vulns

---

Vulnerability Notes

• CVE-2026-58054 - MyBB - Privilege Escalation from Limited ACP User Management to Administrator
• CVE-2026-58053 - Gitea act_runner - Container Hardening Bypass via Workflow Container Options
• CVE-2026-58051 - libssh2 - Free of Uninitialized Pointer in publickey List Cleanup
• CVE-2026-58050 - libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation
• CVE-2026-58049 - FFmpeg - Out-of-Bounds Write in RASC Decoder decode_dlta()
• CVE-2026-8095 - Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion
• CVE-2026-10643 - Out-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)
• CVE-2026-12415 - Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter
• CVE-2026-56414 - H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type
• CVE-2026-55975 - H.VIEW HV-500S6 IP Camera OS Command Injection
• CVE-2026-31928 - Daktronics Controller Firmware Use of Hard-coded Credentials
• CVE-2026-33560 - Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type
• CVE-2026-28701 - Daktronics Controller Firmware Path Traversal
• CVE-2026-49869 - Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`
• CVE-2026-53576 - Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass
• CVE-2026-55069 - Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack
• CVE-2026-54351 - Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
• CVE-2026-54353 - Budibase: Potential SSRF DNS rebinding bypass in outbound fetch validation
• CVE-2026-54350 - Budibase: Anonymous NoSQL operator injection via published-app query templates
• CVE-2026-50137 - Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
• CVE-2026-54352 - Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload
• CVE-2026-55188 - RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials
• CVE-2026-49991 - RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection
• CVE-2026-32833 - Cudy LT300 3.0 OS Command Injection via NTP Configuration
• CVE-2026-46386 - OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`