CVE-2026-42309

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...

CVE-2026-42051

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

EUVD-2026-28889

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, pages.access/list and files.access/list permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42137 Kirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialog

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, pages.access/list and files.access/list permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42137

Kirby CVE-2026-42137 affects the open-source Kirby CMS. Prior to versions 4.9.0 and 5.4.0, the Panel and REST API did not consistently enforce pages.access/list and files.access/list permissions, enabling missing authorization in some collections and related models. The issue has been fixed in Ki...

CVE-2026-42051 Kirby: System API endpoint leaks license data and installed version to authenticated users

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42051 Kirby: System API endpoint leaks license data and installed version to authenticated users

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42051

CVE-2026-42051 affects Kirby CMS. The issue: the /api/system endpoint exposed installed Kirby version and license data to authenticated users due to missing authorization. It is patched in Kirby 4.9.0 and 5.4.0, with the fix enforcing the access.system permission to restrict exposure. Impact is а...

CVE-2026-8115

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

CVE-2025-69691

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...

CVE-2026-39820 vulnerabilities

Vulnerabilities for packages: k3s, cert-manager, rancher, redka, helm-operator, telegraf, tekton-chains, prometheus-operator, aws-flb-kinesis, vitess, thanos, nuclei, kpt, slsa-verifier, skopeo, cilium-certgen, gatus, grafana-pyroscope, nfpm, grafana, istio, undock, zot, kots, kaf, juicefs,...

CVE-2026-39823 vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, k3s, cert-manager, rancher, redka, kubo, helm-operator, redpanda, telegraf, tekton-chains, secrets-store-csi-driver, gitaly, prometheus-operator, aws-flb-kinesis, vitess, contour, thanos, nuclei, kpt, slsa-verifier, skopeo,...

CVE-2026-42501 vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, k3s, cert-manager, gostatsd, licenseclassifier, incert, kubo, amazon-cloudwatch-agent, rabbitmq-default-user-credential-updater, helm-operator, rancher, redka, redpanda, telegraf, victoriametrics, tekton-chains, secrets-store-csi-driver, gitaly,...

GHSA-2283-WF8C-RW8R vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, k3s, cert-manager, rancher, redka, kubo, helm-operator, redpanda, telegraf, tekton-chains, secrets-store-csi-driver, gitaly, prometheus-operator, aws-flb-kinesis, vitess, contour, thanos, nuclei, kpt, slsa-verifier, skopeo,...

CVE-2026-42499 vulnerabilities

Vulnerabilities for packages: k3s, cert-manager, rancher, redka, helm-operator, telegraf, tekton-chains, prometheus-operator, aws-flb-kinesis, vitess, thanos, nuclei, kpt, slsa-verifier, skopeo, cilium-certgen, gatus, grafana-pyroscope, nfpm, grafana, istio, undock, zot, kots, kaf, juicefs,...

GHSA-QC64-M6C2-V4X7 vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, k3s, cert-manager, gostatsd, licenseclassifier, incert, kubo, amazon-cloudwatch-agent, rabbitmq-default-user-credential-updater, helm-operator, rancher, redka, redpanda, telegraf, victoriametrics, tekton-chains, secrets-store-csi-driver, gitaly,...

GHSA-P9H5-JM8X-MJM5 vulnerabilities

Vulnerabilities for packages: k3s, cert-manager, rancher, redka, helm-operator, telegraf, tekton-chains, prometheus-operator, aws-flb-kinesis, vitess, thanos, nuclei, kpt, slsa-verifier, skopeo, cilium-certgen, gatus, grafana-pyroscope, nfpm, grafana, istio, undock, zot, kots, kaf, juicefs,...

GHSA-XQ5J-9R39-C3VF vulnerabilities

Vulnerabilities for packages: k3s, cert-manager, rancher, redka, helm-operator, telegraf, tekton-chains, prometheus-operator, aws-flb-kinesis, vitess, thanos, nuclei, kpt, slsa-verifier, skopeo, cilium-certgen, gatus, grafana-pyroscope, nfpm, grafana, istio, undock, zot, kots, kaf, juicefs,...

GHSA-QF3Q-3H68-MMH2 vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, k3s, cert-manager, gostatsd, licenseclassifier, incert, kubo, amazon-cloudwatch-agent, rabbitmq-default-user-credential-updater, helm-operator, rancher, redka, redpanda, telegraf, victoriametrics, tekton-chains, secrets-store-csi-driver, gitaly,...