Threat Intelligence Feed

CVE-2026-6175 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-42171 NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as CVE-2026-41488 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_s CVE-2026-41481 LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTM CVE-2026-41478 Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a CVE-2026-41473 CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints CVE-2026-41472 CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where CVE-2026-41248 Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @c CVE-2026-6968 Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated si CVE-2026-6967 Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 CVE-2026-6966 Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v CVE-2026-41503 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds rea CVE-2026-41502 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of CVE-2026-41477 Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and ex CVE-2026-41476 Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's c CVE-2026-41475 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds rea CVE-2026-41433 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to befo CVE-2026-41429 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Pr CVE-2026-41428 Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expr CVE-2026-41427 Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option d CVE-2026-41426 pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered e CVE-2026-41425 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection CVE-2026-41244 Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the Ci CVE-2026-41907 uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buf CVE-2026-41894 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a d CVE-2026-41492 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through CVE-2026-41421 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messa CVE-2026-41419 4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an CVE-2026-41418 4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumerat CVE-2026-41416 PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer CVE-2026-41415 PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-b CVE-2026-41414 Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.ym CVE-2026-41328 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gi CVE-2026-41327 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gi CVE-2026-41326 Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) th CVE-2026-33666 Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18. CVE-2026-33662 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Corte CVE-2026-33524 Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18. CVE-2026-42044 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulne CVE-2026-42043 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influe CVE-2026-6175 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-42171 NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as CVE-2026-41488 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_s CVE-2026-41481 LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTM CVE-2026-41478 Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a CVE-2026-41473 CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints CVE-2026-41472 CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where CVE-2026-41248 Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @c CVE-2026-6968 Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated si CVE-2026-6967 Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 CVE-2026-6966 Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v CVE-2026-41503 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds rea CVE-2026-41502 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of CVE-2026-41477 Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and ex CVE-2026-41476 Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's c CVE-2026-41475 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds rea CVE-2026-41433 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to befo CVE-2026-41429 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Pr CVE-2026-41428 Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expr CVE-2026-41427 Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option d CVE-2026-41426 pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered e CVE-2026-41425 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection CVE-2026-41244 Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the Ci CVE-2026-41907 uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buf CVE-2026-41894 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a d CVE-2026-41492 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through CVE-2026-41421 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messa CVE-2026-41419 4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an CVE-2026-41418 4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumerat CVE-2026-41416 PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer CVE-2026-41415 PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-b CVE-2026-41414 Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.ym CVE-2026-41328 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gi CVE-2026-41327 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gi CVE-2026-41326 Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) th CVE-2026-33666 Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18. CVE-2026-33662 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Corte CVE-2026-33524 Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18. CVE-2026-42044 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulne CVE-2026-42043 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influe