CVE-2026-57589

sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget...

CVE-2026-9153

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...

CVE-2026-9154

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...

CVE-2026-9155

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...

CVE-2026-8659

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...

CVE-2026-8663

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction...

CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

CVE-2026-7569

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2026-9787

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-9786

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-9785

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-9784

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

CVE-2026-9783

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-9781

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-9780

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2026-7570

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-39948

Cacti

CVE-2026-39955

CVE-2026-39955 affects Cacti up to version 1.2.30, with a pre-authentication SQL injection caused by an unanchored FILTER_VALIDATE_REGEXP in graph_view.php. The issue is fixed in version 1.2.31. Impact centers on unauthorized access to potentially sensitive data before authentication; exploitatio...

CVE-2026-39938

CVE-2026-39938 affects the open-source framework Cacti. Versions 1.2.30 and earlier are affected by an unauthenticated local file inclusion due to weaknesses in graph_theme and rrdtool IPC serialization hardening. The issue is rated CVSSv3.1 9.8 (CRITICAL) with NETWORK attack vector, no privilege...

CVE-2026-39900

Cacti versions 1.2.30 and earlier are vulnerable to a Reflected XSS via the tab parameter in the auth_profile.php JavaScript context. The issue is fixed in version 1.2.31. CVSS 4.0 base score 5.3 (Medium) with network vector, low attack complexity, no privileges required, and user interaction req...

CVE-2026-39899

Cacti (versions ≤ 1.2.30) is vulnerable to a path traversal flaw via the filename parameter in package_import.php. The issue has been fixed in 1.2.31 . Exploitation details, impact metrics, and confirmed exploit code are not provided beyond this description in the linked sources. If affected, upg...

CVE-2026-39897

Cacti (open source framework) versions 1.2.30 and earlier are affected by a Reflected XSS in the html_auth_footer. The issue is fixed in version 1.2.31. CVSS metrics in the record indicate = base score 5.3 (Medium) with network attack vector, low attack complexity, no privileges or user interacti...

CVE-2026-39894

CVE-2026-39894 affects Cacti (≤ 1.2.30). Locale-dependent decimal formatting in rrdtool_function_update() uses PHP string interpolation for metric values after is_numeric(), so a value like 1.5 may be rendered as 1,5 under LC_NUMERIC with a comma decimal. RRDtool expects a dot, causing metric dat...

CVE-2026-39893

Cacti is affected by a pre-auth SQL injection in versions up to 1.2.30 via the rfilter input concatenated into a RLIKE clause in graph_view.php. The vulnerability could be reached without authentication if graph viewing is enabled for a guest user, making it exploitable pre-auth. The issue has be...

CVE-2026-2050

GEGL’s HDR/ RGBE parser vulnerability CVE-2026-2050 is a heap-based buffer overflow in the rgbe_read_new_rle path of gegl. Affects GEGL’s HDR parsing component; remote code execution is plausible if malformed HDR files are processed. Public details in connected documents identify affected package...

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

CVE-2026-55454

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by...

CVE-2026-9779

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The...

CVE-2026-9778

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-9777

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB...

CVE-2026-9776

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The specific fl...

CVE-2026-9775

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

CVE-2026-9774

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-55455

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils used by the REST API and GraphQL datasource plugins validates hosts against an exact-match string denylist. The comprehensive address-class check...

CVE-2026-10043

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2026-9773

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...

CVE-2026-9772

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

CVE-2026-50189

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

CVE-2026-10642

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

CVE-2026-53765

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions...

CVE-2026-53766

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

CVE-2026-52794

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume...

CVE-2026-55570

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

CVE-2026-54759

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary...

CVE-2026-47110

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

CVE-2026-54158

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

CVE-2026-54070

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitizetrue. The lute sanitizer is an event-handler blocklist: allowAttr rejects only...