CVE-2026-23436

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

CVE-2026-23436

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

Out-of-bounds Read

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Read in the second-instance event handler when parsing a crafted second-instance message via the...

GHSA-3C8V-CFP5-9885 Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Impact On macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same...

Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Impact On macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same...

EUVD-2026-18951

Electron: Out-of-bounds read in second-instance IPC on macOS and Linux...

PT-2026-30006

Impact On macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same...

n8n has XSS in its Credential Management Flow

Impact An authenticated user with permission to create and share credentials could craft a malicious OAuth2 credential containing a JavaScript URL in the Authorization URL field. If a victim opened the credential and interacted with the OAuth authorization button, the injected script would execut...

Incus vulnerable to arbitrary file read and write through pongo templates

Summary Instance template files can be used to cause arbitrary read or writes as root on the host server. Details Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementatio...

GHSA-83XR-5XXR-MH92 Incus vulnerable to arbitrary file read and write through pongo templates

Summary Instance template files can be used to cause arbitrary read or writes as root on the host server. Details Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementatio...

PT-2026-28632

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

Appsmith 访问控制错误漏洞

Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Prior to Appsmith 1.98, there was a security vulnerability related to access control. This vulnerability stemmed from unvalidated instance management API endpoint...

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

DEBIAN-CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897

Incus prior to 6.23.0 is vulnerable to arbitrary file read/write as root on the host via instance template files using pongo2 templates. The pongo2 chroot isolation feature was intended to constrain access to the instance filesystem, but the chroot mechanism is skipped by this implementation, all...

CVE-2026-33623 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...

CVE-2026-30911

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...

CVE-2026-32812

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO Metadata API can result in SSRF and local file reads. The SSO Metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET'url', validates it only...

CVE-2026-27826

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

CVE-2026-32812

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO Metadata API can result in SSRF and local file reads. The SSO Metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET'url', validates it only...