GHSA-XJHV-V822-PF94 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

The affected versions of Wasmtime can panic if the host embedder drops the future returned by wasmtime::component::TypedFunc::callasync before it resolves. Details Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of...

CVE-2026-27477

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...

CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...

CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...

CVE-2026-27477

Mastodon CVE-2026-27477 describes an SSRF risk in the FASP feature: unauthenticated registration of a FASP with a base_url that can resolve to an internal address, when the server has EXPERIMENTAL_FEATURES including fasp enabled. Affected: Mastodon versions 4.4.0–4.4.13 and 4.5.0–4.5.6. Impact: s...

CVE-2026-27477

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

CVE-2026-27468 Mastodon may allow unconfirmed FASP to make subscriptions

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

CVE-2026-27468 Mastodon may allow unconfirmed FASP to make subscriptions

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

CVE-2026-27468

CVE-2026-27468 (Mastodon) affects Mastodon servers that have enabled the experimental FASP feature via EXPERIMENTAL_FEATURES including “fasp”. In versions 4.4.0–4.4.13 and 4.5.0–4.5.6, actions by a FASP to subscribe to account/content lifecycle events or to backfill content did not verify adminis...

CVE-2026-27468 Mastodon may allow unconfirmed FASP to make subscriptions

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

PT-2026-21779

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.4.0 through 4.4.13 Mastodon versions 4.5.0 through 4.5.6 Description Mastodon is a free, open-source social network server based on ActivityPub. The issue relates to FASP Federated Actor Subscription Protocol registration,...

CVE-2026-1367

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...

📄 Google Chrome CSSFontFeatureValuesMap Use-After-Free

Google Chrome versions prior to 145.0.7632.75 CSSFontFeatureValuesMap use-after-free proof of concept exploit. When an iterator is created over a CSSFontFeatureValuesMap object and the underlying HashMap is mutated during iteration, a rehash operation occurs, freeing the original memory while the...

CVE-2025-68552

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows PHP Local File Inclusion.This issue affects WooCommerce Coming Soon Product with...

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

CVE-2026-27202

CVE-2026-27202 concerns GetSimple CMS. All versions are affected by a flaw in the Uploaded Files feature that enables arbitrary file reads. The issue is reported as not fixed at publication. The available documents do not provide exploit details or concrete attack vectors. The CVSS data indicates...

CVE-2026-27202

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

PT-2026-21070

Name of the Vulnerable Software and Affected Versions ConveyThis versions prior to 269.6 Description An authorization issue exists in ConveyThis conveythis-translate, allowing exploitation of incorrectly configured access control security levels. Recommendations Update to a version prior to 269.6...