π¨ CVE-2026-42558
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector functionality to craft messages which escape the sandbox and facilitate XSS. Exploitation of the vulnerability is possible on behalf of an authorized user who has both of the following privileges, which are not granted to non-admins as standard: Include "Add DataSet" button to allow for additional DataSets to be created independently to Layouts Users should upgrade to version 4.4.2 which fixes this issue. Upgrading to a fixed version is necessary to remediate. Users unable to upgrade should revoke such privileges from users they do not trust.
π@cveNotify
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector functionality to craft messages which escape the sandbox and facilitate XSS. Exploitation of the vulnerability is possible on behalf of an authorized user who has both of the following privileges, which are not granted to non-admins as standard: Include "Add DataSet" button to allow for additional DataSets to be created independently to Layouts Users should upgrade to version 4.4.2 which fixes this issue. Upgrading to a fixed version is necessary to remediate. Users unable to upgrade should revoke such privileges from users they do not trust.
π@cveNotify
GitHub
Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet
### Impact
A vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector functionality to craft messages ...
A vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector functionality to craft messages ...
π¨ CVE-2026-42563
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the merge driver command via the `%P` placeholder and executes it with `subprocess.run(..., shell=True)`. An attacker who can cause a victim to merge an untrusted branch can achieve arbitrary command execution by crafting malicious file paths. Version 1.2.5 fixes the issue.
π@cveNotify
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the merge driver command via the `%P` placeholder and executes it with `subprocess.run(..., shell=True)`. An attacker who can cause a victim to merge an untrusted branch can achieve arbitrary command execution by crafting malicious file paths. Version 1.2.5 fixes the issue.
π@cveNotify
GitHub
merge_drivers: shell-quote placeholder values (CVE-2026-42563) Β· jelmer/dulwich@e3331b3
%P expands to the merging file's path, which comes from the git tree
and is attacker-controllable via a malicious branch. Previously it
was interpolated unquoted into a shell=True command.
...
and is attacker-controllable via a malicious branch. Previously it
was interpolated unquoted into a shell=True command.
...
π¨ CVE-2026-42568
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.
π@cveNotify
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.
π@cveNotify
GitHub
Release Yamcs 5.12.7 Β· yamcs/yamcs
security updates
π¨ CVE-2026-44693
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This issue has been patched in version 6.6.1.
π@cveNotify
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This issue has been patched in version 6.6.1.
π@cveNotify
GitHub
Release v6.6.1 Β· pi-hole/FTL
What's Changed
Add new GET /api/config/_properties endpoint by @DL6ER in #2356
Fix thread-safety issues causing SIGSEGV under concurrent API load by @DL6ER in #2835
fix: fix rare race conditio...
Add new GET /api/config/_properties endpoint by @DL6ER in #2356
Fix thread-safety issues causing SIGSEGV under concurrent API load by @DL6ER in #2835
fix: fix rare race conditio...
π¨ CVE-2026-46521
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
GitHub
Heap Buffer Over-Write in MIFF encoder when using LZMA compression
When using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check.
π¨ CVE-2026-46557
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.
π@cveNotify
GitHub
Stack overflow in fx operation
Due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument.
π¨ CVE-2026-46559
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
GitHub
Heap Buffer Over-Write of a single byte in the JP2 encoder
An incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options.
π¨ CVE-2026-46645
SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endpoints enforce. If a developer restricts model access by overriding is_accessible(), an authenticated user can still query that model's data through the ajax_lookup endpoint β silently bypassing the restriction. This issue has been patched in version 0.25.1.
π@cveNotify
SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endpoints enforce. If a developer restricts model access by overriding is_accessible(), an authenticated user can still query that model's data through the ajax_lookup endpoint β silently bypassing the restriction. This issue has been patched in version 0.25.1.
π@cveNotify
GitHub
fix: authenticate ajax lookup endpoint (#1035) Β· smithyhq/sqladmin@b0d3a19
SQLAlchemy Admin for FastAPI and Starlette. Contribute to smithyhq/sqladmin development by creating an account on GitHub.
π¨ CVE-2026-46692
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
GitHub
Heap Buffer Over-Write in distributed pixel cache server
An attacker who can connect to a `magick -distribute-cache` service can cause a heap buffer over-write in the server process.
π¨ CVE-2026-46693
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
GitHub
Race Condition in distributed pixel cache server can result in file descriptor hijacking
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met.
π¨ CVE-2026-46695
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.
π@cveNotify
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.
π@cveNotify
GitHub
fix(security): enforce read-only virtiofs at hypervisor level by DorianZheng Β· Pull Request #454 Β· boxlite-ai/boxlite
Summary
Fixes GHSA-g6ww-w5j2-r7x3 (CVSS 10.0) β read-only virtiofs volume mounts could be bypassed by malicious guest code.
Three-layer fix:
Hypervisor-level read-only enforcement: Use krun_add_vi...
Fixes GHSA-g6ww-w5j2-r7x3 (CVSS 10.0) β read-only virtiofs volume mounts could be bypassed by malicious guest code.
Three-layer fix:
Hypervisor-level read-only enforcement: Use krun_add_vi...
π¨ CVE-2026-46703
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for the possibility that entries may be symlinks pointing to absolute paths. An attacker can craft a malicious OCI image and distribute it on image hosting platforms such as DockerHub, tricking users into using it. Once a user loads the malicious image, the attacker can write arbitrary content to any path on the host, which can further lead to remote code execution on the host. This issue has been patched in version 0.9.0.
π@cveNotify
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for the possibility that entries may be symlinks pointing to absolute paths. An attacker can craft a malicious OCI image and distribute it on image hosting platforms such as DockerHub, tricking users into using it. Once a user loads the malicious image, the attacker can write arbitrary content to any path on the host, which can further lead to remote code execution on the host. This issue has been patched in version 0.9.0.
π@cveNotify
GitHub
Release v0.9.0 Β· boxlite-ai/boxlite
Security
This release fixes two Critical vulnerabilities affecting all SDKs at versions < 0.9.0. Upgrade to 0.9.0 or later β there is no workaround.
Advisory
CVE
Issue
GHSA-g6ww-w5j2-r7x3...
This release fixes two Critical vulnerabilities affecting all SDKs at versions < 0.9.0. Upgrade to 0.9.0 or later β there is no workaround.
Advisory
CVE
Issue
GHSA-g6ww-w5j2-r7x3...
π¨ CVE-2026-47165
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challengeβresponse authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challengeβresponse authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
GitHub
Information Disclosure in distributed pixel cache server because it is not using a challengeβresponse authentication model
The distributed pixel cache was originally designed to operate without a challengeβresponse authentication model. However, given todayβs heightened security expectations, we have changed our implem...
π¨ CVE-2026-47166
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
π@cveNotify
GitHub
Heap Buffer Over-Read in distributed pixel cache server
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process.
π¨ CVE-2022-26758
A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4.
π@cveNotify
A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4.
π@cveNotify
π¨ CVE-2022-48575
A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
π@cveNotify
A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
π@cveNotify
π¨ CVE-2026-2827
The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
Open User Map
Open User Map β WordPress Map Plugin
A beautiful interactive WordPress map plugin with frontend marker submissions, filters, search, popups, approval workflow, and no Google Maps API key.
π¨ CVE-2025-33221
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.
π@cveNotify
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.
π@cveNotify
π¨ CVE-2026-24182
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.
π@cveNotify
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.
π@cveNotify
π¨ CVE-2026-24187
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
π@cveNotify
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
π@cveNotify
π¨ CVE-2026-24190
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
π@cveNotify
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
π@cveNotify