๐จ CVE-2026-30831
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP Streamer does not enforce Two-Factor Authentication (2FA) or validate user account status (deactivated users can still login), despite these checks being mandatory in the standard Meteor login flow. This issue has been patched in versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0.
๐@cveNotify
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP Streamer does not enforce Two-Factor Authentication (2FA) or validate user account status (deactivated users can still login), despite these checks being mandatory in the standard Meteor login flow. This issue has been patched in versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0.
๐@cveNotify
GitHub
2FA bypass and login of deactivated users via EE ddp-streamer
### 2FA bypass and login of deactivated users via EE ddp-streamer (`GHSL-2026-008`)
Authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The `Account.login`...
Authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The `Account.login`...
๐จ CVE-2026-30833
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated attackers to manipulate MongoDB queries during authentication. The vulnerability is located in the username-based login flow where user-supplied input is directly embedded into a MongoDB query selector without validation. An attacker can inject MongoDB operator expressions (e.g., { $regex: '.*' }) in place of a username string, causing the database query to match unintended user records. This issue has been patched in versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0.
๐@cveNotify
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated attackers to manipulate MongoDB queries during authentication. The vulnerability is located in the username-based login flow where user-supplied input is directly embedded into a MongoDB query selector without validation. An attacker can inject MongoDB operator expressions (e.g., { $regex: '.*' }) in place of a username string, causing the database query to match unintended user records. This issue has been patched in versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0.
๐@cveNotify
GitHub
NoSQL injection in the EE ddp-streamer-service
### Issue 2: NoSQL injection in the EE ddp-streamer-service (`GHSL-2026-005`)
A NoSQL injection vulnerability exists in Rocket.Chat's account service used in the `ddp-streamer` micro servic...
A NoSQL injection vulnerability exists in Rocket.Chat's account service used in the `ddp-streamer` micro servic...
๐จ CVE-2026-29789
Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage sites on servers belonging to other projects by supplying a foreign server_id. This issue has been patched in version 3.20.3.
๐@cveNotify
Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage sites on servers belonging to other projects by supplying a foreign server_id. This issue has been patched in version 3.20.3.
๐@cveNotify
GitHub
Fix missing authorization in workflow site creation (#1036) ยท vitodeploy/vito@0fdcfe5
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
๐จ CVE-2026-29790
dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safe_extract() function used when extracting tarball archives. The function uses os.path.commonprefix() to validate that extracted files remain within the intended destination directory. However, commonprefix() compares paths character-by-character rather than by path components, allowing a malicious tarball to write files to sibling directories with matching name prefixes. This issue has been patched in versions 1.34.2 and 1.37.3.
๐@cveNotify
dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safe_extract() function used when extracting tarball archives. The function uses os.path.commonprefix() to validate that extracted files remain within the intended destination directory. However, commonprefix() compares paths character-by-character rather than by path components, allowing a malicious tarball to write files to sibling directories with matching name prefixes. This issue has been patched in versions 1.34.2 and 1.37.3.
๐@cveNotify
GitHub
Fix tar path traversal using commonpath instead of commonprefix (#353) ยท dbt-labs/dbt-common@e547954
* Fix tar path traversal using commonpath instead of commonprefix
* lint
* fix test
* lint
* fix test
๐จ CVE-2026-23673
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2026-23674
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
๐@cveNotify
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
๐@cveNotify
๐จ CVE-2023-0410
Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.
๐@cveNotify
Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.
๐@cveNotify
GitHub
fix: cleanse ssr attribute name and class value (#2475) ยท QwikDev/qwik@4b2f89d
Co-Authored-By: OhB00 <43827372+ohb00@users.noreply.github.com>
๐จ CVE-2023-27651
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file.
๐@cveNotify
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file.
๐@cveNotify
๐จ CVE-2023-2307
Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.
๐@cveNotify
Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.
๐@cveNotify
GitHub
fix: relative protocol urls by adamdbradley ยท Pull Request #3862 ยท QwikDev/qwik
Instant-loading web apps, without effort. Contribute to QwikDev/qwik development by creating an account on GitHub.
๐จ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
๐จ CVE-2026-29091
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specifically within the call_user_func_array function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an insecure implementation of the call_user_func_array function (and its wrapper call_user_func), which fails to properly validate all components of a callback array before passing them to eval(). This issue has been patched in version 3.0.0.
๐@cveNotify
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specifically within the call_user_func_array function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an insecure implementation of the call_user_func_array function (and its wrapper call_user_func), which fails to properly validate all components of a callback array before passing them to eval(). This issue has been patched in version 3.0.0.
๐@cveNotify
๐1
๐จ CVE-2026-26105
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
๐@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
๐@cveNotify
๐จ CVE-2026-26111
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
๐@cveNotify
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
๐@cveNotify
๐จ CVE-2026-30978
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5.
๐@cveNotify
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5.
๐@cveNotify
GitHub
HUAF in CIccCmm::AddXform() at IccCmm.cpp:8320 ยท Issue #612 ยท InternationalColorConsortium/iccDEV
Maintainer Repro 2026-02-23 14:28:16 UTC Git Testing 8cfeaec (HEAD -> master, origin/master, origin/HEAD) Add: Dockerfiles & Workflows (Add: Dockerfiles for Packages #597) 43ae18d (HEAD ->...
๐จ CVE-2026-30979
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5.
๐@cveNotify
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5.
๐@cveNotify
GitHub
HBO in CIccCalculatorFunc::InitSelectOp() at IccMpeCalc.cpp:3663 ยท Issue #617 ยท InternationalColorConsortium/iccDEV
Maintainer Repro 2026-02-24 21:12:21 UTC PoC Replay Step 1. wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/hbo-CIccCalculatorFunc-InitSelectOp-IccMpeCalc_cpp-Line3663.icc Ste...
๐จ CVE-2026-30980
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5.
๐@cveNotify
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5.
๐@cveNotify
GitHub
SO in CIccBasicStructFactory::CreateStruct() at IccStructFactory.cpp:93 ยท Issue #629 ยท InternationalColorConsortium/iccDEV
Maintainer Repro 2026-02-28 19:22:48 UTC Git 186bba0 (HEAD -> master, origin/master, origin/HEAD) Fix: HBO in CIccCalculatorFunc::InitSelectOp() (#622) Commands Step 1. wget https://github.com/x...
๐จ CVE-2026-23654
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
๐@cveNotify
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
๐@cveNotify
๐จ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
๐จ CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux, which will roll out over the coming d...
๐จ CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux, which will roll out over the coming d...
๐2