CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

BIT-AIRFLOW-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography

The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...

PT-2026-46981

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +560 more potentially affected by CVE-2026-47676 via hono (>=0.5.10 <=4.12.2)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-47676 Source advisory: OSV:GHSA-2GCR-MFCQ-WCC3...

kas-dagger-utils (=1.0.0) potentially affected by CVE-2026-47192 via kas (=4.8.2)

kas PYPI version =4.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on kas and may be impacted: - kas-dagger-utils =1.0.0 Source cves: CVE-2026-47192 Source advisory: OSV:GHSA-4VQC-WPWG-VH7J...

crypt_guard (=0.1.4), dgsp (>=0.1.0 <=0.1.2) +7 more potentially affected by unknown CVE via pqcrypto-sphincsplus (>=0.1.0 <=0.7.2)

pqcrypto-sphincsplus CARGO version =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.4.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0160...

ate (>=0.1.0 <=0.8.0), ate-auth (>=1.1.0 <=1.6.0) +67 more potentially affected by unknown CVE via pqcrypto-internals (>=0.1.0 <=0.2.11)

pqcrypto-internals CARGO version =0.1.0, =0.1.0, =1.1.0, =1.0.0, =1.1.0, =2.0.0, =0.1.2-alpha, =0.1.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =0.1.2 - envencryptiontool =0.9.17 - ever-crypto =0.1.0 - hanzo-agentic =1.1.21 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0163...

PT-2026-49161

Root has patched NSWG-ECO-17 in the @rootio/jsonwebtoken package for Root:npm. Multiple fixed versions available...

qgate-sln-mlrun (>=0.1.0 <=0.2.8) potentially affected by CVE-2026-10766 via mlrun (>=1.5.2 <=1.6.4)

mlrun PYPI version =1.5.2, =0.1.0, =0.2.8 Source cves: CVE-2026-10766 Source advisory: SNYK:PYTHON-MLRUN-17157375...

h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44181 via jupyter-enterprise-gateway (=3.2.2)

jupyter-enterprise-gateway PYPI version =3.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-enterprise-gateway and may be impacted: - h2o-notebook =0.3.0, =0.4.1 Source cves: CVE-2026-44181 Source advisory: OSV:GHSA-F49J-V924-FX9W...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41628 more potentially affected by CVE-2026-47265 via aiohttp (>=0.13.1 <=3.13.5)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2026-47265 Source advisory: OSV:GHSA-HG6J-4RV6-33PG...

h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44180 via jupyter-enterprise-gateway (=3.2.2)

jupyter-enterprise-gateway PYPI version =3.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-enterprise-gateway and may be impacted: - h2o-notebook =0.3.0, =0.4.1 Source cves: CVE-2026-44180 Source advisory: OSV:GHSA-CHQ7-94J8-CJ28...

askbase (>=1.0.0 <=1.0.2), auto-survey (>=0.1.0 <=0.2.4) +26 more potentially affected by CVE-2026-47214 via docling (>=2.10.0 <=2.93.0)

docling PYPI version =2.10.0, =1.0.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =4.0.2 - mellea =0.0.1 and more Source cves: CVE-2026-47214 Source advisory: SNYK:PYTHON-DOCLING-17151773...

@accounter/client (>=0.0.3 <=0.0.12-alpha-20260421081155-bb6cc4c0b0b59fff41df172e2f4212eca6906193), @appigram/react-code-split-ssr (=1.3.7) +157 more potentially affected by CVE-2026-40181 via react-router (>=7.0.0 <=7.14.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =0.3.1, =0.5.1 and more Source cves: CVE-2026-40181 Source advisory: OSV:GHSA-2J2X-HQR9-3H42...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41628 more potentially affected by CVE-2026-34993 via aiohttp (>=0.13.1 <=3.13.5)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2026-34993 Source advisory: OSV:GHSA-JG22-MG44-37J8...

CVE-2026-46265

A flaw was found in the Linux kernel's RDMA/hns component. When the sunrpc Sun Remote Procedure Call is in use and a reset is triggered, a workqueue dependency issue can occur during Queue Pair QP destruction. This can lead to a kernel warning related to memory reclaim, potentially causing system...

CVE-2026-8879 CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

org.webjars.npm:launch-editor-middleware (=2.2.1) potentially affected by CVE-2024-52011 via org.webjars.npm:launch-editor (=2.2.1)

org.webjars.npm:launch-editor MAVEN version =2.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:launch-editor and may be impacted: - org.webjars.npm:launch-editor-middleware =2.2.1 Source cves: CVE-2024-52011 Source advisory:...