Wed, Feb 25 · 05:25 PM CSTCVE-2026-27727
9.8/10 · Must read/watchNVDvuln
Summary
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a
CVECVE-2026-27727
SeverityCRITICAL
TypeUPDATED
PublishedWed, Feb 25 · 05:25 PM CST
ModifiedThu, Jul 02 · 12:17 PM CDT
Fri, Mar 06 · 07:16 PM CSTCVE-2026-29063
9.8/10 · Must read/watchNVDvuln
Summary
Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.
CVECVE-2026-29063
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 06 · 07:16 PM CST
ModifiedThu, Jul 02 · 12:17 PM CDT
Fri, Mar 20 · 11:16 PM CDTCVE-2026-33228
9.8/10 · Must read/watchNVDvuln
Summary
flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "__proto__" ret
CVECVE-2026-33228
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 20 · 11:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Fri, Mar 27 · 09:17 PM CDTCVE-2026-33937
9.8/10 · Must read/watchNVDvuln
Summary
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST node is emitted directly into the generated JavaScript without quoting or sa
CVECVE-2026-33937
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 27 · 09:17 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Wed, Jun 03 · 01:16 PM CDTCVE-2026-35075
9.8/10 · Must read/watchNVDvuln
Summary
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
CVECVE-2026-35075
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 03 · 01:16 PM CDT
ModifiedFri, Jul 03 · 09:16 AM CDT
Fri, May 01 · 03:16 PM CDTCVE-2026-43037
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written by the IPv6 receive path as struct inet6_skb_parm. icmp_send() passes IPCB(skb2) to __ip_optio
CVECVE-2026-43037
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 01 · 03:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Wed, May 06 · 12:16 PM CDTCVE-2026-43125
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm_search_rsb_tree(). Add length validation
CVECVE-2026-43125
SeverityCRITICAL
TypeUPDATED
PublishedWed, May 06 · 12:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Wed, May 06 · 12:16 PM CDTCVE-2026-43198
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done too late. After tcp_v4_syn_recv_sock(), the child socket is already visible from TCP ehash table and other cpus might use
CVECVE-2026-43198
SeverityCRITICAL
TypeUPDATED
PublishedWed, May 06 · 12:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Thu, May 21 · 01:16 PM CDTCVE-2026-43501
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6_hdr->daddr, recompresses, then pulls the old header and pushes the new one plus the IPv6
CVECVE-2026-43501
SeverityCRITICAL
TypeUPDATED
PublishedThu, May 21 · 01:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Sun, May 10 · 05:16 AM CDTCVE-2026-6722
9.8/10 · Must read/watchNVDvuln
Summary
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys, processing the second en
CVECVE-2026-6722
SeverityCRITICAL
TypeUPDATED
PublishedSun, May 10 · 05:16 AM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Fri, May 22 · 04:16 PM CDTCVE-2026-39821
9.6/10 · Must read/watchNVDvuln
Summary
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a
CVECVE-2026-39821
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Fri, Mar 20 · 11:16 PM CDTCVE-2026-33186
9.1/10 · Must read/watchNVDvuln
Summary
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g.,
CVECVE-2026-33186
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 20 · 11:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-39830
9.1/10 · Must read/watchNVDvuln
Summary
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
CVECVE-2026-39830
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-39832
9.1/10 · Must read/watchNVDvuln
Summary
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. A
CVECVE-2026-39832
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Thu, May 28 · 09:16 AM CDTCVE-2026-4408
9.0/10 · Must read/watchNVDvuln
Summary
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-c
CVECVE-2026-4408
SeverityCRITICAL
TypeUPDATED
PublishedThu, May 28 · 09:16 AM CDT
ModifiedThu, Jul 02 · 08:17 PM CDT
Wed, Jul 13 · 09:15 PM CDTCVE-2022-32114
8.8/10 · Worth your timeNVDvuln
Summary
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScr
CVECVE-2022-32114
SeverityHIGH
TypeUPDATED
PublishedWed, Jul 13 · 09:15 PM CDT
ModifiedThu, Jul 02 · 04:00 PM CDT
Tue, Jun 02 · 09:16 AM CDTCVE-2026-1784
8.8/10 · Worth your timeNVDvuln
Summary
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.
CVECVE-2026-1784
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 02 · 09:16 AM CDT
ModifiedThu, Jul 02 · 12:16 PM CDT
Sat, May 23 · 12:17 PM CDTCVE-2026-43503
8.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when moving frags from source to destination. __
CVECVE-2026-43503
SeverityHIGH
TypeUPDATED
PublishedSat, May 23 · 12:17 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Wed, May 13 · 04:16 PM CDTCVE-2026-44293
8.8/10 · Worth your timeNVDvuln
Summary
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field
CVECVE-2026-44293
SeverityHIGH
TypeUPDATED
PublishedWed, May 13 · 04:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Tue, May 26 · 08:16 PM CDTCVE-2026-44832
8.8/10 · Worth your timeNVDvuln
Summary
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, al
CVECVE-2026-44832
SeverityHIGH
TypeUPDATED
PublishedTue, May 26 · 08:16 PM CDT
ModifiedThu, Jul 02 · 03:17 PM CDT
Fri, May 22 · 11:16 PM CDTCVE-2026-45659
8.8/10 · Worth your timeNVDvuln
Summary
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVECVE-2026-45659
SeverityHIGH
TypeUPDATED
PublishedFri, May 22 · 11:16 PM CDT
ModifiedThu, Jul 02 · 12:16 PM CDT
Thu, May 21 · 09:16 PM CDTCVE-2026-47102
8.8/10 · Worth your timeNVDvuln
Summary
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full admini
CVECVE-2026-47102
SeverityHIGH
TypeUPDATED
PublishedThu, May 21 · 09:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Thu, May 14 · 02:16 PM CDTCVE-2026-6473
8.8/10 · Worth your timeNVDvuln
Summary
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant d
CVECVE-2026-6473
SeverityHIGH
TypeUPDATED
PublishedThu, May 14 · 02:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Thu, May 14 · 02:16 PM CDTCVE-2026-6477
8.8/10 · Worth your timeNVDvuln
Summary
Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length
CVECVE-2026-6477
SeverityHIGH
TypeUPDATED
PublishedThu, May 14 · 02:16 PM CDT
ModifiedThu, Jul 02 · 12:17 PM CDT
Tue, May 19 · 08:16 PM CDTCVE-2026-27173
8.7/10 · Worth your timeNVDvuln
Summary
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for t
CVECVE-2026-27173
SeverityHIGH
TypeUPDATED
PublishedTue, May 19 · 08:16 PM CDT
ModifiedThu, Jul 02 · 04:37 PM CDT