CVE-2026-34529 File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting XSS. JavaScript embedded in a crafted EPUB file...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33413)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33413 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...

CVE-2026-34448 SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

BIT-DISCOURSE-2026-33423 Discourse staff can modify any user's group notification level

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

BIT-DISCOURSE-2026-27740 Discourse has Stored XSS in AI Triage Automation

Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interface withou...

CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

CVE-2026-30976

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

CVE-2026-30976

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

CVE-2026-33174 Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request...

CVE-2026-32810

Halloy is an IRC app written in Rust. Before commit f180e41061db393acf65bc99f5c5e7397586d9cb, Halloy creates its config directory and files with default umask permissions (typically 0644 files, 0755 dirs), allowing any local user to read plaintext credentials in config.toml or referenced password...

CVE-2026-32318 Cryptomator for IOS: Tampered vault configuration allows MITM attack on Hub API

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...

CVE-2026-27935 Discourse leaks private topic metadata to non-authorized users

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions...

CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

CVE-2026-29084 Gokapi: CSRF in Login Endpoint

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a...

CVE-2026-28790

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...

CVE-2026-28270 Kiteworks Core has an Unrestricted Upload of File with Dangerous Type

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

EUVD-2026-9065

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

SUSE CVE-2026-26066

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT. Versions 7.1.2-15 and 6.9.13-40 contain a patch...