Threat Intelligence Feed

CVE-2026-12845 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r MED · CVE-2026-12814 A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bi MED · CVE-2026-12813 A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the CVE-2026-12812 A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of th MED · CVE-2026-12811 A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/rou MED · CVE-2026-12810 A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of th MED · CVE-2026-12809 A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /gofo MED · CVE-2026-12808 A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainf MED · CVE-2026-12807 A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of th HIGH · CVE-2026-12806 A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the MED · CVE-2026-12805 A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library MED · CVE-2026-12804 A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-p MED · CVE-2026-56412 libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking MED · CVE-2026-56411 xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. MED · CVE-2026-56410 xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. MED · CVE-2026-56409 xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. MED · CVE-2026-56408 libexpat before 2.8.2 has an integer overflow in copyString. MED · CVE-2026-56407 libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. MED · CVE-2026-56406 libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse MED · CVE-2026-56405 libexpat before 2.8.2 has an integer overflow in getAttributeId. MED · CVE-2026-56404 libexpat before 2.8.2 has an integer overflow in addBinding. MED · CVE-2026-56403 libexpat before 2.8.2 has an integer overflow in storeAtts. CRIT · CVE-2026-56397 SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious HIGH · CVE-2026-56396 phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that CRIT · CVE-2026-56395 SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious MED · CVE-2026-56394 Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the ex MED · CVE-2026-56393 Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site MED · CVE-2026-56385 Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/pre MED · CVE-2026-56384 Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user with MED · CVE-2026-56383 Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the HIGH · CVE-2026-56382 Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability MED · CVE-2026-56381 Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where CVE-2026-56378 ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage CVE-2026-56367 ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding pat MED · CVE-2026-56316 Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint t MED · CVE-2026-56299 Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows CRIT · CVE-2026-56265 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the HIGH · CVE-2026-56253 Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that MED · CVE-2026-56251 Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users HIGH · CVE-2026-56242 Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_only that returns th CVE-2026-12845 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r MED · CVE-2026-12814 A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bi MED · CVE-2026-12813 A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the CVE-2026-12812 A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of th MED · CVE-2026-12811 A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/rou MED · CVE-2026-12810 A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of th MED · CVE-2026-12809 A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /gofo MED · CVE-2026-12808 A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainf MED · CVE-2026-12807 A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of th HIGH · CVE-2026-12806 A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the MED · CVE-2026-12805 A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library MED · CVE-2026-12804 A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-p MED · CVE-2026-56412 libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking MED · CVE-2026-56411 xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. MED · CVE-2026-56410 xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. MED · CVE-2026-56409 xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. MED · CVE-2026-56408 libexpat before 2.8.2 has an integer overflow in copyString. MED · CVE-2026-56407 libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. MED · CVE-2026-56406 libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse MED · CVE-2026-56405 libexpat before 2.8.2 has an integer overflow in getAttributeId. MED · CVE-2026-56404 libexpat before 2.8.2 has an integer overflow in addBinding. MED · CVE-2026-56403 libexpat before 2.8.2 has an integer overflow in storeAtts. CRIT · CVE-2026-56397 SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious HIGH · CVE-2026-56396 phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that CRIT · CVE-2026-56395 SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious MED · CVE-2026-56394 Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the ex MED · CVE-2026-56393 Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site MED · CVE-2026-56385 Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/pre MED · CVE-2026-56384 Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user with MED · CVE-2026-56383 Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the HIGH · CVE-2026-56382 Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability MED · CVE-2026-56381 Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where CVE-2026-56378 ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage CVE-2026-56367 ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding pat MED · CVE-2026-56316 Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint t MED · CVE-2026-56299 Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows CRIT · CVE-2026-56265 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the HIGH · CVE-2026-56253 Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that MED · CVE-2026-56251 Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users HIGH · CVE-2026-56242 Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_only that returns th