Threat Intelligence Feed

CVE-2026-4049 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-41455 WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url CVE-2026-41454 WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authe CVE-2026-41314 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41313 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41312 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41177 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Sq CVE-2026-41175 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulatin CVE-2026-41172 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSR CVE-2026-41171 Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a CVE-2026-41170 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `R CVE-2026-40517 radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows CVE-2026-41168 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41167 Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jell CVE-2026-41166 OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one K CVE-2026-41134 Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal CVE-2026-40937 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin CVE-2026-40882 OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses a CVE-2026-3837 An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution wh CVE-2026-34068 nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, CVE-2026-34067 nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, CVE-2026-33733 EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template manag CVE-2026-33656 EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formu CVE-2026-6019 http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It CVE-2026-3673 An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim ope CVE-2026-34066 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStor CVE-2026-34065 nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prio CVE-2026-34064 nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingCon CVE-2026-34063 Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` disco CVE-2026-34062 nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and CVE-2026-33471 nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its q CVE-2026-41469 Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaSc CVE-2026-41468 Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. CVE-2026-41459 Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthentica CVE-2026-34415 Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder con CVE-2026-34414 Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connecto CVE-2026-34413 Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector CVE-2026-28950 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26. CVE-2026-26354 Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2 CVE-2026-6515 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and CVE-2026-4049 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-41455 WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url CVE-2026-41454 WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authe CVE-2026-41314 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41313 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41312 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41177 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Sq CVE-2026-41175 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulatin CVE-2026-41172 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSR CVE-2026-41171 Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a CVE-2026-41170 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `R CVE-2026-40517 radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows CVE-2026-41168 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41167 Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jell CVE-2026-41166 OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one K CVE-2026-41134 Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal CVE-2026-40937 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin CVE-2026-40882 OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses a CVE-2026-3837 An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution wh CVE-2026-34068 nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, CVE-2026-34067 nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, CVE-2026-33733 EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template manag CVE-2026-33656 EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formu CVE-2026-6019 http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It CVE-2026-3673 An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim ope CVE-2026-34066 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStor CVE-2026-34065 nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prio CVE-2026-34064 nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingCon CVE-2026-34063 Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` disco CVE-2026-34062 nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and CVE-2026-33471 nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its q CVE-2026-41469 Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaSc CVE-2026-41468 Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. CVE-2026-41459 Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthentica CVE-2026-34415 Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder con CVE-2026-34414 Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connecto CVE-2026-34413 Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector CVE-2026-28950 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26. CVE-2026-26354 Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2 CVE-2026-6515 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and