CVE | THREATINT

New

CVE-2026-13163: Lack of input validation in Mailerup input parameter leads to Open Redirect: Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c/<token>/) in Mailerup <1.0.0 on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites and conduct phishing attacks via a crafted u query parameter, because the URL sche...

CVE-2026-12242: AdRotate Banner Manager <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection via 'banner' Shortcode Attribute: The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute...

CVE-2026-56761: hono - HTML Injection via Improper JSX Attribute Name Handling in SSR: hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag boundaries and inject arbitra...

CVE-2026-56370: ImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact: ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of s...

CVE-2026-56368: ImageMagick - Memory Leak in Raw Pixel Data Coders: ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.

Updated

CVE-2026-56244: Capgo - Webhook Signing Secret Disclosure via Non-Admin API Key: Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to configured receivers, breaking webhook ...

CVE-2026-56270: Flowise - Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint: Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter...

CVE-2026-56351: n8n - SQL Injection in MySQL, PostgreSQL, and Microsoft SQL Nodes: n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply specially crafted table or column name...

CVE-2026-11972: tarfile opened in streaming mode mishandles EOF: When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, meaning an archive could be parsed in an infinite loop.

CVE-2026-54762: Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails: Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kub...

CISA Known Exploited Vulnerabilities

CVE-2026-34908 Ubiquiti UniFi OS: Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.

CVE-2025-67038 Lantronix EDS5000: Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

CVE-2026-34910 Ubiquiti UniFi OS: Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.

CVE-2026-34909 Ubiquiti UniFi OS: Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.

CVE-2026-20253 Splunk Enterprise: Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

Additional information

EUVD (European Union Vulnerability Database) is maintained by ENISA (European Union Agency for Cybersecurity), under the European Union’s regulatory umbrella, serving as a centralized platform for vulnerability reporting specifically aligned with the EU’s legal frameworks such as NIS2 and the Cyber Resilience Act (CRA)

EUVD complements the CVE system by aggregating CVE data, but also assigns its own EUVD IDs to vulnerabilities, offers enriched metadata tailored for EU policies and compliance, and may highlight vulnerabilities particularly relevant to the European market.

Most vulnerabilities catalogued in EUVD will have both a CVE-ID and an EUVD-ID, acting as cross-references.

euvd.enisa.europa.eu

Source: media.ccc.de/v/eh22-138-panic-at-the-cve-o-theque.

A big "thank you" goes to @pennylane.

Welcome

New

Updated

CISA Known Exploited Vulnerabilities

Additional information