Threat Intelligence Feed

HIGH · CVE-2026-44513 Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPip HIGH · CVE-2026-44511 Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies wer CVE-2026-44348 PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_ha MED · CVE-2026-44312 css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allo CRIT · CVE-2026-42555 Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32 HIGH · CVE-2026-20224 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, MED · CVE-2026-20210 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, r MED · CVE-2026-20209 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, r CRIT · CVE-2026-20182 May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fi CVE-2025-62317 HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive CVE-2025-62316 HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured MED · CVE-2025-62313 HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This m CVE-2025-62312 HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic autho MED · CVE-2025-62311 HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. Th MED · CVE-2025-62310 HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. T CVE-2025-62309 HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may MED · CVE-2025-62308 HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such MED · CVE-2025-62305 HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resul CVE-2026-44504 Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared CVE-2026-44503 The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and othe MED · CVE-2026-44501 DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserialize MED · CVE-2026-42597 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/c CRIT · CVE-2026-42596 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's d HIGH · CVE-2026-42595 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/f HIGH · CVE-2026-42594 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine th MED · CVE-2026-42593 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoff MED · CVE-2026-42592 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, che HIGH · CVE-2026-42591 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/ HIGH · CVE-2026-42590 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Got CRIT · CVE-2026-42589 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HIGH · CVE-2026-42283 DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI se CVE-2026-42281 MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Fo CVE-2026-42159 Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and veri HIGH · CVE-2026-40893 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly CVE-2026-44484 PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introdu CRIT · CVE-2026-44482 soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8 HIGH · CVE-2026-44375 Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack MED · CVE-2026-44374 Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints CVE-2026-44371 Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted CVE-2026-44308 Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pp HIGH · CVE-2026-44513 Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPip HIGH · CVE-2026-44511 Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies wer CVE-2026-44348 PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_ha MED · CVE-2026-44312 css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allo CRIT · CVE-2026-42555 Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32 HIGH · CVE-2026-20224 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, MED · CVE-2026-20210 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, r MED · CVE-2026-20209 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, r CRIT · CVE-2026-20182 May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fi CVE-2025-62317 HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive CVE-2025-62316 HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured MED · CVE-2025-62313 HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This m CVE-2025-62312 HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic autho MED · CVE-2025-62311 HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. Th MED · CVE-2025-62310 HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. T CVE-2025-62309 HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may MED · CVE-2025-62308 HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such MED · CVE-2025-62305 HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resul CVE-2026-44504 Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared CVE-2026-44503 The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and othe MED · CVE-2026-44501 DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserialize MED · CVE-2026-42597 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/c CRIT · CVE-2026-42596 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's d HIGH · CVE-2026-42595 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/f HIGH · CVE-2026-42594 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine th MED · CVE-2026-42593 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoff MED · CVE-2026-42592 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, che HIGH · CVE-2026-42591 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/ HIGH · CVE-2026-42590 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Got CRIT · CVE-2026-42589 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HIGH · CVE-2026-42283 DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI se CVE-2026-42281 MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Fo CVE-2026-42159 Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and veri HIGH · CVE-2026-40893 Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly CVE-2026-44484 PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introdu CRIT · CVE-2026-44482 soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8 HIGH · CVE-2026-44375 Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack MED · CVE-2026-44374 Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints CVE-2026-44371 Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted CVE-2026-44308 Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pp