CVEs from 2026
Total
14,770
critical
critical 1,335
high
high 5,012
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31398 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix incorrect pte restoration for lazyfree folios We batch unmap anonymous lazyfree folios by folio_unmap_pte_batch. If… | |||
| CVE-2026-31397 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd() move_pages_huge_pmd() handles UFFDIO_MOVE for both normal THPs and… | |||
| CVE-2026-31396 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on ever… | |||
| CVE-2026-31389 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event th… | |||
| CVE-2026-23466 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Open-code GGTT MMIO access protection GGTT MMIO access is currently protected by hotplug (drm_dev_enter), which works cor… | |||
| CVE-2026-23458 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() ctnetlink_dump_exp_ct() stores a conntrack pointer in cb->dat… | |||
| CVE-2026-23449 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teql_master_xmit Whenever a TEQL devices has a lockless Qdisc as root, qdisc_reset should be … | |||
| CVE-2026-23448 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DP… | |||
| CVE-2026-23444 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure ieee80211_tx_prepare_skb() has three error paths, but only … | |||
| CVE-2026-3780 | high | 7.8 | 7.8 | 2mo ago | The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker t… | |||
| CVE-2026-3779 | high | 7.8 | 7.8 | 2mo ago | The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when t… | |||
| CVE-2026-22561 | high | 7.8 | 7.8 | 2mo ago | Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installe… | |||
| CVE-2026-5165 | high | 7.8 | 7.8 | 2mo ago | A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. … | |||
| CVE-2026-23171 | high | 7.8 | 7.8 | 2mo ago | Moderate: kernel security update | |||
| CVE-2026-33491 | high | 7.8 | 7.8 | 2mo ago | Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause … | |||
| CVE-2026-32680 | high | 7.8 | 7.8 | 2mo ago | The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with u… | |||
| CVE-2026-28760 | high | 7.8 | 7.8 | 2mo ago | The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may … | |||
| CVE-2026-34085 | high | 7.8 | 7.8 | 2mo ago | fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFont… | |||
| CVE-2026-23306 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001_queue_command() Commit e29c47fe8946 ("scsi: pm8001: Simplify pm8001_task_exec()") refa… | |||
| CVE-2026-23288 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix out-of-bounds memset in command slot handling The remaining space in a command slot may be smaller than the si… | |||
| CVE-2026-23281 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbs_free_adapter() The lbs_free_adapter() function uses timer_delete() (non-synchronous) fo… | |||
| CVE-2026-23280 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possi… | |||
| CVE-2026-33851 | high | 7.8 | 7.8 | 3mo ago | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729. | |||
| CVE-2026-33850 | high | 7.8 | 7.8 | 3mo ago | Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54. | |||
| CVE-2026-33298 | high | 7.8 | 7.8 | 3mo ago | llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a … | |||
| CVE-2026-4538 | high | 7.8 | 7.8 | 3mo ago | A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be p… | |||
| CVE-2026-23278 | high | 7.8 | 7.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchal… | |||
| CVE-2026-23275 | high | 7.8 | 7.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is … | |||
| CVE-2026-23274 | high | 7.8 | 7.8 | 3mo ago | Linux kernel vulnerabilities | |||
| CVE-2026-23273 | high | 7.8 | 7.8 | 3mo ago | Linux kernel vulnerabilities | |||
| CVE-2026-23272 | high | 7.8 | 7.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets publishe… | |||
| CVE-2026-23271 | high | 7.8 | 7.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabl… | |||
| CVE-2026-23268 | high | 7.8 | 7.8 | 3mo ago | Linux kernel (BlueField) vulnerabilities | |||
| CVE-2026-23262 | high | 7.8 | 7.8 | 3mo ago | Linux kernel vulnerabilities | |||
| CVE-2026-23253 | high | 7.8 | 7.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader … | |||
| CVE-2026-24062 | high | 7.8 | 7.8 | 3mo ago | The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to c… | |||
| CVE-2026-23248 | high | 7.8 | 7.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix refcount bug and potential UAF in perf_mmap Syzkaller reported a refcount_t: addition on 0; use-after-free warning… | |||
| CVE-2026-23245 | high | 7.8 | 7.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_gate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump p… | |||
| CVE-2026-3888 | high | 7.8 | 7.8 | 3mo ago | Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up th… | |||
| CVE-2026-23862 | high | 7.8 | 7.8 | 3mo ago | Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with loca… | |||
| CVE-2026-27940 | high | 7.8 | 7.8 | 3mo ago | llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Us… | |||
| CVE-2026-30902 | high | 7.8 | 7.8 | 3mo ago | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2026-30901 | high | 7.8 | 7.8 | 3mo ago | Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2026-30900 | high | 7.8 | 7.8 | 3mo ago | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2026-3315 | high | 7.8 | 7.8 | 3mo ago | Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/… | |||
| CVE-2026-26738 | high | 7.8 | 7.8 | 3mo ago | Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file. | |||
| CVE-2026-26134 | high | 7.8 | 7.8 | 3mo ago | Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26128 | high | 7.8 | 7.8 | 3mo ago | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26110 | high | 7.8 | 7.8 | 3mo ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-25187 | high | 7.8 | 7.8 | 3mo ago | Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-23239 | high | 7.8 | 7.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is call… | |||
| CVE-2026-25866 | high | 7.8 | 7.8 | 3mo ago | MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening r… | |||
| CVE-2026-3796 | high | 7.8 | 7.8 | 3mo ago | A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter D… | |||
| CVE-2026-29783 | high | 7.8 | 7.8 | 3mo ago | GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution | |||
| CVE-2026-3463 | high | 7.8 | 7.8 | 3mo ago | A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document… | |||
| CVE-2026-3394 | high | 7.8 | 7.8 | 3mo ago | A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Perfo… | |||
| CVE-2026-3393 | high | 7.8 | 7.8 | 3mo ago | A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the compon… | |||
| CVE-2026-3281 | high | 7.8 | 7.8 | 3mo ago | A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in hea… | |||
| CVE-2026-3147 | high | 7.8 | 7.8 | 3mo ago | A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow.… | |||
| CVE-2026-3137 | high | 7.8 | 7.8 | 3mo ago | A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflo… | |||
| CVE-2026-2662 | high | 7.8 | 7.8 | 4mo ago | A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. T… | |||
| CVE-2026-2661 | high | 7.8 | 7.8 | 4mo ago | A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. … | |||
| CVE-2026-2660 | high | 7.8 | 7.8 | 4mo ago | A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Loca… | |||
| CVE-2026-2659 | high | 7.8 | 7.8 | 4mo ago | A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation… | |||
| CVE-2026-23222 | high | 7.8 | 7.8 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy… | |||
| CVE-2026-2653 | high | 7.8 | 7.8 | 4mo ago | A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer o… | |||
| CVE-2026-2644 | high | 7.8 | 7.8 | 4mo ago | A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation … | |||
| CVE-2026-2627 | high | 7.8 | 7.8 | 4mo ago | A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/R… | |||
| CVE-2026-2016 | high | 7.8 | 7.8 | 4mo ago | A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to… | |||
| CVE-2026-23066 | high | 7.8 | 7.8 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() fails because MSG_DONTWAIT was specified but the call at the front … | |||
| CVE-2026-23025 | high | 7.8 | 7.8 | 4mo ago | Linux kernel vulnerabilities | |||
| CVE-2026-24905 | high | 7.8 | 7.8 | 4mo ago | Inspektor Gadget: Command Injection via malicious buildOptions manipulation | |||
| CVE-2026-1418 | high | 7.8 | 7.8 | 4mo ago | A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Su… | |||
| CVE-2026-1110 | high | 7.8 | 7.8 | 5mo ago | A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. It is possible to launch… | |||
| CVE-2026-1109 | high | 7.8 | 7.8 | 5mo ago | A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. At… | |||
| CVE-2026-1108 | high | 7.8 | 7.8 | 5mo ago | A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsp_rely_dumps. The manipulation leads to buffer ove… | |||
| CVE-2026-20864 | high | 7.8 | 7.8 | 5mo ago | Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-20817 | high | 7.8 | 7.8 | 5mo ago | Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-0830 | high | 7.8 | 7.8 | 5mo ago | Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously craf… | |||
| CVE-2026-11297 | high | 7.7 | 7.7 | 3d ago | Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium… | |||
| CVE-2026-45497 | high | 7.7 | 7.7 | 3d ago | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network. | |||
| CVE-2026-46447 | high | 7.7 | 7.7 | 4d ago | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | |||
| CVE-2026-4035 | high | 7.7 | 7.7 | 5d ago | A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environm… | |||
| CVE-2026-44285 | high | 7.7 | 7.7 | 9d ago | FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network pro… | |||
| CVE-2026-10107 | high | 7.7 | 7.7 | 9d ago | MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a… | |||
| CVE-2026-42965 | high | 7.7 | 7.7 | 9d ago | A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice tha… | |||
| CVE-2026-47179 | high | 7.7 | 7.7 | 10d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directiv… | |||
| CVE-2026-46823 | high | 7.7 | 7.7 | 10d ago | Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily ex… | |||
| CVE-2026-46821 | high | 7.7 | 7.7 | 10d ago | Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable v… | |||
| CVE-2026-49093 | high | 7.7 | 7.7 | 10d ago | Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server t… | |||
| CVE-2026-42398 | high | 7.7 | 7.7 | 10d ago | Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connec… | |||
| CVE-2026-45296 | high | 7.7 | 7.7 | 10d ago | OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API… | |||
| CVE-2026-46123 | high | 7.7 | 7.7 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtio_bt: clamp rx length before skb_put virtbt_rx_work() calls skb_put(skb, len) where len comes directly from virtq… | |||
| CVE-2026-9804 | high | 7.7 | 7.7 | 11d ago | A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing … | |||
| CVE-2026-45548 | high | 7.7 | 7.7 | 11d ago | Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation | |||
| CVE-2026-45715 | high | 7.7 | 7.7 | 11d ago | Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, … | |||
| CVE-2026-46427 | high | 7.7 | 7.7 | 11d ago | Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is D… | |||
| CVE-2026-48146 | high | 7.7 | 7.7 | 11d ago | Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection.… | |||
| CVE-2026-45061 | high | 7.7 | 7.7 | 11d ago | Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A… | |||
| CVE-2026-2253 | high | 7.7 | 7.7 | 12d ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities. |