CVE-2026-3214 CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10...

CVE-2026-25154

CVE-2026-25154 affects LocalSend (versions up to and including 1.17.0). The Red Hat/NVD/OSV/CVE list entries describe a Stored XSS vulnerability in the Web Share Interface via the filename, with the client-side logic in app/assets/web/main.js and a patch in commit 8f3cec85aa29b2b13fed9b2f8e499e1a...

CVE-2026-22251

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers...

Important: amazon-cloudwatch-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...