CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

EUVD-2026-38596

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...

CVE-2026-41862

CVE-2026-41862 affects Spring Statemachine Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) which deserialize persisted StateMachineContext without a class allowlist. This can enable a gadget chain leading to remote code execution inside the application JVM. Affected versions a...

CVE-2026-41862

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

Moderate: Red Hat Security Advisory: libpng15 security update

An update for libpng15 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: libpng15 security update

An update for libpng15 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

CVE-2026-47386

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...

CVE-2026-47386 NocoDB: OAuth Authorization Code Race Condition

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...

CVE-2026-47386

CVE-2026-47386 affects NocoDB’s OAuth token-exchange flow. Before 2026.05.1, two concurrent token-exchange requests could use the same OAuth authorization code to mint two valid token pairs, breaking PKCE’s single-use guarantee. The issue is mitigated by a fix in 2026.05.1, which introduces atomi...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

Moderate: Red Hat Security Advisory: libpng15 security update

An update for libpng15 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2026-55200

An out-of-bounds write vulnerability exists in the libssh2 client. A remote attacker can exploit this by sending a specially crafted SSH packet with an abnormally large length value. This corrupts the application's memory and can potentially allow the attacker to execute arbitrary code on the...

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

EUVD-2026-38599

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

CVE-2026-54328

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

CVE-2026-54325

Pi loads project-local extensions without approval in versions before 0.79.0. Before 0.79.0, startup could pull in repository-specific resources from a .pi directory, including executable project-local extensions (TypeScript/JavaScript modules) that run inside the Pi process. An attacker controll...

CVE-2026-54325

Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded...