Linux Distros Unpatched Vulnerability : CVE-2026-43388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whethe...

Linux Distros Unpatched Vulnerability : CVE-2026-43477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915/vrr: Configure VRR timings after enabling TRANSDDIFUNCCTL Apparently ICL may hang with an MCE if we write TRANSVRRVMAX/FLIPLINE before enabling...

CVE-2026-44352

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3...

CVE-2026-42158 Flowsint: Broken Access Control allows modification of investigation metadata from any user

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

CVE-2026-42158 Flowsint: Broken Access Control allows modification of investigation metadata from any user

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

CVE-2026-42158

Flowsint prior to 1.2.3 has a broken access control issue that lets an attacker who knows an investigation ID modify metadata of another user’s investigation. Affected product: Flowsint OSINT graph exploration tool. Root cause: unauthorized update of investigation metadata due to inadequate acces...

EUVD-2026-29883

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3...

CVE-2026-44352

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3...

CVE-2026-44352 Flowsint: Broken Access Control allows reading of sketch logs from any user

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3...

CVE-2026-44352

Flowsint, an open-source OSINT graph exploration tool, has a Broken Access Control vulnerability prior to version 1.2.3 that allows reading of sketch logs by any user. The issue is fixed in 1.2.3. Available records (CVE-2026-44352) cite a base score of 5.3 (Medium) with network access and low att...

CVE-2026-44352 Flowsint: Broken Access Control allows reading of sketch logs from any user

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3...

CVE-2026-8449

Rejected reason: This CVE ID has been rejected or withdrawn...

CVE-2026-42855

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

CVE-2026-8449

Rejected reason: This CVE ID has been rejected or withdrawn...

CVE-2026-42855

The vulnerability affects the arduino-esp32 core (WebServer Digest authentication). Before version 3.3.8, the Digest auth hash is computed from the URI field in the Authorization header without validating it against the actually requested URI. As a result, an attacker with any valid digest respon...

CVE-2026-8449

...

SQL Injection

Overview @n8n/api-types is a fair-code workflow automation platform with native AI capabilities Affected versions of this package are vulnerable to SQL Injection in the process of importing a Data Table JSON file during a Source Control Pull operation. An attacker who can write to the git...

CVE-2026-33570 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

CVE-2026-44240

CVE-2026-44240 affects the Node.js FTP client basic-ftp . Before version 5.3.1, the client is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious FTP server can send an unterminated multiline response during the initial banner phase, causi...

WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Evan in WordPress Plugin EventPrime versions = 4.3.2.0...