CVE-2026-49220 Jellyfin: Potential XSS in user management

Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user to execute arbitrary Javascript in the context of a logged-in Administrative user, resulting in numerous potential issues. The Client header durin...

CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

CVE-2026-49246 Jellyfin: Potential MKV attachment filename path traversal to RCE

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted and passes it...

CVE-2026-49247 Jellyfin: Potential Authenticated path traversal in /ClientLog/Document

Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields and uses them unsanitized as components of the on-disk filename when persisting client-uploaded log documents. As a...

CVE-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

CVE-2026-12760 Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200

A denial-of-service DoS vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the...

CVE-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

CVE-2026-53945 Ghost: Server-side request forgery via DNS rebinding in external request handling

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...

CVE-2026-53946 Ghost: Mobiledoc image-size fetch SSRF

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...

CVE-2026-53947 Ghost: Member existence leak via magic link sign-in response

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is...

CVE-2026-53948 Ghost: File Upload Content-Type Spoofing

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...

CVE-2026-53949 Ghost Content API filter bypass reveals private fields

Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private fields via a brute force attack. If SQLite was used as the database password hashes were fully...

CVE-2026-53950 @tryghost/activitypub: XSS in Ghost's ActivityPub client

@tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously customised ActivityPub server. This vulnerability is fixed in 3.1.0...

CVE-2026-49980 Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

CVE-2026-44022 Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicio...

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

CVE-2026-48704 Warp Markdown notebook links may open executable local files

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable00 until 0.2026.05.06.15.42.stable01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...

CVE-2026-48719 Warp branch selector command injection via Git branch names

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

CVE-2026-48720 Warp: SSH remote output can lead to local file overwrite and persistence

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

CVE-2026-45052

CVE-2026-45052 is connected to a GitHub advisory for OpenAM Liberty Web Services SOAP receiver (CWE-285). It enables an unauthenticated attacker to write persistent entries into the Liberty Discovery store, bypassing LDAP/identity ACLs, via the Discovery endpoint, impacting OpenAM Community Editi...

CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

CVE-2026-48731 Warp: Linux external editor command injection

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

CVE-2026-48732 Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

CVE-2026-54686 Warp: DCS lifecycle hook spoofing can alter terminal session metadata

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

CVE-2026-54699 Warp: OS command injection when opening terminal links from WSL

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable01 until 0.2026.05.06.15.42.stable01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...

CVE-2026-48703 Warp: Command Injection via Warp code search tool arguments

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

CVE-2026-45051

OpenAM OpenAM Community Edition up to 16.0.6 is affected by a pre-auth RCE via Java deserialization in the WebAuthn authenticator storage (CWE-502). An attacker can achieve arbitrary code execution if attacker-controlled data can be written to a storage attribute read by the WebAuthn module and t...

CVE-2026-48725 Warp may allow terminal output to access the local clipboard through OSC 52

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

CVE-2026-55611 AnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership scoping (cross-tenant IDOR deletion)

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...

CVE-2026-48789 AnythingLLM: Windows path containment bypass in document folder route

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared...

CVE-2026-49851 Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

CVE-2026-53130

CVE-2026-53130 affects the Linux kernel’s OMFS (fs/omfs). If s_sys_blocksize is smaller than OMFS_DIR_START, omfs_fill_super() previously rejected oversized values but did not guard against underflow. omfs_make_empty() uses s_sys_blocksize - OMFS_DIR_START as the memset length; with s_sys_blocksi...

CVE-2026-53129

The CVE-2026-53129 fix in the Linux kernel addresses a use-after-free in the mb_cache shrink path. Specifically, mb_cache_destroy() previously freed cache memory after scheduling c_shrink_work, but did not cancel the pending work item, risking mb_cache_shrink_worker() accessing freed memory if th...

CVE-2026-53128

The CVE-2026-53128 entry concerns the Linux kernel DRBD component. It fixes a concurrency issue in drbd_adm_dump_devices() where RCU usage was unbalanced: rcu_read_lock() must be acquired before rcu_read_unlock() is reached. The fix ensures a proper read-side critical section around the affected ...

CVE-2026-53127

The CVE describes a memory-leak in the Linux kernel’s block layer: if blk_revalidate_disk_zones() fails after disk_revalidate_zone_resources() has allocated args.zones_cond, the memory is not freed on the error path. This indicates a defect in the error handling path within the block subsystem, s...

CVE-2026-53126

CVE-2026-53126 corresponds to a Linux kernel fix for a disk reference leak in blkcg_maybe_throttle_current. The issue occurred when blkcg lookup, blkg lookup, or blkg_tryget() failed and control flowed to the error path; the code released only rcu_read_unlock() and failed to release the disk refe...

CVE-2026-53125

The CVE-2026-53125 entry documents a Linux kernel MD subsystem issue where writing clear to array_state triggers a deadlock in sysfs due to md_attr_store() dropping the mddev reference before sysfs_unbreak_active_protection. This permits the temporary kobject reference to become the last one prot...

CVE-2026-53124

The CVE-2026-53124 entry involves the Linux kernel’s ublk subsystem. A race condition: per-IO canceled flags were reset only after all IOs in a queue were fetched; if the ublk server dies mid-subset, some IOs remain marked canceled and io_uring_cmd_done is not invoked by ublk_cancel_cmd, leaving ...

CVE-2026-53123

The CVE relates to the Linux kernel md subsystem during raid456 reshape. If a direct IO operation crosses the reshape boundary, raid5_make_request() can sleep while an active_io reference is held. If userspace freezes reshape and triggers mddev_suspend(), the code kills active_io and waits for in...

CVE-2026-53122

CVE-2026-53122: In the Linux kernel, the btrfs filesystem can deadlock when flushoncommit is used. A transaction commit and a reflink copying an inline extent to an offset beyond the destination i_size create a cycle: a clone to an EOF offset leads to delalloc flush, which flushes and invalidates...

CVE-2026-53121

In the Linux kernel component amd-pstate, CVE-2026-53121 fixes a memory leak in the function amd_pstate_epp_cpu_init. On failure to set the epp, the function previously returned an error code without freeing the cpudata object allocated at the start. The patch ensures that the cpudata object is f...

CVE-2026-53120

The CVE-2026-53120 entry concerns the Linux kernel PCI subsystem. A vulnerability arises when a driver is probed via __driver_attach(): the bus match() callback can access the driver_override field without the device lock, creating a use-after-free risk. The fix uses the driver-core driver_overri...

CVE-2026-53118

In the Linux kernel CVE-2026-53118, the issue is in the vdpa path where, during __driver_attach(), the bus' match() is invoked without holding the device lock, exposing the driver_override field to a use-after-free. The root cause is missing synchronization when accessing driver_override during p...

CVE-2026-53119

Summary: CVE-2026-53119 affects the Linux kernel in platform/wmi code. The issue occurs when a driver is probed via __driver_attach(): the bus’ match() callback is invoked without the device lock held, allowing access to the driver_override field without proper synchronization, which can cause a ...

CVE-2026-53117

The CVE-2026-53117 issue affects the Linux kernel (s390/cio). During driver probing in __driver_attach(), the bus match() callback can access the driver_override field without the required device lock, creating a potential use-after-free. The fix switches to the driver-core driver_override infras...

CVE-2026-53115

In the Linux kernel, CVE-2026-53115 affects the bus: fsl-mc driver where, during driver probing via __driver_attach(), the bus match() callback could access the driver_override field without holding the device lock, creating a use-after-free risk. The fix uses the driver-core driver_override infr...

CVE-2026-53116

CVE-2026-53116 affects the Linux kernel s390/ap subsystem. The vulnerability arises when AP masks are updated via apmask_store() or aqmask_store(): ap_bus_revise_bindings() runs after ap_attr_mutex is released and __ap_revise_reserved() accesses driver_override without a lock, racing with driver_...

CVE-2026-53113

The CVE-2026-53113 entry concerns the Linux kernel wifi driver ath11k, where beacon template setup functions ath11k_mac_setup_bcn_tmpl_ema() and ath11k_mac_setup_bcn_tmpl_mbssid() allocate memory for beacon templates but fail to release it on error. The issue is addressed by implementing unified ...