EUVD-2026-29158

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to...

EUVD-2026-29111

Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...

EUVD-2026-29089

A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogsnnrfnfmhandlenfprofile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial of service. The attack is possible to be carried out remotely. The exploit has been made available to...

CVE-2026-42349

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

Server-side Request Forgery (SSRF)

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the urlUpload function. An attacker can access internal network resources and sensitive metadata by submitting a...

CVE-2026-8292

A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarelparse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument hnrf-uri leads to denial of service. The attack may be performed from remote. The exploit has...

CVE-2026-8291

A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogsnnrfnfmhandlenfprofile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial of service. The attack is possible to be carried out remotely. The exploit has been made available to...

Prototype Pollution

Overview @rvf/set-get is an Internal utilities and types for working with deeply nested data. This is primarily used internally by RVF and it's various packages. It isn't recommended for use by most people. Affected versions of this package are vulnerable to Prototype Pollution via the setPath...

CVE-2026-42349

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

CVE-2026-8292 Open5GS NRF conv.c yuarel_parse denial of service

A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarelparse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument hnrf-uri leads to denial of service. The attack may be performed from remote. The exploit has...

CVE-2026-8292 Open5GS NRF conv.c yuarel_parse denial of service

A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarelparse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument hnrf-uri leads to denial of service. The attack may be performed from remote. The exploit has...

Exploit for Missing Authentication for Critical Function in Cpanel

No d...

SUSE CVE-2026-7258

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

CVE-2026-8291

Open5GS (up to version 2.7.7) contains a vulnerability in NRF where the function ogs_nnrf_nfm_handle_nf_profile in lib/sbi/nnrf-handler.c can be manipulated to cause a denial of service. The issue is exploitable remotely and publicly available proof-of-concept code exists. A fix is available via ...

CVE-2026-8290 Open5GS SMF nsmf-handler.c smf_nsmf_handle_update_data_in_vsmf denial of service

A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smfnsmfhandleupdatedatainvsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been released to...

Server-Side Request Forgery (SSRF)

Grav is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unsafe processing of Twig templates with undefined PHP function registration enabled, which allows an attacker to trigger unauthorized server-side requests...

CVE-2026-8289

Technical details (affected software, root cause, impact, and remediation) are not publicly available in the provided documents. Monitor for updates.

CLSA-2026-1778490111 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

Exploit for Missing Authentication for Critical Function in Cpanel

No d...

EUVD-2026-29026

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smfnsmfhandlecreatesmcontext of the component SMF. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The project was...