CVE-2026-54777

Technical details for CVE-2026-54777 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates.

CVE-2026-54776

Technical details for CVE-2026-54776 are not publicly available in the provided documents. Monitor for updates .

CVE-2026-54775

Technical details for CVE-2026-54775 are not publicly available in the provided documents; monitor for updates.

CVE-2026-54774

Technical details for CVE-2026-54774 are not publicly available in the provided documents; no affected products, impact, or remediation are disclosed. Monitor for updates from the reserving entity.

CVE-2026-54773

Technical details for CVE-2026-54773 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-54772

Technical details for CVE-2026-54772 are not publicly available in the provided documents. Monitor for updates from the disclosure party when more information is released.

CVE-2026-55865

Technical details for CVE-2026-55865 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-47645

Summary: CVE-2026-47645 is an open redirect vulnerability in Microsoft 365 Copilot’s Business Chat that can lead to privilege escalation over a network. The issue is described across sources (NVD/MSRC/CVE records) as a url redirection to an untrusted site, with a CVSS v3.1 base score of 8.8 (HIGH...

CVE-2026-48582

This CVE affects Microsoft Exchange Online. Missing authorization could allow an attacker with low privileges and network access (no user interaction) to elevate privileges (impact: high confidentiality and integrity, no availability impact) per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, base...

CVE-2026-50519

The CVE-2026-50519 entry concerns GitHub Copilot and Visual Studio Code, where initialization of a resource with an insecure default may allow an unauthenticated attacker to disclose information over a network. The connected MSRC/NVD records confirm the impact as information disclosure with netwo...

CVE-2026-48584

CVE-2026-48584 affects Microsoft Azure Synapse. An authorized attacker with low privileges and network access can execute with unnecessary privileges to elevate to higher privileges across the system, with potential impact to confidentiality, integrity and availability (CVSS 3.1: CRITICAL, AV:N/A...

CVE-2026-45480

CVE-2026-45480 affects Azure Active Directory; improper authentication enables elevation of privileges over a network. The CVSS 3.1 score is 10.0 (CRITICAL) with network attack vector, no user interaction, and HIGH impact on confidentiality, integrity, and availability. No specific patch version ...

CVE-2026-42895

CVE-2026-42895 describes an improper neutralization of special elements used in a command ("command injection") in Microsoft Copilot, allowing a remote attacker to tamper with data over a network. The available sources identify the affected product as Microsoft Copilot and classify the vulnerabil...

CVE-2026-32208

CVE-2026-32208 is a cross-site scripting vulnerability in Microsoft Edge (Chromium-based) caused by improper neutralization of input during web page generation, enabling an authorized attacker to spoof users over a network. Affected product: Microsoft Edge (Chromium-based). Impact is rated High f...

CVE-2026-50559

The CVE-2026-50559 entry affects Quarkus HTTP path-based authorization. It allows bypass via encoded characters (semicolons %3B, slashes %2F, backslashes %5C) to smuggle matrix parameters or access protected static resources, before patches in versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, ...

CVE-2026-48794

CVE-2026-48794 affects Authelia (versions 4.36.0–4.39.19). A domain canonicalization edge case can cause an access control rule to be skipped when it should match a request, under very specific conditions involving forwarded authorization, multi-segment subdomains (e.g., a.b.example.com vs exampl...

CVE-2026-47203

CVE-2026-47203 (Authelia) affects Authelia 4.38.0–4.39.19 where using Basic Auth on the authz verification endpoint exposes a bug: the username extracted from the Authorization header is passed to the ban/attempt regulation as-is, while LDAP binds are case-insensitive but regulation SQL lookups c...

CVE-2026-48129

Kestra CVE-2026-48129 concerns a path traversal in the task inputFiles feature. Before versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, rendered file names could be prefixed with ../, allowing a caller handling untrusted data or webhook data to create or overwrite files outside the task working direc...

CVE-2026-49346

CVE-2026-49346 affects libde265 up to version 1.0.x; a crafted H.265 bitstream with large SPS dimensions and 16-bit depth triggers a signed integer overflow in de265_image_get_buffer(), causing an undersized allocation (~1 KB) but later writing ~4 GB due to size_t math in fill_image. This is fixe...

CVE-2026-49295

CVE-2026-49295 affects libde265. Before version 1.0.20, crafted H.265 bitstreams can trigger an out-of-bounds write in decoder_context::process_reference_picture_set() due to a missing aggregate bound check on predicted short-term reference picture set entries; while individual list sizes are che...

CVE-2026-49337

CVE-2026-49337 affects libde265 prior to 1.0.20. A crafted sequence of H.265 NAL units lets decoder_context::read_slice_NAL() attach slice headers to a finished picture object with no active image unit, causing attacker-controlled unbounded heap growth. The headers are retained until the picture ...

CVE-2026-48787

CVE-2026-48787 affects gin-vue-admin (AI-assisted basic development platform) in version 2.9.1. An authenticated attacker with access to the code-generation feature and MCP management interface can inject attacker-controlled Go source code via POST /autoCode/addFunc, then trigger a rebuild of the...

CVE-2026-48089

CVE-2026-48089 affects DevGuard. Before patch 1.4.2, an authenticated user, including from other orgs with no membership, could write and manage VEX rules and related vulnerability-triage endpoints on assets marked public. The root cause is improper authorization for public assets, enabling write...

CVE-2026-54898

The connected GitHub advisory documents a heap use-after-free in the Oj gem (Oj::Parser) when a SAJ/SAJ2 callback mutates the input JSON during parsing. Specifically, parser_parse stores a const byte* pointer into Ruby’s string buffer, and if a callback resizes the string (e.g., via String#replac...

CVE-2026-54897

Affected software: oj gem (Ruby). The GitHub advisory describes a heap use-after-free in Oj::Doc iterators (each_value, each_child, each_leaf) via reentrant close. Root cause: iterators in ext/oj/fast.c free the backing buffer if the yielded block calls close, then resume reading freed memory. Im...

CVE-2026-54896

The connected advisory describes a heap-buffer-overflow vulnerability in Oj.dump when dumping Exception objects with a large indent (indent: 5000) in the Oj gem. The issue occurs because the serializer allocates a buffer based on the serialized content but does not account for indentation, allowi...

CVE-2026-55778

The connected GHSA for parse-server describes a stored XSS vulnerability enabled by bypassing the default fileUpload.fileExtensions blocklist. Attackers can upload a file with a non-standard/compound extension and a dangerous content type, and on storage adapters that persist and serve content by...

CVE-2026-54592

The connected advisory documents reveal a vulnerability in the Oj Ruby library, specifically in Oj::Doc#each_child. Deeply nested untrusted JSON input can drive the doc’s internal stack and a fixed-size buffer overflow, causing a denial of service via abort. Impact is a crash on deeply nested pay...

CVE-2026-54528

CVE-2026-54528 / GHSA-436Q-JWFR-RM2H describes a case-sensitivity bypass in jupyterlab-git 0.53.0 where the exclusion check uses fnmatchcase(), which is always case-sensitive. On case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), an authenticated user can bypass admin-configured exclu...

CVE-2026-54527

The CVE entry relates to the jupyterlab-git extension for JupyterLab. A stored XSS vulnerability exists in the createHeader() method of PlainTextDiff.ts: filenames from rename history are passed directly to innerHTML without sanitization when rendering diffs, enabling an attacker with commit acce...

CVE-2026-54500

CVE-2026-54500 relates to the Ruby Oj (Oj.load in :object mode) library. The advisory describes an uninitialized stack read in ext/oj/intern.c, function form_attr(), where a long-key path can cause rb_intern3 to read from an uninitialized stack buffer, and for keys ≥ 256 bytes an out-of-bounds re...

CVE-2026-54499

The CVE-2026-54499 entry is linked to a GitHub advisory for Stanza: unsafe pickle deserialization during model loading. The flaw arises in Stanza 1.12.0’s pretrain loading (and related loaders) where a safe weights_only load is followed by an unsafe fallback to a full pickle load if UnpicklingErr...

CVE-2026-54317

The connected GitHub advisory confirms a vulnerability in the Home Assistant Konnected integration. The endpoint /api/konnected/device/{device_id} exposes unauthenticated GET responses that reveal live alarm-panel state (zone/state) and topology, while POST/PUT on the same URL require a Bearer to...

CVE-2026-54297

The connected advisory confirms a Denial of Service in Faraday through Uncontrolled Recursion in NestedParamsEncoder (Faraday::NestedParamsEncoder) when parsing deeply nested query strings. Affected: Faraday v2.x (tested v2.14.2-2-g59334e0); vulnerable code is in lib/faraday/encoders/nested_param...

CVE-2026-54502

The connected advisory for GHSA-3V45-F3VH-WG7M documents a stack-based buffer overflow in the oj gem when Oj.dump is called with a large indent value. Specifically, dump.h’s fill_indent uses memset with a size derived from opts->indent and depth without validating the range, allowing indent to...

CVE-2026-48774

Summary : ProxySQL 3.0.0–3.0.8 allows read-only requests to execute multi-statement backends, enabling unintended writes via the MCP run_sql_readonly tool. The input validator uses a blacklist/allowlist on the first statement, but then runs the full string against a backend connection created wit...

CVE-2026-54899

This CVE corresponds to a use-after-free in Oj:Parser symbol key cache toggle (Oj gem). Disabling symbol_keys on a reused Oj::Parser frees the internal key cache but does not null the d->key_cache pointer. The next parse reads from freed memory, causing a heap-use-after-free (as documented by ...

CVE-2026-48772

ProxySQL (versions 2.0.0–3.0.8) is vulnerable to a PROXY protocol v1 UNKNOWN frame bypass. The frontend accepts the PROXY UNKNOWN header and, despite the spec requiring ignoring the address fields, ProxySQL parses them via sscanf and writes a spoofed source address into the session, feeding i...

CVE-2026-48773

Summary of CVE-2026-48773 : ProxySQL (versions 2.0.18–3.0.8) contains a pre-authentication heap memory corruption in the MySQL/PostgreSQL protocol first-read paths. A remote, unauthenticated client can declare an oversized first packet length, and ProxySQL passes that attacker-controlled length t...

CVE-2026-49345

CVE-2026-49345 affects Mercator before 2025.05.19. The SSRF flaw resides in the CVE configuration panel (/admin/config/parameters) where ConfigurationController.testProvider() passes user input directly to curl_init() without validating scheme/host/IP. An authenticated user with configure permiss...

CVE-2026-23879

The connected advisory GHSA-q6rc-2cgv-63h7 documents an arbitrary file write vulnerability in py7zr (1.1.0, latest) where symbolic links can be crafted to bypass destination-directory restrictions during extractall. The root cause is insufficient checks on the full symlink path resolution, allowi...

CVE-2026-49344

Mercator (open source mapping app) prior to version 2025.05.19 is affected by CVE-2026-49344. The Query Engine endpoint /admin/queries/execute does not enforce an authorization gate, allowing any authenticated account (including read-only Auditor) to query models outside the intended scope (e.g.,...

CVE-2026-48715

CVE-2026-48715 affects the radvddump utility shipped with radvd (prior to v2.21). The issue is a stack buffer overflow in the Route Information option parser: during processing of a crafted ICMPv6 Router Advertisement, print_ff() copies up to 2032 bytes from packet data into a 16-byte on-stack st...

CVE-2026-49342

YARD (Ruby) prior to 0.9.44 is affected: its static cache lookup reads the request path before router path cleanup, allowing a traversal like /../yard-cache-secret.html to be joined with a document root and retrieve a sibling .html outside the intended static tree. The issue is addressed in versi...

CVE-2026-49340

gonic is a music streaming server / Subsonic API implementation. Before v0.21.0, a logic error in ServeCreateOrUpdatePlaylist lets any authenticated Subsonic user, including non-admins, write playlist M3U content to an attacker-controlled absolute filesystem path on the host and create intermedia...

CVE-2026-49338

The CVE covers gonic, a Subsonic-compatible music server. Before 0.21.0, Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view allowed any authenticated user to delete or read any other user’s private playlist due to missing per-resource authorization. The playlist ID is bas...

CVE-2026-27878

Grafana Tempo is affected by CVE-2026-27878 due to a TraceQL query that uses a large exemplars hint value, which can cause the Tempo instance to allocate excessive memory and crash (out-of-memory) for an authenticated user, enabling a denial of service. The public documents describe the issue and...

CVE-2026-12726

AWX/AUTOMATION-CONTROLLER GitHub webhook integration vulnerability (CVE-2026-12726): processing of GitHub pull_request webhooks stores statuses_url from the payload without validating it points to a trusted GitHub API endpoint. If a job template uses a GitHub Personal Access Token as the webhook ...

CVE-2026-9375

urllib3 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API when Brotli is enabled and preload_content is False. Three code paths in response.py bypass the max_length protection added in 2.6.0 to mitigate CVE-2025-66471: (1) negative max_length can result from buffer arithmeti...

CVE-2026-12238

The WP Go Maps WordPress plugin (up to version 10.1.01) is vulnerable to an authorization bypass that allows unauthenticated attackers to create arbitrary records in plugin tables (maps, markers, circles, polygons, polylines, rectangles, and point labels) by supplying a WPGMZA-namespaced CRUD-bac...