CVE	stack	sev	product (hint)	summary
CVE-2026-2930	linux	MEDIUM (6.3)	tenda:a18_firmware, tenda:a18	A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary …
CVE-2026-2970	linux	MEDIUM (4.6)	datapizza:datapizza-ai	A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads …
CVE-2026-2974	linux	LOW (2.5)	—	A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file shared_prefs/aliasvault.xml of the component Backup Handler. The manipulation of the argum…
CVE-2026-2975	python	MEDIUM (5.3)	fastapiadmin:fastapi-admin	A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. T…
CVE-2026-2976	python	MEDIUM (4.3)	fastapiadmin:fastapi-admin	A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. …
CVE-2026-2977	python	MEDIUM (6.3)	fastapiadmin:fastapi-admin	A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Su…
CVE-2026-2978	python	MEDIUM (6.3)	fastapiadmin:fastapi-admin	A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task …
CVE-2026-23552	linux	CRITICAL (9.1)	apache:camel	Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss (issuer) claim of JWT tokens against the configured realm…
CVE-2026-25747	linux	HIGH (8.8)	apache:camel	Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInput…
CVE-2026-2979	python	MEDIUM (6.3)	fastapiadmin:fastapi-admin	A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Scheduled Task API. Execu…
CVE-2025-70058	python	HIGH (7.4)	ymfe:yapi	An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent confi…
CVE-2026-27513	python	MEDIUM (4.3)	tenda:f3_firmware, tenda:f3	Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, …
CVE-2025-67733	linux	HIGH (8.5)	lfprojects:valkey	Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, po…
CVE-2026-21863	linux	HIGH (7.5)	lfprojects:valkey	Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an out bound read, whic…
CVE-2026-27623	linux	HIGH (7.5)	lfprojects:valkey	Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing …
CVE-2026-23693	python	CRITICAL (10)	—	ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe wit…
CVE-2026-23694	python	UNKNOWN	—	Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handlers for ahsc_reset_opt…
CVE-2025-69232	python	HIGH (7.5)	free5gc:go-upf, free5gc:smf	free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation…
CVE-2025-69247	go	HIGH (7.5)	free5gc:go-upf	free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of S…
CVE-2026-27741	python	MEDIUM (4.3)	bludit:bludit	Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request o…
CVE-2026-3061	linux	CRITICAL (9.1)	google:chrome, linux:linux_kernel, microsoft:windows	Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVE-2026-3062	linux	CRITICAL (9.8)	google:chrome, linux:linux_kernel, microsoft:windows	Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2026-3063	linux	MEDIUM (5.4)	google:chrome, linux:linux_kernel, microsoft:windows	Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (…
CVE-2026-3044	linux	HIGH (8.8)	tenda:ac8_firmware, tenda:ac8	A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to sta…
CVE-2026-21864	linux	MEDIUM (6.5)	lfprojects:valkey-bloom	Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted `RES…
CVE-2026-27729	python	MEDIUM (5.9)	astro:\@astrojs\/node	Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash t…
CVE-2025-13942	python	CRITICAL (9.8)	zyxel:wx5610-b0_firmware, zyxel:wx5610-b0, zyxel:lte3301-plus_firmware	A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by s…
CVE-2026-26198	python	CRITICAL (9.8)	collerek:ormar	Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into `sqlalchemy.text()` with…
CVE-2026-26331	python	HIGH (8.8)	yt-dlp_project:yt-dlp	yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) is used, an attacker …
CVE-2026-27128	python	MEDIUM (4.8)	craftcms:craft_cms	Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use (TOCTOU) race condition exists in Craft CMS’s token validation service for token…
CVE-2024-56373	linux	HIGH (8.4)	apache:airflow	DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to pote…
CVE-2025-27555	linux	MEDIUM (6.5)	apache:airflow	Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via…
CVE-2026-2664	linux	HIGH (7.8)	docker:desktop	An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by…
CVE-2025-14577	python	UNKNOWN	—	Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endp…
CVE-2026-23969	linux	MEDIUM (6.5)	apache:superset	Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engin…
CVE-2026-23980	linux	MEDIUM (6.5)	apache:superset	Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpressio…
CVE-2026-23982	linux	MEDIUM (6.5)	apache:superset	An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from query…
CVE-2026-23983	linux	MEDIUM (6.5)	apache:superset	A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve a list of objects ass…
CVE-2026-23984	linux	MEDIUM (6.5)	apache:superset	An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the …
CVE-2025-10010	linux	MEDIUM (6.8)	cpsd:cryptopro_secure_disk	The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted part…
CVE-2026-27732	python	HIGH (8.1)	wwbn:avideo	WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without proper validation o…
CVE-2025-69985	javascript	CRITICAL (9.8)	frangoteam:fuxa	FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer"…
CVE-2024-48928	linux	HIGH (7.5)	piwigo:piwigo	Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. However, RAND() only has 30 bits of …
CVE-2026-27585	linux	MEDIUM (6.5)	caddyserver:caddy	Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security prote…
CVE-2026-27586	linux	CRITICAL (9.1)	caddyserver:caddy	Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail open when…
CVE-2026-27587	linux	CRITICAL (9.1)	caddyserver:caddy	Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `path` request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequenc…
CVE-2026-27588	linux	CRITICAL (9.1)	caddyserver:caddy	Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `host` request matcher is documented as case-insensitive, but when configured with a large host list (>100 entries) i…
CVE-2026-27589	linux	MEDIUM (6.5)	caddyserver:caddy	Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API (default listen `127.0.0.1:2019`) exposes a state-changing `POST /load` endpoint that replaces the entir…
CVE-2026-27590	linux	CRITICAL (9.8)	caddyserver:caddy	Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte ind…
CVE-2026-27156	python	MEDIUM (6.1)	zauberzeug:nicegui	NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements (`Element.run_method()`, `AgGrid.run_grid_method()`, `EChart.run_chart_method()`, and othe…
CVE-2025-33179	linux	HIGH (8)	nvidia:cumulus_linux, nvidia:nvos, nvidia:dgx_gb200	NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of …
CVE-2025-33180	linux	HIGH (8)	nvidia:cumulus_linux, nvidia:nvos, nvidia:dgx_gb200	NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-33181	linux	HIGH (7.3)	nvidia:cumulus_linux, nvidia:nvos, nvidia:dgx_gb200	NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2026-27477	python	MEDIUM (5.9)	joinmastodon:mastodon	Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated att…
CVE-2026-25882	javascript	HIGH (7.5)	gofiber:fiber	Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 …
CVE-2026-25891	javascript	HIGH (7.5)	gofiber:fiber	Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file sy…
CVE-2026-25899	javascript	HIGH (7.5)	gofiber:fiber	Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the `fiber_flash` cookie can force an unbounded allocation on any server. A crafted 10-character cookie va…
CVE-2026-27609	python	MEDIUM (6.5)	parseplatform:parse_dashboard	Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can cra…
CVE-2026-27612	javascript	MEDIUM (6.1)	denpiligrim:repostat	Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the `RepoCard` component is vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability occurs because the comp…
CVE-2026-27628	python	HIGH (7.5)	pypdf_project:pypdf	pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pyp…
CVE-2026-27632	python	LOW (2.6)	talishar:talishar	Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery (CSRF) protections on critical state-changing endpoints,…
CVE-2026-27636	linux	HIGH (8.8)	freescout:freescout	FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htaccess` or `.user.ini` f…
CVE-2026-27640	linux	HIGH (7.5)	tfplan2md:tfplan2md	tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, …
CVE-2026-27641	python	CRITICAL (9.8)	jugmac00:flask-reuploaded	Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution …
CVE-2026-27747	python	MEDIUM (6.5)	spip:interface_traduction_objets	The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interface_traduction_objets_pipelines.php. When handling translation requests, the plugin reads …
CVE-2025-0976	linux	MEDIUM (4.7)	hitachi:configuration_manager, hitachi:ops_center_api_configuration_manager, linux:linux_kernel	Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi …
CVE-2026-27645	python	MEDIUM (6.1)	webtechnologies:changedetection	changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escapin…
CVE-2026-3165	linux	HIGH (8.8)	tenda:f453_firmware, tenda:f453	A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer o…
CVE-2026-3166	linux	HIGH (8.8)	tenda:f453_firmware, tenda:f453	A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer ov…
CVE-2026-3167	linux	HIGH (8.8)	tenda:f453_firmware, tenda:f453	A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webS…
CVE-2026-3168	linux	HIGH (8.8)	tenda:f453_firmware, tenda:f453	A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to …
CVE-2026-3169	linux	HIGH (8.8)	tenda:f453_firmware, tenda:f453	A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the argument page leads to b…
CVE-2026-2479	python	MEDIUM (5)	—	The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of `strpos()` for substring-based hostname validatio…
CVE-2026-3118	python	MEDIUM (6.5)	redhat:developer_hub	A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially …
CVE-2026-0704	linux	CRITICAL (9.1)	octopus:octopus_server, linux:linux_kernel, microsoft:windows	In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected …
CVE-2026-21725	linux	LOW (2.6)	grafana:grafana	A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacke…
CVE-2026-28193	python	HIGH (8.8)	jetbrains:youtrack	In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
CVE-2026-28194	javascript	MEDIUM (4.3)	jetbrains:teamcity	In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
CVE-2026-27699	javascript	CRITICAL (9.1)	patrickjuchli:basic-ftp	The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filename…
CVE-2026-20048	linux	HIGH (7.7)	—	A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition…
CVE-2026-20127	python	CRITICAL (10)	cisco:catalyst_sd-wan_manager, cisco:sd-wan_vsmart_controller	A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to by…
CVE-2026-20129	python	CRITICAL (9.8)	—	A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerabi…
CVE-2026-27706	python	HIGH (7.7)	plane:plane	Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated at…
CVE-2026-27739	python	UNKNOWN	—	The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Angular SSR request han…
CVE-2026-27794	linux	MEDIUM (6.6)	—	LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that …
CVE-2026-24005	linux	NONE	—	Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation d…
CVE-2026-1662	python	HIGH (7.5)	gitlab:gitlab	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by send…
CVE-2026-1725	python	MEDIUM (5.3)	gitlab:gitlab	GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted …
CVE-2026-27819	go	HIGH (7.2)	—	Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths …
CVE-2026-27494	python	UNKNOWN	—	n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox.…
CVE-2026-26186	linux	UNKNOWN	—	Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the `order_key` query parameter. Due to unsaf…
CVE-2026-27630	linux	HIGH (7.5)	ritlabs:tinyweb	TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service (DoS) attack known as Slowloris. The server spawns a new OS thread for every incomin…
CVE-2026-27633	linux	HIGH (7.5)	ritlabs:tinyweb	TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST…
CVE-2026-27804	javascript	UNKNOWN	—	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with …
CVE-2026-27808	python	MEDIUM (5.8)	axllent:mailpit	Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD re…
CVE-2026-27809	python	UNKNOWN	—	psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size)…
CVE-2026-27818	javascript	UNKNOWN	—	TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed …
CVE-2026-27829	python	MEDIUM (6.5)	—	Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized re…
CVE-2026-27884	linux	MEDIUM (5.3)	—	NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible …
CVE-2026-27888	python	HIGH (7.5)	pypdf_project:pypdf	pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a rea…
CVE-2026-27896	go	UNKNOWN	—	The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field ta…
CVE-2026-27887	linux	UNKNOWN	—	Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbo…
CVE-2026-27899	linux	HIGH (8.8)	—	WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT reques…
CVE-2026-27900	linux	MEDIUM (5)	—	The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is no…
CVE-2026-27903	javascript	HIGH (7.5)	minimatch_project:minimatch	minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recurs…
CVE-2026-27941	python	CRITICAL (9.9)	—	OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrust…
CVE-2026-27952	python	HIGH (8.8)	—	Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for…
CVE-2026-27959	javascript	HIGH (7.5)	koajs:koa	Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's `ctx.hostname` API performs naive parsing of the HTTP Host header, extracting everything before the first colon withou…
CVE-2026-27965	linux	UNKNOWN	—	Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest…
CVE-2026-27966	python	CRITICAL (9.8)	langflow:langflow	Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python …
CVE-2026-27969	linux	HIGH (8.8)	linuxfoundation:vitess	Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest…
CVE-2026-24004	python	UNKNOWN	—	Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may r…
CVE-2026-27975	linux	UNKNOWN	—	Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
CVE-2026-26077	python	MEDIUM (6.5)	—	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) in the `WebhooksController` accepted requ…
CVE-2026-26078	python	HIGH (7.5)	—	Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the `patreon_webhook_secret` site setting is blank, an attacker can forge valid webhook signatures by computing a…
CVE-2026-26932	linux	MEDIUM (5.7)	—	Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a G…
CVE-2026-27509	python	HIGH (8)	—	Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.…
CVE-2026-27510	python	CRITICAL (9.6)	—	Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of u…
CVE-2026-22207	python	CRITICAL (9.8)	—	OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Att…
CVE-2026-28208	linux	MEDIUM (5.9)	junrar_project:junrar	Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content a…
CVE-2026-28211	python	HIGH (7.8)	—	The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted l…
CVE-2026-28216	python	HIGH (8.3)	hoppscotch:hoppscotch	hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. `user-environments.resolver.ts:82-109`, `updateU…
CVE-2026-28217	python	MEDIUM (6.5)	hoppscotch:hoppscotch	hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and t…
CVE-2026-28279	go	HIGH (7.3)	jmpsec:osctrl	osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the `osctrl-admin` environment configuration. An authenticated administrator can inject arbitrary shell co…
CVE-2025-40932	linux	HIGH (8.2)	—	Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded…
CVE-2026-20792	python	HIGH (7.5)	—	The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misr…
CVE-2026-20895	python	HIGH (7.3)	—	The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identi…
CVE-2026-25113	python	HIGH (7.5)	—	The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-…
CVE-2026-25114	python	HIGH (7.5)	—	The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-…
CVE-2026-25711	python	HIGH (7.3)	—	The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identi…
CVE-2026-25778	python	HIGH (7.3)	—	The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identi…
CVE-2026-25945	python	HIGH (7.5)	—	The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-…
CVE-2026-27652	python	HIGH (7.3)	—	The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identi…
CVE-2026-3271	linux	HIGH (8.8)	tenda:f453_firmware, tenda:f453	A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. T…
CVE-2026-3272	linux	HIGH (8.8)	tenda:f453_firmware, tenda:f453	A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. …
CVE-2026-20742	python	HIGH (8)	copeland:xweb_300d_pro_firmware, copeland:xweb_300d_pro, copeland:xweb_500d_pro_firmware	An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the …
CVE-2026-24445	python	HIGH (7.5)	—	The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-…
CVE-2026-24517	python	HIGH (8)	—	An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the …
CVE-2026-24695	linux	HIGH (8)	—	An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fiel…
CVE-2026-25111	python	HIGH (8)	—	An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the …