New

CVE-2026-40914: Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permission: A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that addr...

CVE-2026-9818: Roundcube Local/Private URL Fetch Bypass: Roundcube's HTML sanitization path for message rendering allows loopback, localhost, RFC1918, link-local, and ULA URLs even when remote content loading is disabled. A remote attacker can send an HTML email that causes the victim's browser to issue requests to local or private-network services simply by opening the message preview.

CVE-2026-9658: Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths: Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\...

CVE-2026-46241: spi: mpc52xx: fix use-after-free on registration failure: In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registration fails to avoid a potential use-after-free and resource leak. This issue was flagged by Sashiko when reviewing a controller deregistration...

CVE-2026-46240: media: iris: Fix use-after-free in iris_release_internal_buffers(): In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session_release_buf() may free the buffer. The caller, ir...

Updated

CVE-2026-9430: Tenda F1202 GstDhcpSetSerof formGstDhcpSetSer stack-based overflow: A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed a...

CVE-2026-46538: Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection: Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id only and does not verify that a TASK_END message came from the device that originally recei...

CVE-2025-13955: Predictable Default Wi-Fi Password in EZCast Pro II Dongle: Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers

CVE-2025-13954: Hard-coded cryptographic keys in EZCast Pro II Dongle: Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI

CVE-2026-9791: Keycloak-rhel9: organization data leak after feature disabled in keycloak: A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an a...

CISA Known Exploited Vulnerabilities

CVE-2010-0249 Microsoft Internet Explorer: Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

CVE-2026-45321 TanStack TanStack: TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.

CVE-2026-48027 Nx Nx Console: Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

CVE-2026-8398 Daemon Daemon Tools Lite: Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.

CVE-2026-48172 LiteSpeed cPanel Plugin: LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.