CVE-2026-56294

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded function using dynamic instrumentation to bypass biometric authenticati...

CVE-2026-56227

Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these...

EUVD-2026-38115

Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these...

CVE-2026-56227 Capgo - Server-Side Request Forgery via Webhook URL Validation

Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these...

CVE-2026-56227

Capgo before 12.128.2 is affected by a server-side request forgery (SSRF) in webhook URL validation. The flaw permits configuring webhooks to loopback or internal addresses (e.g., localhost/127.0.0.1). When triggered, the backend makes outbound requests to those addresses, and error responses are...

PT-2026-51153

Name of the Vulnerable Software and Affected Versions capacitor-native-biometric versions prior to 12.128.2 Description An authentication bypass exists because the onAuthenticationSucceeded function fails to validate CryptoObject parameters. This allows attackers to use dynamic instrumentation to...

PT-2026-51147

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Insufficient webhook URL validation allows for Server-Side Request Forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Organization admins can configure...

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

PT-2026-51151

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the 'PUT /api/v1/user' endpoint. This allows authenticated users to modify the credential field without proper validation. By providing a crafted password hash, an...

GHSA-X845-2F78-7V36 Blocky DNSSEC validation bypass and validation-cache scope pollution

Summary Blocky accepts and caches forged DNS answers while dnssec.validate: true is enabled. The issue has two related exploit paths: 1. Basic DNSSEC validation bypass. If an untrusted upstream returns an unsigned positive answer for a DNSSEC-signed public domain, Blocky classifies the response a...

GHSA-3J69-69WJ-XQX2 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

Summary ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity...

CVE-2026-48787

CVE-2026-48787 affects gin-vue-admin (AI-assisted basic development platform) in version 2.9.1. An authenticated attacker with access to the code-generation feature and MCP management interface can inject attacker-controlled Go source code via POST /autoCode/addFunc, then trigger a rebuild of the...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the CRI checkpoint restore plugin due to improper validation of symlinked paths. An attacker can access arbitrary files on the host by crafting a malicious checkpoint image and leveraging the...

CVE-2026-12726

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...

CVE-2026-56211

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation

A flaw was found in the Linux kernel's AMD display component. This vulnerability arises from incorrect validation of display mode changes during Display Stream Compression DSC processing. A local attacker could exploit this by initiating specific display configuration changes, which may lead to a...

GHSA-5PRR-V3J2-97MH Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

Summary Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an...

CVE-2026-21768

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

GHSA-2H46-9X5W-4WF7 Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind

Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...

CVE-2026-21768 HCL Verse for Android is susceptible to an injection vulnerability

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...