CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

org.webjars.npm:npmcli__agent (>=2.2.2 <=3.0.0), org.webjars.npm:pac-proxy-agent (=4.1.0) +6 more potentially affected by CVE-2026-42338 via org.webjars.npm:ip-address (>=5.8.9 <=9.0.5)

org.webjars.npm:ip-address MAVEN version =5.8.9, =2.2.2, =2.8.3, =5.0.0, =8.0.5 - org.webjars.npm:socks5-client =1.2.6 - org.webjars.npm:socks5-http-client =1.0.4 - org.webjars.npm:socks5-https-client =1.2.1 Source cves: CVE-2026-42338 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16636414...

PT-2026-37201

CVE-2026-42312 pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set config value API method @permissionPerms.SETTINGS in src/p… https://t.co/ADtnuQJj56...

CVE-2026-41196

Luanti (formerly Minetest) has a sandbox escape in LuaJIT affecting versions 5.0.0 through 5.15.1 (prior to 5.15.2). A malicious mod can escape the sandboxed Lua environment and run arbitrary code with full filesystem access on the user’s device, across server-side mods (including async and mapge...

Security Bulletin: IBM Guardium Data Protection is affected by a spring-security-config-5.8.14.jar vulnerability (CVE-2024-38827)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working...

CVE-2026-25361

CVE-2026-25361 affects the WordPress plugin set described in the provided documents as a reflection-based cross-site scripting issue. The Initial Description states a Reflected XSS in magepeopleteam WpEvently mage-eventpress, impacting WpEvently versions from n/a through

CVE-2026-28816

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission...

CVE-2026-4742

creationtimestamp| type| source ---|---|--- 2026-03-24 03:17:30+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4742...

CVE-2026-32044

creationtimestamp| type| source ---|---|--- 2026-03-22 03:00:05+00:00| seen| https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j...

CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

CVE-2026-3910

creationtimestamp| type| source ---|---|--- 2026-03-12 23:10:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgvji6tzjd2u 2026-03-13 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0286/ 2026-03-13 01:52:18+00:00| seen|...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-31901 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-31901 Source advisory: OSV:GHSA-W54V-HF9P-8856...

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @aayshian/n8n-aisensy-ay19 (=0.0.1) +95 more potentially affected by CVE-2026-27498 via n8n-core (>=2.0.0 <=2.1.1)

n8n-core NPM version =2.0.0, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.3.6, =0.1.0, =1.0.0, =0.1.4, =0.1.0, =0.1.13 and more Source cves: CVE-2026-27498 Source advisory: SNYK:JS-N8NCORE-15357608...

CVE-2026-24355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

CVE-2025-14075 WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

CVE-2025-60064

creationtimestamp| type| source ---|---|--- 2025-12-18 09:48:35+00:00| seen| https://gist.github.com/Darkcrai86/8c4e548566ada935ff7b3f76a2e0b3f9...

OESA-2025-2754 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

CVE-2025-12382

Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...