New

CVE-2026-62685: File Browser: Colliding username normalization gives two users the same home directory: File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser builds new user scopes from usernames passed through cleanUsername() when Signup=true and CreateUserDir=true, but the many-to-one normalizati...

CVE-2026-62843: File Browser: Archive builder turns backslash filenames into path traversal (zip-slip): File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAll(nameInArchive, "\", "/"), which turns a POSIX filename such as ..\..\evil.sh into the archive...

CVE-2026-9007: Reflected XSS in HCL Notes: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting (XSS).  Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects HCL Notes: Release 12.0.2FP5HF8 on Linux 4.18.0-553.52.1.El8_10.X64...

CVE-2026-62683: File Browser: Trailing-slash delete leaves a stale public share behind: File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the share cleanup path calls Dele...

CVE-2026-55242: ERPNext: Server-Side Template Injection (SSTI) in Batch autonaming via Stock Settings.naming_series_prefix: ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the use...

Updated

CVE-2026-56185: Windows Admin Center Information Disclosure Vulnerability: Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.

CVE-2026-54127: Windows Hyper-V Elevation of Privilege Vulnerability: Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVE-2026-61371: Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/overwrite of the symlink target. The destructive effect is performed at open-time via O_TRUNC, and can happen before full input validation completes (“truncation-before-validation”).

CVE-2026-54987: Windows Overlay Filter Elevation of Privilege Vulnerability: Heap-based buffer overflow in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.

CVE-2026-15607: tanstack db Alias Path select.ts select prototype pollution: A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the function select of the file src/query/compiler/select.ts of the component Alias Path Handler. The manipulation results in improperly controlled modification of object prototype attributes. The attack may be launched remotely. The exploit is ...

CISA Known Exploited Vulnerabilities

CVE-2026-56164 Microsoft SharePoint Server: Microsoft SharePoint contains a missing authentication for critical function vulnerability that allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-56155 Microsoft Active Directory Federation Services: Microsoft Active Directory Federation Services contains an insufficient granularity of access control vulnerability that allows an authorized attacker to elevate privileges locally.

CVE-2026-15410 SonicWall SMA1000 Appliances: SonicWall SMA1000 Appliances contain a code injection vulnerability which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.

CVE-2026-15409 SonicWall SMA1000 Appliances: SonicWall SMA1000 Appliances contain a server-side request forgery vulnerability that could allow a remote unauthenticated attacker to potentially cause the appliance to make requests to unintended location.

CVE-2008-4128 Cisco IOS: Cisco IOS 12.4 contains multiple cross-site forgery vulnerabilities that allows remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI.