CVE-2026-40477

Thymeleaf (Java template engine) versions up to 3.1.3.RELEASE are affected by an SSTI vulnerability in expression execution, where unvalidated user input can bypass protections and access potentially sensitive objects within a template. This is a security bypass allowing unauthenticated remote ex...

OpenClaw: Memory dreaming config persistence was reachable from operator.write commands

Summary Memory dreaming config persistence was reachable from operator.write commands. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 = 2026.4.10 Impact A write-scoped gateway path could toggle persistent memory dreaming settings through /dreamin...

GHSA-5GJC-GRVM-M88J OpenClaw: Memory dreaming config persistence was reachable from operator.write commands

Summary Memory dreaming config persistence was reachable from operator.write commands. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 = 2026.4.10 Impact A write-scoped gateway path could toggle persistent memory dreaming settings through /dreamin...

SUSE CVE-2026-34393

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering

Summary The proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the attacker-controlled refreshInterval query parameter verbatim into an error message when...

EUVD-2026-23005

Weblate: Privilege escalation in the user API endpoint...

Weblate: Privilege escalation in the user API endpoint

Impact The user patching API endpoint didn't properly limit the scope of edits. Patches https://github.com/WeblateOrg/weblate/pull/18687 References Thanks to @tikket1 and @DavidCarliez for reporting this via GitHub. We received two individual reports for this...

GHSA-3382-GW9X-477V Weblate: Privilege escalation in the user API endpoint

Impact The user patching API endpoint didn't properly limit the scope of edits. Patches https://github.com/WeblateOrg/weblate/pull/18687 References Thanks to @tikket1 and @DavidCarliez for reporting this via GitHub. We received two individual reports for this...

CVE-2026-6270

Summary : The vulnerability affects the Node.js module @fastify/middie, specifically versions 9.3.1 and earlier. The root cause is that inherited middleware is not registered on child plugin engine instances, so when a Fastify app registers authentication middleware in a parent scope and then loa...

@fastify/express's middleware path doubling causes authentication bypass in child plugin scopes

Summary @fastify/express v4.0.4 contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. This results in complete bypass of Express middleware security controls for all routes defined within child plugin scopes that share ...

GHSA-HRWM-HGMJ-7P9C @fastify/express's middleware path doubling causes authentication bypass in child plugin scopes

Summary @fastify/express v4.0.4 contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. This results in complete bypass of Express middleware security controls for all routes defined within child plugin scopes that share ...

Improper restriction of the scope of accessible objects in Thymeleaf expressions

Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.3.RELEASE. Although the library provides mechanisms to prevent expression injection, it fails to properly restrict the scope of accessible objects, allowing specific potential...

Template Injection

Overview Affected versions of this package are vulnerable to Template Injection due to the TemplateEngine's improper restriction of accessible object scope during expression evaluation. An attacker can inject into sensitive objects to execute unauthorized actions. Remediation Upgrade...

Template Injection

Overview Affected versions of this package are vulnerable to Template Injection due to the TemplateEngine's improper restriction of accessible object scope during expression evaluation. An attacker can inject into sensitive objects to execute unauthorized actions. Remediation Upgrade...

GHSA-R4V4-5MWR-2FWR Improper restriction of the scope of accessible objects in Thymeleaf expressions

Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.3.RELEASE. Although the library provides mechanisms to prevent expression injection, it fails to properly restrict the scope of accessible objects, allowing specific potential...

PYSEC-2026-155

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

PYSEC-2026-155

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

CVE-2026-34393

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

EUVD-2026-22809

Serendipity has a Host Header Injection allows authentication cookie scoping to attacker-controlled domain in functionsconfig.inc.php...

EUVD-2026-22663

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue...