CVE-2026-56663

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

CVE-2026-0685 Server side template inject (SSTI) in Edgewall Genshi Template Engine

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

CVE-2026-47214

CVE-2026-47214 affects Docling’s HTML backend, where unsafe URI and path handling existed prior to version 2.94.0. The vulnerability enables potential local file access via file:// URIs, directory traversal through ../ sequences or absolute paths, and access to internal network resources when ena...

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

CVE-2026-44018

CVE-2026-44018 affects Docling’s METS-GBS backend. From versions 2.45.0 through 2.91.0, XML parsing and input document format detection lacked security controls, enabling crafted METS-GBS archives to read sensitive files, exhaust resources, or crash the application. The issue is fixed in 2.91.0. ...

EUVD-2026-39778

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

EUVD-2026-39781

Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...

EUVD-2025-210356

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

EUVD-2025-210357

Unauthenticated Cross Site Request Forgery CSRF in Eagle Booking = 1.3.4.3 versions...

EUVD-2025-210352

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

EUVD-2025-210353

Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...

EUVD-2025-210360

Contributor Cross Site Scripting XSS in Image Carousel = 1.0.0.41 versions...

EUVD-2026-39654

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

EUVD-2026-39657

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

EUVD-2026-39656

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

EUVD-2025-210350

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

CVE-2026-57664

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...

CVE-2026-57659

Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...

CVE-2026-57658

Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...