UBUNTU-CVE-2025-66038

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag high nibble and value length low nibble. With a 1-byte buffer 0x0A, the encoded element claims tag=0...

EUVD-2026-16983

A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit ha...

EUVD-2026-16614

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...

EUVD-2026-16374

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

GHSA-4HP7-3WXG-CV9Q Statamic allows unauthorized content access through missing authorization in its revision controllers

Impact Authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and...

GHSA-3JG4-P23X-P4QX Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

Impact The user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Patches This has been fixed in 5.73.16 and 6.7.2...

Statamic's Markdown preview endpoint exposes sensitive user data

Impact The markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retrieve sensitive user data including email addresses, encrypted passkey data, and encrypted two-factor...

CVE-2026-4926

CVE-2026-4926 affects path-to-regexp where multiple sequential optional groups (e.g., {a}{b}{c}) cause the generated regular expression to grow exponentially, leading to denial of service. Connected sources confirm the impact and provide the remediation: a patch is released in version 8.4.0. Work...

CVE-2026-29092

Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...

EUVD-2026-16254

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

CVE-2026-27815 EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

CVE-2026-27815 EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

CVE-2026-26074

EVerest EV charging software stack has a data race in versions prior to 2026.02.0, causing possible corruption of map data structures (event_queue). The race is triggered over the network CSMS GetLog/UpdateFirmware request when an EVSE fault event is present, leading to concurrent access detected...

CVE-2026-4016

A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svginprocess of the file src/filters/loadsvg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has...

CVE-2026-26071 EVerest: OCPP 2.0.1 EVCCID Data Race Leads to Heap Use‑After‑Free

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::string concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update EV/ISO15118 and OCPP session/authorization events. Version 2026.02.0 contains a patch...

CVE-2026-26070 EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

SUSE CVE-2026-23396

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL deref in meshmatcheslocal meshmatcheslocal unconditionally dereferences ie-meshconfig to compare mesh configuration parameters. When called from meshrxcsaframe, the parsed action-frame elements may not...

CVE-2026-26008

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover

Impact When LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email ...

CVE-2026-23882

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...