CVE-2026-47107

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

CVE-2026-5511 Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72

In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...

Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation

Summary A user with application write access developer role can set link.argocd.argoproj.io/ annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's URLs section as elements without URL validation. Using the pipe-separator trick Display Text |...

GHSA-H98R-WV3H-FR38 Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation

Summary A user with application write access developer role can set link.argocd.argoproj.io/ annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's URLs section as elements without URL validation. Using the pipe-separator trick Display Text |...

Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization

This report is not about a normal textual prefix-expansion case. The issue here is that the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different confi...

org.glassfish.main.admingui:admingui (>=6.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=6.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2587 via org.glassfish.jsftemplating:jsftemplating (>=3.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =3.0.0, =6.0.0, =6.0.0, =7.0.16, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2587 Source advisory: OSV:GHSA-29WV-CV7P-XJC2https://vulners.c...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=8.0.1), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=8.0.1) +15 more potentially affected by CVE-2026-2586 via org.glassfish.main.admingui:console-common (>=3.1.2 <=8.0.1)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =8.0.1 and more Source cves: CVE-2026-2586 Source advisory: OSV:GHSA-96V6-HQ43-X9H4...

org.glassfish.main.admingui:admingui (>=6.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=6.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2586 via org.glassfish.jsftemplating:jsftemplating (>=3.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =3.0.0, =6.0.0, =6.0.0, =7.0.16, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2586 Source advisory: OSV:GHSA-96V6-HQ43-X9H4https://vulners.c...

GHSA-96V6-HQ43-X9H4 GlassFish's Administration Console is Vulnerable to RCE

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

Use of a Broken or Risky Cryptographic Algorithm

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the hmacBase64 function. An attacker can obtain sensitive cryptographic material by sending a single unauthenticated HTTP request t...

HAXcms: Private Key Disclosure via Broken HMAC Implementation

Summary The hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing key and forge arbitrary admin-level JSON Web Tokens JWTs allowing them to get full admin...

CVE-2025-40901

A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected...

CVE-2025-40902

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

CVE-2026-45365

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...

CVE-2026-44558

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...

CVE-2026-44159 Tyler Identity Local (TID-L) default administrative credentials

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

CVE-2026-44159 Tyler Identity Local (TID-L) default administrative credentials

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

CVE-2026-44159

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...