CVE-2026-45058

The CVE-2026-45058 issue affects electerm (versions 3.8.8 and earlier). The root cause is persistent local-pty code execution via imported bookmarks or compromised sync targets, allowing an attacker to inject exec* fields or global config. This can cause remote code to run when a bookmark is open...

CVE-2026-45353

CVE-2026-45353 affects electerm (3.0.6–3.8.8); the vulnerability arises from the single-instance socket allowing local code execution via a crafted JSON payload, enabling a same-user process to spawn attacker-controlled local processes. The issue is resolved in 3.9.0 (official fix); some sources ...

CVE-2026-45787

The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...

CVE-2026-45306

Summary: CVE-2026-45306 affects pyLoad. Before 0.5.0b3.dev100, the fix for CVE-2026-33509 did not protect the Flask session directory (/tmp/pyLoad/flask) from a manipulated storage_folder, enabling an authenticated attacker to set storage_folder to the session directory and download other users’ ...

CVE-2026-45348

CVE-2026-45348 affects pyLoad before version 0.5.0b3.dev100, where an unsanitized link URL interpolated in a template literal within packages.js allows stored XSS in the Downloads view. Attack surface: authenticated operators can submit a package link that injects HTML/JS, which gets rendered via...

CVE-2026-46561

CVE-2026-46561 concerns pyLoad/pyload-ng SSRF via the parse_urls API. The vulnerability arises because HTTPRequest uses allow_private_ip = True by default, allowing redirects to private IPs to be followed after initial URL validation passes is_global_host. The parse_urls flow validates the initia...

CVE-2026-44794

Summary of CVE-2026-44794 Nautobot’s REST API, prior to versions 2.4.33 and 3.1.2, failed to enforce user permissions when validating inter-object references made via GenericForeignKey during create/update of objects containing such references. This could allow a user to reference an object they ...

CVE-2026-44796

Nautobot contains a DoS vulnerability in UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) where maliciously crafted regular expressions in the find field, when used with the use_regex flag, can cause an application-wide denial of service. The issue affects pre-fix versions ...

CVE-2026-44797

Nautobot fixes CVE-2026-44797: the Webhook data model could be configured by users with sufficient access to issue requests to internal hosts/IPs, enabling SSRF-like behavior. Affected versions prior to 2.4.33 and 3.1.2 are impacted; remediation is to upgrade Nautobot to 2.4.33 or 3.1.2 or newer....

CVE-2026-44798

CVE-2026-44798 affects Nautobot before versions 2.4.33 and 3.1.2, where a user with access to add/change a GitRepository could misuse the REST API to directly set the repository’s current_head field, which was not intended to be user-editable. This could cause local clones to checkout a non-lates...

CVE-2026-45323

Summary: CVE-2026-45323 affects MeshCore Card for Home Assistant. Before version 0.3.3, node names in the meshcore-card were rendered without HTML escaping, enabling an attacker within direct or indirect (repeated) radio range to inject arbitrary JavaScript in the Home Assistant frontend of any v...

CVE-2026-45296

OpenReplay before 1.26.0 exposes cross-tenant risks via the Python API app_apikey routes that trust a caller-provided projectKey after validating only the API key and existence of the projectKey. The authorization flow fails to bind the authenticated API key to the correct tenant, enabling an att...

CVE-2026-45297

OpenReplay (self-hosted) before 1.26.0 is affected by a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. The root cause involves ProjectAuthorizer.call only performing authorization checks when projectIdentifier == "projectId" (camelCase), and, for EE mult...

CVE-2026-34126

Summary: CVE-2026-34126 affects TP-Link Tapo devices (L535E v1.0/v3.0, P300 v1.0, D100C v1.0). During the initialization phase, Bluetooth communication is transmitted in cleartext without encryption. A nearby attacker could exploit this via Bluetooth sniffing or man-in-the-middle to eavesdrop on ...

CVE-2026-44543

Local Path Provisioner (rancher/local-path-provisioner) is affected. Before version 0.0.36, a user with edit rights on the local-path-config ConfigMap can inject a malicious helperPod.yaml into the template used to create HelperPods during PVC provisioning/cleanup. The attacker-controlled templat...

CVE-2026-45292

The CVE-2026-45292 issue affects OpenTelemetry Java components: baggage propagation in opentelemetry-api and opentelemetry-extension-trace-propagators prior to 1.62.0. The vulnerability arises from parsing oversized baggage, causing unbounded memory allocation and high CPU usage, with baggage re-...

CVE-2026-9098

Casdoor versions up to 2.362.0 expose a SAML flaw: the /api/acs callback accepts any well-formed SAMLResponse without tying it to a prior AuthnRequest. If an administrator disables or deletes an IdP during a flow, the handler still uses the initial provider snapshot, enabling unsolicited SAML res...

CVE-2026-9097

CVE-2026-9097 affects Casdoor

CVE-2026-9096

CVE-2026-9096 affects Casdoor

CVE-2026-9095

Casdoor CVE-2026-9095 affects versions 2.362.0 and earlier. The ParseSamlResponse() in object/saml_sp.go maps retrieved SAML assertions directly to user sessions without replay protection, lacking an assertion ID cache, OneTimeUse enforcement, or replay detection in the SAML SP code path. This en...

CVE-2026-9094

Casdoor vulnerability CVE-2026-9094 affects versions 2.362.0 and earlier. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token user belongs to the same organization as the target application, enabling cross-organization token exch...

CVE-2026-41141

EspoCRM prior to 9.3.5 is vulnerable via POST /api/v1/EmailTemplate/:id/prepare where providing an emailAddress lets an authenticated user with EmailTemplate read permission resolve the owning entity (Contact/Lead/Account/User) without ACL checks, leaking all field values and bypassing read: own/...

CVE-2026-41160

CVE-2026-41160 describes a Broken Access Control (IDOR) in EspoCRM prior to 9.3.5 where low-privilege users could pin notes without proper edit permissions due to a write-first, authorize-later flaw in the POST /api/v1/Note/{id}/pin path. The root cause is in application/Espo/Tools/Stream/Api/Pos...

CVE-2026-9093

Casdoor versions 2.362.0 and earlier have a SAML vulnerability where the SAML service provider does not validate AudienceRestriction. The buildSp function does not set AudienceURI on the gosaml2 SAMLServiceProvider and does not inspect WarningInfo.NotInAudience, allowing assertions issued for oth...

CVE-2026-45261

GitButler desktop app (Tauri-based) is affected prior to version 0.19.7. The issue is a link-injection/remote script execution vector where an attacker can inject a malicious link into a pull request body; if a user clicks it, arbitrary script execution occurs in the Tauri webview. The vulnerabil...

CVE-2026-9092

Casdoor, versions 2.362.0 and earlier, contains a vulnerability in the binding logic: the getExistUserByBindingRule function matches users by email without validating the email_verified claim from upstream providers, and the idp.UserInfo struct does not include an EmailVerified field. This can al...

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social-login binding flow that bypasses MFA. The binding-rule path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable, so users authenticating through this path are logged in without MFA enforcement...

CVE-2026-9090

Casdoor versions 2.362.0 and earlier are affected by an authentication bypass when the buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted IdP certificate. This allows forging SAML assertions with an attacker‑control...

CVE-2026-44466

Zed code editor contains a local, high-severity flaw (CVE-2026-44466) in the terminal tool permission system that can bypass the allowlist via bash arithmetic expansion $((...)), enabling arbitrary commands nested inside an allowlisted command (e.g., echo). This affects Zed prior to version 0.229...

CVE-2026-44463

Vulnerability summary: Zed code editor before 0.229.0 has a bypass in its terminal tool permission system. Attackers can prepend environment variable assignments to allowlisted commands (e.g., PAGER), hijacking program behavior to execute arbitrary code. Impact: potential remote code execution on...

CVE-2026-44462

CVE-2026-44462 affects Zed, a code editor. Prior to version 0.229.0, the terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), enabling arbitrary command execution under an allowlisted prefix. The vulnerability is fixed in 0.229.0. In public feeds, analy...

CVE-2026-44465

Zed IDE (prior to 0.227.1) is affected. Opening a folder that contains a malicious .git/config file abuses the core.fsmonitor Git configuration option, allowing an attacker to execute arbitrary commands and achieve Remote Code Execution when a user opens the folder in untrusted mode. The issue is...

CVE-2026-44461

The CVE affects the Zed code editor prior to version 0.227.1. When Zed builds SSH/WSL remote commands, it places environment variable keys into the shell command string without proper quoting or validation. If an attacker can control an environment variable key (e.g., via project terminal setting...

CVE-2026-45078

CVE-2026-45078 — Synapse CPU starvation (Denial of Service) Affected: Synapse (open source Matrix homeserver) before version 1.152.1. Issue: Local authenticated users can cause CPU starvation among concurrent requests, leading to other requests failing and denial of service for other users. Impac...

CVE-2026-45076

Synapse (open source Matrix homeserver) is affected by CVE-2026-45076. In federated rooms, malicious homeservers can craft room events to prevent full history from being provided to paginating clients, causing clients to fail to display room history. The issue is fixed in Synapse 1.152.1 or later...

CVE-2026-6720

Calico component calicoctl is affected. When run with --log-level=info or --log-level=debug, it prints the full contents of its loaded connection-configuration struct to stderr in a single log line, exposing credentials (inline kubeconfig with bearer token, Kubernetes API bearer token, etcd passw...

CVE-2026-41184

In Calico, the install-cni init container logs the rendered CNI configuration and, when the template uses the SERVICEACCOUNT_TOKEN placeholder (Canal/Flannel-Calico deployments), substitutes the live Kubernetes ServiceAccount bearer token for logging. This exposes the token to any authenticated u...

CVE-2026-41185

The CVE affects Calico when configured with the Azure IPAM plugin. The Calico CNI mutates the incoming CNI configuration to attach subnet info and then logs the entire unmarshaled config (stdinData) at INFO level to /var/log/calico/cni/cni.log on every CNI ADD/DEL. In token-based Kubernetes clust...

CVE-2026-44477

CVE-2026-44477 affects CloudNativePG prior to 1.29.1 and 1.28.3. The metrics exporter opens a PostgreSQL connection as the superuser and demotes to pg_monitor with SET ROLE, but the session_user remains postgres. Any SQL in the scrape session can call RESET ROLE to recover superuser privileges, t...

CVE-2026-8697

CVE-2026-8697 affects TP-Link Archer C64 v1, where the debug SSH service imposes no authentication rate-limiting. This allows an attacker with adjacent network access to brute-force administrative credentials via SSH and gain full admin control, with impact to confidentiality, integrity, and avai...

CVE-2026-24444

CVE-2026-24444 concerns SDMC NE6037 cable modem routers with firmware 7.1.6.0.25 and 7.1.6.1.9_B9. A hardcoded password in the web management interface recovery endpoints (mgmt.php, npcmd.php) allows unauthenticated users to submit the credential via HTTP and gain root access. This enables enabli...

CVE-2026-47673

CVE-2026-47673 concerns the Hono web framework. Before version 4.12.21, the jwt and jwk middlewares did not validate that the Authorization header used the Bearer scheme. Any two-part header value—regardless of the scheme name in the first position—proceeds to JWT verification. As a result, a req...

CVE-2026-47674

Summary of CVE-2026-47674 : In Hono, the ip-restriction middleware (hono/ip-restriction) evaluates deny/allow rules by string equality after partial normalization. Before version 4.12.21, non-canonical IPv6 representations (e.g., compressed forms, explicit-zero forms, or hex-notation IPv4-mapped ...

CVE-2026-47675

Summary: Hono prior to 4.12.21 has a vulnerability in the serialize() function of hono/cookie where domain and path options are validated to prevent Set-Cookie header corruption, but sameSite and priority are not validated. This can allow user-controlled input to inject attacker-chosen attributes...

CVE-2026-47676

Summary: In Hono, prior to 4.12.21, app.mount() strips the mount prefix from the raw URL pathname while route matching uses the percent-decoded path. This mismatch can cause the prefix to be stripped at the wrong position for percent-encoded multi-byte characters, causing the mounted sub-applicat...

CVE-2026-47762

CVE-2026-47762 affects TinyMCE, a widely used open source rich text editor. The flaw is a stored XSS via forged mce:protected comments present before version 5.11.1, 7.9.3, and 8.5.1. An attacker could bypass sanitization and insert scripts that execute when content is restored, impacting users w...

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

CVE-2026-47759

TinyMCE contains a stored XSS vulnerability in data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style) that can bypass validation during serialization. Affected versions are prior to 5.11.1, 7.9.3, and 8.5.1. The underlying issue is unsanitized data-mce-* attributes allowing attackers...

CVE-2026-47760

CVE-2026-47760 affects TinyMCE before 7.1.0, where an XSS flaw arises from improper SVG namespace scope handling in the sanitizer. The issue allows a crafted payload using nested SVG elements to bypass attribute sanitization and execute arbitrary JavaScript. Affected versions are 6.8.0 up to, but...

CVE-2026-48525

PyJWT (Python) versions 2.8.0–2.12.1 expose an unauthenticated DoS when verifying detached JWS with the unencoded-payload option (b64: false, RFC 7797). PyJWT decodes the middle payload segment for detached-payload verification, then discards it and replaces it with the caller-provided detached_p...