CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

CVE-2026-32247

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...

PT-2026-28513

Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.17.14 Cilium versions 1.18.0 through 1.18.7 Cilium versions 1.19.0 through 1.19.1 Description Cilium is a networking, observability, and security solution utilizing an eBPF-based dataplane. Ingress Network Policies a...

CVE-2026-23385

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: clone set on flush only Syzbot with fault injection triggered a failing memory allocation with GFPKERNEL which results in a WARN splat: iter.err WARNING: net/netfilter/nftablesapi.c:845 at...

Next.js: HTTP request smuggling in rewrites

Summary When Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes. Impact An attacker could...

CVE-2026-32247

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...

GHSA-5FW2-8JCV-XH87 Parse Server: Account takeover via operator injection in authentication data identifier

Impact An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier e.g. anonymous authentication. By sending a crafted login request, the attacker can cause the server to perform a...

Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters

Summary Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabels were concatenated directly into Cypher label expressions without validation. In...

CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

CVE-2026-27897

Vociferous (offline speech-to-text) contains an unauthenticated path traversal vulnerability in the export_file API (src/api/system.py) prior to version 4.4.2. An attacker can submit a JSON payload with a crafted filename and content, exploit directory traversal (../) to write arbitrary data to l...

GHSA-R2M8-PXM9-9C4G Parse Server has a protected fields bypass via dot-notation in query and sort

Impact The protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values. This...

EUVD-2026-10031

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

OESA-2026-1508 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

PT-2026-36815

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.67 Description HTTP response splitting occurs in multiple Apache HTTP Server modules when interacting with untrusted or compromised backend servers. This issue allows an attacker to split an HTTP...

SUSE CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

Race Condition

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Race Condition in the file-system storage and file-based cache backends that use umask process in multi-threaded environments. An...

CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

GHSA-MHR3-J7M5-C7C9 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

Context A Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializerpicklefallback=True. When...

CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...