CVE-2026-10836

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising...

Linux Distros Unpatched Vulnerability : CVE-2026-12330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird...

GHSA-J9GF-VW2F-9HRW Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation

Summary A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current release. Both flows derive the email-link base URL from the request Origin header. The current validation only enforces a trusted base URL when...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the certificate verification path, in the TLS client's OCSP stapling response handling. An attacker operating a malicious server can deliver an OCSP response via the statusrequest extension that corrupts heap memory and...

PT-2026-46934

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

GHSA-QP9X-WP8F-QGJJ tuf has platform-dependent delegation path matching

DelegatedRole.istargetinpathpattern uses fnmatch.fnmatch to decide whether a given target path is authorized by a delegation's glob pattern. Python's fnmatch.fnmatch calls os.path.normcase on both arguments before matching. On POSIX hosts normcase is the identity function; on Windows hosts os.pat...

360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +781 more potentially affected by CVE-2026-48525 via pyjwt (>=2.0.0 <=2.12.1)

pyjwt PYPI version =2.0.0, =0.5.3, =0.0.1a0, =1.1.1, =0.1.0, =0.1.1, =0.1.31, =0.1.0, =1.5.0, =0.1.0, =0.2.9, =0.5.0, =1.89.5, =1.420.4 and more Source cves: CVE-2026-48525 Source advisory: SNYK:PYTHON-PYJWT-17053409...

Important: Red Hat Security Advisory: Red Hat build of Cryostat 4.2.0: new RHEL 9 container image security update

New Red Hat build of Cryostat 4.2.0 on RHEL 9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

com.ritense.valtimo:audit (>=13.0.0.RELEASE <=13.22.0.RELEASE), com.ritense.valtimo:besluiten-api (>=13.0.0.RELEASE <=13.22.0.RELEASE) +49 more potentially affected by CVE-2026-42555 via com.ritense.valtimo:case (>=13.0.0.RELEASE <=13.22.0.RELEASE)

com.ritense.valtimo:case MAVEN version =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.13.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.10.0.RELEASE, =13.10.0.RELEASE, =13.0.0.RELEASE,...

@piksail/strapi-plugin-publish-coolify (=0.0.1), stronges (=0.1.1) +1 more potentially affected by CVE-2026-22706 via @strapi/plugin-users-permissions (>=5.11.0 <=5.30.0)

@strapi/plugin-users-permissions NPM version =5.11.0, =5.30.0 is affected by a known vulnerability. The following packages have a transitive dependency on @strapi/plugin-users-permissions and may be impacted: - @piksail/strapi-plugin-publish-coolify =0.0.1 - stronges =0.1.1 - test-lead =0.1.0...

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44798 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44798 Source advisory: SNYK:PYTHON-NAUTOBOT-16691141...

nautobot-ai-ops (>=1.0.0 <=1.0.4), nautobot-bgp-models (>=0.7.0 <=1.0.0) +31 more potentially affected by CVE-2026-44798 via nautobot (>=1.0.3 <=2.4.22)

nautobot PYPI version =1.0.3, =1.0.0, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-44798 Source advisory: OSV:GHSA-P3HX-PWF3-J8WR...

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44797 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44797 Source advisory: SNYK:PYTHON-NAUTOBOT-16691212...

nautobot-ai-ops (>=1.0.0 <=1.0.4), nautobot-device-resources (=1.0.0) +4 more potentially affected by CVE-2026-44797 via nautobot (>=2.0.0 <=2.4.22)

nautobot PYPI version =2.0.0, =1.0.0, =2.0.0, =0.16.0, =2.0.0, =2.5.0 - nautobot-ssot-unifi =1.0.2 Source cves: CVE-2026-44797 Source advisory: SNYK:PYTHON-NAUTOBOT-16691212...

nautobot-ai-ops (>=1.0.0 <=1.0.4), nautobot-bgp-models (>=0.7.0 <=1.0.0) +31 more potentially affected by CVE-2026-44794 via nautobot (>=1.0.3 <=2.4.22)

nautobot PYPI version =1.0.3, =1.0.0, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-44794 Source advisory: OSV:GHSA-WPXJ-44W3-2J6X...

CVE-2026-4798

The connected sources confirm CVE-2026-4798 affects Avada Builder for WordPress

aait (>=1.0.4 <=1.0.5), adess (=1.0.0) +245 more potentially affected by CVE-2026-31235 via imgaug (>=0.2.5 <=0.4.0)

imgaug PYPI version =0.2.5, =1.0.4, =0.1.0, =0.10.0, =0.0.3.20, =0.1.0, =1.3.0, =0.5.0, =0.2.3, =0.3.2, =0.7.0.dev134, =0.1.4, =0.1.5 - arcoocr =1.0.1 - atlalign =0.6.2 - audio-snippets =0.0.1 and more Source cves: CVE-2026-31235 Source advisory: OSV:GHSA-G82G-J283-HJ97...

Still Camouflage, Moving Illusion: View-Induced Trajectory Manipulation in Autonomous Driving

Existing physical adversarial attacks on vision-based autonomous driving induce time-evolving perception errors, including biased object tracking or trajectory prediction, through i sophisticated physical patch inducing detection box drift when entering the view distance, or ii dynamically changi...

0perator (>=0.1.0 <=0.3.0), 0pflow (>=0.1.0 <=0.1.0-dev.f5622ac) +1462 more potentially affected by CVE-2026-44902 via @opentelemetry/auto-instrumentations-node (>=0.16.0 <=0.74.0)

@opentelemetry/auto-instrumentations-node NPM version =0.16.0, =0.1.0, =0.1.0, =0.0.1, =0.8.0, =1.0.5, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.2.0, =0.2.0, =0.0.1, =0.3.4, =0.1.0, =0.4.0, =0.4.0, =0.4.0, =5.0.1-staging.f17326334 and more Source cves: CVE-2026-44902...

bsky2llm (=0.1.0), downitall-android (=1.5.0) +14 more potentially affected by CVE-2026-44353 via streamlink (>=0.14.2 <=8.0.0)

streamlink PYPI version =0.14.2, =0.3.0, =0.0.1, =0.0.18, =1.0.0, =0.12.0, =0.1.14, =1.1.0, =0.0.1, =2.1.0, =3.4.0b2 - twitch-fapi-backend =0.1.0 and more Source cves: CVE-2026-44353 Source advisory: OSV:GHSA-HGQW-6M45-HW5F...