Vulnerability Notes
- CVE-2026-26996 - Minimatch ReDoS Vulnerability
- CVE-2026-26980 - Ghost has a SQL Injection in its Content API
- CVE-2026-26065 - calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution
- CVE-2026-26064 - calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution
- CVE-2026-26975 - Music Assistant Server Path Traversal in Playlist Update API Allows Remote Code Execution
- CVE-2025-30410 - Acronis Authentication Bypass
- CVE-2026-27001 - OpenClaw: Unsanitized CWD path injection into LLM prompts
- CVE-2026-26323 - OpenClaw has a command injection in maintainer clawtributors updater
- CVE-2026-21535 - Microsoft Teams Information Disclosure Vulnerability
- CVE-2026-26314 - Go Ethereum affected by DoS via malicious p2p message
- CVE-2026-27476 - RustFly 2.0.0 Command Injection via UDP Remote Control
- CVE-2026-26318 - systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`
- CVE-2026-26280 - Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
- CVE-2026-26063 - CediPay Affected by Improper Input Validation in Payment Processing
- CVE-2026-27475 - SPIP < 4.4.9 Insecure Deserialization
- CVE-2026-26339 - Hyland Alfresco Transformation Service Argument Injection RCE
- CVE-2026-26337 - Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF
- CVE-2026-26336 - Hyland Alfresco Improper Authorization Arbitrary File Read