Threat Intelligence Feed

MED · CVE-2026-8115 A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the fil HIGH · CVE-2026-6411 This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain e CRIT · CVE-2026-42880 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 CVE-2026-2710 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. MED · CVE-2026-8114 A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the fil MED · CVE-2026-8113 A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vuln MED · CVE-2026-8112 A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function e CVE-2026-8106 A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page th CVE-2026-8034 A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that a CVE-2026-7891 The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization CVE-2026-7541 A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to CVE-2026-6736 An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attack CRIT · CVE-2026-42826 Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose i MED · CVE-2026-41929 Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor previ MED · CVE-2026-41928 Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated HIGH · CVE-2026-41105 Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges ove MED · CVE-2026-40214 In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. Th HIGH · CVE-2026-40213 OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This un HIGH · CVE-2026-35435 Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges CRIT · CVE-2026-35428 Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unaut HIGH · CVE-2026-34327 Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attac CRIT · CVE-2026-33844 Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code o CRIT · CVE-2026-33823 Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. HIGH · CVE-2026-33111 Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) all CRIT · CVE-2026-33109 Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code ove HIGH · CVE-2026-32207 Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an HIGH · CVE-2026-26164 Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allow HIGH · CVE-2026-26129 Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over HIGH · CVE-2026-8098 A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the MED · CVE-2026-8097 A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the fi CVE-2026-44365 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason: This candidate is a HIGH · CVE-2026-42449 n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In ve HIGH · CVE-2026-42047 Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orche MED · CVE-2026-41692 i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. MED · CVE-2026-41691 Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internat CVE-2026-8142 VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use CVE-2026-8088 A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the MED · CVE-2026-8087 A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frm HIGH · CVE-2026-43510 manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assi CVE-2026-42501 A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum databa MED · CVE-2026-8115 A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the fil HIGH · CVE-2026-6411 This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain e CRIT · CVE-2026-42880 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 CVE-2026-2710 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. MED · CVE-2026-8114 A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the fil MED · CVE-2026-8113 A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vuln MED · CVE-2026-8112 A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function e CVE-2026-8106 A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page th CVE-2026-8034 A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that a CVE-2026-7891 The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization CVE-2026-7541 A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to CVE-2026-6736 An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attack CRIT · CVE-2026-42826 Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose i MED · CVE-2026-41929 Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor previ MED · CVE-2026-41928 Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated HIGH · CVE-2026-41105 Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges ove MED · CVE-2026-40214 In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. Th HIGH · CVE-2026-40213 OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This un HIGH · CVE-2026-35435 Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges CRIT · CVE-2026-35428 Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unaut HIGH · CVE-2026-34327 Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attac CRIT · CVE-2026-33844 Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code o CRIT · CVE-2026-33823 Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. HIGH · CVE-2026-33111 Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) all CRIT · CVE-2026-33109 Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code ove HIGH · CVE-2026-32207 Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an HIGH · CVE-2026-26164 Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allow HIGH · CVE-2026-26129 Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over HIGH · CVE-2026-8098 A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the MED · CVE-2026-8097 A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the fi CVE-2026-44365 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason: This candidate is a HIGH · CVE-2026-42449 n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In ve HIGH · CVE-2026-42047 Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orche MED · CVE-2026-41692 i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. MED · CVE-2026-41691 Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internat CVE-2026-8142 VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use CVE-2026-8088 A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the MED · CVE-2026-8087 A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frm HIGH · CVE-2026-43510 manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assi CVE-2026-42501 A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum databa