CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-26986 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer during `HashTable_Free` cleanup because `xf_rail... | 7.5 | HIGH | β | 0 |
| CVE-2026-27116 Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the `filter` URL parameter is rende... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27950 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution ... | 7.5 | HIGH | β | 0 |
| CVE-2026-2694 The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'can_edit' and 'can_delete' function in all ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27493 n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an una... | 9.0 | CRITICAL | β | 0 |
| CVE-2026-27494 n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-27495 n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-27798 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-27497 n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's S... | 8.8 | HIGH | β | 0 |
| CVE-2026-27498 n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk ... | 8.8 | HIGH | β | 0 |
| CVE-2026-27577 n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CV... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-27578 n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts in... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27633 TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers c... | 7.5 | HIGH | β | 0 |
| CVE-2026-27635 Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, ... | 7.5 | HIGH | β | 0 |
| CVE-2026-27709 NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZipβs `.NET Single File Application` parser has an out-of-bounds read vulner... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-27710 NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZipβs `.NET Single File Applicat... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-27711 NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZipβs UFS parser allows a crafted `.ufs... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-27735 Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that ... | N/A | NONE | β | 0 |
| CVE-2026-27200 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27201 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27821 GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd... | 7.8 | HIGH | β | 0 |
| CVE-2026-27933 Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cook... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-27967 Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files **outside the project directory*... | 7.1 | HIGH | β | 0 |
| CVE-2026-27976 Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validatio... | 8.8 | HIGH | β | 0 |
| CVE-2026-27829 Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-27888 pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xf... | 7.5 | HIGH | β | 0 |
| CVE-2026-27500 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27501 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27830 c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` impleme... | N/A | NONE | β | 0 |
| CVE-2026-27831 rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue. | 7.5 | HIGH | β | 0 |
| CVE-2026-27837 Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit `7d3a... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27840 ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are sti... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-27884 NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-27573 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27899 WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending... | 8.8 | HIGH | β | 0 |
| CVE-2026-27900 The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-27901 Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable H... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27902 Svelte performance oriented web framework. Prior to version 5.53.5, errors from `transformError` were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27903 minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` perfo... | 7.5 | HIGH | β | 0 |
| CVE-2026-28138 Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0. | 7.2 | HIGH | β | 0 |
| CVE-2026-27581 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27952 Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sand... | 8.8 | HIGH | β | 0 |
| CVE-2026-27954 Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.p... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-27959 Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's `ctx.hostname` API performs naive parsing of the HTTP Host header, extracting everything before th... | 7.5 | HIGH | β | 0 |
| CVE-2026-27961 Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vul... | 8.8 | HIGH | β | 0 |
| CVE-2026-27965 Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipu... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-27583 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27966 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27968 Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize() verified token presence and ability, but did... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-27969 Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipu... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.