CVE-2026-39885

FrontMCP is a TypeScript-first framework for the Model Context Protocol MCP. Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenA...

CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

CVE-2026-8679

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

MINI-CW97-5RWF-4FFC

Bulletin has no description...

MINI-C4R2-7FHM-HQCM

Bulletin has no description...

MINI-RQPF-WQ25-PMWF

Bulletin has no description...

MINI-444G-6345-QCFV

Bulletin has no description...

MINI-V2QG-85JR-2FG9

Bulletin has no description...

MINI-WV6M-VFR3-QCMC

Bulletin has no description...

MINI-QF87-2HMR-M275

Bulletin has no description...

MINI-M8F7-C39H-486R

Bulletin has no description...

MINI-GXJF-QVR2-VPWC

Bulletin has no description...

MINI-CCX2-J27H-MW95

Bulletin has no description...

MINI-QC9C-P5V3-PH8F

Bulletin has no description...

MINI-R492-44M4-QJV4

Bulletin has no description...

MINI-HMV4-MMC9-5W4F

Bulletin has no description...

MINI-447V-F282-4269

Bulletin has no description...

MINI-PC2F-J2J3-68R4

Bulletin has no description...

MINI-5FX7-RVX9-FQQR

Bulletin has no description...

MINI-P795-C2MV-V765

Bulletin has no description...