CVE-2026-26149

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network...

CVE-2026-26149

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network...

CVE-2026-26149

Technical details about CVE-2026-26149 are not publicly provided in the available documents. Monitor for updates from Microsoft and changelogs to learn affected components, impact, and remediation.

CVE-2026-2400

CWE-93 Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 8.0.9 Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do...

EUVD-2026-22251

A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

CVE-2026-2400

CWE-93 Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload...

CVE-2026-2400

CWE-93 Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload...

CVE-2026-2400

CVE-2026-2400 is tied to Schneider Electric PowerChute Serial Shutdown. The Nessus/PTSecurity entry confirms that PowerChute Serial Shutdown (pre-1.5) is affected by CRLF Injection via POST /setPCBEDesc, which could trigger credential resets for Web Admin users. The PTSecurity note states that af...

CVE-2026-30480

A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...

Directory Traversal

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Directory Traversal via the nfsen parameter in the nfsen.inc.php file. An attacker can execute arbitrary PHP code by...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal in ONNX [CVE-2025-51480]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal, due to an issue with onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 that allows attackers to bypass intended directory restrictions. CVE-2025-51480. Onnx is used in our speech service runtimes. This...

Exploit for CVE-2026-6042

CVE-2026-6042: Algorithmic Complexity DoS in musl libc iconv...

Microsoft Power Apps Desktop Client Spoofing Vulnerability

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network...

JLSEC-2026-106

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...

JLSEC-2026-105 Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping

Summary A maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Details In the patch for CVE-2023-28446, Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to t...

CVE-2026-6231

A flaw was found in the MongoDB C Driver. The bsonvalidate function may incorrectly report successful validation for specific inputs, allowing malformed or invalid UTF-8 sequences to bypass security checks. This can lead to the incorrect processing of BSON Binary JSON data, potentially affecting...

Improper Neutralization

Soft Serve is vulnerable to improper neutralization. The vulnerability is due to insufficient sanitization of user-supplied inputs and git messages, which allows an attacker to inject malicious ANSI escape sequences and display misleading or fake terminal outputs such as alerts...

Log Injection

Apache Log4j Core is vulnerable to Log Injection. The vulnerability is due to improper handling of newline escaping caused by renamed configuration attributes in Rfc5424Layout, which allows an attacker to inject CRLF sequences into logs and manipulate log entries...