Fri, Jul 03 · 09:16 PM CDTCVE-2026-20896
9.8/10 · Must read/watchNVDvuln
Summary
Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
CVECVE-2026-20896
SeverityCRITICAL
TypeNEW
PublishedFri, Jul 03 · 09:16 PM CDT
ModifiedFri, Jul 03 · 09:16 PM CDT
Fri, Jun 12 · 06:16 PM CDTCVE-2026-44172
9.8/10 · Must read/watchNVDvuln
Summary
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_r
CVECVE-2026-44172
SeverityCRITICAL
TypeUPDATED
PublishedFri, Jun 12 · 06:16 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Wed, Jun 24 · 07:17 PM CDTCVE-2026-49980
9.8/10 · Must read/watchNVDvuln
Summary
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /[remote:path]/object. The remote value is parsed from the URL and passed to normal backend in
CVECVE-2026-49980
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 07:17 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Fri, Jul 03 · 09:16 PM CDTCVE-2026-22874
9.6/10 · Must read/watchNVDvuln
Summary
Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering.
CVECVE-2026-22874
SeverityCRITICAL
TypeNEW
PublishedFri, Jul 03 · 09:16 PM CDT
ModifiedFri, Jul 03 · 09:16 PM CDT
Tue, Jun 09 · 01:16 PM CDTCVE-2026-46316
9.3/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each entry with vgic_put_irq(). It puts the itera
CVECVE-2026-46316
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 09 · 01:16 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Tue, Jun 09 · 10:16 AM CDTCVE-2025-10263
9.1/10 · Must read/watchNVDvuln
Summary
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.
CVECVE-2025-10263
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 09 · 10:16 AM CDT
ModifiedFri, Jul 03 · 01:16 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-39830
9.1/10 · Must read/watchNVDvuln
Summary
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
CVECVE-2026-39830
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-39832
9.1/10 · Must read/watchNVDvuln
Summary
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. A
CVECVE-2026-39832
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-42508
9.1/10 · Must read/watchNVDvuln
Summary
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
CVECVE-2026-42508
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Wed, Jun 03 · 06:16 PM CDTCVE-2026-46244
9.1/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly computes the transport header offset traversing all extension headers, but the result is immediately overwritten
CVECVE-2026-46244
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 03 · 06:16 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Thu, May 28 · 09:16 AM CDTCVE-2026-4408
9.0/10 · Must read/watchNVDvuln
Summary
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-c
CVECVE-2026-4408
SeverityCRITICAL
TypeUPDATED
PublishedThu, May 28 · 09:16 AM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Fri, Jul 03 · 11:16 AM CDTCVE-2026-10054
8.8/10 · Worth your timeNVDvuln
Summary
In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when the Origin header i
CVECVE-2026-10054
SeverityHIGH
TypeNEW
PublishedFri, Jul 03 · 11:16 AM CDT
ModifiedFri, Jul 03 · 11:16 AM CDT
Fri, Jul 03 · 09:16 PM CDTCVE-2026-12481
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value wh
CVECVE-2026-12481
SeverityHIGH
TypeNEW
PublishedFri, Jul 03 · 09:16 PM CDT
ModifiedFri, Jul 03 · 09:16 PM CDT
Fri, Jul 03 · 03:16 PM CDTCVE-2026-14459
8.8/10 · Worth your timeNVDvuln
Summary
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
CVECVE-2026-14459
SeverityHIGH
TypeNEW
PublishedFri, Jul 03 · 03:16 PM CDT
ModifiedFri, Jul 03 · 03:16 PM CDT
Fri, Jul 03 · 03:16 PM CDTCVE-2026-14460
8.8/10 · Worth your timeNVDvuln
Summary
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
CVECVE-2026-14460
SeverityHIGH
TypeNEW
PublishedFri, Jul 03 · 03:16 PM CDT
ModifiedFri, Jul 03 · 03:16 PM CDT
Wed, May 06 · 10:16 AM CDTCVE-2026-43112
8.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *(cursor2 - 1) before cursor2 has advanced.
CVECVE-2026-43112
SeverityHIGH
TypeUPDATED
PublishedWed, May 06 · 10:16 AM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Fri, Jun 12 · 03:16 PM CDTCVE-2026-45674
8.7/10 · Worth your timeNVDvuln
Summary
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.
CVECVE-2026-45674
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 12 · 03:16 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Fri, Jun 12 · 04:16 PM CDTCVE-2026-47691
8.7/10 · Worth your timeNVDvuln
Summary
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's `DnsResolveContext` insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain
CVECVE-2026-47691
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 12 · 04:16 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Wed, May 13 · 06:16 PM CDTCVE-2026-44578
8.6/10 · Worth your timeNVDvuln
Summary
Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to
CVECVE-2026-44578
SeverityHIGH
TypeUPDATED
PublishedWed, May 13 · 06:16 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Fri, Jul 03 · 11:16 AM CDTCVE-2026-10055
8.5/10 · Worth your timeNVDvuln
Summary
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the destination URL is neither vali
CVECVE-2026-10055
SeverityHIGH
TypeNEW
PublishedFri, Jul 03 · 11:16 AM CDT
ModifiedFri, Jul 03 · 11:16 AM CDT
Wed, Apr 08 · 02:16 AM CDTCVE-2026-33810
8.2/10 · Worth your timeNVDvuln
Summary
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in th
CVECVE-2026-33810
SeverityHIGH
TypeUPDATED
PublishedWed, Apr 08 · 02:16 AM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Tue, May 05 · 09:16 PM CDTCVE-2026-39852
8.2/10 · Worth your timeNVDvuln
Summary
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP path-based authorizatio
CVECVE-2026-39852
SeverityHIGH
TypeUPDATED
PublishedTue, May 05 · 09:16 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Fri, Jul 03 · 09:16 PM CDTCVE-2026-22555
8.1/10 · Worth your timeNVDvuln
Summary
Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets.
CVECVE-2026-22555
SeverityHIGH
TypeNEW
PublishedFri, Jul 03 · 09:16 PM CDT
ModifiedFri, Jul 03 · 09:16 PM CDT
Thu, Jun 11 · 10:16 PM CDTCVE-2026-44249
8.1/10 · Worth your timeNVDvuln
Summary
Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrict
CVECVE-2026-44249
SeverityHIGH
TypeUPDATED
PublishedThu, Jun 11 · 10:16 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT
Wed, May 13 · 05:16 PM CDTCVE-2026-44574
8.1/10 · Worth your timeNVDvuln
Summary
Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by
CVECVE-2026-44574
SeverityHIGH
TypeUPDATED
PublishedWed, May 13 · 05:16 PM CDT
ModifiedFri, Jul 03 · 01:17 PM CDT