Briefs

IBM Langflow Desktop versions 1.6.0 through 1.8.2 is vulnerable to arbitrary code execution due to insecure deserialization of untrusted data, allowing an authenticated user to execute code on the system.

A locally authenticated user can escalate privileges to root on vulnerable IBM Verify Identity Access Container and IBM Security Verify Access Container installations due to the execution of processes with unnecessary privileges, as tracked by CVE-2026-1346.

CVE-2026-1343 allows an attacker to contact internal authentication endpoints protected by the Reverse Proxy in IBM Verify Identity Access Container and IBM Security Verify Access Container.

An out-of-bounds write vulnerability in Amazon Firecracker's virtio PCI transport (CVE-2026-5747) allows a local guest user with root privileges to potentially crash the VMM process or execute arbitrary code on the host.

WWBN AVideo is vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete fix for CVE-2026-27732, allowing authenticated uploaders to bypass SSRF protection by providing a `downloadURL` with a common media extension, leading to internal response exfiltration.

File Browser share links remain accessible after Share/Download permissions are revoked, allowing continued access to shared files even after an administrator revokes the user's permissions.

LiteLLM versions before 1.83.0 stored user passwords as unsalted SHA-256 hashes and exposed these hashes through multiple API endpoints, enabling an authenticated user to retrieve another user's password hash and use it to log in as that user due to the /v2/login endpoint accepting the raw SHA-256 hash without re-hashing, leading to potential privilege escalation.

Emmett web framework versions 2.5.0 to before 2.8.1 are vulnerable to path traversal attacks (CVE-2026-39847), allowing attackers to read arbitrary files outside the intended assets directory using manipulated URLs.

Podman Desktop versions prior to 1.26.2 expose an unauthenticated HTTP server, allowing remote attackers to trigger denial-of-service conditions by exhausting resources and extract sensitive information through verbose error responses.

A code injection vulnerability exists in PowerJob versions 5.1.0, 5.1.1, and 5.1.2, allowing remote attackers to execute arbitrary code via the GroovyEvaluator.evaluate function in the OpenAPI Endpoint component by manipulating the nodeParams argument.

OpenObserve versions 0.70.3 and earlier are vulnerable to a server-side request forgery (SSRF) attack due to improper validation of IPv6 addresses in the validate_enrichment_url function, potentially allowing authenticated attackers to access internal services and retrieve sensitive cloud metadata.

A memory corruption vulnerability due to an out-of-bounds read in NI LabVIEW's `sentry_transaction_context_set_operation()` function could lead to information disclosure or arbitrary code execution by opening a specially crafted VI file.

A memory corruption vulnerability exists in NI LabVIEW due to an out-of-bounds write when loading a corrupted LVCLASS file (CVE-2026-32861), potentially leading to information disclosure or arbitrary code execution if a user opens a specially crafted .lvclass file.

A memory corruption vulnerability exists in NI LabVIEW due to an out-of-bounds write when loading a corrupted LVLIB file, potentially leading to information disclosure or arbitrary code execution if a user opens a specially crafted .lvlib file.

A memory corruption vulnerability (CVE-2026-32862) in NI LabVIEW versions 2026 Q1 (26.1.0) and prior, stemming from an out-of-bounds write in ResFileFactory::InitResourceMgr(), can lead to information disclosure or arbitrary code execution if a user opens a malicious VI file.

A vulnerability in mise allows an attacker who can place a malicious .mise.toml file in a repository to bypass trust checks and execute arbitrary code via `[env] _.source` due to improper loading of trust settings.

A remote SQL injection vulnerability, CVE-2026-5736, exists in PowerJob versions 5.1.0 through 5.1.2 within the detailPlus Endpoint, potentially allowing unauthenticated attackers to execute arbitrary SQL queries.

A critical broken access control vulnerability (CVE-2026-39355) in Genealogy PHP application versions prior to 5.9.1 allows authenticated users to transfer ownership of arbitrary teams, leading to complete takeover of team workspaces and unrestricted data access.

A critical pre-authentication remote code execution vulnerability in ChurchCRM versions prior to 7.1.0 allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server compromise.

An authenticated API user of ChurchCRM prior to v7.1.0 can bypass authorization checks and modify arbitrary family records by manipulating the familyId parameter in API requests, leading to privilege escalation and potential data manipulation.

A path traversal vulnerability in ChurchCRM versions prior to 6.5.3 allows authenticated administrators to upload arbitrary files, leading to remote code execution by overwriting Apache .htaccess files.

NVIDIA DALI contains a deserialization of untrusted data vulnerability, identified as CVE-2026-24156, which may lead to arbitrary code execution.

NVIDIA Triton Inference Server is vulnerable to denial of service due to insufficient input validation that, when combined with a large number of outputs, can cause a server crash.

SoftEtherVPN version 5.2.5188 and earlier is vulnerable to a pre-authentication denial-of-service attack where an unauthenticated remote attacker can crash the vpnserver process by sending a malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions.

PolarLearn version 0-PRERELEASE-14 and earlier contains a privilege escalation vulnerability (CVE-2026-35610) in the account-management module, allowing authenticated non-admin users to execute administrative functions due to an inverted admin check.

Emissary, a P2P data-driven workflow engine, is vulnerable to OS command injection due to insufficient sanitization of the PLACE_NAME parameter in versions prior to 8.39.0, allowing for arbitrary command execution.

Windmill CE/EE versions 1.276.0 through 1.603.2 are vulnerable to SQL injection in the folder ownership management, allowing authenticated attackers to inject SQL through the owner parameter, leading to sensitive data access, token forgery, and arbitrary code execution.

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability (CVE-2026-22683) that allows users with the Operator role to bypass intended restrictions and perform unauthorized entity creation and modification actions via the backend API, potentially leading to privilege escalation and remote code execution.

CVE-2025-14821 in libssh allows local man-in-the-middle attacks, SSH downgrade attacks, and trusted host manipulation due to insecure default configuration loading from a world-writable directory on Windows.

ChurchCRM versions prior to 7.1.0 are vulnerable to SQL injection via the NewRole POST parameter, allowing authenticated users with the ManageGroups role to execute arbitrary SQL commands.