CVE-2026-28680 Ghostfolio: Full-Read SSRF in Manual Asset Import

Ghostfolio is an open source wealth management software. Prior to version 2.245.0, an attacker can exploit the manual asset import feature to perform a full-read SSRF, allowing them to exfiltrate sensitive cloud metadata IMDS or probe internal network services. This issue has been patched in...

CVE-2026-25962

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...

PT-2026-23644

Name of the Vulnerable Software and Affected Versions OpenSift versions prior to 1.6.3-alpha Description OpenSift is an AI study tool that uses semantic search and generative AI to process large datasets. The URL ingest pipeline had insufficient restrictions on user-controlled remote URLs, creati...

CVE-2026-29081

CVE-2026-29081 affects the Frappe framework. Before versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection via specially crafted requests stemming from improper fieldname sanitization, allowing an attacker to extract sensitive information. The issue has been patched in versio...

CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

PT-2026-23509

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 14.100.1 Frappe versions prior to 15.100.0 Description Frappe, a full-stack web application framework, had an endpoint susceptible to SQL injection. Specifically, crafted requests could exploit this weakness, potential...

BIT-DISCOURSE-2026-28227 Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...

BIT-DISCOURSE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

BIT-DISCOURSE-2026-26979 Discourse: TL4 users are able to change status of restricted topics

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...

OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind

Summary For host=node runs, approvals validated command context but did not pin executable identity for non-path-like argv0 tokens for example tr. If PATH resolution changed after approval, execution could run a different binary. Impact A previously approved action could execute a different...

CVE-2026-28399

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...

EUVD-2025-208160

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

CVE-2026-27021

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any post. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the...

CVE-2026-28422

Vim prior to 9.2.0078 has a stack-buffer-overflow in build_stl_str_hl() triggered when rendering a statusline with a multi-byte fill character on very wide terminals. The issue is fixed in version 9.2.0078 . The CVSS data indicates low impact (I/L) with local attack requirements and user interact...

PT-2026-22116

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet’s certificate template deletion API had a broken authorization check. This allowed a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. T...

CVE-2026-27799 ImageMagick has a heap Buffer Over-read in its DJVU image format handler

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

GHSA-VPCF-GVG4-6QWR n8n: Expression Sandbox Escape Leads to RCE

Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...

CVE-2026-27794

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...

CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

CVE-2026-25591

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...