CVEs from 2026
Total
14,243
critical
critical 1,265
high
high 4,749
medium
medium 4,561
low
low 495
% Critical
8.9%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28923 | high | 8.8 | 8.8 | 25d ago | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox. | |||
| CVE-2026-8234 | high | 8.8 | 8.8 | 26d ago | A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument se… | |||
| CVE-2026-8230 | high | 8.8 | 8.8 | 26d ago | A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command… | |||
| CVE-2026-8229 | high | 8.8 | 8.8 | 26d ago | A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypTy… | |||
| CVE-2026-8228 | high | 8.8 | 8.8 | 26d ago | A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/… | |||
| CVE-2026-8227 | high | 8.8 | 8.8 | 26d ago | A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be init… | |||
| CVE-2026-8192 | high | 8.8 | 8.8 | 26d ago | A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/… | |||
| CVE-2026-8191 | high | 8.8 | 8.8 | 26d ago | A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os … | |||
| CVE-2026-8190 | high | 8.8 | 8.8 | 26d ago | A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwa… | |||
| CVE-2026-8189 | high | 8.8 | 8.8 | 26d ago | A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Au… | |||
| CVE-2026-8188 | high | 8.8 | 8.8 | 26d ago | A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/Encryp… | |||
| CVE-2026-44832 | high | 8.8 | 8.8 | 27d ago | Snipe-IT has Privilege Escalation via API Permissions Assignment | |||
| CVE-2026-41486 | high | 8.8 | 8.8 | 27d ago | Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization | |||
| CVE-2026-7807 | high | 8.8 | 8.8 | 27d ago | SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi… | |||
| CVE-2026-29203 | high | 8.8 | 8.8 | 27d ago | A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es… | |||
| CVE-2026-29202 | high | 8.8 | 8.8 | 27d ago | Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user. | |||
| CVE-2026-43403 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other priv… | |||
| CVE-2026-43391 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privilege… | |||
| CVE-2026-43334 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smp_cmd_pairing_req() currently builds the… | |||
| CVE-2026-43322 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in le_read_features_complete This fixes the following backtrace caused by hci_conn being freed befor… | |||
| CVE-2026-39816 | high | 8.8 | 8.8 | 27d ago | Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission | |||
| CVE-2026-25077 | high | 8.8 | 8.8 | 27d ago | Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an… | |||
| CVE-2026-5127 | high | 8.8 | 8.8 | 28d ago | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and … | |||
| CVE-2026-8138 | high | 8.8 | 8.8 | 28d ago | A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow.… | |||
| CVE-2026-8137 | high | 8.8 | 8.8 | 28d ago | A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url l… | |||
| CVE-2026-42271 | high | 8.8 | 8.8 | 28d ago | LiteLLM: Authenticated command execution via MCP stdio test endpoints | |||
| CVE-2026-42203 | high | 8.8 | 8.8 | 28d ago | LiteLLM: Server-Side Template Injection in /prompts/test endpoint | |||
| CVE-2026-8112 | high | 8.8 | 8.8 | 28d ago | A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation resul… | |||
| CVE-2026-32207 | high | 8.8 | 8.8 | 28d ago | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-42215 | high | 8.8 | 8.8 | 28d ago | GitPython has Command Injection via Git options bypass | |||
| CVE-2026-5786 | high | 8.8 | 8.8 | 28d ago | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access. | |||
| CVE-2026-30495 | high | 8.8 | 8.8 | 28d ago | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is con… | |||
| CVE-2026-6002 | high | 8.8 | 8.8 | 28d ago | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS). This issue affec… | |||
| CVE-2026-5784 | high | 8.8 | 8.8 | 28d ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyD… | |||
| CVE-2026-3953 | high | 8.8 | 8.8 | 29d ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XS… | |||
| CVE-2026-6692 | high | 8.8 | 8.8 | 29d ago | The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient fil… | |||
| CVE-2026-41143 | high | 8.8 | 8.8 | 29d ago | YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() | |||
| CVE-2026-41139 | high | 8.8 | 8.8 | 29d ago | mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes | |||
| CVE-2026-41640 | high | 8.8 | 8.8 | 29d ago | @nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading | |||
| CVE-2026-41142 | high | 8.8 | 8.8 | 29d ago | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3… | |||
| CVE-2026-42550 | high | 8.8 | 8.8 | 29d ago | Flight vulnerable to SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete | |||
| CVE-2026-42844 | high | 8.8 | 8.8 | 29d ago | Low-privileged Grav API users can create super-admin accounts via blueprint-upload | |||
| CVE-2026-44115 | high | 8.8 | 8.8 | 29d ago | OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell ex… | |||
| CVE-2026-44110 | high | 8.8 | 8.8 | 29d ago | OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries | |||
| CVE-2026-43584 | high | 8.8 | 8.8 | 29d ago | OpenClaw: Exec environment denylist missed high-risk interpreter startup variables | |||
| CVE-2026-40076 | high | 8.8 | 8.8 | 29d ago | OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip) | |||
| CVE-2026-8016 | high | 8.8 | 8.8 | 29d ago | Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-8002 | high | 8.8 | 8.8 | 29d ago | Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-8000 | high | 8.8 | 8.8 | 29d ago | Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se… | |||
| CVE-2026-7995 | high | 8.8 | 8.8 | 29d ago | Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Mediu… | |||
| CVE-2026-7992 | high | 8.8 | 8.8 | 29d ago | Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute… | |||
| CVE-2026-7991 | high | 8.8 | 8.8 | 29d ago | Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… | |||
| CVE-2026-7988 | high | 8.8 | 8.8 | 29d ago | Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7987 | high | 8.8 | 8.8 | 29d ago | Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7984 | high | 8.8 | 8.8 | 29d ago | Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML … | |||
| CVE-2026-7980 | high | 8.8 | 8.8 | 29d ago | Use after free in WebAudio in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7974 | high | 8.8 | 8.8 | 29d ago | Use after free in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7973 | high | 8.8 | 8.8 | 29d ago | Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Med… | |||
| CVE-2026-7957 | high | 8.8 | 8.8 | 29d ago | Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a cr… | |||
| CVE-2026-7951 | high | 8.8 | 8.8 | 29d ago | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7940 | high | 8.8 | 8.8 | 29d ago | Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome … | |||
| CVE-2026-7938 | high | 8.8 | 8.8 | 29d ago | Use after free in CSS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7930 | high | 8.8 | 8.8 | 29d ago | Insufficient validation of untrusted input in Cookies in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-7928 | high | 8.8 | 8.8 | 29d ago | Use after free in WebRTC in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-7927 | high | 8.8 | 8.8 | 29d ago | Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7926 | high | 8.8 | 8.8 | 29d ago | Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-7921 | high | 8.8 | 8.8 | 29d ago | Use after free in Passwords in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7907 | high | 8.8 | 8.8 | 29d ago | Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7906 | high | 8.8 | 8.8 | 29d ago | Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7903 | high | 8.8 | 8.8 | 29d ago | Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-7902 | high | 8.8 | 8.8 | 29d ago | Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-7901 | high | 8.8 | 8.8 | 29d ago | Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7899 | high | 8.8 | 8.8 | 29d ago | Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-7898 | high | 8.8 | 8.8 | 29d ago | Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) | |||
| CVE-2026-7896 | high | 8.8 | 8.8 | 29d ago | Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-41938 | high | 8.8 | 8.8 | 29d ago | Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restricti… | |||
| CVE-2026-41934 | high | 8.8 | 8.8 | 29d ago | Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through ins… | |||
| CVE-2026-7875 | high | 8.8 | 8.8 | 29d ago | NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container … | |||
| CVE-2026-42503 | high | 8.8 | 8.8 | 29d ago | gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopl… | |||
| CVE-2026-29080 | high | 8.8 | 8.8 | 29d ago | Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API | |||
| CVE-2026-20034 | high | 8.8 | 8.8 | 29d ago | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is… | |||
| CVE-2026-29090 | high | 8.8 | 8.8 | 29d ago | Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API | |||
| CVE-2026-43283 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle dma_free_coherent() in error path takes priv->rx_buf.alloc_len as the d… | |||
| CVE-2026-43249 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen_9pfs_front_free against concurrent calls The xenwatch thread can race with other back-end change notification… | |||
| CVE-2026-43239 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in ->query_interfaces() It was possible for two query interface works to be concurrently trying to upd… | |||
| CVE-2026-43232 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets When the FarSync T-series card is being detached, the fs… | |||
| CVE-2026-43215 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifs_tcp_ses_lock to protect a lot of objects that are not just the se… | |||
| CVE-2026-43187 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 ("xfs: fix attr leaf header freemap.size underflow… | |||
| CVE-2026-43176 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate release report content before using for RTL8922DE The commit 957eda596c76 ("wifi: rtw89: pci: validate… | |||
| CVE-2026-43172 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs (which doesn't exist in hardware) then us… | |||
| CVE-2026-43158 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs/592 and xfs/794 both trip this assertion in the leaf block fre… | |||
| CVE-2026-43113 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to ind… | |||
| CVE-2026-43112 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a str… | |||
| CVE-2026-43110 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index… | |||
| CVE-2026-7841 | high | 8.8 | 8.8 | 1mo ago | A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server b… | |||
| CVE-2026-42843 | high | 8.8 | 8.8 | 1mo ago | Grav API Privilege Escalation to Super Admin | |||
| CVE-2026-40068 | high | 8.8 | 8.8 | 1mo ago | Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution | |||
| CVE-2026-39849 | high | 8.8 | 8.8 | 1mo ago | Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL accepted newline charac… | |||
| CVE-2026-42266 | high | 8.8 | 8.8 | 1mo ago | JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request | |||
| CVE-2026-34464 | high | 8.8 | 8.8 | 1mo ago | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fix… |