CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

CVE-2026-41131

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result f...

Prototype Pollution

dottie is vulnerable to Prototype Pollution. The vulnerability exists due to insufficient conditional checks in dottie.js which allows an attacker to inject and modify malicious properties such as proto, resulting in prototype pollution...

Intel XMM 代码问题漏洞

Intel XMM is a family of 4G LTE, LTE Advanced, LTE Advanced Pro and 5G modems from Intel Corporation USA. A security vulnerability exists in the Intel XMM 7560 Modem software prior to version M27560R01.2146.00, which stems from improper conditional checking in the modem software and could allow a...

Weak Encryption

curl has weak encryption implementation. The vulnerability exists due to lack of conditional checks in HSTS which allows an attacker to bypass it if the host name in the given URL uses IDN characters...