CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: witness, chainctl-fips, flux-fips, kargo, external-secrets-operator, gitaly-fips, trivy-fips, kubevela-fips, pulumi-language-dotnet, snyk-cli, grafana-alloy, trufflehog, grype-fips, rancher-fleet-fips, gitaly, xeol, gomplate-fips, gitsign, src-fingerprint, flux, cg,...

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: witness, chainctl-fips, flux-fips, kargo, external-secrets-operator, gitaly-fips, trivy-fips, kubevela-fips, pulumi-language-dotnet, snyk-cli, grafana-alloy, trufflehog, grype-fips, rancher-fleet-fips, gitaly, xeol, gomplate-fips, gitsign, src-fingerprint, flux, cg,...

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: witness, chainctl-fips, flux-fips, kargo, external-secrets-operator, gitaly-fips, trivy-fips, kubevela-fips, pulumi-language-dotnet, snyk-cli, grafana-alloy, trufflehog, grype-fips, rancher-fleet-fips, gitaly, xeol, gomplate-fips, gitsign, src-fingerprint, flux, cg,...

GHSA-J3Q9-MXJG-W52F vulnerabilities

Vulnerabilities for packages: vitess, kibana, opensearch-dashboards, thingsboard, opensearch-dashboards-fips, redisinsight, saf, wazuh-dashboard, tileserver-gl, gemini-cli, tileserver-gl-fips, code-server...

CVE-2026-4923 vulnerabilities

Vulnerabilities for packages: vitess, kibana, opensearch-dashboards, thingsboard, opensearch-dashboards-fips, redisinsight, saf, wazuh-dashboard, tileserver-gl, gemini-cli, tileserver-gl-fips, code-server...

GHSA-27V5-C462-WPQ7 vulnerabilities

Vulnerabilities for packages: vitess, kibana, opensearch-dashboards, thingsboard, opensearch-dashboards-fips, redisinsight, saf, wazuh-dashboard, tileserver-gl, gemini-cli, tileserver-gl-fips, code-server...

CVE-2026-4926 vulnerabilities

Vulnerabilities for packages: vitess, kibana, opensearch-dashboards, thingsboard, opensearch-dashboards-fips, redisinsight, saf, wazuh-dashboard, tileserver-gl, gemini-cli, tileserver-gl-fips, code-server...

au.csiro.pathling:encoders (>=8.0.0 <=9.5.0), au.csiro.pathling:fhirpath (>=8.0.0 <=9.5.0) +166 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.4.1 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.4.1, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855257...

@tinacms/app (>=0.0.0-0a1049d-20260309051347 <=2.4.0), @tinacms/cli (>=0.0.0-0a1049d-20260309051347 <=2.2.0) +4 more potentially affected by CVE-2026-33949 via @tinacms/graphql (>=2.0.0 <=2.2.1)

@tinacms/graphql NPM version =2.0.0, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =3.7.0 Source cves: CVE-2026-33949 Source advisory: SNYK:JS-TINACMSGRAPHQL-15855320...

filecc (>=0.0.1 <=1.0.1), gm-i18n-migrate (>=2.7.0 <=2.9.0) +3 more potentially affected by unknown CVE via opencc (>=1.0.6 <=1.1.3)

opencc NPM version =1.0.6, =0.0.1, =2.7.0, =2.7.2, =1.0.2, =1.0.5 - wise-paas-notify-utility =1.4.10-s2t1 Source cves: unknown CVE Source advisory: OSV:GHSA-7FQQ-Q52P-2JJG...

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

CVE-2026-33747 vulnerabilities

Vulnerabilities for packages: docker-compose, kubescape, docker-cli-buildx, zot, buildah, scorecard, skaffold, osv-scanner, guac, trivy, kaniko, conftest, trivy-operator...

CVE-2026-33748 vulnerabilities

Vulnerabilities for packages: docker-compose, kubescape, docker-cli-buildx, zot, buildah, scorecard, skaffold, osv-scanner, guac, trivy, kaniko, conftest, trivy-operator...

GHSA-4VRQ-3VRQ-G6GG vulnerabilities

Vulnerabilities for packages: docker-compose, kubescape, docker-cli-buildx, zot, buildah, scorecard, skaffold, osv-scanner, guac, trivy, kaniko, conftest, trivy-operator...

GHSA-4C29-8RGM-JVJJ vulnerabilities

Vulnerabilities for packages: docker-compose, kubescape, docker-cli-buildx, zot, buildah, scorecard, skaffold, osv-scanner, guac, trivy, kaniko, conftest, trivy-operator...

GHSA-4VRQ-3VRQ-G6GG vulnerabilities

Vulnerabilities for packages: osv-scanner, trivy-fips, scorecard, trivy-operator-fips, kubescape-server, buildah, guac, skaffold, docker-fips, conftest-fips, kaniko, cloudbeat, conftest, docker-cli-buildx, buildah-fips, docker-cli-buildx-fips, zot, kaniko-fips, cloudbeat-fips, docker-compose-fips...

CVE-2026-33747 vulnerabilities

Vulnerabilities for packages: osv-scanner, trivy-fips, scorecard, trivy-operator-fips, kubescape-server, buildah, guac, skaffold, docker-fips, conftest-fips, kaniko, cloudbeat, conftest, docker-cli-buildx, buildah-fips, docker-cli-buildx-fips, zot, kaniko-fips, cloudbeat-fips, docker-compose-fips...