CVE-2026-8112

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-42826

Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network...

CVE-2026-35428

Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-35435

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-34327

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-33844

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

CVE-2026-33823

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network...

CVE-2026-32207

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-33109

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

CVE-2026-33111

Improper neutralization of special elements used in a command 'command injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

CVE-2026-41105

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

CVE-2026-26129

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-26164

Improper neutralization of special elements in output used by a downstream component 'injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-42449

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in...

CVE-2026-42047

Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...

CVE-2026-8098

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2026-8097

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

CVE-2026-41691

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

CVE-2026-41692

i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in...

CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

CVE-2026-39826

If a trusted template author were to write a...

CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

CVE-2026-42499

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

CVE-2026-8087

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...

CVE-2026-42259

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

CVE-2026-42241

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

CVE-2026-43510

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30...

CVE-2026-42239

Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...

CVE-2026-42225

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

CVE-2026-8086

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly...

CVE-2026-41653

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

CVE-2026-8084

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

CVE-2026-42284

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...

CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

CVE-2026-8083

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be...

CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

CVE-2026-41906

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

CVE-2026-44742

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

CVE-2026-41905

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...