CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

CVE-2026-26069

Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...

Information Exposure

Overview @directus/api is a real-time API and App dashboard for managing SQL database content Affected versions of this package are vulnerable to Information Exposure via the password reset functionality. An attacker can determine the existence of user accounts by measuring response time...

@bicou/directus-extension-imagga (>=1.6.3 <=1.6.6), @deconz-community/directus-extension-ddf-store (=0.1.0) +7 more potentially affected by CVE-2026-26185 via @directus/api (>=10.0.0 <=32.1.1)

@directus/api NPM version =10.0.0, =1.6.3, =1.2.2, =10.0.0, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-26185 Source advisory: OSV:GHSA-JR94-GJ3H-C8RF...

CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.

Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...

CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.

Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...

CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.

Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...

USN-7990-4 linux-oracle, linux-oracle-5.4 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Padata parallel execution mechanism; - Netfilter; CVE-2022-49698, CVE-2025-21726, CVE-2025-400...

CVE-2025-55210 FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

CVE-2025-55210

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

CVE-2026-26217

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...

PYSEC-2026-34

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...

CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

CVE-2026-26217

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...

CVE-2026-26217

CVE-2026-26217 affects Crawl4AI

CVE-2026-26216 Crawl4AI < 0.8.0 Docker API Unauthenticated Remote Code Execution via Hooks Parameter

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

CVE-2026-26216 Crawl4AI < 0.8.0 Docker API Unauthenticated Remote Code Execution via Hooks Parameter

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

CVE-2026-26216

CVE-2026-26216 affects Crawl4AI before 0.8.0 in its Docker API deployment. The /crawl endpoint accepts a hooks parameter that contains Python code executed with exec(), with import included in allowed builtins, enabling unauthenticated remote code execution. Impact includes full server compromise...

CVE-2026-1104 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...