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from ba…
CWE: CWE-502
NVD
CRITICAL
CVE-2026-52931
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: tp_meter: avoid use of uninit sender vars
batadv_tp_recv_ack() and batadv_tp_stop() are only valid for tp_vars in the
BATADV_TP_SENDER role. When called with a BATADV_TP_RECEIVER role, it
proceeds to read sender-only m…
NVD
CRITICAL
CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved:
sctp: purge outqueue on stale COOKIE-ECHO handling
sctp_stream_update() is only invoked when the association is moved into
COOKIE_WAIT during association setup/reconfiguration. In this path, the
outbound stream scheduler state (st…
NVD
CRITICAL
CVE-2026-52914
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: fix fragment reassembly length accounting
batman-adv keeps a running payload length for queued fragments and uses it
to validate a fragment chain before reassembly.
That accounting currently allows the accumulated fra…
NVD
CRITICAL
CVE-2026-53753
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (gi_frame, f_back, f_builtins) d…
CWE: CWE-94, CWE-913
GitHub-GHSA
CRITICAL
motionEye: LFI → pass‑the‑hash admin → unsafe restore → unauth action exec (RCE)
GHSA-qxvg-h7q2-hcxh
pkg: motioneye
eco: pip
published: Jun 23, 2026
## Summary
A multi‑stage chain in motionEye leads to remote code execution. The chain combines:
1. **Arbitrary file read (LFI)** via the picture download endpoint for **local motion cameras** using absolute paths.
2. **Pass‑the‑hash admin auth** due to accepting request signatures computed wi…
NVD
CRITICAL
CVE-2026-56315
picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocke…
CWE: CWE-184
NVD
CRITICAL
CVE-2026-12866
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into …
CWE: CWE-94, CWE-94
NVD
CRITICAL
CVE-2026-33646
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not su…
CWE: CWE-94
NVD
CRITICAL
CVE-2026-13032
Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD
CRITICAL
CVE-2026-13028
Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD
CRITICAL
CVE-2026-11807
A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive pla…
CWE: CWE-862, CWE-862
NVD
CRITICAL
CVE-2026-55447
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to the …
CWE: CWE-61, CWE-200
NVD
CRITICAL
CVE-2026-48519
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessin…
CWE: CWE-94
GitHub-GHSA
CRITICAL
Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload
GHSA-w7mq-r738-x278
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Summary
`POST /api/pwa/process-zip` at `packages/server/src/api/routes/static.ts:24` accepts a builder-uploaded `.zip`, extracts it with `extract-zip@2.0.1` into a temp directory, then for each entry listed in `icons.json` validates the icon path, opens it, and streams the bytes into MinIO. The …
CVE-2026-54352
GitHub-GHSA
CRITICAL
Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)
GHSA-fjj5-v948-whjj
pkg: mise
eco: rust
published: Jun 22, 2026
## Summary
Mise processes `.tool-versions` files through the Tera template engine during parsing, with the `exec()` function registered, enabling arbitrary command execution. Unlike `.mise.toml` files, `.tool-versions` files are **not subject to trust verification** in non-paranoid mode. This means…
CVE-2026-33646
GitHub-GHSA
CRITICAL
OpenAM has pre-auth Reflected XSS in OAuth2 / OIDC response_mode=form_post via state parameter (FormPostResponse.ftl)
GHSA-fq9h-c788-fx73
pkg: org.openidentityplatform.openam:openam-oauth2
eco: maven
published: Jun 22, 2026
### Summary
The OAuth 2.0 / OpenID Connect authorization endpoint does not sufficiently sanitize certain user-supplied parameters before incorporating them into the HTML response generated for the `form_post` response mode. This may allow an attacker to inject content into the rendered page in the …
CVE-2026-44203
GitHub-GHSA
CRITICAL
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
GHSA-5c25-7vpj-9mqh
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
### Summary
`fallbackToFrontend` in the dashboard's `NoRoute` handler treats any URL whose **raw string** starts with `/dashboard` as an admin-frontend asset request. The check uses `strings.HasPrefix`, not a path-segment match, so the input `/dashboard../data/config.yaml` is accepted; `strings.Trim…
CVE-2026-53519
GitHub-GHSA
CRITICAL
golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status
GHSA-5cgq-3rg8-m6cv
pkg: golang.org/x/crypto/ssh/knownhosts
eco: go
published: Jun 25, 2026
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
CVE-2026-42508
GitHub-GHSA
CRITICAL
golang.org/x/crypto/ssh vulnerable to infinite loop on large channel writes
GHSA-rm3j-f69w-wqmq
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.
CVE-2026-39834
GitHub-GHSA
CRITICAL
golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed
GHSA-89gr-r52h-f8rx
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, …
CVE-2026-39831
GitHub-GHSA
CRITICAL
golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses
GHSA-vgwf-h737-ff37
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
CVE-2026-39830
GitHub-GHSA
CRITICAL
golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys
GHSA-f5wc-c3c7-36mc
pkg: golang.org/x/crypto/ssh/agent
eco: go
published: Jun 25, 2026
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all cons…
CVE-2026-39832
GitHub-GHSA
CRITICAL
golang.org/x/crypto/ssh/agent doesn't enforce invoking key constraints
GHSA-jppx-rxg9-jmrx
pkg: golang.org/x/crypto/ssh/agent
eco: go
published: Jun 25, 2026
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsuppo…
CVE-2026-39833
GitHub-GHSA
CRITICAL
i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string
GHSA-2933-q333-qg83
pkg: i18next-fs-backend
eco: npm
published: Jun 25, 2026
### Impact
`i18next-fs-backend` ≤ 2.6.5, when used to persist missing translation keys (e.g. via `i18next-http-middleware`'s `missingKeyHandler` exposed to untrusted input), is vulnerable to prototype pollution via crafted missing-key strings.
`Backend.writeFile()` splits each queued missing-key…
CVE-2026-48713
GitHub-GHSA
CRITICAL
i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names
GHSA-f49m-vf83-692w
pkg: i18next-http-middleware
eco: npm
published: Jun 25, 2026
### Impact
`i18next-http-middleware` ≤ 3.9.6's `missingKeyHandler` blocked the literal request-body keys `__proto__`, `constructor`, and `prototype` (added in 3.9.3, see GHSA-5fgg-jcpf-8jjw), but did not reject dotted variants such as `"__proto__.polluted"`. Downstream backends that split the mis…
CVE-2026-48714
NVD
CRITICAL
CVE-2026-45689
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with Mongo…
CWE: CWE-943
GitHub-GHSA
CRITICAL
scimPatch vulnerable to prototype pollution via unfiltered keys in patch
GHSA-9m6g-wc8r-q59c
pkg: scim-patch
eco: npm
published: Jun 22, 2026
## Summary
`scim-patch` performs prototype pollution when applying a SCIM PATCH operation whose `value` object contains a key like `"__proto__.someProp"`. After one such patch,
`Object.prototype.someProp` is set process-wide, affecting every plain object in the Node process.
Any service that calls…
CVE-2026-48170
NVD
CRITICAL
CVE-2026-12628
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a …
CWE: CWE-798
NVD
CRITICAL
CVE-2026-54636
Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters – including, but not limited to, > or ; – can break out of the Docker container and exe…
CWE: CWE-78
NVD
CRITICAL
CVE-2026-45408
Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc (<<…
CWE: CWE-78
NVD
CRITICAL
CVE-2026-45406
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename containin…
CWE: CWE-95
NVD
CRITICAL
CVE-2026-45405
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent e…
CWE: CWE-59
NVD
CRITICAL
CVE-2026-12249
An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py), ADSys utilizes a plai…
CWE: CWE-348
GitHub-GHSA
CRITICAL
semantic-router exposed to compromised litellm wheel (CVE-2026-42208) via unbounded transitive pin
GHSA-98×5-vq43-vc5p
pkg: semantic-router
eco: pip
published: Jun 26, 2026
## Impact
semantic-router versions 0.1.8 through 0.1.14 declare `litellm>=1.61.3` with no upper bound. During the window in which `litellm==1.82.8` was the latest release on PyPI, a fresh install of any affected semantic-router version could resolve to that compromised wheel.
The malicious `litellm…
GitHub-GHSA
CRITICAL
Backpropagate: backprop ui –auth and backprop ui –share do not enforce authentication
GHSA-f65r-h4g3-3h9h
pkg: backpropagate, @mcptoolshop/backpropagate
eco: npm
published: Jun 26, 2026
## Summary
In `backpropagate >= 1.1.0`, the optional Reflex web UI (`pip install backpropagate[ui]`, launched via `backprop ui`) exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push.
The CLI accepts two op…
CVE-2026-48797
GitHub-GHSA
CRITICAL
OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints
GHSA-p462-xxwx-pqf4
pkg: org.openidentityplatform.openam:openam-federation-library
eco: maven
published: Jun 24, 2026
## Summary
**Description**
An Improper Authorization (CWE-285) issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm Discovery branch. This i…
CVE-2026-45052
GitHub-GHSA
CRITICAL
OpenAM: Pre-auth RCE via Java Deserialization in WebAuthn Authenticator Storage
GHSA-6c99-87fr-6q7r
pkg: org.openidentityplatform.openam:openam-auth-webauthn
eco: maven
published: Jun 24, 2026
## Summary
**Description**
A deserialization of untrusted data vulnerability (CWE-502) exists in OpenAM's WebAuthn authentication module. Under certain conditions, this may allow an attacker to achieve arbitrary code execution in the context of the application server. This affects OpenAM Community…
CVE-2026-45051
GitHub-GHSA
CRITICAL
motionEye Partial Authentication Bypass: Unauthenticated Admin Credential Theft via Path Traversal
GHSA-phv5-334h-mxcw
pkg: motioneye
eco: pip
published: Jun 23, 2026
# Partial Authentication Bypass: Unauthenticated Admin Credential Theft via Path Traversal
### Summary
Myself and others have reported several RCE vulnerabilities to this project. However, due to the nature of the app, these are largely not of all that much value, as there is built-in functionalit…
GitHub-GHSA
CRITICAL
Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym
GHSA-89mr-xqfv-758m
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
Summary
`(*Repository).UploadRepoFiles` checks for symlinks only on the **leaf** of the upload target (`osx.IsSymlink(targetPath)`). The siblings `UpdateRepoFile`, `DeleteRepoFile`, and `GetDiffPreview` use `hasSymlinkInPath`, which lstats every component — `UploadRepoFiles` is the lone outlier. …
CVE-2026-52811
GitHub-GHSA
CRITICAL
OpenDJ Pre-Auth RCE via Java Deserialization in JMX RMI
GHSA-43×2-g84q-fmqx
pkg: org.openidentityplatform.opendj:opendj-server-legacy
eco: maven
published: Jun 22, 2026
## Summary
**Description**
A Deserialization of Untrusted Data (CWE-502) issue in OpenDJ's JMX RMI connector allows an unauthenticated remote attacker to deserialize arbitrary Java objects on the server. The vulnerability exists because the platform reads and processes attacker-controlled bytes pr…
CVE-2026-46495
GitHub-GHSA
CRITICAL
motionEye: Authentication possible via password hash
GHSA-r3cw-c95m-wfh9
pkg: motioneye
eco: pip
published: Jun 22, 2026
### Summary
An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to…
CVE-2026-46488
GitHub-GHSA
HIGH
Gogs has Stored XSS in `.ipynb` Preview
GHSA-jq8v-rmf6-65jw
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
# Summary
Although `.ipynb` previews are sanitized on the server side via `/-/api/sanitize_ipynb`, the inserted content is **re-rendered on the client side without sanitization** using `marked()` on elements with the `.nb-markdown-cell` class. During this process, links containing schemes such as `…
CVE-2026-52798
GitHub-GHSA
HIGH
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes
GHSA-w466-c33r-3gjp
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
<!– maintainer-action:start –>
## Maintainer Action Plan
This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.
– Advisory: `CAND-PNPM-063` / `GHSA…
CVE-2026-55698
GitHub-GHSA
HIGH
pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement
GHSA-hwx4-2j3j-g496
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary
pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can cause `pnpm install – ignore-scripts` to replace…
CVE-2026-50016
GitHub-GHSA
HIGH
Nebula Mesh: Web UI lacks ownership checks, enabling cross-operator access to hosts and networks (read, block, delete)
GHSA-c6v2-3ffm-vcmc
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 26, 2026
## Summary
The web UI (`/ui/*`) does not apply the per-operator CA scoping the JSON API received for GHSA-598g-h2vc-h5vg. Any authenticated non-admin operator (for example, one created via self-registration or OIDC) can access resources belonging to other operators.
## Impact
A non-admin operator…
CVE-2026-49258
NVD
HIGH
CVE-2026-56767
Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute ot…
CWE: CWE-862
GitHub-GHSA
HIGH
Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission
GHSA-qcqw-jwxc-2hqg
pkg: lemur
eco: pip
published: Jun 25, 2026
## Summary
`StrictRolePermission` and `AuthorityCreatorPermission` in `lemur/auth/permissions.py` call `flask_principal.Permission.__init__()` with zero `Need`s when their config flags are unset. Both flags defaulted to `False` in code prior to the fix, so this was the state of any Lemur install th…
CVE-2026-48508
NVD
HIGH
CVE-2026-9155
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.
CWE: CWE-78
NVD
HIGH
CVE-2026-13038
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-416
NVD
HIGH
CVE-2026-13036
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416, CWE-416
NVD
HIGH
CVE-2026-13035
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-13033
Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CWE: CWE-125, CWE-125, CWE-787
NVD
HIGH
CVE-2026-13031
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-13027
Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-13026
Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-52952
In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset
In __iommu_group_set_domain_internal(), concurrent domain attachments are
rejected when any device in the group is recovering. This is necessary to
fence concurr…
NVD
HIGH
CVE-2026-52934
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: tvlv: reject oversized TVLV packets
batadv_tvlv_container_ogm_append() builds a TVLV packet section from
the tvlv.container_list. The total size of this section is computed by
batadv_tvlv_container_list_size(), which s…
NVD
HIGH
CVE-2026-52918
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: serialize accept_q access
bt_sock_poll() walks the accept queue without synchronization, while
child teardown can unlink the same socket and drop its last reference.
The unsynchronized accept queue walk has existed sinc…
NVD
HIGH
CVE-2026-54639
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire…
CWE: CWE-1321
NVD
HIGH
CVE-2026-56115
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fai…
CWE: CWE-862
NVD
HIGH
CVE-2026-44790
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading …
CWE: CWE-88
GitHub-GHSA
HIGH
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
GHSA-pwx3-qcgw-vh7h
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary
In **Gogs 0.14.1**, organization team member management can be performed via **GET requests without CSRF protection**.
If a victim who is an **organization owner** is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be added to the **Owners** team. A…
CVE-2026-52800
NVD
HIGH
CVE-2026-54232
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using –extra-index-url, but the p…
CWE: CWE-427
NVD
HIGH
CVE-2026-49241
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace configurations (.vsco…
CWE: CWE-79, CWE-94, CWE-427, CWE-494
NVD
HIGH
CVE-2026-56425
The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol.
The application used the PHP session identifier (session_id()) as the OAuth …
CWE: CWE-384
NVD
HIGH
CVE-2026-54099
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A co…
CWE: CWE-269
NVD
HIGH
CVE-2026-55069
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computation s…
CWE: CWE-916
GitHub-GHSA
HIGH
Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft
GHSA-g2f5-gjr4-qjvm
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
# Migration URL validation bypass via HTTP redirect to blocked internal endpoints
## Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but `git clone –mirror` follows HT…
CVE-2026-52805
NVD
HIGH
CVE-2026-55441
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (mise-tasks/, .mise/t…
CWE: CWE-78, CWE-94, CWE-732
NVD
HIGH
CVE-2026-54762
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.in…
CWE: CWE-636, CWE-693
NVD
HIGH
CVE-2026-53755
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it,…
CWE: CWE-918
GitHub-GHSA
HIGH
Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository
GHSA-77g9-363w-rccq
pkg: mise
eco: rust
published: Jun 23, 2026
### Summary
mise's trust feature gates config files (`mise.toml`, `.tool-versions`) through `trust_check`, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (`mise-tasks/`, `.mise/tasks/`, …) but no config file, mise falls back to the defau…
CVE-2026-55441
NVD
HIGH
CVE-2026-55602
http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request met…
CWE: CWE-20, CWE-187
NVD
HIGH
CVE-2026-54008
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::_process_picture_url calls validate_url(picture_url) on the initial URL only, then invokes aiohttp.ClientSession.get(picture_url, …) without allow_r…
CWE: CWE-918
GitHub-GHSA
HIGH
OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC
GHSA-vvhj-w2jq-263q
pkg: org.openidentityplatform.openam:openam-core
eco: maven
published: Jun 23, 2026
## Summary
Description
An insufficient authorization (CWE-285) and information exposure (CWE-200) issue in OpenAM's session management endpoint allows a low-privileged authenticated user to retrieve active session credentials belonging to other users, including those with higher privileges. This a…
CVE-2026-45048
NVD
HIGH
CVE-2026-49444
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability …
CWE: CWE-20
NVD
HIGH
CVE-2026-54312
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype process-wid…
CWE: CWE-1321
GitHub-GHSA
HIGH
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation
GHSA-gfq7-5x4g-3xhf
pkg: @budibase/backend-core
eco: npm
published: Jun 22, 2026
Summary
Authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding.
The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connection later performs a separate DNS lookup through node-fetc…
CVE-2026-54353
GitHub-GHSA
HIGH
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
GHSA-4q6h-8p4v-67vq
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Summary
`fetchToken` in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the `blacklist.isBlacklisted` check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no scheme or host restriction. Alice, a builder, poin…
CVE-2026-48153
GitHub-GHSA
HIGH
Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types
GHSA-c8q4-9h32-2ww8
pkg: io.spinnaker.rosco:rosco-core, io.spinnaker.orca:orca-core, io.spinnaker.rosco:rosco-core
eco: maven
published: Jun 22, 2026
### Impact
There's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing:
* CloudFormation deployments
* CloudFoundry Baking
The usage of a non-safe constructor use allows arbitrary loading of Java classes leading to RCE.
### Patches
2…
CVE-2026-44795
NVD
HIGH
CVE-2026-47267
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This vulnerability is …
CWE: CWE-918
NVD
HIGH
CVE-2026-13025
Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD
HIGH
CVE-2026-52920
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_policy: fix strict mode inbound policy matching
match_policy_in() walks sec_path entries from the last transform to the
first one, but strict policy matching needs to consume info->pol[] in
the same forward order as …
GitHub-GHSA
HIGH
OpenAM Unauthenticated Session Hijacking via Information Exposure in CDCServlet
GHSA-r9pv-5rpp-vm8g
pkg: org.openidentityplatform.openam:openam-federation
eco: maven
published: Jun 23, 2026
## Summary
**Description**
An Information Exposure Through Sent Data (CWE-201) issue in OpenAM's Cross-Domain Single Sign-On (CDSSO) servlet allows a logged-in user's raw OpenAM session token to be POSTed to an attacker-controlled URL. This impacts OpenAM Community Edition through version 16.0.6. …
CVE-2026-45049
NVD
HIGH
CVE-2026-50574
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream), yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windo…
CWE: CWE-74
GitHub-GHSA
HIGH
@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens
GHSA-cq9c-6w48-qmfg
pkg: @actual-app/sync-server
eco: npm
published: Jun 22, 2026
### Summary
In OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity. Existing Actual session tokens for the disabled user remain valid, so the user can continue calling authenticated server endpoints after an administrator has disabled the account.
### Details…
CVE-2026-49229
NVD
HIGH
CVE-2026-54100
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WI…
CWE: CWE-295
GitHub-GHSA
HIGH
pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config
GHSA-qrv3-253h-g69c
pkg: pnpm, pnpm
eco: npm
published: Jun 27, 2026
## Summary
`pnpm` accepts package names from the env lockfile `configDependencies` section and uses those names directly when creating config dependency symlinks under `node_modules/.pnpm-config`.
A malicious repository can commit a crafted `pnpm-lock.yaml` whose env-lockfile document contains a t…
NVD
HIGH
CVE-2026-52783
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth access_token plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, repopulated continuously by an…
CWE: CWE-313
GitHub-GHSA
HIGH
Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing
GHSA-4c8j-mgm4-qqvp
pkg: github.com/umputun/remark42
eco: go
published: Jun 26, 2026
### Summary
The remark42 image proxy fetches an arbitrary remote URL and re-serves the response from remark42's own origin. The download path decides whether the fetched resource is an image by looking only at the `Content-Type` header the remote server claims — it never inspects the actual bytes.…
CVE-2026-48788
NVD
HIGH
CVE-2026-53268
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack_irc: fix possible out-of-bounds read
When parsing fails after we've matched the command string we
should bail out instead of trying to match a different command.
This helper should be deprecated, given preval…
NVD
HIGH
CVE-2026-56351
n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply speciall…
CWE: CWE-89
GitHub-GHSA
HIGH
Algernon: Host header path traversal in –domain mode reads files and runs Lua from parent dir
GHSA-jc3j-x6pg-4hmv
pkg: github.com/xyproto/algernon
eco: go
published: Jun 23, 2026
### Summary
When algernon is started with `–domain` (or `–letsencrypt`, which silently turns on `–domain` at `engine/flags.go:372`), the request handler resolves the served directory by joining the configured `–dir` with the value of the client-supplied `Host` header. The join is performed by `…
CVE-2026-48126
GitHub-GHSA
HIGH
Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
GHSA-rgvg-3wpc-h44p
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Summary
The webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in `externalTrigger()` allows an attacker to overwrite the internal `appId` property by including it in the webhook …
CVE-2026-54351
GitHub-GHSA
HIGH
gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host
GHSA-4gxv-p5g5-j7w7
pkg: go.senan.xyz/gonic
eco: go
published: Jun 26, 2026
## Summary
A logic error in `ServeCreateOrUpdatePlaylist` allows **any authenticated Subsonic user** (including non-admin) to write playlist M3U content to an attacker-controlled absolute filesystem path on the gonic host, and to create intermediate directories with `0o777` permissions.
The bug is…
CVE-2026-49340
GitHub-GHSA
HIGH
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call
GHSA-2r68-g678-7qr3
pkg: mcp-memory-service
eco: pip
published: Jun 26, 2026
## Summary
The HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only OAuth client can call `store_memory` and `delete_memory` through MCP even though the corresponding REST e…
CVE-2026-49291
NVD
HIGH
CVE-2026-11800
A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to im…
CWE: CWE-347
NVD
HIGH
CVE-2025-71340
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attack…
CWE: CWE-502
GitHub-GHSA
HIGH
jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
GHSA-rmj7-2vxq-3g9f
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
`BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray()` allowlists any array type based only on `clazz.isArray()`, without validating the array's component (element) type against the configured allowlist. A PTV built with `allowIfSubTypeIsArray()` plus an explicit concrete-type al…
CVE-2026-54513
GitHub-GHSA
HIGH
jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation
GHSA-j3rv-43j4-c7qm
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
`jackson-databind`'s `PolymorphicTypeValidator` (PTV) is the primary safety mechanism guarding polymorphic deserialization. When polymorphic typing is enabled and a type identifier contains generic parameters (i.e. the type ID string contains `<`), `DatabindContext._resolveAndValidateGeneric()` vali…
CVE-2026-54512
NVD
HIGH
CVE-2026-52845
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through php_fastcgi, Caddy normalizes HTTP headers int…
CWE: CWE-287, CWE-290, CWE-444
NVD
HIGH
CVE-2026-49402
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:child_process implementation provided an escapeShellArg() helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e…
CWE: CWE-78
NVD
HIGH
CVE-2026-45135
Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaw…
CWE: CWE-20, CWE-176, CWE-178
NVD
HIGH
CVE-2026-45732
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an …
CWE: CWE-639
GitHub-GHSA
HIGH
Gogs has the ability to import local repositories via Mirror Settings
GHSA-wv27-2vqp-j7g5
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary
The Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function.
### Details
Here is the function implementa…
CVE-2026-52801
NVD
HIGH
CVE-2025-71339
Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation.
CWE: CWE-502
NVD
HIGH
CVE-2026-55388
piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When …
CWE: CWE-94, CWE-1321
NVD
HIGH
CVE-2026-54030
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata (RFC 9728) matches the configured MCP server URL, allowing a malicious MCP server to s…
CWE: CWE-346
NVD
HIGH
CVE-2026-23879
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious sy…
CWE: CWE-59
NVD
HIGH
CVE-2026-57456
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dic…
CWE: CWE-94
NVD
HIGH
CVE-2026-46733
Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CWE: CWE-284
NVD
HIGH
CVE-2026-53267
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: bail out on template ct in get eval
I noticed this issue while looking at a historic syzbot report [1].
A rule like the one below is enough to trigger the bug:
table ip t {
chain pre {
…
NVD
HIGH
CVE-2026-53194
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: kl5kusb105: fix bulk-out buffer overflow
klsi_105_prepare_write_buffer() is called by the generic write path
with the bulk-out buffer and its size (bulk_out_size, 64 bytes). It
stores a two-byte length header at the s…
NVD
HIGH
CVE-2026-13037
Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-53094
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stale offload->prog pointer after constant blinding
When a dev-bound-only BPF program (BPF_F_XDP_DEV_BOUND_ONLY) undergoes
JIT compilation with constant blinding enabled (bpf_jit_harden >= 2),
bpf_jit_blind_constants() cl…
NVD
HIGH
CVE-2026-53090
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix ld_{abs,ind} failure path analysis in subprogs
Usage of ld_{abs,ind} instructions got extended into subprogs some time
ago via commit 09b28d76eac4 ("bpf: Add abnormal return checks."). These
are only allowed in subprogram…
NVD
HIGH
CVE-2026-52975
In the Linux kernel, the following vulnerability has been resolved:
bonding: 3ad: implement proper RCU rules for port->aggregator
syzbot found a data-race in bond_3ad_get_active_agg_info /
bond_3ad_state_machine_handler [1] which hints at lack of proper
RCU implementation.
Add __rcu qualifier to …
NVD
HIGH
CVE-2026-52951
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/dma-buf: handle empty bo and UAF races
There look to be some nasty races here when triggering the
invalidate_mappings hook:
1) We do xe_bo_alloc() followed by the attach, before the actual full bo
init step in xe_dma_bu…
NVD
HIGH
CVE-2026-52950
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/dma-buf: fix UAF with retry loop
Retry doesn't work here, since bo will be freed on error, leading to
UAF. However, now that we do the alloc & init before the attach, we can
now combine this as one unit and have the init do…
NVD
HIGH
CVE-2026-52947
In the Linux kernel, the following vulnerability has been resolved:
net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove
In qrtr_port_remove(), the socket reference count is decremented via
__sock_put() before the port is removed from the qrtr_ports XArray and
before the RCU gr…
NVD
HIGH
CVE-2026-52943
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
pskb_carve_inside_header() and pskb_carve_inside_nonlinear() both copy
the old skb_shared_info header into a new buffer via memcpy(), which
includes the destructor_…
NVD
HIGH
CVE-2026-52935
In the Linux kernel, the following vulnerability has been resolved:
xfrm: espintcp: do not reuse an in-progress partial send
espintcp keeps a single in-flight transmit in ctx->partial.
Before building a new sk_msg, espintcp_sendmsg() first tries to flush
that state through espintcp_push_msgs().
F…
NVD
HIGH
CVE-2026-52933
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: fix signed comparison in io_poll_get_ownership()
io_poll_get_ownership() uses a signed comparison to check whether
poll_refs has reached the threshold for the slowpath:
if (unlikely(atomic_read(&req->poll_refs)…
NVD
HIGH
CVE-2026-52927
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ebtables: fix OOB read in compat_mtw_from_user
Luxiao Xu says:
The function compat_mtw_from_user() converts ebtables extensions from
32-bit user structures to kernel native structures. However, it lacks
proper valid…
NVD
HIGH
CVE-2026-52923
In the Linux kernel, the following vulnerability has been resolved:
ipc: limit next_id allocation to the valid ID range
The checkpoint/restore sysctl path can request the next SysV IPC id
through ids->next_id. ipc_idr_alloc() currently forwards that request to
idr_alloc() with an open-ended upper…
NVD
HIGH
CVE-2026-52919
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: fix tp_meter counter underflow during shutdown
batadv_tp_sender_shutdown() unconditionally decrements the "sending"
atomic counter. If multiple paths (e.g. timeout, user cancel, and
normal finish) call this function, t…
NVD
HIGH
CVE-2026-52912
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_queue: hold bridge skb->dev while queued
br_pass_frame_up() rewrites skb->dev from the ingress port to the bridge
master before queueing bridge LOCAL_IN packets. NFQUEUE only holds
references on state.in/out and brid…
GitHub-GHSA
HIGH
Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration
GHSA-3vwc-qwhc-3mj7
pkg: glances
eco: pip
published: Jun 23, 2026
### Summary
The `secure_popen()` function in `glances/secure.py` interprets `>` (file redirection), `|` (pipe), and `&&` (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command.
When Application …
CVE-2026-53925
GitHub-GHSA
HIGH
Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution
GHSA-9837-48hr-q32j
pkg: glances
eco: pip
published: Jun 22, 2026
### Summary
`glances/outdated.py` uses `pickle.load()` to read a version-check cache file stored at a predictable, world-accessible path (`~/.cache/glances/glances-version.db` or `$XDG_CACHE_HOME/glances/glances-version.db`). No integrity check, signature verification, or format validation is perfo…
CVE-2026-46607
GitHub-GHSA
HIGH
Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py
GHSA-v5r2-qh84-fjx5
pkg: glances
eco: pip
published: Jun 22, 2026
### Summary
The Glances KVM/QEMU monitoring engine (`glances/plugins/vms/engines/virsh.py`) passes VM domain names, read directly from `virsh list –all` output, into f-string command templates that are processed by `secure_popen()`. `secure_popen()` is explicitly designed to interpret `&&`, `|`, a…
CVE-2026-46606
NVD
HIGH
CVE-2026-49984
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past th…
CWE: CWE-22, CWE-180, CWE-200
NVD
HIGH
CVE-2026-8665
OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.
CWE: CWE-78
NVD
HIGH
CVE-2026-8592
OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.
CWE: CWE-78
NVD
HIGH
CVE-2026-33235
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service (DoS) attack. While the backend implements a SandboxedEnvironment to prevent unaut…
CWE: CWE-400
NVD
HIGH
CVE-2026-54699
Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows comm…
CWE: CWE-78, CWE-116
NVD
HIGH
CVE-2026-54018
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on…
CWE: CWE-918
NVD
HIGH
CVE-2026-54304
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operat…
CWE: CWE-200
NVD
HIGH
CVE-2026-49465
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push oper…
CWE: CWE-22
NVD
HIGH
CVE-2026-54313
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintend…
CWE: CWE-89
NVD
HIGH
CVE-2026-54311
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on t…
CWE: CWE-488
NVD
HIGH
CVE-2026-56268
Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted (the default), the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace t…
CWE: CWE-863
GitHub-GHSA
HIGH
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
GHSA-ffm6-vvph-g5f5
pkg: pycti
eco: pip
published: Jun 22, 2026
### Summary
The OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration (allowAbsoluteUrls: true). This allows attackers to craft requests to arbitrary endpoints, including internal services, because Axio…
CVE-2026-21887
NVD
HIGH
CVE-2026-11998
A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session.
SCE's purpose is to ensure that only trusted or safe values are used in certain sec…
CWE: CWE-791
GitHub-GHSA
HIGH
pnpm: Repository-controlled configDependencies can select a pacquet native install engine
GHSA-gj8w-mvpf-x27x
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
<!– maintainer-action:start –>
## Maintainer Action Plan
This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.
– Advisory: `CAND-PNPM-097` / `GHSA…
CVE-2026-55697
GitHub-GHSA
HIGH
pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle
GHSA-5wx6-mg75-v57r
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary
Keep build approval for opaque dependency sources byte-exact for GHSA-5wx6-mg75-v57r / CAND-PNPM-123.
Merged upstream commit `bf1b731ee6` fixed the original name-only approval bypass by making build policy consume the resolved dependency identity. One collision remained: the generic pee…
CVE-2026-55487
GitHub-GHSA
HIGH
js-toml vulnerable to CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals
GHSA-wp3c-266w-4qfq
pkg: js-toml
eco: npm
published: Jun 26, 2026
## Summary
`js-toml` versions up to and including **1.1.0** parse hexadecimal / octal / binary integer literals via a hand-written `parseBigInt` loop that multiplies a `BigInt` accumulator by the radix once per input digit. Each iteration performs a `BigInt * BigInt` operation on an accumulator tha…
CVE-2026-49293
GitHub-GHSA
HIGH
better-helperjs Vulnerable to Directory Traversal via String Prefix Bypass in Static Server
GHSA-3p34-w4f6-5xh2
pkg: better-helperjs
eco: npm
published: Jun 26, 2026
## Summary
A directory traversal vulnerability exists in the production static file server of `better-helperjs` (`<= 3.0.5`). Attackers can read arbitrary files located in adjacent directory structures that share the same string prefix as the intended static root directory.
## Details
The framework…
GitHub-GHSA
HIGH
Muhammara has a NULL pointer dereference in LZWDecode filter when DecodeParms omits EarlyChange key
GHSA-fhp4-pr5j-46m5
pkg: muhammara
eco: npm
published: Jun 26, 2026
## Summary
A NULL pointer dereference vulnerability exists in `PDFParser::CreateFilterForStream()` when processing a PDF stream with `/Filter /LZWDecode` and a `/DecodeParms` dictionary that does not contain the `EarlyChange` key. This causes an access violation (0xC0000005) and crashes the process…
GitHub-GHSA
HIGH
python-socketio: Binary attachment accumulation can cause denial of service
GHSA-5w7q-77mv-v69f
pkg: python-socketio
eco: pip
published: Jun 26, 2026
### Impact
The python-socketio server stores binary `EVENT` and `ACK` messages in memory while it waits to receive their binary attachments. Once all the attachments are received, these messages are then processed. An attacker can submit a binary message and intentionally omit sending one or more of…
CVE-2026-48804
GitHub-GHSA
HIGH
python-engineio has unbound thread allocation that can cause denial of service
GHSA-cgwc-pv48-fhj5
pkg: python-engineio
eco: pip
published: Jun 26, 2026
### Impact
An attacker can cause the creation of unnecessary background threads in the python-engineio server by exploiting the heartbeat mechanism, which launches a thread when a new connection is received, and when the client sends a PONG packet.
Note: this issue primarily affects synchronous ser…
CVE-2026-48802
GitHub-GHSA
HIGH
python-engineio has possible denial of service due to maximum payload size sometimes not being enforced
GHSA-m9gh-vj53-gvh9
pkg: python-engineio
eco: pip
published: Jun 26, 2026
### Impact
There are two specific configurations of the python-engineio server in which the size of incoming messages is not checked before the messages are loaded into memory. An attacker can take advantage of these to cause unnecessary memory allocations in the python-engineio server. The two case…
CVE-2026-48809
GitHub-GHSA
HIGH
Hysteria: http large header with sniff cause server DoS
GHSA-jqc5-2p7q-fqfc
pkg: github.com/apernet/hysteria
eco: go
published: Jun 26, 2026
### Summary
Sending an excessively large header by an attacker could lead to a server-side DoS attack.
### Details
The current sniff implementation does not explicitly specify the upper limit for HTTP headers. Attackers can continuously send excessively large headers without including \r\n\r\n, le…
GitHub-GHSA
HIGH
Hysteria vulnerable to server crash when max_datagram_frame_size very small
GHSA-qh5x-rfwf-rvfv
pkg: github.com/apernet/hysteria
eco: go
published: Jun 26, 2026
### Summary
An authenticated client can crash the Hysteria server by advertising a very small QUIC `max_datagram_frame_size` and then triggering a UDP response from the server. When the server tries to send the UDP response back via QUIC DATAGRAM, quic-go returns `DatagramTooLargeError`. The server…
GitHub-GHSA
HIGH
Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
GHSA-j9cw-hwqf-85w7
pkg: fluentd
eco: rubygems
published: Jun 26, 2026
Fluentd's `in_http` and `in_forward` plugins support receiving gzip-compressed data.
While Fluentd correctly enforces size limits on the incoming compressed payloads (e.g., via `body_size_limit` or `chunk_size_limit`), it was discovered that there is no limit enforced on the size of the decompressed…
CVE-2026-44160
GitHub-GHSA
HIGH
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
GHSA-pr7j-96cj-549h
pkg: fluentd
eco: rubygems
published: Jun 26, 2026
Fluentd's Monitor Agent plugin (`in_monitor_agent`) exposes internal metrics and plugin information via a REST API.
It was discovered that the API response (`/api/plugins.json` and related endpoints) unintentionally includes internal instance variables of loaded plugins.
If any plugins store sensit…
CVE-2026-44025
NVD
HIGH
CVE-2026-49486
The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using `FTPSHook` or `FTPSFileTransmitOperator` to move files ove…
CWE: CWE-319
GitHub-GHSA
HIGH
golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS
GHSA-w879-237q-wc7r
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key…
CVE-2026-39829
NVD
HIGH
CVE-2026-6331
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated ta…
CWE: CWE-347
GitHub-GHSA
HIGH
golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic
GHSA-q4h4-gmj2-qvw2
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
CVE-2026-46597
GitHub-GHSA
HIGH
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop
GHSA-g22q-f7gc-5jhr
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
An incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash.
CVE-2026-53461
GitHub-GHSA
HIGH
ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition
GHSA-q62c-h75r-2xhc
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
A missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition.
## Credit
Aisle Research (Ze Sheng, Dmitrijs Trizna, Luigino Camastra, Guido Vranken)
CVE-2026-53460
GitHub-GHSA
HIGH
ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions
GHSA-8pj9-6897-74xc
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operations.
CVE-2026-49218
GitHub-GHSA
HIGH
Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic
GHSA-47q9-m4ww-924m
pkg: github.com/sigstore/rekor
eco: go
published: Jun 25, 2026
## Description
The `Package.Unmarshal()` function in `pkg/types/alpine/apk.go` decompresses the signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. The existing `max_apk_metadata_size` check (default 1MB) is only applied to individu…
CVE-2026-48702
NVD
HIGH
CVE-2026-55958
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1…
CWE: CWE-393, CWE-787, CWE-787
NVD
HIGH
CVE-2026-11310
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with –enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certific…
CWE: CWE-295
GitHub-GHSA
HIGH
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth
GHSA-vh6j-jc39-fggf
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
`MessagePackReader.TrySkip()` recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses `MessagePackSecurity.MaximumObjectGraphDepth`, the library's documented protection against deeply nested object graph…
CVE-2026-48506
NVD
HIGH
CVE-2026-55961
wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when …
CWE: CWE-347
NVD
HIGH
CVE-2026-11999
X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with –enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical…
CWE: CWE-295
GitHub-GHSA
HIGH
OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing
GHSA-386j-6m86-78f9
pkg: org.openidentityplatform.openam:openam-radius
eco: maven
published: Jun 25, 2026
## Summary
**Description**
An Improper Verification of Cryptographic Signature (CWE-347) issue in OpenAM's RADIUS authentication module allows an unauthenticated network attacker to spoof an Access-Accept response and obtain an OpenAM session for any RADIUS username, without knowing the configured…
CVE-2026-46560
NVD
HIGH
CVE-2026-54841
Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.
CWE: CWE-201
NVD
HIGH
CVE-2026-12490
When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular …
CWE: CWE-284, CWE-306
NVD
HIGH
CVE-2026-12245
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
CWE: CWE-416
NVD
HIGH
CVE-2026-52794
Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportion…
CWE: CWE-1333
NVD
HIGH
CVE-2026-13029
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CWE: CWE-416
NVD
HIGH
CVE-2026-44017
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise …
CWE: CWE-22
GitHub-GHSA
HIGH
OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination
GHSA-7fq5-7wr8-rjwj
pkg: github.com/OliveTin/OliveTin
eco: go
published: Jun 24, 2026
## Summary
OliveTin's template engine uses a **single shared `text/template.Template` instance** (`tpl` package-level variable in `service/internal/tpl/templates.go`) across all goroutines. Every action execution calls `tpl.Parse(source)` followed by `t.Execute()` on this shared instance with no sy…
CVE-2026-48708
NVD
HIGH
CVE-2026-52974
In the Linux kernel, the following vulnerability has been resolved:
net: tls: fix strparser anchor skb leak on offload RX setup failure
When tls_set_device_offload_rx() fails at tls_dev_add(), the error path
calls tls_sw_free_resources_rx() to clean up the SW context that was
initialized by tls_se…
NVD
HIGH
CVE-2026-52957
In the Linux kernel, the following vulnerability has been resolved:
libceph: Fix potential null-ptr-deref in decode_choose_args()
A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself
contains a CRUSH map. When decoding this CRUSH map in crush_decode(), an
array of max_buckets CRUSH b…
NVD
HIGH
CVE-2026-52956
In the Linux kernel, the following vulnerability has been resolved:
libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()
In __ceph_x_decrypt(), a part of the buffer p is interpreted as a
ceph_x_encrypt_header, and the magic field of this struct is accessed.
This happens without any gu…
NVD
HIGH
CVE-2026-52954
In the Linux kernel, the following vulnerability has been resolved:
libceph: handle rbtree insertion error in decode_choose_args()
A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself
contains a CRUSH map. The received CRUSH map may optionally contain
choose_args that get decoded in …
NVD
HIGH
CVE-2026-52946
In the Linux kernel, the following vulnerability has been resolved:
fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling
A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in
send_sigio() and send_sigurg() when a process group receives a signal.
When FASYNC is configured for a …
NVD
HIGH
CVE-2026-52945
In the Linux kernel, the following vulnerability has been resolved:
Revert "wireguard: device: enable threaded NAPI"
This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is
commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream.
We have had three independent production user report…
NVD
HIGH
CVE-2026-56270
Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organization…
CWE: CWE-306
NVD
HIGH
CVE-2026-52932
In the Linux kernel, the following vulnerability has been resolved:
xfrm: ipcomp: Free destination pages on acomp errors
Move the out_free_req label up by a couple of lines so that the
allocated dst SG list gets freed on error as well as success.
NVD
HIGH
CVE-2026-52929
In the Linux kernel, the following vulnerability has been resolved:
sctp: stream: fully roll back denied add-stream state
When ADD_OUT_STREAMS is denied, SCTP only shrinks the queued chunks and
then lowers outcnt. That leaves removed stream metadata behind, so a
later re-add can reuse a stale ext …
NVD
HIGH
CVE-2026-52922
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: dat: handle forward allocation error
batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb
for each DHT candidate, but does not check the return value before passing
it to batadv_send_skb_prepare_un…
NVD
HIGH
CVE-2026-50193
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if (and only if) the service reads deeply nested (1000s of levels) JSON as JsonNod…
CWE: CWE-400
NVD
HIGH
CVE-2026-53754
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach i…
CWE: CWE-918
NVD
HIGH
CVE-2026-52844
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/*, but file_server later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy pat…
CWE: CWE-22, CWE-284
NVD
HIGH
CVE-2025-61025
An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CWE: CWE-89, CWE-400
NVD
HIGH
CVE-2026-54314
n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webho…
CWE: CWE-409
NVD
HIGH
CVE-2023-54365
Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 stre…
CWE: CWE-400
GitHub-GHSA
HIGH
Gogs Missing Authorization in Attachment Download
GHSA-p9f5-h3rx-j5qw
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
## Summary
In Gogs 0.14.1, `GET /attachments/:uuid` returns the raw attachment file **without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository**.
In a test environment with `REQUIRE_SIGNIN_VIEW = false`, we confirmed that **an unauthenti…
CVE-2026-52799
NVD
HIGH
CVE-2026-41523
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM…
CWE: CWE-94, CWE-617
NVD
HIGH
CVE-2026-55603
http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with ha…
CWE: CWE-93
GitHub-GHSA
HIGH
ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)
GHSA-95pq-hr8p-f5g7
pkg: comfyui-manager
eco: pip
published: Jun 22, 2026
### Impact
An **Unprotected Alternate Channel (CWE-420)** vulnerability was discovered in ComfyUI-Manager versions prior to 3.38.
#### Vulnerability Details
In affected versions, ComfyUI-Manager stored its configuration in the `user/default/ComfyUI-Manager/` directory, which was accessible via Co…
CVE-2025-67303
NVD
HIGH
CVE-2026-54293
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load() in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments …
CWE: CWE-22
NVD
HIGH
CVE-2026-53779
WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with percent-encoded backslashes (%5C) that bypass the path.Clean() sanitization in handler/router.go. At…
CWE: CWE-22
NVD
HIGH
CVE-2026-54280
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause resour…
CWE: CWE-404
NVD
HIGH
CVE-2026-54279
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save() and then restored later with CookieJar.load() lose their host-only status. This vulnerability is fixed in 3.14.1.
CWE: CWE-665
NVD
HIGH
CVE-2026-54278
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be decompre…
CWE: CWE-409
NVD
HIGH
CVE-2026-54275
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request server_hostname param…
CWE: CWE-297
NVD
HIGH
CVE-2026-54274
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1.
CWE: CWE-770
NVD
HIGH
CVE-2026-54273
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This vulne…
CWE: CWE-770
NVD
HIGH
CVE-2026-53571
Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as …
CWE: CWE-22, CWE-200
NVD
HIGH
CVE-2026-53539
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead did…
CWE: CWE-400, CWE-407
NVD
HIGH
CVE-2026-50269
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing user-co…
CWE: CWE-93, CWE-113
NVD
HIGH
CVE-2026-48712
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject() conversion and the custom google.protobuf.Any JSON conversi…
CWE: CWE-674
NVD
HIGH
CVE-2026-54268
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service (DoS) vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, …
CWE: CWE-400, CWE-1333
GitHub-GHSA
HIGH
Hysteria has an authenticated UDP ACL bypass that enables localhost and private-network UDP SSRF
GHSA-vgrc-hq28-p3xp
pkg: github.com/apernet/hysteria/core/v2
eco: go
published: Jun 26, 2026
## Summary
Hysteria's UDP relay treats the destination address as packet-scoped, but ACL and outbound policy are applied only once when a new UDP session is created. After an authenticated client opens a UDP session using an allowed first destination, later packets in the same `Session ID` can be s…
NVD
HIGH
CVE-2026-55759
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted regardless…
CWE: CWE-287, CWE-294
NVD
HIGH
CVE-2026-49440
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test a…
CWE: CWE-325
NVD
HIGH
CVE-2026-44726
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When `autoSelectFamily was enabled and the first address-family attempt fai…
CWE: CWE-319
GitHub-GHSA
HIGH
Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
GHSA-jj36-r9w3-3pfh
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
The application server exposes an unauthenticated endpoint that generates S3 `PutObject` presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builder…
CVE-2026-50136
GitHub-GHSA
HIGH
Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)
GHSA-87qc-fj39-wccr
pkg: glances
eco: pip
published: Jun 22, 2026
### Summary
The Glances XML-RPC server (`glances -s`) introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE 2026-33533. However, the implementation silently falls back to `Access-Control-Allow-Origin: *` whenever `cors_origins` contains more than one entry. An operat…
CVE-2026-46608
GitHub-GHSA
HIGH
pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)
GHSA-rxhj-4m44-96r4
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary
pnpm's patch application pipeline (`@pnpm/patch-package`) performs no path validation on file paths extracted from `.patch` files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or delete arbitrary files on the filesystem du…
CVE-2026-50015
NVD
HIGH
CVE-2026-13201
A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel de…
CWE: CWE-61
NVD
HIGH
CVE-2026-54328
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary directo…
CWE: CWE-379
GitHub-GHSA
HIGH
Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
GHSA-v7j5-vc4m-723w
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Title
**Chat Identity Link Hijacking — Attacker Can Silently Map Their Slack/Discord Identity to Any Authenticated Budibase User's Account**
## Severity
**High** — CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N = **7.3**
## Affected Product
– **Product:** Budibase
– **Version:** 3.37.2 (i…
CVE-2026-50132
GitHub-GHSA
HIGH
Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
GHSA-72f5-rr8c-r6gr
pkg: fluentd
eco: rubygems
published: Jun 26, 2026
The `out_http` output plugin allows the use of placeholders (such as `${tag}`) in the `endpoint` configuration parameter.
It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests m…
CVE-2026-44161
NVD
HIGH
CVE-2026-50189
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/* on the public ingress. Combined with the APPSMIT…
CWE: CWE-183, CWE-918
NVD
HIGH
CVE-2026-54308
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execu…
CWE: CWE-290
GitHub-GHSA
HIGH
pnpm: `patch-remove` could delete project-selected files outside the patches directory
GHSA-72r4-9c5j-mj57
pkg: pnpm, pnpm
eco: npm
published: Jun 27, 2026
## Summary
The `patch-remove` deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm.
A crafted patch entry could resolve outside the configured patches directory and cause `pnpm patch-remove` to delete an arbitrary reachable file. This patch validates the c…
GitHub-GHSA
HIGH
pnpm: Hoisted install imports lockfile alias outside node_modules
GHSA-fr4h-3cph-29xv
pkg: pnpm, pnpm
eco: npm
published: Jun 27, 2026
## Summary
The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet.
A crafted lockfile alias could be joined directly under a hoisted `node_modules` directory. Traversal aliases could escape that directory, while reserved aliase…
GitHub-GHSA
HIGH
pnpm: `stage download` writes outside its destination directory via manifest name/version traversal
GHSA-v23m-ccfg-pq9h
pkg: pnpm
eco: npm
published: Jun 26, 2026
## Summary
The staged-tarball filename traversal reported as GHSA-v23m-ccfg-pq9h / CAND-PNPM-038 is fixed on `main` by [pnpm/pnpm#12303](https://github.com/pnpm/pnpm/pull/12303), merged as `65443f4bdf1f0db9c8c7dc58fee25252607e9234`.
Before the fix, `pnpm stage download` derived a local filename fr…
CVE-2026-55700
GitHub-GHSA
HIGH
Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)
GHSA-hmgp-w9jm-vp95
pkg: go.senan.xyz/gonic
eco: go
published: Jun 26, 2026
## Summary
In gonic, the Subsonic API endpoints `/rest/deletePlaylist.view` and `/rest/getPlaylist.view` perform no per-resource authorization. Once authenticated as *any* user (admin or not), an attacker can:
1. **Delete any playlist owned by any other user** (including admin) by passing its `id`…
CVE-2026-49338
GitHub-GHSA
HIGH
gonic: Path Traversal in playlist `id` bypasses ownership check, enabling any user to read/delete other users' playlists
GHSA-2fp4-5v5c-4448
pkg: go.senan.xyz/gonic
eco: go
published: Jun 26, 2026
## Summary
The maintainer's recent fix in [`6dd71e6a3c966867ef8c900d359a7df75789f410`](https://github.com/sentriz/gonic/commit/6dd71e6) (`fix(subsonic): enforce playlist ownership on getPlaylist/deletePlaylist`) added an ownership check based on `playlist.UserID`. However, `playlist.UserID` is deri…
CVE-2026-49339
GitHub-GHSA
HIGH
amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads()
GHSA-g697-2xrc-gc46
pkg: amazon-braket-sdk
eco: pip
published: Jun 25, 2026
**Summary**
Amazon Braket SDK is an open-source Python library for interacting with the Amazon Braket quantum computing service, including managing hybrid quantum jobs and retrieving job results. An issue exists where, under certain circumstances, a remote authenticated user with S3 write access to …
CVE-2026-9291
NVD
HIGH
CVE-2026-9154
Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.
CWE: CWE-22
NVD
HIGH
CVE-2026-53040
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: validate bg_bits during freefrag scan
[BUG]
A crafted filesystem can trigger an out-of-bounds bitmap walk when
OCFS2_IOC_INFO is issued with OCFS2_INFO_FL_NON_COHERENT.
BUG: KASAN: use-after-free in instrument_atomic_read …
NVD
HIGH
CVE-2026-52988
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase
Publish new hooks in the list into the basechain/flowtable using
splice_list_rcu() to ensure netlink dump list traversal via rcu is safe
while concurrent r…
NVD
HIGH
CVE-2026-52953
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix oops due to out of scope access
Below oops triggers when kill QEMU process:
Oops: general protection fault, probably for non-canonical address 0x7fffffff844eaaa7: 0000 [#1] SMP NOPTI
Call Trace:
<TASK>
d…
NVD
HIGH
CVE-2026-52942
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_log: validate MAC header was set before dumping it
The fallback path of dump_mac_header() guards the MAC header access
only with "skb->mac_header != skb->network_header", without checking
skb_mac_header_was_set(). Wh…
NVD
HIGH
CVE-2026-52917
In the Linux kernel, the following vulnerability has been resolved:
sctp: diag: reject stale associations in dump_one path
The SCTP exact sock_diag lookup can hold a transport reference, block on
lock_sock(sk), and then resume after sctp_association_free() has marked
the association dead and freed…
NVD
HIGH
CVE-2026-52915
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_hbh: reject oversized option lists
struct ip6t_opts stores at most IP6T_OPTS_OPTSNR option descriptors,
but hbh_mt6_check() does not reject larger optsnr values supplied from
userspace.
Validate optsnr in the rule…
NVD
HIGH
CVE-2026-54761
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple (WRR) backendRefs, Traefik evaluates the allowlist…
CWE: CWE-284, CWE-863
NVD
HIGH
CVE-2026-54318
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services LocationResul…
CWE: CWE-926
GitHub-GHSA
HIGH
Gogs's write-level collaborators can mutate admin-only repository settings via API
GHSA-268j-37xf-pp52
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary
Three API endpoints — `PATCH /api/v1/repos/:owner/:repo/issue-tracker`, `PATCH /api/v1/repos/:owner/:repo/wiki`, and `POST /api/v1/repos/:owner/:repo/mirror-sync` — are gated by `reqRepoWriter()` rather than `reqRepoAdmin()`. The equivalent operations in the web UI sit behind `reqRep…
CVE-2026-52808
NVD
HIGH
CVE-2026-56275
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud metadata…
CWE: CWE-918
GitHub-GHSA
HIGH
Blnk has an API key authorization bypass in owner and scope enforcement
GHSA-wcr3-9x4c-f5gj
pkg: github.com/blnkfinance/blnk
eco: go
published: Jun 26, 2026
Blnk API key endpoints had an authorization issue that allowed non-master API keys to perform key-management actions outside their intended authorization boundary.
In affected versions, API key operations trusted caller-controlled request values for owner and scope decisions. As a result, a non-mas…
GitHub-GHSA
HIGH
Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication
GHSA-4hf8-5mjm-rfgq
pkg: line-desktop-mcp
eco: npm
published: Jun 26, 2026
# Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication
## Summary
`line-desktop-mcp` supports a `–http-mode` Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to `0.0.0.0` and exposes the MCP `/mcp` endpoint without an MCP-la…
CVE-2026-49357
GitHub-GHSA
HIGH
LinkifyIt#match scan loop has quadratic algorithmic complexity
GHSA-22p9-wv53-3rq4
pkg: linkify-it
eco: npm
published: Jun 26, 2026
## Summary
`LinkifyIt.prototype.match` — the package's primary public API — has **O(N²) algorithmic complexity** for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchore…
CVE-2026-48801
GitHub-GHSA
HIGH
OpenAM Account Takeover via Unverified Password Change in OAuth2 Module
GHSA-gf57-4mp6-m85x
pkg: org.openidentityplatform.openam:openam-auth-oauth2
eco: maven
published: Jun 26, 2026
## Summary
**Description**
An Unverified Password Change (CWE-620) and Use of Weak Credentials (CWE-1391) issue in OpenAM's OAuth2 authentication module silently rewrites a local user's password to the literal string of their username on OAuth2 re-login of an existing account. The default ldapServ…
CVE-2026-46623
GitHub-GHSA
HIGH
OpenAM Authentication Bypass via MSISDN LDAP Injection
GHSA-xq73-fvmr-jvmm
pkg: org.openidentityplatform.openam:openam-auth-msisdn
eco: maven
published: Jun 26, 2026
## Summary
**Description**
An LDAP Injection (CWE-90) vulnerability in the MSISDN authentication module allows an unauthenticated, remote attacker to obtain an arbitrary OpenAM session without a password in the default trusted gateway configuration. This impacts OpenAM Community Edition through ve…
CVE-2026-46619
GitHub-GHSA
HIGH
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows
GHSA-382j-8mxh-c7x2
pkg: MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
`MessagePackReader.ReadDateTime()` can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed `tokenSize` includes the extension body length from the wire and is used in a `stackalloc` operation b…
CVE-2026-48502
GitHub-GHSA
HIGH
chi's RealIP Middleware allows IP spoofing via unvalidated X-Forwarded-For header
GHSA-rjr7-jggh-pgcp
pkg: github.com/go-chi/chi/middleware, github.com/go-chi/chi/v2/middleware, github.com/go-chi/chi/v3/middleware
eco: go
published: Jun 25, 2026
### Summary
realip middleware in go-chi/chi trusts headers like x-forwarded-for without checking them, so attackers can fake their ip and bypass rate limits or access controls
### Details
the vuln is in middleware/realip.go , the realIP() function pulls IPs straight from client headers and replace…
GitHub-GHSA
HIGH
chi Middleware Vulnerable to Potential IP Spoofing via `X-Forwarded-For` Header in `Request.RemoteAddr` Resolution
GHSA-9g5q-2w5x-hmxf
pkg: github.com/go-chi/chi/middleware, github.com/go-chi/chi/v2/middleware, github.com/go-chi/chi/v3/middleware
eco: go
published: Jun 25, 2026
### Summary
The vulnerability allows the `Request.RemoteAddr` to be spoofed when determining the request source IP via the `X-Forwarded-For` header. This could result in misidentification of the request source and potentially compromise access control and logging integrity.
### Details
Currently, t…
GitHub-GHSA
HIGH
OpenAM Arbitrary OAuth Token Minting via Push Registration
GHSA-cj8f-2fhf-826r
pkg: org.openidentityplatform.openam:openam-oauth2
eco: maven
published: Jun 25, 2026
## Summary
**Description**
An Authorization Bypass Through User-Controlled Key (CWE-639) exists in OpenAM's stateful OAuth2 token-read path. Under certain conditions, this may allow an attacker to forge OAuth2 bearer tokens and OIDC ID tokens with arbitrary subject, client, realm, and scope. This …
CVE-2026-46498
GitHub-GHSA
HIGH
OpenAM has Unsafe Java Deserialization via SNS
GHSA-pp89-732f-3g8q
pkg: org.openidentityplatform.openam:openam-push-notification
eco: maven
published: Jun 25, 2026
## Summary
**Description**
A Deserialization of Untrusted Data (CWE-502) issue exists in OpenAM's Push Notification SNS callback resource. The REST route that handles SNS push messages is mounted with anonymous access and, when a supplied message identifier has expired from the in-memory dispatche…
CVE-2026-45794
GitHub-GHSA
HIGH
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
GHSA-rw9q-97r9-8gvh
pkg: motioneye
eco: pip
published: Jun 23, 2026
### Summary
mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem.
The affected handlers accept a user-controlled filename parameter and construct filesystem paths using `os.path.join()`. When an a…
CVE-2026-55488
GitHub-GHSA
HIGH
OctoPrint has possible file exfiltration via query parameters on upload endpoints
GHSA-j4h9-pm27-4rfw
pkg: OctoPrint, OctoPrint
eco: pip
published: Jun 23, 2026
### Impact
OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then c…
CVE-2026-54134
GitHub-GHSA
HIGH
Gogs: LFS dedupe path leaks private repo content across tenants
GHSA-6p9m-q3jp-47h4
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
Summary
Git LFS storage is content-addressed by OID alone (`<LFS-root>/<oid[0]>/<oid[1]>/<oid>`) but per-repo authorization lives in the `lfs_object` table keyed `(repo_id, oid)`. `serveUpload` skips re-uploading when the OID file already exists on disk and inserts a new `(repo_id, oid)` row pointi…
CVE-2026-52812
GitHub-GHSA
HIGH
Gogs allows users to write to readonly repositories using receive-pack + service=git-upload-pack confusion
GHSA-wmfg-5p4h-5fw3
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary
Git smart HTTP authorizes `POST …/git-receive-pack` using the client-supplied service query string (so `?service=git-upload-pack` is evaluated as read access) while routing still runs git receive-pack, allowing push where only read should be allowed.
### Details
Gogs' Git Smart HTTP…
CVE-2026-52810
GitHub-GHSA
HIGH
Gogs has DOM-based XSS via Milestone Name on New Issue Page
GHSA-vcm5-gvmp-78mp
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary
The fix for GHSA-vgjm-2cpf-4g7c (DOM-based XSS via milestone selection) was only applied to `templates/repo/issue/view_content.tmpl` but not to `templates/repo/issue/new_form.tmpl`. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issu…
CVE-2026-52807
GitHub-GHSA
HIGH
Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
GHSA-35c4-rvc8-frhm
pkg: @budibase/server
eco: npm
published: Jun 22, 2026
## Summary
The Budibase server route `POST /api/attachments/:datasourceId/url` ([`packages/server/src/api/routes/static.ts`](https://github.com/Budibase/budibase/blob/56d2a984/packages/server/src/api/routes/static.ts)) is registered with **only** the `recaptcha` middleware. There is no `authorized(…
CVE-2026-50137
GitHub-GHSA
HIGH
skillctl: argument injection, path traversal in –dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
GHSA-74p7-6h78-gw8p
pkg: skillctl
eco: rust
published: Jun 22, 2026
## Impact
Following the path-safety patches in [GHSA-wx3m-whqv-xv47](https://github.com/umanio-agency/skillctl/security/advisories/GHSA-wx3m-whqv-xv47) (v0.1.2), a comprehensive multi-angle audit surfaced five further vulnerabilities, now patched in v0.1.3:
1. **`source_sha` argument injection in …
GitHub-GHSA
HIGH
OpenAM has LDAP Injection via `_queryId` Parameter
GHSA-2vg8-q4c2-5cw3
pkg: org.openidentityplatform.openam:openam-core-rest
eco: maven
published: Jun 22, 2026
OpenAM (Open Identity Platform) is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under `/json/{realm}/users`. In `IdentityResourceV1.queryCollection()`, the HTTP query parameter `_queryId` is passed to …
CVE-2026-41573
GitHub-GHSA
HIGH
Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers
GHSA-w6j9-vw59-27wv
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
## Summary
When `ENABLE_REVERSE_PROXY_AUTHENTICATION` is enabled, Gogs accepts the configured authentication header (default: `X-WEBAUTH-USER`) directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can reach the Gogs servi…
CVE-2026-25119
GitHub-GHSA
MEDIUM
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps
GHSA-2×83-8g95-xh59
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
`ExpandoObjectFormatter.Deserialize` populates `System.Dynamic.ExpandoObject` by calling `IDictionary<string, object>.Add` for each map entry. `ExpandoObject` internally maintains member names in array-like structures, so inserting many distinct keys can require repeated linear scans and…
CVE-2026-48511
GitHub-GHSA
MEDIUM
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths
GHSA-v72x-2h86-7f8m
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
When MessagePack-CSharp decompresses `Lz4Block` or `Lz4BlockArray` payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed data is valid or that the declared expansion is reasonable.
A small…
CVE-2026-48510
NVD
MEDIUM
CVE-2026-47693
Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizi…
CWE: CWE-1236
GitHub-GHSA
MEDIUM
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection
GHSA-9rc6-8cjv-rcvx
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
## 1. Description
The `getRedirectURL` function in `oauth2.go:22-29` constructs the OAuth2 callback URL by concatenating the request's `Host` header with a fixed path, with **zero validation** of the Host header:
“`go
func getRedirectURL(c *gin.Context) string {
scheme := "http://"
refere…
CVE-2026-53523
GitHub-GHSA
MEDIUM
pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field
GHSA-q6j5-fjx5-2mc3
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary
pnpm's tarball extraction worker skips integrity verification when the `integrity` field is absent from the lockfile resolution. If an attacker can both modify `pnpm-lock.yaml` to remove the `integrity:` field and cause the referenced registry URL to serve altered package content, `pnpm …
CVE-2026-50021
GitHub-GHSA
MEDIUM
pnpm: Unsafe default behavior breaks integrity check
GHSA-54hh-g5mx-jqcp
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
While it is unclear whether this should be classified as a vulnerability, it is being reported through this channel because the current behavior may represent an unsafe default.
## Summary
`pnpm install` in non-frozen mode can accept new remote package content after detecting that the downloaded t…
CVE-2026-50573
GitHub-GHSA
MEDIUM
regclient may leak authentication credentials to external blob stores
GHSA-qvqc-4c52-x6qp
pkg: github.com/regclient/regclient
eco: go
published: Jun 26, 2026
Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs.
## Example attack
A malicious registry serves an OCI image ma…
CVE-2026-49349
GitHub-GHSA
MEDIUM
pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)
GHSA-cg7w-rg45-pc59
pkg: pydantic-ai-slim, pydantic-ai, pydantic-ai
eco: pip
published: Jun 26, 2026
## Summary
When an application using Pydantic AI opts a URL into `force_download='allow-local'` (which disables the default block on private/internal IPs) **and runs on a network that routes the affected IPv6 transition forms (NAT64- or ISATAP-configured networks)**, the cloud-metadata blocklist co…
CVE-2026-48782
NVD
MEDIUM
CVE-2026-47775
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-CBC without an authentication tag (no HMAC, no AEAD). The /callback endpoint returns HTTP 302 on suc…
CWE: CWE-209, CWE-327
GitHub-GHSA
MEDIUM
LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading
GHSA-fjqc-hq36-qh5p
pkg: langgraph-checkpoint
eco: pip
published: Jun 25, 2026
## Summary
LangGraph's `JsonPlusSerializer` can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the application expects, which could in…
CVE-2026-48775
GitHub-GHSA
MEDIUM
Gogs's password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES
GHSA-5c3f-6486-3g7g
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary
Password-reset tokens are generated using `conf.Auth.ActivateCodeLives` (the account-activation lifetime), not `conf.Auth.ResetPasswordCodeLives`. The token lifetime is baked into the token itself at generation time and is re-extracted from the token at verification time, making `RESET_P…
CVE-2026-52809
NVD
MEDIUM
CVE-2026-56109
The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_d…
CWE: CWE-415
GitHub-GHSA
MEDIUM
pnpm: Reserved bin name deletes PNPM_HOME during global remove
GHSA-4gxm-v5v7-fqc4
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
<details>
<summary>Maintainer Action Plan</summary>
## Maintainer Action Plan
This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.
– Advisory: `CA…
CVE-2026-55699
GitHub-GHSA
MEDIUM
pnpm: Repository config can expand victim environment secrets into registry requests before scripts run
GHSA-3qhv-2rgh-x77r
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
<!– maintainer-action:start –>
## Maintainer Action Plan
This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.
– Advisory: `CAND-PNPM-122` / `GHSA…
CVE-2026-55180
GitHub-GHSA
MEDIUM
Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS
GHSA-jg62-j5h6-8mpq
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
## 1. Description
The Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents:
– `POST /api/v1/terminal` → `createTerminal()` (terminal.go:27-67)
– `POST /api/v1/file` → `createFM()` (fm.go:28-67)
Both call `rpc.NezhaHandlerSingleton.CreateStream(str…
CVE-2026-53522
GitHub-GHSA
MEDIUM
Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing
GHSA-x6fg-52vr-hj4w
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
### Summary
An authenticated non-admin user who owns any server can create or update a NAT profile whose `domain` is equal to the dashboard's own HTTP Host (for example, `dashboard.example:8008`). The dashboard's top-level HTTP/gRPC multiplexer checks `NATShared.GetNATConfigByDomain(r.Host)` before …
CVE-2026-53520
NVD
MEDIUM
CVE-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.
This can lead to confidentiality impact or bypass of the intended security boundary under affec…
CWE: CWE-176
NVD
MEDIUM
CVE-2026-55962
TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, bu…
CWE: CWE-287
GitHub-GHSA
MEDIUM
golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS
GHSA-qpw4-5×99-6vjp
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for gar…
CVE-2026-39827
NVD
MEDIUM
CVE-2026-54092
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testin…
CWE: CWE-400, CWE-1284
GitHub-GHSA
MEDIUM
FileBrowser: Missing Rate Limiting on Authentication Endpoint Enables Brute Force Attacks
GHSA-r4v7-6wcg-ghj5
pkg: github.com/gtsteffaniak/filebrowser
eco: go
published: Jun 25, 2026
### Summary
The `/api/auth/login` endpoint does not implement rate limiting, account lockout, or progressive backoff for repeated authentication failures. As a result, an attacker can perform unlimited login attempts against the endpoint. When combined with the username enumeration timing vulnerabil…
NVD
MEDIUM
CVE-2026-6091
Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibili…
CWE: CWE-295
NVD
MEDIUM
CVE-2026-9153
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.
CWE: CWE-22, CWE-200, CWE-22
NVD
MEDIUM
CVE-2026-13022
Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
GitHub-GHSA
MEDIUM
jackson-databind has a @JsonView bypass for unwrapped creator parameters
GHSA-rcqc-6cw3-h962
pkg: com.fasterxml.jackson.core:jackson-databind, tools.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
`UnwrappedPropertyHandler.processUnwrappedCreatorProperties()` replays buffered JSON into creator parameters but never consults `prop.visibleInView(activeView)`. The normal property-based creator path gates creator properties on the active view, but this unwrapped-creator replay path bypa…
CVE-2026-54518
NVD
MEDIUM
CVE-2026-54019
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as legacy/ephe…
CWE: CWE-862, CWE-943
NVD
MEDIUM
CVE-2026-49411
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address (for …
CWE: CWE-284
NVD
MEDIUM
CVE-2026-54235
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and pro…
CWE: CWE-1287
GitHub-GHSA
MEDIUM
zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
GHSA-qc2x-6f54-m6h9
pkg: zeroconf
eco: pip
published: Jun 22, 2026
### Impact
`_read_character_string` and `_read_string` in `src/zeroconf/_protocol/incoming.py` sliced `self.data[self.offset : self.offset + length]` and advanced `self.offset` by the declared `length` without checking it against `self._data_len`. Python's slice silently returns fewer bytes when th…
CVE-2026-48487
NVD
MEDIUM
CVE-2026-54911
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into diffe…
CWE: CWE-20
NVD
MEDIUM
CVE-2026-39904
Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate() function in models/attachment.go processes Office documents as ZIP…
CWE: CWE-770
GitHub-GHSA
MEDIUM
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
GHSA-g9fx-5r4h-pcw3
pkg: motioneye
eco: pip
published: Jun 22, 2026
### Summary
motionEye v0.43.1 (latest stable) is vulnerable to path traversal in the picture and movie API endpoints, like `/picture/{id}/preview/{filename}`. Neither the API handlers, nor the `mediafiles.py` functions like `get_media_preview()` check for `..` sequences in the filename parameter, e…
CVE-2026-31978
GitHub-GHSA
MEDIUM
OpenCTI May Bypass Introspection Restriction
GHSA-4mvw-j8r9-xcgc
pkg: pycti
eco: pip
published: Jun 22, 2026
### Summary
The regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query.
### Details
GraphQL Queries in OpenCTI can be validated using the `secureIntrospectionPlugin`.
### Impact
Bypassing t…
CVE-2024-37155
GitHub-GHSA
MEDIUM
Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context
GHSA-39g2-8×68-pmx8
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
## Summary
`PATCH /server/{id}` accepts and persists nonexistent `ddns_profiles` IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in th…
CVE-2026-53521
GitHub-GHSA
MEDIUM
pnpm: Git Fetch Argument Injection via Lockfile resolution.commit
GHSA-p4xf-rf54-rj3x
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary
pnpm passes the lockfile-controlled git `resolution.commit` value to `git fetch` without a `–` separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option suc…
CVE-2026-50014
GitHub-GHSA
MEDIUM
nono-py has proxy-only network fallback bypass on older Linux kernels
GHSA-72w7-mf9g-733p
pkg: nono-py
eco: pip
published: Jun 26, 2026
## Summary
On Linux kernels that do not support Landlock network rules, `nono_py.sandboxed_exec()` could run `CapabilitySet.proxy_only(proxy)` without supervising the seccomp-notify proxy-only fallback returned by the Rust core.
In that configuration, a sandboxed child process could remove `HTTP_P…
NVD
MEDIUM
CVE-2026-9620
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field() and loop() functions, which extract the raw src attribute value …
CWE: CWE-79
NVD
MEDIUM
CVE-2026-54306
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal v…
CWE: CWE-1321
NVD
MEDIUM
CVE-2026-55448
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a repo…
CWE: CWE-78
GitHub-GHSA
MEDIUM
golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions
GHSA-45gg-vh54-h5m9
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now…
CVE-2026-39828
GitHub-GHSA
MEDIUM
Lemur Privilege Escalation: Non-admin role members can rewrite role membership via PUT /api/1/roles/<id>
GHSA-x3vf-mgxj-7785
pkg: lemur
eco: pip
published: Jun 25, 2026
## Summary
The `PUT /api/1/roles/<id>` handler in `lemur/roles/views.py` gates only on `RoleMemberPermission(role_id).can()`, which is satisfied for any user who is already a member of the target role. The handler then passes `data["users"]` and `data["name"]` directly to `service.update()`, permi…
CVE-2026-55163
GitHub-GHSA
MEDIUM
Lemur: Crafted CRL/OCSP URLs in uploaded certificates lead to post-authentication SSRF
GHSA-54vg-pfh7-jq95
pkg: lemur
eco: pip
published: Jun 25, 2026
## Summary
When verifying an uploaded certificate, `lemur/certificates/verify.py` extracts the CRL Distribution Point URL and the OCSP responder URL directly from the certificate's extensions and issues outbound requests to those URLs without scheme restriction or destination allow-listing. An aut…
CVE-2026-55162
GitHub-GHSA
MEDIUM
Mise's local credential_command executes untrusted config
GHSA-29hf-rm4x-xxph
pkg: mise
eco: rust
published: Jun 23, 2026
### Summary
`mise` loads `github.credential_command` from local project config before any trust decision, then executes that value with `sh -c` when resolving a GitHub token. An attacker who can place a `.mise.toml` in a repository can execute arbitrary shell commands when the victim runs a GitHub-…
CVE-2026-55448
GitHub-GHSA
MEDIUM
Build breakout using malicious Containerfile and Git Smart HTTP server or GitHub release tar archive
GHSA-49p4-px3h-rq49
pkg: github.com/containers/buildah
eco: go
published: Jun 22, 2026
### Impact
When processing a build contexts or `add`/`copy` instructions, a malicious server serving a Git repository or a tar archive file can cause files outside of the build context directory to be included in the build context or copied into the build.
### Patches
Fixed in Buildah 1.44 and 1.…
CVE-2026-44517
GitHub-GHSA
MEDIUM
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image
GHSA-44cp-c3ww-9rv5
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 26, 2026
An crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder.
CVE-2026-53465
GitHub-GHSA
MEDIUM
opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent
GHSA-f2r5-5m7w-p5cx
pkg: go.opentelemetry.io/ebpf-profiler
eco: go
published: Jun 23, 2026
### Summary
An unprivileged process can easily trigger the `processPIDEvents` goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the `openat2` syscall forever and the profiler can no longer work properly, it is a denial of …
CVE-2026-48496
GitHub-GHSA
MEDIUM
Dosage Vulnerable to Stored Cross-Site Scripting (XSS) in HTML/RSS Output Handlers
GHSA-75mw-h36v-2jv7
pkg: dosage
eco: pip
published: Jun 26, 2026
## Summary
The HTML and RSS output handlers in `dosagelib/events.py` write user-controlled content (comic text and page URLs) directly into generated files without proper HTML escaping. When a user scrapes a malicious webcomic and opens the generated HTML/RSS file, attacker-controlled JavaScript ca…
GitHub-GHSA
MEDIUM
justhtml: to_markdown() code-span blank-line breakout enables XSS
GHSA-jf6w-2mvx-633j
pkg: justhtml
eco: pip
published: Jun 25, 2026
# justhtml: to_markdown() code-span blank-line breakout enables XSS
### Summary
In `justhtml` 0.9.0 through 1.21.0, `to_markdown()` renders `<code>` text (and `<pre>` text inside a link) as an inline Markdown code span whose only protection is backtick-fence length. A blank line (`\n\n`) in that t…
GitHub-GHSA
MEDIUM
OpenTofu: Provider cache installation follows root-module-controlled package directory symlink and writes outside the working tree
GHSA-wcmj-x466-56mm
pkg: github.com/opentofu/opentofu, github.com/opentofu/opentofu
eco: go
published: Jun 23, 2026
## Summary
If a symlink already exists under the `.terraform/providers` directory where a provider package needs to be installed, `tofu init` would follow that symlink and install the new package content into it.
If an attacker can coerce an operator into running `tofu init` in a directory whose c…
NVD
MEDIUM
CVE-2026-50019
yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file download s…
CWE: CWE-200
NVD
MEDIUM
CVE-2026-56697
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect use…
CWE: CWE-601
NVD
MEDIUM
CVE-2026-56326
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to redire…
CWE: CWE-601
NVD
MEDIUM
CVE-2026-44889
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit strips …
CWE: CWE-601
GitHub-GHSA
MEDIUM
GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion
GHSA-pjp5-fpmr-3349
pkg: github.com/github/github-mcp-server
eco: go
published: Jun 25, 2026
### Summary
When running in HTTP mode with –lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL q…
CVE-2026-48529
NVD
MEDIUM
CVE-2026-48090
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late AsyncClie…
CWE: CWE-416
GitHub-GHSA
MEDIUM
ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails
GHSA-px7q-ggqj-hcf2
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 26, 2026
When an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash.
CVE-2026-53462
GitHub-GHSA
MEDIUM
ImageMagick has a Heap Buffer Over-Write in MAT decoder on 32-bit systems
GHSA-4v89-6mgq-6rgc
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
A missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems.
CVE-2026-48994
NVD
MEDIUM
CVE-2026-54323
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header…
CWE: CWE-295
NVD
MEDIUM
CVE-2026-55568
Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPT_PROXYUSERPWD…
CWE: CWE-311, CWE-319, CWE-636
NVD
MEDIUM
CVE-2026-54286
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash (%5C) in the request path decodes to \, which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as admin\…
CWE: CWE-22
NVD
MEDIUM
CVE-2026-54250
K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to arbitr…
CWE: CWE-22
NVD
MEDIUM
CVE-2026-53944
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in 6.21.1…
CWE: CWE-184, CWE-918
NVD
MEDIUM
CVE-2026-13543
A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to launc…
CWE: CWE-287
NVD
MEDIUM
CVE-2026-13524
A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The a…
CWE: CWE-266, CWE-285
GitHub-GHSA
MEDIUM
turso-cli persists Turso platform JWT with world-readable (0o644) file permissions
GHSA-57f6-pvx8-hwj6
pkg: github.com/tursodatabase/turso-cli
eco: go
published: Jun 26, 2026
### Summary
`turso-cli` persists the user's Turso platform JWT to `settings.json` using Viper's default `configPermissions` of `0o644`, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, whi…
CVE-2026-48790
NVD
MEDIUM
CVE-2026-54557
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink p…
CWE: CWE-22
GitHub-GHSA
MEDIUM
ImageMagick: Policy Bypass can read disallowed files via symlink
GHSA-xcjm-wqff-m669
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink.
CVE-2026-49219
GitHub-GHSA
MEDIUM
ImageMagick Vulnerable to Stack Overflow in its MVG Decoder
GHSA-h36c-3666-h489
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
A crafted MVG file could result in a stack overflow due to a missing depth or visited-set check.
CVE-2026-48734
GitHub-GHSA
MEDIUM
ImageMagick has a Heap Buffer Underwrite in the Floyd-Steinberg depth dithering method
GHSA-2hhq-c99x-492r
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
When using an image with mask the Floyd-Steinberg dithering method will cause a negative heap buffer over-write.
CVE-2026-48724
GitHub-GHSA
MEDIUM
nextflow auth login command has incorrect default permissions
GHSA-92qf-fcph-v5wr
pkg: io.nextflow:nextflow, io.nextflow:nextflow
eco: maven
published: Jun 25, 2026
### Impact
`nextflow auth login` persists Seqera Platform OIDC tokens to `${NXF_HOME:-~/.nextflow}/seqera-auth.config`. The file is created via Java NIO without specifying file permissions, so under the default `umask 022` it lands at mode `0644` (world-readable).
On a multi-user POSIX host — ty…
CVE-2026-48722
NVD
MEDIUM
CVE-2026-12163
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration field…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-11819
Module: plugins/modules/keyring_info.py
CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it directly into result["passphrase"] with no output sup…
CWE: CWE-532
NVD
MEDIUM
CVE-2026-49406
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode (nodeModulesDir: "manual"), the module resolver did not validate that a package's resolved entrypoint stayed within its node_modules/<pkg>/ directory. A malicious package.json whose main field…
CWE: CWE-22
GitHub-GHSA
MEDIUM
mise HTTP backend uses raw version path for install symlink destination
GHSA-f94h-j2qg-fxw3
pkg: mise
eco: rust
published: Jun 23, 2026
## Summary
The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an abs…
CVE-2026-54557
NVD
MEDIUM
CVE-2026-56301
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit th…
CWE: CWE-276
GitHub-GHSA
MEDIUM
motionEye's World-Readable Configuration File Exposes Admin Password Hash
GHSA-rhgp-6wq6-9j67
pkg: motioneye
eco: pip
published: Jun 22, 2026
# Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye
## Summary
motionEye v0.43.1 and prior versions create the configuration file `/etc/motioneye/motion.conf` with `644` permissions (`-rw-r–r–`), making it readable by any local user on the system. This…
CVE-2026-32315
NVD
MEDIUM
CVE-2026-53655
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides) to the next header entry of any type, including intermediary metadata headers such as a GNU long-name (L) or long-link (K) entry. Per POSIX pax, a PAX e…
CWE: CWE-436
NVD
MEDIUM
CVE-2026-29509
Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Python before 3.12, where the is_within_directory() helper uses os.path.commonprefix() for character-level string comparison instead of path-level comparison,…
CWE: CWE-22
GitHub-GHSA
MEDIUM
@sigstore/core has DSSE payloadType type-binding failure
GHSA-jfc7-64v2-mr8c
pkg: @sigstore/core
eco: npm
published: Jun 26, 2026
### Impact
The `preAuthEncoding` function in `@sigstore/core` uses Node.js `'ascii'` encoding when converting the PAE (Pre-Authentication Encoding) string to bytes. This allows `payloadType` to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE…
CVE-2026-48758
NVD
MEDIUM
CVE-2026-56823
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /api/integrations/webhooks/{webhook_id}/ping` endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the aut…
CWE: CWE-284, CWE-639
NVD
MEDIUM
CVE-2026-56358
n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can inje…
CWE: CWE-79
NVD
MEDIUM
CVE-2026-45692
Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different config…
CWE: CWE-187, CWE-863
NVD
MEDIUM
CVE-2026-54301
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content…
CWE: CWE-79
GitHub-GHSA
MEDIUM
Gogs has an Open Redirect via redirect_to
GHSA-xxhq-69mf-w8cr
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
### Summary
An open redirect vulnerability exists in Gogs where attacker-controlled `redirect_to` parameters can bypass validation, allowing redirection to arbitrary external sites.
### Details
All redirects in Gogs that are validated via the `IsSameSite` function are vulnerable:
“`go
func IsSame…
CVE-2026-52802
NVD
MEDIUM
CVE-2026-54303
n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user vis…
CWE: CWE-79
GitHub-GHSA
MEDIUM
devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs
GHSA-hvqh-jw65-wcpq
pkg: devbridge-autocomplete
eco: npm
published: Jun 22, 2026
### Summary
The default `formatGroup` and `formatResult` functions in `devbridge-autocomplete` concatenate values into HTML without escaping, allowing XSS when an attacker controls (or can taint) the suggestion data source.
### Details
**1. `formatGroup` — `category` is interpolated raw.**
`sr…
NVD
MEDIUM
CVE-2026-41479
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response_type and supplies an attacker-controlled redirect_uri. The …
CWE: CWE-601
GitHub-GHSA
MEDIUM
js-toml has silent type confusion via falsy-primitive duplicate-key bypass
GHSA-m34p-749j-x6m6
pkg: js-toml
eco: npm
published: Jun 26, 2026
### Summary
`js-toml`'s interpreter checks whether a key already exists in a parser-built container with `if (object[key])` instead of `if (key in object)`. When the prior value is a falsy primitive — `false`, `0`, `0n`, `0.0`, `-0`, or `""` — the duplicate-key branch is skipped and the value i…
CVE-2026-50029
GitHub-GHSA
MEDIUM
YARD static cache reads raw traversal paths before router sanitization
GHSA-pxcc-8665-phx8
pkg: yard
eco: rubygems
published: Jun 26, 2026
### Summary
YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as `/../yard-cache-secret.html` is joined against that root and can return a readable sibling `.html` file outside the intended s…
CVE-2026-49342
GitHub-GHSA
MEDIUM
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization
GHSA-wphv-vfrh-23q5
pkg: joserfc
eco: pip
published: Jun 26, 2026
# RFC7797 b64=false JWS payloads bypass JWSRegistry payload-size limits during deserialization
## Summary
Testing revealed that `joserfc` accepts oversized RFC7797 `b64=false` JWS payloads without applying `JWSRegistry.max_payload_length`.
The normal JWS compact and flattened JSON paths reject pa…
CVE-2026-48990
GitHub-GHSA
MEDIUM
fluent-plugin-opentelemetry Has Denial of Service (DoS) via Large Payloads and Decompression Bombs in `in_opentelemetry`
GHSA-2jc5-xhx8-qj6h
pkg: fluent-plugin-opentelemetry
eco: rubygems
published: Jun 26, 2026
The `fluent-plugin-opentelemetry` plugin (specifically the `in_opentelemetry` HTTP input) lacked strict size limits on incoming requests.
It was discovered that the plugin read the entire request body and decompressed payloads into memory without enforcing maximum size thresholds.
If the OpenTeleme…
CVE-2026-44163
GitHub-GHSA
MEDIUM
golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow
GHSA-78mq-xcr3-xm33
pkg: golang.org/x/crypto/ssh
eco: go
published: Jun 25, 2026
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.
CVE-2026-39835
GitHub-GHSA
MEDIUM
golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic
GHSA-9m57-25v3-79×9
pkg: golang.org/x/crypto/ssh/agent
eco: go
published: Jun 25, 2026
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.
CVE-2026-46598
NVD
MEDIUM
CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs (WOLFSSL_TEMP_CA) added while building a certificate path were previously exemp…
CWE: CWE-295
GitHub-GHSA
MEDIUM
opentelemetry_sdk has unbounded memory allocation in W3C Baggage propagation
GHSA-w9wp-h8wv-79jx
pkg: opentelemetry_sdk
eco: rust
published: Jun 25, 2026
## Summary
`BaggagePropagator::extract_with_context` in `opentelemetry_sdk` did not enforce the W3C Baggage size limits before parsing an inbound `baggage` header. A large attacker-controlled header could cause unnecessary CPU work and short-lived heap allocations while parsing entries that would l…
CVE-2026-48504
NVD
MEDIUM
CVE-2026-57437
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could…
CWE: CWE-416
NVD
MEDIUM
CVE-2026-13030
Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
NVD
MEDIUM
CVE-2026-13023
Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-457
GitHub-GHSA
MEDIUM
jackson-databind has @JsonView bypass for setterless creator properties
GHSA-5hh8-q8hv-fr38
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, tools.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
In `BeanDeserializer._deserializeUsingPropertyBased`, the active-view (`@JsonView`) filter was applied only to creator properties; the regular property-buffering branch performed no `prop.visibleInView(activeView)` check. A change making `SetterlessProperty.isMerging()` return `true` rout…
CVE-2026-54517
GitHub-GHSA
MEDIUM
jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields
GHSA-9fxm-vc8v-hj55
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, tools.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
`POJOPropertiesCollector._renameProperties()` allows a property with `@JsonProperty("renamed")` on the getter and `@JsonIgnore` on the setter to be renamed rather than dropped. With `MapperFeature.INFER_PROPERTY_MUTATORS` enabled (default), the private backing field is retained; during de…
CVE-2026-54516
GitHub-GHSA
MEDIUM
jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties
GHSA-5jmj-h7xm-6q6v
pkg: com.fasterxml.jackson.core:jackson-databind, tools.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
In `BeanDeserializerBase.createContextual()`, per-property `@JsonIgnoreProperties` exclusions are applied by `_handleByNameInclusion()`, producing a `contextual` deserializer whose `BeanPropertyMap` has the ignored properties removed. The subsequent per-property case-insensitivity block (…
CVE-2026-54515
GitHub-GHSA
MEDIUM
jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)
GHSA-hgj6-7826-r7m5
pkg: com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
## Summary
`JDKFromStringDeserializer` constructed `InetSocketAddress` with `new InetSocketAddress(host, port)`, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an `InetSocketAddress` field issues a…
CVE-2026-54514
GitHub-GHSA
MEDIUM
motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution
GHSA-j67x-q29f-qcvv
pkg: motioneye
eco: pip
published: Jun 23, 2026
## Summary
The `ActionHandler.post()` method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts (PTZ controls, alarm triggers, etc.).
## Vulnerability Details
**File…
CVE-2026-55863
NVD
MEDIUM
CVE-2026-56762
Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters (e.g. \r or \n) when an application passes a user-controlled cookie name. This can produce malformed Set-Cooki…
CWE: CWE-20
GitHub-GHSA
MEDIUM
Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
GHSA-w856-8p3r-p338
pkg: glances
eco: pip
published: Jun 22, 2026
### Summary
The Glances XML-RPC server (`glances -s`, implemented in `glances/server.py`) does not validate the HTTP `Host` header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 (patched in 4.5.2) added `TrustedHostMiddleware` to the REST/WebUI server; the MCP server has had equiv…
CVE-2026-46611
NVD
MEDIUM
CVE-2026-54300
@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro's canonical matcher. A si…
CWE: CWE-918
NVD
MEDIUM
CVE-2026-53550
js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing (<<) by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can blo…
CWE: CWE-407
GitHub-GHSA
MEDIUM
nono-py's policy JSON accepts unknown security fields
GHSA-m8j6-rc5x-wv36
pkg: nono-py
eco: pip
published: Jun 26, 2026
### Summary
nono-py policy handling could fail open in two ways. First, resolving a policy-derived `ProxyConfig` did not automatically enforce `CapabilitySet.proxy_only`, allowing sandboxed children to bypass a resolved domain allowlist by using direct network access. Second, policy JSON accepted u…
GitHub-GHSA
MEDIUM
nono-py vulnerable to authorization bypass / policy confusion
GHSA-9j7f-3r4p-pwh6
pkg: nono-py
eco: pip
published: Jun 26, 2026
The python API made a restrictive-looking configuration unsafe by default. A caller could configure only reverse-
proxy credential routes, put the child in CapabilitySet.proxy_only, and reasonably expect network access to be limited
to those routes. Instead, because empty allowed_hosts meant allow-a…
NVD
MEDIUM
CVE-2026-49983
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with –deny-env, or restrict it to a specific allowlist with –allow-env=FOO,BAR. The expectation is that a program running without env permission cannot chan…
CWE: CWE-863
NVD
MEDIUM
CVE-2026-58057
Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom…
CWE: CWE-178
NVD
MEDIUM
CVE-2026-48770
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYDATA_FULL_CMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded NUL-termi…
CWE: CWE-125
GitHub-GHSA
MEDIUM
Pterodactyl Wings: Chmod operation can be used to change permissions of files outside of the server container
GHSA-rhq6-9rgh-v45c
pkg: github.com/pterodactyl/wings
eco: go
published: Jun 26, 2026
In `wings/internal/ufs/fs_unix.go` (line 92-94), this function is defined and is used to change permissions of files in the server:
“`go
func (fs *UnixFS) fchmodat(op string, dirfd int, name string, mode FileMode) error {
return ensurePathError(unix.Fchmodat(dirfd, name, uint32(mode), 0), op, n…
NVD
MEDIUM
CVE-2026-45407
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user who …
CWE: CWE-522
NVD
MEDIUM
CVE-2026-55655
A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can c…
CWE: CWE-923
GitHub-GHSA
MEDIUM
Lemur user-update path stores plaintext passwords
GHSA-q437-g7fv-2jvv
pkg: lemur
eco: pip
published: Jun 25, 2026
## Summary
`lemur.users.service.update()` writes a user's new password as plaintext to the `users.password` column. The `User` model wires bcrypt hashing to SQLAlchemy's `before_insert` event but registers no equivalent listener for `before_update`, and `service.update()` does not call `user.hash_p…
CVE-2026-55164
NVD
MEDIUM
CVE-2025-64719
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusabl…
CWE: CWE-20
GitHub-GHSA
MEDIUM
Gogs has a Denial of Service in repository/wiki file listing web pages
GHSA-3qq3-668m-v9mj
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
### Summary
A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki.
### Details
The issue …
CVE-2025-64719
GitHub-GHSA
MEDIUM
Apptainer has incorrect path matching for 'limit container paths' directive
GHSA-cr2j-534f-mf3g
pkg: github.com/apptainer/apptainer
eco: go
published: Jun 26, 2026
### Impact
The `limit container paths directive` in `apptainer.conf` is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed.
For e…
CVE-2026-48785
GitHub-GHSA
MEDIUM
Lemur: JWT verifier honors attacker-supplied alg, enabling ATO
GHSA-r9gp-7f88-9r54
pkg: lemur
eco: pip
published: Jun 25, 2026
<!– obsidian –><h1 data-heading="Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap; chain-dependent ATO with secret disclosure">Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap; chain-dependent ATO wit…
CVE-2026-55165
NVD
MEDIUM
CVE-2026-57289
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to captu…
CWE: CWE-295
GitHub-GHSA
MEDIUM
ImageMagick has an Infinite Loop in subimage-search with crafted image
GHSA-5v62-8fq6-cp9m
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 25, 2026
An infinite loop in the subimage-search operation can happen when using a crafted image.
CVE-2026-48733
NVD
MEDIUM
CVE-2026-13034
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-346
GitHub-GHSA
MEDIUM
Flask-Security has an Open Redirect issue
GHSA-w2j7-f3c6-g8cw
pkg: Flask-Security
eco: pip
published: Jun 23, 2026
# Open Redirect in Flask-Security
## Summary
`flask_security.utils.validate_redirect_url()` can allow an attacker-controlled redirect URL when subdomain redirects are enabled.
The bypass uses a backslash inside the URL authority/host:
“`text
http://evil.com\.whitelist.com
http://evil.com%5C.whi…
NVD
MEDIUM
CVE-2026-56269
Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key …
CWE: CWE-798
GitHub-GHSA
MEDIUM
@actual-app/cli `–format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper
GHSA-7gh7-258j-4mpq
pkg: @actual-app/cli
eco: npm
published: Jun 22, 2026
## Summary
`@actual-app/cli` ships a hand-rolled CSV serializer in `packages/cli/src/output.ts` (used whenever the global `–format csv` option is passed) whose `escapeCsv` helper only handles RFC 4180 delimiter/quote/newline escaping. It does **not** neutralize the standard CSV formula-injection p…
CVE-2026-46672
GitHub-GHSA
MEDIUM
Fleet DM Vulnerable to Cross-Team Policy Data Exposure via Global Policy Read Endpoint
GHSA-gm7f-v959-fr2g
pkg: github.com/fleetdm/fleet/v4
eco: go
published: Jun 26, 2026
## Summary
The global policy read endpoint (`GET /api/latest/fleet/policies/{policy_id}`) performs authorization against an empty `fleet.Policy{}` struct with nil TeamID, then fetches any policy by ID from the database without verifying the fetched policy actually belongs to the global scope. This …
CVE-2026-41262
GitHub-GHSA
MEDIUM
ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments
GHSA-p9rq-q46c-g4x6
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 26, 2026
When passing incorrect arguments in the distort operation a null pointer deference will occur.
CVE-2026-53463
NVD
MEDIUM
CVE-2026-48934
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
NVD
MEDIUM
CVE-2026-13021
Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-346
NVD
MEDIUM
CVE-2026-48789
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared pa…
CWE: CWE-22
GitHub-GHSA
MEDIUM
OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering
GHSA-prj9-97mp-mwh2
pkg: github.com/OliveTin/OliveTin
eco: go
published: Jun 24, 2026
### Description
The `filterToDefinedArgumentsOnly` function in the executor is intended to discard any arguments not explicitly defined in the action's configuration. However, a special case allows any argument whose name starts with `ot_` to bypass this filter. While two system arguments (`ot_exec…
CVE-2026-53541
NVD
MEDIUM
CVE-2026-46548
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins (Slack, Discord, Mattermost, Teams) because httpAgent / httpsAgent were passed as part of the request body rather tha…
CWE: CWE-918
NVD
MEDIUM
CVE-2026-55653
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX g…
CWE: CWE-415
GitHub-GHSA
MEDIUM
@actual-app/sync-server's missing authorization on GET /secret/:name allows non-admin OpenID users to enumerate admin-configured bank-sync secrets
GHSA-3f62-qv96-4p78
pkg: @actual-app/sync-server
eco: npm
published: Jun 22, 2026
## Summary
In `@actual-app/sync-server`, the `GET /secret/:name` endpoint (`app-secrets.js:53`) checks only that the caller has a valid session — it does not verify the caller is an admin. The sibling `POST /secret/` handler does enforce an admin check in OpenID mode, exposing an authorization as…
CVE-2026-46700
GitHub-GHSA
MEDIUM
LangGraph SDK has unsafe URL path construction
GHSA-w39p-vh2g-g8g5
pkg: langgraph-sdk
eco: pip
published: Jun 25, 2026
## Summary
`langgraph-sdk` constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to ad…
CVE-2026-48776
NVD
MEDIUM
CVE-2026-13024
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-20
NVD
MEDIUM
CVE-2026-52846
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as <<>img src=x onerror=alert()>, can bypass the tag-stripping logic, potentially leaving dang…
CWE: CWE-116
GitHub-GHSA
MEDIUM
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
GHSA-xqjm-27pc-rvwm
pkg: @actual-app/web
eco: npm
published: Jun 22, 2026
## Summary
`exportToCSV` and `exportQueryToCSV` in `packages/loot-core/src/server/transactions/export/export-to-csv.ts` pass user-controlled `Payee`, `Notes`, `Account`, and `Category` strings to `csv-stringify` with no `cast` callback and no formula-prefix neutralization. Strings that begin with `…
CVE-2026-50179
GitHub-GHSA
MEDIUM
ImageMagick: Memory Leak in wand option parser when providing invalid arguments
GHSA-j989-f892-2335
pkg: Magick.NET-Q16-AnyCPU, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-HDRI-OpenMP-arm64
eco: nuget
published: Jun 26, 2026
When providing invalid options to the wand option parser a small memory leak will occur.
CVE-2026-53464
NVD
MEDIUM
CVE-2026-56357
n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhook e…
CWE: CWE-290
GitHub-GHSA
MEDIUM
runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations
GHSA-xjvp-4fhw-gc47
pkg: github.com/opencontainers/runc, github.com/opencontainers/runc, github.com/opencontainers/runc
eco: go
published: Jun 22, 2026
### Impact
When setting up the container rootfs, `setupPtmx` and `setupDevSymlinks` call `os.Remove` and `os.Symlink` with a `filepath.Join` string which allow an image with `/dev` as a symlink to trick runc into deleting files called `ptmx` on the host or creating a hardcoded set of symlinks with s…
CVE-2026-41579
GitHub-GHSA
MEDIUM
Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API
GHSA-ww5p-j6cj-6mqq
pkg: github.com/nezhahq/nezha
eco: go
published: Jun 26, 2026
### Summary
The `GET /api/v1/ddns` and `GET /api/v1/notification` endpoints return full resource objects including plaintext third-party API credentials — Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram webhook URLs with embedded bot tokens, and Authorization header values …
GitHub-GHSA
MEDIUM
pnpm binds unscoped user-level npm auth credentials to a repository-selected registry
GHSA-cjhr-43r9-cfmw
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
## Summary
pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local `.npmrc` file.
In the reproduced case, the user's npm config contains a default registry and an unscoped `_authToken`. The repository does not provide a token-bearing auth line. I…
CVE-2026-50017
GitHub-GHSA
MEDIUM
@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter
GHSA-396q-4vc8-28×9
pkg: @microsoft/kiota-http-fetchlibrary
eco: npm
published: Jun 26, 2026
### Summary
`@microsoft/kiota-http-fetchlibrary`'s `RedirectHandler` is documented as stripping `Authorization` and `Cookie` from cross-origin redirect targets, but the default `scrubSensitiveHeaders` callback in `RedirectHandlerOptions` uses case-sensitive property deletion (`delete headers.Author…
CVE-2026-49336
GitHub-GHSA
MEDIUM
pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile
GHSA-hg3w-7f8c-63hp
pkg: pnpm, pnpm
eco: npm
published: Jun 26, 2026
### Summary
A malicious `codeload.github.com` server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile.
### Details
The lockfile does not store the hash of the dependencies from https://codeload.github.com
This means that if this server was compromised or a …
CVE-2026-48995
GitHub-GHSA
MEDIUM
Cargo crates in third party registries can override the cached source of other crates
GHSA-jq42-7mfv-hm57
pkg: cargo
eco: rust
published: Jun 26, 2026
The Rust Security Response Team was notified that Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry.
This vulnerability is tracked as CVE-2026-5223. The s…
CVE-2026-5223
GitHub-GHSA
MEDIUM
Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)
GHSA-6q7j-xr26-3h2c
pkg: Scriban
eco: nuget
published: Jun 26, 2026
### Summary
The `ExpressionDepthLimit` parser guard in Scriban does not actually stop parsing — it only logs a non-fatal error and lets recursive descent continue. As a result, a template containing a deeply nested expression (parentheses, array initializers, object initializers, or unary operato…
GitHub-GHSA
MEDIUM
Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx
GHSA-q6rr-fm2g-g5x8
pkg: Scriban
eco: nuget
published: Jun 26, 2026
### Summary
The array multiplication operator (`array * integer`) in Scriban allocates a result whose size is the product of the attacker-controlled integer and the array length, with **no `LoopLimit` / `LimitToString` check and no overflow-safe arithmetic**. A ~40-byte template forces a multi-giga…
GitHub-GHSA
MEDIUM
@cyclonedx/cdxgen: Maven project scanning may allow shell command injection through repository-controlled module paths
GHSA-5vwr-qchf-q4pf
pkg: @cyclonedx/cdxgen
eco: npm
published: Jun 26, 2026
## Summary
A command injection vulnerability existed in the Maven scanning flow of cdxgen before version 12.4.3.
When cdxgen scanned an attacker-controlled Maven project, repository-controlled paths could be used in the Maven command construction. In affected versions, some Maven invocations were …
GitHub-GHSA
MEDIUM
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
GHSA-qhmf-xw27-6rqr
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
MessagePack-CSharp's typeless deserialization includes `MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed(Type)` as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generi…
CVE-2026-48517
GitHub-GHSA
MEDIUM
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings
GHSA-q2h6-ghwm-5qm8
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
`InterfaceLookupFormatter<TKey,TElement>` constructs an internal `Dictionary<TKey, IGrouping<TKey,TElement>>` with the default equality comparer instead of the security-aware comparer supplied by `options.Security.GetEqualityComparer<TKey>()`.
Other hash-based collection formatters use …
CVE-2026-48516
GitHub-GHSA
MEDIUM
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
GHSA-cxmj-83gh-fp49
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate `T[,]`, `T[,,]`, or `T[,,,]` before validating that the dimension product matches the encoded element count.
The formatter reads a guarded element array header, but allo…
CVE-2026-48515
GitHub-GHSA
MEDIUM
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length
GHSA-w567-gjr2-hm5j
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
`UnsafeBlitFormatterBase<T>.Deserialize` reads an attacker-controlled `byteLength` from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining payload bytes.
The outer extension header is bounded by available…
CVE-2026-48514
GitHub-GHSA
MEDIUM
MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement
GHSA-wfr3-xj75-pfwh
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
Runtime-generated union deserializers emitted by `DynamicUnionResolver` do not call `MessagePackSecurity.DepthStep(ref reader)` and do not decrement `reader.Depth` around recursive deserialization and skip paths.
This means union deserialization does not consistently participate in the …
CVE-2026-48513
GitHub-GHSA
MEDIUM
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement
GHSA-cj9g-3mj2-g8vv
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack deserialization.
Three related issues are covered by this advisory:
1. `Me…
CVE-2026-48512
GitHub-GHSA
MEDIUM
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies
GHSA-2f33-pr97-265q
pkg: MessagePack, MessagePack
eco: nuget
published: Jun 25, 2026
## Summary
The parameterless `MessagePackInputFormatter()` constructor uses default serializer options, which resolve to `MessagePackSerializerOptions.Standard` with `MessagePackSecurity.TrustedData`. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust …
CVE-2026-48509
GitHub-GHSA
MEDIUM
chi Has an IP Spoofing Vulnerability in `middleware.RealIP`
GHSA-3fxj-6jh8-hvhx
pkg: github.com/go-chi/chi/v5/middleware
eco: go
published: Jun 25, 2026
## Summary
The `RealIP` middleware in `go-chi/chi` is vulnerable to IP spoofing because it blindly trusts the first (leftmost) element of the `X-Forwarded-For` HTTP header. This allows a remote attacker to bypass IP-based access control lists (ACLs) and rate-limiting mechanisms by providing a spoofe…
GitHub-GHSA
MEDIUM
@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write
GHSA-4vp2-6q8c-pvq2
pkg: @anthropic-ai/claude-code
eco: npm
published: Jun 25, 2026
The Claude Code `/copy` command wrote responses to a hardcoded, predictable path (`/tmp/claude/response.md`) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user…
CVE-2026-46406
GitHub-GHSA
MEDIUM
OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation
GHSA-r6fj-869h-4f6q
pkg: io.netty.incubator:netty-incubator-codec-ohttp
eco: maven
published: Jun 23, 2026
The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversary (the OHTTP relay itself, or any MITM on the relay↔gateway or relay↔client transport) can forward a …
CVE-2026-48480
GitHub-GHSA
MEDIUM
jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()
GHSA-3wrr-7qpf-2prh
pkg: com.fasterxml.jackson.core:jackson-databind
eco: maven
published: Jun 23, 2026
### Impact
Potential Denial-of-Service when attacker sends deeply nested JSON if (and only if) service:
1. Reads deeply nested (1000s of levels) JSON as `JsonNode` (ObjectMapper.readTree())
2. Writes out same (or modifided) node using `JsonNode.toString()`
which can consume significant amount of …
CVE-2026-50193
GitHub-GHSA
MEDIUM
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
GHSA-3w28-36p9-w929
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary
The Jupyter Notebook (ipynb) sanitizer endpoint at `POST /-/api/sanitize_ipynb` allows arbitrary `data:` URIs without proper restrictions, potentially leading to Cross-Site Scripting (XSS). The endpoint uses `bluemonday.UGCPolicy()` with `p.AllowURLSchemes("data")` which permits all data…
CVE-2026-52816
GitHub-GHSA
MEDIUM
OctoPrint has XSS in its Suppressed Command Notifications
GHSA-p6qx-ghxm-389h
pkg: OctoPrint, OctoPrint
eco: pip
published: Jun 23, 2026
### Impact
OctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer.
An attacker who successfully convinces a victim to…
CVE-2026-35163
GitHub-GHSA
MEDIUM
Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API
GHSA-744x-3838-5r56
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary
Gogs has an unauthenticated information disclosure vulnerability. The `GET /api/v1/orgs/:orgname/teams` endpoint at `internal/route/api/v1/org_team.go:8` returns all teams for any organization without requiring authentication. The route group at `internal/route/api/v1/api.go:380-385` lac…
CVE-2026-52815
GitHub-GHSA
MEDIUM
Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
GHSA-xp79-5mx3-jx52
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service (DoS) attack. The application accepts inbound TCP connections and passes them to `golang.org/x/crypto/ssh.NewServerConn` inside a new goroutine without enforcing any read/write deadlines on the underlyi…
CVE-2026-52814
GitHub-GHSA
MEDIUM
Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation
GHSA-4565-r4x7-hg8j
pkg: gogs.io/gogs
eco: go
published: Jun 23, 2026
## Summary
A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the `ChangeCollaborationAccessMode` function.
## Vulnerable Code
In `internal/database/repo_collaboration.go`, line 129:
“`go
func (r *Repository) ChangeCollaborat…
CVE-2026-52804
GitHub-GHSA
MEDIUM
nebula-mesh's stores enrollment tokens unhashed in SQLite
GHSA-ghmh-jhmj-wcmf
pkg: github.com/juev/nebula-mesh
eco: go
published: Jun 22, 2026
`internal/store/sqlite.go:1177,1192,1221,1245` — the `enrollment_tokens.token` column holds the raw UUID token. `ConsumeToken` does `WHERE token = ?` against the raw string. Compare with `operator_api_keys.key_hash`, which is SHA-256 hex (constructed in `internal/api/middleware.go:51-53`).
## Aff…
GitHub-GHSA
MEDIUM
Gogs has SSRF in webhook deliveries
GHSA-c4v7-xg93-qf8g
pkg: gogs.io/gogs
eco: go
published: Jun 22, 2026
### Summary
The fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs.
This was already communicated in the initial report but it looks like the…
CVE-2026-47267
GitHub-GHSA
MEDIUM
OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice`
GHSA-c556-q2mh-477v
pkg: org.openidentityplatform.openam:openam-core
eco: maven
published: Jun 22, 2026
OpenAM (Open Identity Platform) is an open-source Identity and Access Management (IAM) platform derived from ForgeRock OpenAM, providing SSO, OAuth2, SAML, and OpenID Connect capabilities. It is widely deployed in enterprise environments as a central authentication gateway.
The `/sessionservice` en…
CVE-2026-44202