🚨 CVE-2026-33113
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
🎖@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
🎖@cveNotify
🚨 CVE-2026-34692
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
🎖@cveNotify
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
🎖@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB26-24
🚨 CVE-2026-40376
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
🎖@cveNotify
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
🎖@cveNotify
🚨 CVE-2025-24170
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
🎖@cveNotify
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
🎖@cveNotify
Apple Support
About the security content of macOS Sequoia 15.4 - Apple Support
This document describes the security content of macOS Sequoia 15.4.
🚨 CVE-2025-43407
This issue was addressed with improved entitlements. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.
🎖@cveNotify
This issue was addressed with improved entitlements. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.
🎖@cveNotify
Apple Support
About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support
This document describes the security content of iOS 26.1 and iPadOS 26.1.
🚨 CVE-2026-47101
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.
🎖@cveNotify
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.
🎖@cveNotify
Gist
LiteLLM-Privilege-Escalation.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-47102
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without chaining any additional flaw.
🎖@cveNotify
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without chaining any additional flaw.
🎖@cveNotify
Gist
LiteLLM-Privilege-Escalation.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-42907
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
🎖@cveNotify
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
🎖@cveNotify
🚨 CVE-2026-47906
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
🎖@cveNotify
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
🎖@cveNotify
Adobe
Adobe Security Bulletin
Security update available for Adobe Dreamweaver | APSB26-01
🚨 CVE-2026-21032
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
🎖@cveNotify
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
🎖@cveNotify
🚨 CVE-2026-21033
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
🎖@cveNotify
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
🎖@cveNotify
🚨 CVE-2026-50263
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
🎖@cveNotify
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
🎖@cveNotify
🚨 CVE-2026-42910
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-42911
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-42912
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2024-45636
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
🎖@cveNotify
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
🎖@cveNotify
Ibm
Security Bulletin: IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially…
IBM Security QRadar EDR Software is affected by a vulnerability where user credentials are stored in plain text, which could allow a local privileged user to access sensitive credential information. This vulnerability has been addressed in version 3.12.25.
🚨 CVE-2026-11839
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server.
This issue affects Rotaban: from V2026.06.002 before V2026.06.003.
🎖@cveNotify
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server.
This issue affects Rotaban: from V2026.06.002 before V2026.06.003.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-3341
IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
🎖@cveNotify
IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
🎖@cveNotify
Ibm
Security Bulletin: IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in IBM Langflow Desktop's SSRF protection allows authenticated attackers to bypass internal network access restrictions using DNS rebinding attacks. The validate_url_for_ssrf() function validates URLs…
🚨 CVE-2026-4096
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking
🎖@cveNotify
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking
🎖@cveNotify
Ibm
Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper…
A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability.
🚨 CVE-2026-53777
Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.
🎖@cveNotify
Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.
🎖@cveNotify
GitHub
fix(publish): sanitize server-controlled artifact path (GHSA-x55v-q45… · PerryTS/perry@95e1043
…9-68ch) (#4989)
* fix(publish): sanitize server-controlled artifact path (GHSA-x55v-q459-68ch)
perry publish trusted the build server's ArtifactReady.artifact_name and
download_path verb...
* fix(publish): sanitize server-controlled artifact path (GHSA-x55v-q459-68ch)
perry publish trusted the build server's ArtifactReady.artifact_name and
download_path verb...
🚨 CVE-2026-7787
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
🎖@cveNotify
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
🎖@cveNotify
Ibm
Security Bulletin: Unauthenticated Session History Access via Public Flow Execution
A session ID namespace bypass vulnerability existed in Langflow OSS' POST /api/v1/build_public_tmp/{flow_id}/flow endpoint that allowed unauthenticated attackers to access chat history from other users' sessions. The endpoint accepted an inputs.session parameter…