π¨ CVE-2026-32859
ByteDance DeerFlow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the browser context when users view artifacts, leading to session compromise, credential theft, and arbitrary script execution.
π@cveNotify
ByteDance DeerFlow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the browser context when users view artifacts, leading to session compromise, credential theft, and arbitrary script execution.
π@cveNotify
GitHub
fix(gateway): harden artifact attachment handling Β· bytedance/deer-flow@5dbb362
An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of tasks that could take minutes to hours. - fix(gateway): hardenβ¦
π¨ CVE-2026-34430
ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers can exploit the incomplete shell semantics modeling to read and modify files outside the sandbox boundary and achieve arbitrary command execution through subprocess invocation with shell interpretation enabled.
π@cveNotify
ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers can exploit the incomplete shell semantics modeling to read and modify files outside the sandbox boundary and achieve arbitrary command execution through subprocess invocation with shell interpretation enabled.
π@cveNotify
GitHub
[Security] Address critical host-shell escape in LocalSandboxProvider⦠· bytedance/deer-flow@92c7a20
β¦ (#1547)
* fix(security): disable host bash by default in local sandbox
* fix(security): address review feedback for local bash hardening
* fix(ci): sort live test imports for lint
* style: ap...
* fix(security): disable host bash by default in local sandbox
* fix(security): address review feedback for local bash hardening
* fix(ci): sort live test imports for lint
* style: ap...
π¨ CVE-2026-6860
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.
π@cveNotify
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.
π@cveNotify
GitHub
Define a bounded capacity for the internal SNI to SslContext cache. by vietj Β· Pull Request #6102 Β· eclipse-vertx/vert.x
Motivation:
The SNI to SslContext cache does not define a max size, this cache can be filled by TLS client when server SNI is enabled.
Client can trigger to load multiple times the same SslContext ...
The SNI to SslContext cache does not define a max size, this cache can be filled by TLS client when server SNI is enabled.
Client can trigger to load multiple times the same SslContext ...
π¨ CVE-2026-7979
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
π@cveNotify
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 148 to the stable channel for Windows, Mac and Linux. This will roll out ov...
π¨ CVE-2026-32062
OpenClaw versions 2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams.
π@cveNotify
OpenClaw versions 2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams.
π@cveNotify
GitHub
fix(voice-call): harden media stream pre-start websocket handling Β· openclaw/openclaw@1d8968c
Your own personal AI assistant. Any OS. Any Platform. The lobster way. π¦ - fix(voice-call): harden media stream pre-start websocket handling Β· openclaw/openclaw@1d8968c
π¨ CVE-2026-41355
OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks.
π@cveNotify
OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks.
π@cveNotify
GitHub
OpenShell: exclude hooks/ from mirror sync (#54657) Β· openclaw/openclaw@c02ee8a
* OpenShell: exclude hooks/ from mirror sync
* OpenShell: make excludeDirs case-insensitive for cross-platform safety
* OpenShell: make excludeDirs case-insensitive for cross-platform safety
π¨ CVE-2026-42286
Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue has been patched in version 2.6.11.
π@cveNotify
Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue has been patched in version 2.6.11.
π@cveNotify
GitHub
Cross-Site Request Forgery in Admin Functions
### Summary
Missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin
ma...
Missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin
ma...
π¨ CVE-2026-41432
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. This issue has been patched in version 0.12.10.
π@cveNotify
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. This issue has been patched in version 0.12.10.
π@cveNotify
GitHub
Release v0.12.10 Β· QuantumNous/new-api
New Features
Added passthrough support for Claude cache_control and speed options, giving you more control over request behavior when using Claude models (#4247).
Bug Fixes
Fixed OpenAI Response...
Added passthrough support for Claude cache_control and speed options, giving you more control over request behavior when using Claude models (#4247).
Bug Fixes
Fixed OpenAI Response...
π¨ CVE-2026-42343
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit (a 500ms polling interval) for memory management and lacks strict OS-level constraints such as cgroups or kernel-level namespaces. This architectural weakness allows attackers to easily bypass memory checks via time-window attacks, or exhaust the entire JavaScript worker pool via concurrent CPU-intensive requests, resulting in a complete Denial of Service (DoS) for legitimate users. At time of publication, there are no publicly available patches.
π@cveNotify
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit (a 500ms polling interval) for memory management and lacks strict OS-level constraints such as cgroups or kernel-level namespaces. This architectural weakness allows attackers to easily bypass memory checks via time-window attacks, or exhaust the entire JavaScript worker pool via concurrent CPU-intensive requests, resulting in a complete Denial of Service (DoS) for legitimate users. At time of publication, there are no publicly available patches.
π@cveNotify
GitHub
Uncontrolled Resource Consumption leading to Sandbox Exhaustion
### Summary
cooperate with Dingyu Wang@https://github.com/boom-dy
The `code-sandbox` component suffers from insufficient resource isolation and uncontrolled resource consumption (CWE-400). The s...
cooperate with Dingyu Wang@https://github.com/boom-dy
The `code-sandbox` component suffers from insufficient resource isolation and uncontrolled resource consumption (CWE-400). The s...
π¨ CVE-2026-42452
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.
π@cveNotify
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.
π@cveNotify
GitHub
Release release-2.1.0 Β· Termix-SSH/Termix
Added tmux integration, themes, and automation features with major security, stability, and bug fixes.
Architecture
Windows
Linux
Mac
Android
iOS
x86-64 (64-bit)
EXE Β· MSI Β· Portable
AppIma...
Architecture
Windows
Linux
Mac
Android
iOS
x86-64 (64-bit)
EXE Β· MSI Β· Portable
AppIma...
π¨ CVE-2026-42455
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript content. When the archive is later accessed via GET /api/v1/archives/[linkId]?format=4, the HTML is served with Content-Type: text/html from the Linkwarden origin, without any Content-Security-Policy header. This allows arbitrary JavaScript execution in the context of the authenticated Linkwarden sessio. At time of publication, there are no publicly available patches.
π@cveNotify
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript content. When the archive is later accessed via GET /api/v1/archives/[linkId]?format=4, the HTML is served with Content-Type: text/html from the Linkwarden origin, without any Content-Security-Policy header. This allows arbitrary JavaScript execution in the context of the authenticated Linkwarden sessio. At time of publication, there are no publicly available patches.
π@cveNotify
GitHub
Stored XSS via Client-Side Archive Upload (Unsanitized HTML served from same origin)
### Summary
The archive upload endpoint (`POST /api/v1/archives/[linkId]?format=4`) accepts HTML files (`text/html`) without sanitizing JavaScript content. When the archive is later accessed via `...
The archive upload endpoint (`POST /api/v1/archives/[linkId]?format=4`) accepts HTML files (`text/html`) without sanitizing JavaScript content. When the archive is later accessed via `...
π¨ CVE-2026-42297
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user β including those using fake Bearer tokens β can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This issue has been patched in version 4.0.5.
π@cveNotify
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user β including those using fake Bearer tokens β can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This issue has been patched in version 4.0.5.
π@cveNotify
GitHub
Merge commit from fork Β· argoproj/argo-workflows@09fff05
The configmap sync endpoints relied solely on the kube client's identity
for RBAC, which is only effective in Client auth mode. In Server or SSO
(without RBAC) modes, the server's o...
for RBAC, which is only effective in Client auth mode. In Server or SSO
(without RBAC) modes, the server's o...
π¨ CVE-2026-45430
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.
π@cveNotify
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.
π@cveNotify
π¨ CVE-2026-7255
** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.
π@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.
π@cveNotify
Zyxel
End of life | Zyxel Networks
Zyxel Networks is a leading provider of secure, AI-powered cloud networking solutions for SMBs and the enterprise edge, ensuring seamless connectivity and robust security.
π¨ CVE-2026-7256
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.
π@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.
π@cveNotify
Zyxel
End of life | Zyxel Networks
Zyxel Networks is a leading provider of secure, AI-powered cloud networking solutions for SMBs and the enterprise edge, ensuring seamless connectivity and robust security.
π¨ CVE-2026-7257
** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file.
π@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file.
π@cveNotify
Zyxel
End of life | Zyxel Networks
Zyxel Networks is a leading provider of secure, AI-powered cloud networking solutions for SMBs and the enterprise edge, ensuring seamless connectivity and robust security.
π¨ CVE-2026-7287
** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the βwebsβ binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.
π@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the βwebsβ binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.
π@cveNotify
Zyxel
End of life | Zyxel Networks
Zyxel Networks is a leading provider of secure, AI-powered cloud networking solutions for SMBs and the enterprise edge, ensuring seamless connectivity and robust security.
π¨ CVE-2026-41530
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name, then the archived files may be extracted to an unexpected folder.
π@cveNotify
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name, then the archived files may be extracted to an unexpected folder.
π@cveNotify
jvn.jp
JVN#68350834: Lhaz and Lhaz+ vulnerable to path traversal
Japan Vulnerability Notes