CVE-2026-44183

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

CVE-2026-44184

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials. When DisableAuthForLocalAddresses ...

CVE-2026-44166

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

CVE-2026-44167

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

CVE-2026-44196

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...

CVE-2026-44204

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

CVE-2026-43891

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

CVE-2026-43892

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...

CVE-2026-43929

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...

CVE-2026-42893

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...

CVE-2026-42891

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-42838

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-42899

Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network...

CVE-2026-42898

Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...

CVE-2026-42896

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

CVE-2026-42823

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

CVE-2026-42831

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2026-42825

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally...

CVE-2026-42833

Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...

CVE-2026-42830

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

CVE-2026-42832

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally...

CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

CVE-2026-42541

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

CVE-2026-42348

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...

CVE-2026-42303

Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was...

CVE-2026-42175

requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary...

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

CVE-2026-41613

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-41614

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...

CVE-2026-42045

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...

CVE-2026-42141

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

CVE-2026-41895

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpathfilter switches to XML mode for XML/RSS content and creates etree.XMLParserstripcdata=False without explicitly disabling external entity resolution, external DTD loading, or network-backed entity...

CVE-2026-42048

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

CVE-2026-41610

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-41107

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

CVE-2026-41611

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

CVE-2026-41103

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-41097

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-41096

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network...

CVE-2026-41101

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...

CVE-2026-41095

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally...

CVE-2026-41102

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally...

CVE-2026-41100

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...

CVE-2026-40419

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

CVE-2026-40421

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

CVE-2026-41088

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-41089

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network...