CVE-2026-9037

The CVE-2026-9037 issue affects the XCharge C6 charging controller’s firmware update mechanism. The firmware update process does not validate the authenticity of firmware packages delivered via the device management interface, because cryptographic signatures are not verified. An attacker with ac...

CVE-2026-49128

Music Player Daemon (MPD) up to version 0.24.11 contains a path traversal vulnerability in the local storage plugin, specifically LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8, where on-disk paths are constructed by simple string joins of the storage root and a user-supplied URI without ca...

CVE-2026-46439

Summary: A high-severity Server-Side Template Injection (SSTI) vulnerability affects the trestle author jinja command in the Compliance-Trestle project, as reported in the GitHub advisory GHSA-GG2G-P7XC-QQMM. The issue arises from recursive rendering of Jinja templates without sandboxing, allowin...

CVE-2026-49127

MPD

CVE-2026-46685

RustFS 1.0.0-beta.2 fixes a CORS bug in the S3 listener. Before the fix, if RUSTFS_CORS_ALLOWED_ORIGINS is unset, ConditionalCorsLayer would echo any Origin back as Access-Control-Allow-Origin and set Access-Control-Allow-Credentials: true and Access-Control-Allow-Headers: *, including preflight ...

CVE-2026-45039

RustFS prior to 1.0.0-beta.2 uses an HMAC-SHA256 signature for internode RPC authentication that falls back to DEFAULT_SECRET_KEY = "rustfsadmin" if neither RUSTFS_RPC_SECRET nor the global S3 secret key is configured. The vulnerability arises from get_shared_secret() in crates/ecstore/src/rpc/ht...

CVE-2026-45040

RustFS (Rust-based distributed object storage) prior to version 1.0.0-beta.2 leaks sensitive credentials in logs when RUST_LOG=debug, including SessionToken (JWT), SecretAccessKey, and full JWT claims. The issue’s impact is information disclosure in server logs. Mitigation is upgrading to 1.0.0-b...

CVE-2026-45041

CVE-2026-45041 affects RustFS prior to 1.0.0-beta.2, where crates/appauth/src/token.rs embeds a 2048-bit RSA private key (TEST_PRIVATE_KEY) as a string constant and uses it in production to verify licenses. This allows anyone who can read the source or extract the key from binaries to mint arbitr...

CVE-2026-45042

RustFS is a distributed object storage system in Rust. Prior to 1.0.0-beta.2, the UploadPartCopy operation could copy objects across buckets without enforcing destination bucket policy on the source, because the implementation separately validates GetObject on the source and PutObject on the dest...

CVE-2026-45044

RustFS prior to 1.0.0-beta.2 is vulnerable. The admin router’s whitelist of /profile/cpu and /profile/memory from authentication allows any unauthenticated client to invoke profiling handlers. On supported builds (e.g., glibc), the handler runs a fixed 60-second CPU profiling operation, potential...

CVE-2026-47136

CVE-2026-47136 affects RustFS, a distributed object storage system written in Rust. The issue is an unauthenticated exposure of license metadata via the console endpoint GET /rustfs/console/license, which is accessible to any client that can reach the console listener and returns JSON containing ...

CVE-2026-47337

The CVE-2026-47337 issue affects Ubuntu Linux platforms (6.8, 6.17, 7.0) that include SAUCE patches. A NULL pointer dereference can occur in the handling of AF_INET/AF_INET6 socket mediation, potentially allowing an unprivileged local user to trigger a kernel oops. Affected component is the kerne...

CVE-2026-47336

Ubuntu Linux 6.8 is affected by a SAUCE patch issue in AppArmor AF_INET/AF_INET6 socket mediation code due to an uninitialized variable, exploitable by an unprivileged local user and potentially causing incorrect fine-grained mediation of network sockets. The CVE description and related documents...

CVE-2026-47335

CVE-2026-47335 : Ubuntu Linux 6.8 reportedly contains SAUCE patches and a possible NULL pointer dereference in AppArmor notification handling, exploitable by an unprivileged local user and capable of triggering a kernel panic. The connected sources provide minimal details beyond this description;...

CVE-2026-47334

The CVE-2026-47334 entry affects Ubuntu Linux versions 6.8, 6.17 and 7.0 where AppArmor SAUCE patches sleep while holding a spinlock in notification handling code. The underlying issue is a spinlock misuse in the notification path triggered by an unprivileged local user, which can lead to kernel ...

CVE-2026-47333

Summary (MODE C) : Ubuntu Linux 6.8, 6.17 and 7.0 include AppArmor SAUCE patches which may miscompute an internal buffer size, causing a heap memory out-of-bounds read in the AppArmor DFA policy engine’s notification handling code. The issue can be triggered by an unprivileged local user and can ...

CVE-2026-47332

CVE-2026-47332 affects Ubuntu Linux releases 6.8, 6.17 and 7.0 where AppArmor SAUCE patches incorrectly validate the size of an internal structure in notification handling. Root cause: size validation flaw leading to an out-of-bounds read in the notification path. Impact: information disclosure f...

CVE-2026-47331

CVE-2026-47331 affects Ubuntu Linux 6.8 and involves AppArmor SAUCE patches. The issue is a race condition caused by a failure to acquire a lock when modifying a linked list, which can lead to a use-after-free (UAF). An unprivileged local user could trigger this condition, with theoretical arbitr...

CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches that can use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses. Affected component: AppArmor/notif...

CVE-2026-47329

CVEs-2026-47329 affects Ubuntu Linux releases 6.8, 6.17 and 7.0 due to SAUCE patches failing to validate invalid sizes of the name field in AppArmor notification responses. The issue can be triggered by an unprivileged local user and may cause incorrect handling of crafted responses. Root cause: ...

CVE-2026-47328

The CVE affects Ubuntu Linux versions 6.8, 6.17 and 7.0, where AppArmor SAUCE patches incorrectly free a pointer that was not kmalloc’d and leak memory. The vulnerability can be triggered by an unprivileged local user and may lead to slab metadata corruption and resource exhaustion. Root cause: d...

CVE-2026-47327

CVE-2026-47327 affects Ubuntu Linux 6.8, 6.17 and 7.0 where SAUCE patches introduce a NULL pointer dereference in AppArmor notification handling. The flaw can be triggered by an unprivileged local user and may lead to a kernel oops. The available documents do not provide exploit code, specific vu...

CVE-2026-46380

The GHSA advisory describes SSRF in the compliance-trestle project (trestle/core/remote/cache.py). The HTTPSFetcher._do_fetch() passes a user-supplied URL directly to requests.get() without validation, enabling Server-Side Request Forgery to internal services or cloud metadata endpoints (e.g., 16...

CVE-2026-47326

The CVE-2026-47326 issue concerns Ubuntu Linux versions 6.8, 6.17 and 7.0 affected by SAUCE patches introducing a memory leak in the handling of large AppArmor notification responses. The vulnerability can be triggered by an unprivileged local user, with the resulting leak potentially causing res...

CVE-2026-45332

Affected software: Automad (flat-file CMS/template engine). Vulnerability: Broken Access Control allowing an unauthenticated attacker to retrieve bcrypt password hashes of all administrator accounts (and, in 2.0.0-beta.27, TOTP secrets) via the publicly accessible /_api/user-collection/create-fir...

CVE-2026-4944

The provided documents describe a vulnerability in vllm-project/vllm version 0.14.1 where trust_remote_code is hardcoded to True in nemotron_vl.py and kimi_k25.py, bypassing user-specified --trust-remote-code=False and enabling remote code execution via malicious HuggingFace model repositories. T...

CVE-2026-43979

CVE-2026-43979 affects Local Deep Research. Before 1.6.0, PDFService._markdown_to_html() embeds user-supplied title and metadata into HTML without escaping, allowing HTML injection in the PDF export flow. This can chain into SSRF via WeasyPrint when rendering the PDF, bypassing existing SSRF defe...

CVE-2026-46526

CVE-2026-46526 concerns Local Deep Research. Before version 1.6.10, the URL validation flow had a logical flaw that could bypass SSRF protections because parsing differed between urlparse and the HTTP request library. The code first runs SSRF checks via validate_url and then uses requests.get to ...

CVE-2026-46509

CVE-2026-46509 affects the deepobj library. The vulnerability is prototype pollution arising when property paths contain proto /constructor/prototype, enabling modification of object prototypes. A fixed version is 1.0.3. Affected information is supported by multiple sources (NVD/NVD entry and CVE...

CVE-2026-43898

CVE-2026-43898 affects SandboxJS. Before version 0.9.6, sandboxed functions could access the host runtime via Function.caller, leaking the internal LispType.Call callback and enabling sandbox escapes that allow execution of arbitrary host JavaScript. The root cause is leakage through sandboxed fu...

CVE-2026-45307

Speakr prior to 0.8.20-alpha is vulnerable to an open redirect via the is_safe_url() helper. The validation used urljoin(request.host_url, target) before parsing, so a scheme-relative input like ////evil.com is resolved to a same-host URL during validation but is emitted verbatim in the Location ...

CVE-2026-45021

Kuma CVE-2026-45021 describes a cross-origin exposure in the default kuma-cp config where CorsAllowedDomains: "." and LocalhostIsAdmin: true enable a browser-based attacker to fetch admin credentials from the control plane. Before versions 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, a malicious...

CVE-2026-46345

CVE-2026-46345 maps to a GitHub Advisory for compliance-trestle (trestle/core/commands/author/jinja.py) describing an Arbitrary File Write via Path Traversal. The root cause is insufficient validation of the -o/--output path, allowing traversal sequences (../, ..) and absolute paths. This enables...

CVE-2026-45774

CVE-2026-45774: The connected advisory details a path-traversal in IBM/compliance-trestle v4.0.2 where trestle:// URIs and relative paths bypass workspace boundaries, enabling reading arbitrary server files (e.g., /etc/passwd, /root/.aws/credentials) during OSCAL profile imports. Root cause is la...

CVE-2026-45311

The CVE concerns the DeepSeek-TUI run_tests tool, where versions 0.3.0–0.8.23 auto-run cargo test without user approval, enabling execution of arbitrary code via test code and build scripts. The root cause is that tests are auto-approved, allowing attacker-controlled test code in a malicious repo...

CVE-2026-45310

CVE-2026-45310 describes an SSRF via HTTP redirect bypass in CodeWhale’s fetch_url tool (DeepSeek TUI). Before version 0.8.22, fetch_url validates the initial URL against a restricted-IP blocklist, but the HTTP client follows up to 5 redirects without re-validating the redirect targets, potential...

CVE-2026-45373

CodeWhale: SSRF bypass in DeepSeek-TUI (CodeWhale via DeepSeek + MiMo) allows http://[::1] to bypass hostname validation prior to 0.8.26. The vulnerability stems from SSRF defenses not handling IPv6 literals correctly, enabling access to internal resources. Affected version is before 0.8.26; reme...

CVE-2026-45374

CVE-2026-45374 affects CodeWhale’s DeepSeek+MiMo task_create flow. Before version 0.8.26, sub-agents inherit two insecure defaults: allow_shell = true and auto_approve = true, enabling unrestricted, unapproved shell access after user approval of a task_create prompt. This can lead to remote comma...

CVE-2026-45058

The CVE-2026-45058 issue affects electerm (versions 3.8.8 and earlier). The root cause is persistent local-pty code execution via imported bookmarks or compromised sync targets, allowing an attacker to inject exec* fields or global config. This can cause remote code to run when a bookmark is open...

CVE-2026-45353

CVE-2026-45353 affects electerm (3.0.6–3.8.8); the vulnerability arises from the single-instance socket allowing local code execution via a crafted JSON payload, enabling a same-user process to spawn attacker-controlled local processes. The issue is resolved in 3.9.0 (official fix); some sources ...

CVE-2026-45787

The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...

CVE-2026-45306

Summary: CVE-2026-45306 affects pyLoad. Before 0.5.0b3.dev100, the fix for CVE-2026-33509 did not protect the Flask session directory (/tmp/pyLoad/flask) from a manipulated storage_folder, enabling an authenticated attacker to set storage_folder to the session directory and download other users’ ...

CVE-2026-45348

CVE-2026-45348 affects pyLoad before version 0.5.0b3.dev100, where an unsanitized link URL interpolated in a template literal within packages.js allows stored XSS in the Downloads view. Attack surface: authenticated operators can submit a package link that injects HTML/JS, which gets rendered via...

CVE-2026-46561

CVE-2026-46561 concerns pyLoad/pyload-ng SSRF via the parse_urls API. The vulnerability arises because HTTPRequest uses allow_private_ip = True by default, allowing redirects to private IPs to be followed after initial URL validation passes is_global_host. The parse_urls flow validates the initia...

CVE-2026-44794

Summary of CVE-2026-44794 Nautobot’s REST API, prior to versions 2.4.33 and 3.1.2, failed to enforce user permissions when validating inter-object references made via GenericForeignKey during create/update of objects containing such references. This could allow a user to reference an object they ...

CVE-2026-44796

Nautobot contains a DoS vulnerability in UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) where maliciously crafted regular expressions in the find field, when used with the use_regex flag, can cause an application-wide denial of service. The issue affects pre-fix versions ...

CVE-2026-44797

Nautobot fixes CVE-2026-44797: the Webhook data model could be configured by users with sufficient access to issue requests to internal hosts/IPs, enabling SSRF-like behavior. Affected versions prior to 2.4.33 and 3.1.2 are impacted; remediation is to upgrade Nautobot to 2.4.33 or 3.1.2 or newer....

CVE-2026-44798

CVE-2026-44798 affects Nautobot before versions 2.4.33 and 3.1.2, where a user with access to add/change a GitRepository could misuse the REST API to directly set the repository’s current_head field, which was not intended to be user-editable. This could cause local clones to checkout a non-lates...

CVE-2026-45323

Summary: CVE-2026-45323 affects MeshCore Card for Home Assistant. Before version 0.3.3, node names in the meshcore-card were rendered without HTML escaping, enabling an attacker within direct or indirect (repeated) radio range to inject arbitrary JavaScript in the Home Assistant frontend of any v...

CVE-2026-45296

OpenReplay before 1.26.0 exposes cross-tenant risks via the Python API app_apikey routes that trust a caller-provided projectKey after validating only the API key and existence of the projectKey. The authorization flow fails to bind the authenticated API key to the correct tenant, enabling an att...