Threat Intelligence Feed

CVE-2026-9669 bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError CVE-2026-44541 Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based CVE-2026-40215 A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cau MED · CVE-2026-11585 A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of HIGH · CVE-2026-49141 WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authent CVE-2026-47345 Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting CVE-2026-47344 When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sa HIGH · CVE-2026-46484 Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable HIGH · CVE-2026-40519 Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execut CVE-2026-35058 Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 t MED · CVE-2026-11584 A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the MED · CVE-2026-11583 A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function o HIGH · CVE-2026-11582 A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function CRIT · CVE-2026-52778 YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar f HIGH · CVE-2026-46490 samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only esca CVE-2026-46486 MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potentia MED · CVE-2026-11559 A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account MED · CVE-2026-11558 A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function HIGH · CVE-2026-11557 A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the f CRIT · CVE-2026-11393 Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might a MED · CVE-2026-10787 Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user t MED · CVE-2026-10786 Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileg MED · CVE-2026-10544 Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Serv CVE-2026-8913 A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutra HIGH · CVE-2026-11556 A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file CVE-2026-11555 A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file MED · CVE-2026-11554 A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/v HIGH · CVE-2026-11553 A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file MED · CVE-2026-11552 A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Lea HIGH · CVE-2026-48507 Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user ho HIGH · CVE-2026-46481 OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION CVE-2026-46314 In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to preven CVE-2026-46313 In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference I CVE-2026-46312 In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap CVE-2026-46311 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping CVE-2026-46310 In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on mod CVE-2026-46309 In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cach CVE-2026-46308 In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsys_ge CVE-2026-46307 In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent repor CVE-2026-46306 In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RF CVE-2026-9669 bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError CVE-2026-44541 Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based CVE-2026-40215 A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cau MED · CVE-2026-11585 A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of HIGH · CVE-2026-49141 WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authent CVE-2026-47345 Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting CVE-2026-47344 When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sa HIGH · CVE-2026-46484 Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable HIGH · CVE-2026-40519 Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execut CVE-2026-35058 Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 t MED · CVE-2026-11584 A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the MED · CVE-2026-11583 A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function o HIGH · CVE-2026-11582 A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function CRIT · CVE-2026-52778 YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar f HIGH · CVE-2026-46490 samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only esca CVE-2026-46486 MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potentia MED · CVE-2026-11559 A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account MED · CVE-2026-11558 A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function HIGH · CVE-2026-11557 A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the f CRIT · CVE-2026-11393 Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might a MED · CVE-2026-10787 Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user t MED · CVE-2026-10786 Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileg MED · CVE-2026-10544 Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Serv CVE-2026-8913 A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutra HIGH · CVE-2026-11556 A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file CVE-2026-11555 A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file MED · CVE-2026-11554 A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/v HIGH · CVE-2026-11553 A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file MED · CVE-2026-11552 A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Lea HIGH · CVE-2026-48507 Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user ho HIGH · CVE-2026-46481 OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION CVE-2026-46314 In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to preven CVE-2026-46313 In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference I CVE-2026-46312 In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap CVE-2026-46311 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping CVE-2026-46310 In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on mod CVE-2026-46309 In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cach CVE-2026-46308 In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsys_ge CVE-2026-46307 In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent repor CVE-2026-46306 In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RF