CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

CVE-2026-8661

CVE-2026-8661 affects the Rapid7 InsightConnect Markdown Plugin (Linux) up to version 3.1.4. The vulnerability is in the markdown_to_pdf action and combines Server-Side Scripting (XSS) with Server-Side Request Forgery (SSRF). It allows remote attackers to execute JavaScript server-side and to tri...

CVE-2026-13226

CVE-2026-13226 affects the Groundhogg WordPress plugin (CRM/Newsletters/Marketing Automation) up to version 4.5.4. It exposes a generic SQL Injection via the vulnerable 'after' parameter caused by insufficient escaping and lack of proper preparation in the existing SQL query. The issue allows aut...

CVE-2026-48930

CVE-2026-48930 describes a vulnerability in Node.js TLS hostname handling where Embedded-nul hostnames can trigger silent authority rebinding due to c-string truncation in resolver bindings. Affected releases are Node.js 22, 24, and 26. The CVE is listed among fixes in the SUSE update for nodejs2...

CVE-2026-48935

A vulnerability (CVE-2026-48935) in Node.js Permission API can bypass read‑only restrictions via FileHandle.utimes() in the promises API, allowing metadata modification on a read‑only path. Affected releases include Node.js 22, 24, and 26. The issue is addressed in the openSUSE/SUSE patch for nod...

CVE-2026-48619

CVE-2026-48619 describes unbounded memory growth in Node.js HTTP/2 clients caused by attacker-controlled ORIGIN frames, leading to Out-of-Memory on the client. Affected releases: Node.js 22, 24, and 26. The vulnerability is referenced in the openSUSE/SUSE patch SUSE-SU-2026-2633-1, which updates ...

CVE-2026-48615

CVE-2026-48615 : A flaw in Node.js proxy tunnel error handling can expose embedded proxy credentials in ERR_PROXY_TUNNEL messages. The issue affects all supported release lines (Node.js 22, 24, and 26) and can lead to credentials being captured via error paths, logs, or diagnostics. The SUSE secu...

CVE-2026-48934

CVE-2026-48934 affects Node.js releases 22, 24, and 26. The described flaw enables TLS host identity verification bypass when a session is reused with a different servername, leading to possible unauthorized connections . Advisories (SUSE/OpenSUSE) indicate a patch in the nodejs26-26.3.1-1.1 pack...

CVE-2026-48933

CVE-2026-48933 describes a vulnerability in Node.js WebCrypto where AES processing in subtle.encrypt() can crash the process when the input size is a multiple of 2 GiB. The connected SUSE advisory confirms this CVE is addressed in the nodejs24 update to 24.17.0 as part of a rollup that fixes mult...

CVE-2026-48928

CVE-2026-48928 affects Node.js releases 22/24/26. The issue is uppercase SNI context matching causing MTLS authorization bypass due to case-sensitive hostname matching in multi-context mTLS. SUSE indicates this CVE is fixed in nodejs24 update to 24.17.0; remediation is to upgrade to that version ...

CVE-2026-48936

CVE-2026-48936: A flaw in the Node.js Permission API can cause a local server to start via a Unix domain socket without the --allow-net permission, affecting the Node.js 26 release line. Connected sources indicate this has been fixed in the nodejs26-26.3.1-1.1 package (openSUSE Tumbleweed) and re...

CVE-2026-48618

CVE-2026-48618 is a Node.js TLS hostname handling issue involving unicode dot separator handling that can bypass wildcard-depth authentication due to resolver/verifier hostname normalization mismatches. Connected updates confirm the vulnerability affects Node.js 22, 24, and 26 across releases. SU...

CVE-2026-50739

Revive Adserver 6.0.7 and earlier expose a bypass of ownership validation in the reverse operation that links campaigns and trackers via tracker-campaigns.php. A low-privilege user could link their trackers to campaigns owned by other managers on the same instance, causing inconsistent ownership ...

CVE-2026-50745

CVE-2026-50745 concerns Revive Adserver’s stats-video.php where user input is reflected due to missing sanitisation and unencoded URL parameters, arising from improper handling of the Smarty url helper. The HackerOne report confirms a reflected XSS vector in this script. No exploitation status or...

CVE-2026-50744

Revive Adserver 6.0.7 is affected by a bypass of the admin‑only restriction in the XML‑RPC API. The ox.login method returned a session ID cookie in HTTP headers and, although it reported an error, the session was not invalidated, allowing a leaked session ID to be reused for subsequent API calls ...

CVE-2026-50740

Affected software/issue: Revive Adserver

CVE-2026-50741

CVE-2026-50741 concerns Revive Adserver and describes bypassing the fix for CVE-2026-34916. The connected documents indicate that the bypass can be achieved by: (1) sending a disallowed but otherwise valid plugin identifier as the plugin type, and (2) calling the XML-RPC API method ox.setChannelT...

CVE-2026-50742

CVE-2026-50742 describes a stored XSS in Revive Adserver 6.0.7, occurring in the maintenance tools, specifically in the files maintenance-acl-check.php and maintenance-banners-check.php . The root cause is that entity names are displayed without proper escaping when inconsistencies are detected, ...

CVE-2026-13322

CVE-2026-13322 affects KubeVirt, specifically the virt-handler on RHEL9, where the downward metrics virtio-serial server uses textproto.Reader.ReadLine() to read guest requests. The read is unbounded: there is no maximum length or read deadline, so a user with access to a VM guest can send an ong...

CVE-2026-9222

The CVE-2026-9222 entry concerns the Setracker2 Android Companion App (package com.tgelec.setracker) version 3.1.5 and earlier. The underlying issue is authentication that accepts a password hash in lieu of a password when contacting backend services, enabling an attacker who knows the hash to au...

CVE-2026-9221

CVE-2026-9221 affects Setracker2 Android Companion App (com.tgelec.setracker)

CVE-2026-13083

CVE-2026-13083 concerns the Pen Drive report generator, where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization, enabling stored XSS. An attacker with cluster administrator privileges can inject XSS payloads into cluster objects (e.g., ClusterVersion spec....

CVE-2026-13318

KubeVirt exposes an SSRF in virt-api port-forward: when handling a port-forward to a VirtualMachineInstance, virt-api reads vmi.Status.Interfaces[0].IP and dials it without validation. For VMIs using non-masquerade networks (bridge or secondary-only), this IP is supplied by the in-guest QEMU agen...

CVE-2026-13324

The RH CVE entry identifies a vulnerability in GNOME Geary’s mailto URI handling. The flaw allows automatic attachment of a local file when a user clicks a crafted mailto link containing an attach parameter (e.g., mailto:[email protected]?attach=/path/to/sensitive_file), without any user prompt or...

CVE-2026-13218

CVE-2026-13218 : In KubeVirt, the virt-handler network cache handling allows a symlink attack via WriteToCachedFile, which writes to a launcher-rooted path with os.WriteFile and os.Chown. A user inside the virt-launcher container can place a symlink at the cache path, causing virt-handler to foll...

CVE-2026-12993

Affected software: Apicurio Registry. Vulnerability: DocumentBuilderAccessor does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING, allowing an attacker with artifact-write permission to upload XML documents containing internal entity-expansion payloads (billion-laughs) that c...

CVE-2026-9220

The CVE-2026-9220 entry describes a vulnerability in Setracker2 Android Companion App (package com.tgelec.setracker) affecting versions 3.1.5 and earlier. The underlying issue is that requests between the wearable and backend are encrypted with static, hardcoded AES keys and initialization vector...

CVE-2026-9219

CVE-2026-9219 affects the Setracker2 Android Companion App (package com.tgelec.setracker) up to version 3.1.5. The root cause is a predictable registration ID derived from IMEI and an enrollment system that lacks additional authentication before assignment. If an attacker can obtain the registrat...

CVE-2026-43920

CVE-2026-43920 affects FOSSBilling versions 0.5.4–0.7.2 where the unauthenticated /run-patcher endpoint allowed privileged maintenance operations (config migrations, DB schema changes including ALTER/DROP/UPDATE, filesystem deletions/renames, and cache clearing) to be executed without admin auth,...

CVE-2026-40941

CVE-2026-40941 affects Cacti up to version 1.2.30 and is caused by a package import signature validation bypass that allows the use of self-signed packages. The issue has been fixed in version 1.2.31. Affected software is Cacti (open source performance and fault management framework). Remediation...

CVE-2026-40084

Summary: CVE-2026-40084 affects CACTI

CVE-2026-40083

Cacti 1.2.30 and earlier are impacted by an SQL Injection in managers.php. The vulnerability arises from unsanitized data flow: user-supplied selected_graphs_array is deserialized via cacti_unserialize (unserialize with allowed_classes = false), then deserialized values are directly concatenated ...

CVE-2026-40082

Cacti versions 1.2.30 and earlier are affected by a Session Fixation flaw due to missing session_regenerate_id() after login. The login flow directly assigns the user session ID without rotating the session, enabling potential session fixation despite otherwise proper cookie attributes (HttpOnly,...

CVE-2026-40080

The CVE CVE-2026-40080 affects Cacti (open source performance and fault management framework) up to version 1.2.30. The vulnerability is an Open Redirect: login flow uses $_SERVER['HTTP_REFERER'] when login_opts == '1' and checks the referer with a substring (str_contains($referer, CACTI_PATH_URL...

CVE-2026-55166

The connected GitHub advisory describes Lemur (Netflix) TLS certificate management with a 3-way chain vulnerability in Lemur 1.9.0 and earlier. A low-privilege SSO user is auto-provisioned as active (Sink 1), an attacker-provided acme_url is fetched server-side (Sink 2) via SSRF to IMDS, exposing...

CVE-2026-55165

CVE-2026-55165 : Connected advisory documents reveal a concrete vulnerability in Netflix Lemur (auth/service.py:130–137) where the JWT header’s alg value is read from the token and passed directly to pyjwt.decode with a token-supplied algorithm. On PyJWT 2.x this permits only a partial mitigation...

CVE-2026-55164

The connected GHSA advisory documents a concrete vulnerability in Lemur: admin-driven password updates via PUT /api/1/users/ store plaintext passwords in the users.password column because before_update hashing is not wired. Root cause: User.password is a plain string column with a hash_password m...

CVE-2026-55163

CVE-2026-55163 is reserved; however, a connected advisory (GHSA-X3VF-MGXJ-7785) describes a privilege escalation in Lemur where non-admin members can rewrite role membership via PUT /api/1/roles/. The root cause is that RoleMemberPermission(role_id) returns True for admins or current role members...

CVE-2026-55162

The connected advisory GHSA-54VG-PFH7-JQ95 details a Lemur vulnerability where a certificate’s CRL Distribution Points and OCSP URL are extracted during certificate verification and used to issue outbound requests without allow-listing. The root cause is in lemur/certificates/verify.py (crl_verif...

CVE-2026-13283

The CVE-2026-13283 vulnerability affects Google Chrome on Android (Android builds) in the AdFilter component. It is caused by a use-after-free condition, allowing a remote attacker to trigger arbitrary code execution when a user is convinced to perform specific UI gestures on a crafted HTML page....

CVE-2026-13281

CVE-2026-13281 : An integer overflow in Mojo for Google Chrome prior to 149.0.7827.201 could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a malicious file. This CVE is reported with a High severity in Chromium. Affected component: Mo...

CVE-2026-13282

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

CVE-2026-22879

The CVE concerns the vtk-dicom component, specifically the vtkDICOMItem::NewDataElement function. It is described as a heap-based buffer overflow vulnerability in vtk-dicom. The CVSSv3.1 vector indicates a high-severity issue (C:H, I:H, A:H) with network attack vector, high attack complexity, no ...

CVE-2026-48722

The CVE entry CVE-2026-48722 has associated details in a GitHub advisory (GHSA-92QF-FCPH-V5WR) describing a permissions issue in Nextflow: the command nextflow auth login stores the Seqera Platform OIDC token in seqera-auth.config with default file mode that yields world-readable permissions (064...

CVE-2025-71340

CVE-2025-71340 affects the picklescan tool up to version 0.0.26, where malicious pickle files can invoke idlelib.pyshell.ModifiedInterpreter.runcode via reduce , allowing code execution when loaded with pickle.load(). This enables supply‑chain attacks on PyTorch models and saved Python objects. T...

CVE-2025-71338

Flowise is affected by a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem by crafting unsanitized fileName parameters with ../ sequences. This can overwrite critical files (e.g., pac...

CVE-2025-71335

Flowise prior to version 3.0.10 is affected. Versions 3.0.7 and earlier do not invalidate existing sessions or session tokens after a user changes their password, allowing an attacker with an active session (e.g., via a stolen token or an already-logged-in device) to remain authenticated post-pas...

CVE-2025-71336

Flowise vulnerability: Unsandboxed remote code execution in Custom MCP. Affected: Flowise before 3.0.6 (2.2.7-patch.1 and earlier). Attack requires crafting a JSON payload and header x-request-from: internal to /api/v1/node-load-method/customMCP, taking advantage of minimal auth to execute OS com...

CVE-2025-71334

Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that chatflowId and chatId are UUIDs or numbers in file handling. An attacker can use path traversal (e.g., ../../../../../tmp) via /api/v1/chatflows (addBase64File...

CVE-2025-71328

CVE-2025-71328 affects Flowise before 3.0.10. An authenticated user can change their account password via the Account Settings > Security page without providing the current password or any additional verification, because the application does not enforce a current-password check on credential ...