π¨ CVE-2026-49471
Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach this API from any browser and write arbitrary content to the agent's persistent memory store, which the agent reads and acts on autonomously. Combined with execute_shell_command using shell=True, this creates a remote code execution chain requiring only that the victim visit a malicious webpage while Serena is running. This issue is fixed in version v1.5.2.
π@cveNotify
Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach this API from any browser and write arbitrary content to the agent's persistent memory store, which the agent reads and acts on autonomously. Combined with execute_shell_command using shell=True, this creates a remote code execution chain requiring only that the victim visit a malicious webpage while Serena is running. This issue is fixed in version v1.5.2.
π@cveNotify
GitHub
Dashboard: validate host and port on each request Β· oraios/serena@016ccbe
A powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent - Dashboard: validate host and port on each request Β· oraios/serena@016ccbe
π¨ CVE-2026-53511
calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:user_metadata that is passed unsanitized to exec() in the template formatter. This issue is fixed in version 9.10.0.
π@cveNotify
calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:user_metadata that is passed unsanitized to exec() in the template formatter. This issue is fixed in version 9.10.0.
π@cveNotify
GitHub
Disallow Python templates when reading book metadata Β· kovidgoyal/calibre@712f4e1
The official source code repository for the calibre ebook manager - Disallow Python templates when reading book metadata Β· kovidgoyal/calibre@712f4e1
π¨ CVE-2026-56843
Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This results in cross-tenant disclosure of other tenants' FTP credentials stored in cleartext, which can be leveraged to execute code as another tenant's system user.
π@cveNotify
Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This results in cross-tenant disclosure of other tenants' FTP credentials stored in cleartext, which can be leveraged to execute code as another tenant's system user.
π@cveNotify
Plesk
Vulnerability CVE-2026-56843: Cleartext FTP Password Exposure in Plesk's XML API
SituationA security vulnerability was discovered in Plesk's XML API protocol that allows cleartext FTP passwords to be exposed. This issue affects XML protocol versions below 1.4.2.0. This security...
π¨ CVE-2026-15053
Tanium addressed a denial of service vulnerability in Tanium Server.
π@cveNotify
Tanium addressed a denial of service vulnerability in Tanium Server.
π@cveNotify
π¨ CVE-2026-53951
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the `trust` setting's prefix match
(`copier/_settings.py`) compares the template URL against a trusted prefix with a raw `str.startswith` and no path normalization, while the URL is normalized when the template is actually fetched (`Path.resolve()` for local paths; libcurl dot-segment removal for `https`). A template reference that textually starts with a trusted prefix but contains `..` is therefore granted trust yet resolves to a different, attacker-controlled template, whose `tasks` / `migrations` / `jinja_extensions` then run without the `--trust` prompt β arbitrary command execution. Version 9.15.2 patches the issue.
π@cveNotify
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the `trust` setting's prefix match
(`copier/_settings.py`) compares the template URL against a trusted prefix with a raw `str.startswith` and no path normalization, while the URL is normalized when the template is actually fetched (`Path.resolve()` for local paths; libcurl dot-segment removal for `https`). A template reference that textually starts with a trusted prefix but contains `..` is therefore granted trust yet resolves to a different, attacker-controlled template, whose `tasks` / `migrations` / `jinja_extensions` then run without the `--trust` prompt β arbitrary command execution. Version 9.15.2 patches the issue.
π@cveNotify
GitHub
Release v9.15.2 (2026-06-12) Β· copier-org/copier
Fix
report template path for Jinja errors in path segments (#2686)
fix answers file override/setting to use full path and not only filename
treat blank boolean strings as false (#2675)
updating: d...
report template path for Jinja errors in path segments (#2686)
fix answers file override/setting to use full path and not only filename
treat blank boolean strings as false (#2675)
updating: d...
π¨ CVE-2026-59724
Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as __proto__ through an inherited property of the clients object during WebTransport upgrade handling, causing a TypeError and denial of service. This issue is fixed in version 6.6.7.
π@cveNotify
Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as __proto__ through an inherited property of the clients object during WebTransport upgrade handling, causing a TypeError and denial of service. This issue is fixed in version 6.6.7.
π@cveNotify
GitHub
fix(eio): handle invalid packets when upgrading to WebTransport Β· socketio/socket.io@1fa1f46
Bidirectional and low-latency communication for every platform - fix(eio): handle invalid packets when upgrading to WebTransport Β· socketio/socket.io@1fa1f46
π¨ CVE-2026-59725
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated attacker to exhaust server-side connections and sockets. This issue is fixed in version 6.6.7.
π@cveNotify
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated attacker to exhaust server-side connections and sockets. This issue is fixed in version 6.6.7.
π@cveNotify
GitHub
fix(eio): close HTTP requests with invalid content type Β· socketio/socket.io@fc11285
Before this commit, after the initial handshake, an HTTP request with a "application/octet-stream"
content type would trigger a "invalid content" error at the En...
content type would trigger a "invalid content" error at the En...
π¨ CVE-2026-59870
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion, causing O(n^2) CPU consumption when yaml.load() parses a crafted ordered-map document. This issue is fixed in version 5.2.1.
π@cveNotify
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion, causing O(n^2) CPU consumption when yaml.load() parses a crafted ordered-map document. This issue is fixed in version 5.2.1.
π@cveNotify
GitHub
!!omap: add `Map` support and remove quadratic complexity Β· nodeca/js-yaml@39f3211
JavaScript YAML parser and dumper. Very fast. Contribute to nodeca/js-yaml development by creating an account on GitHub.
π¨ CVE-2026-59871
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is fixed in version 7.5.18.
π@cveNotify
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is fixed in version 7.5.18.
π@cveNotify
GitHub
pax: parse values according to known types Β· isaacs/node-tar@e02a4e9
This prevents a case where the path can be set to a number.
We were effectively already ignoring unknown types anyway, so we may as
well just have a short allowed list of values, and handle them
d...
We were effectively already ignoring unknown types anyway, so we may as
well just have a short allowed list of values, and handle them
d...
π¨ CVE-2026-59873
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk space and CPU. This issue is fixed in version 7.5.19.
π@cveNotify
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk space and CPU. This issue is fixed in version 7.5.19.
π@cveNotify
GitHub
add maxDecompressionRatio guard against explosive decompression Β· isaacs/node-tar@2812e93
EDIT(@isaacs): add to readme, remove dead code, full test coverage
π¨ CVE-2026-59874
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18.
π@cveNotify
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18.
π@cveNotify
GitHub
refuse to let header size be less than 0 Β· isaacs/node-tar@9e78bf0
fix: https://github.com/isaacs/node-tar/security/advisories/GHSA-8x88-c5mf-7j5w
π¨ CVE-2026-59875
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is fixed in version 7.5.17.
π@cveNotify
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is fixed in version 7.5.17.
π@cveNotify
GitHub
terminate pax strings on nul bytes Β· isaacs/node-tar@7a635c2
Fix: https://github.com/isaacs/node-tar/security/advisories/GHSA-gvwx-54wh-qm9j
π¨ CVE-2026-59876
protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key __proto__ to change the prototype of the returned map object instead of creating an own map entry in protobufjs/ext/textformat. This issue is fixed in version 8.6.5.
π@cveNotify
protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key __proto__ to change the prototype of the returned map object instead of creating an own map entry in protobufjs/ext/textformat. This issue is fixed in version 8.6.5.
π@cveNotify
GitHub
fix: Use own-property semantics for internal maps (#2335) Β· protobufjs/protobuf.js@9f97fe4
Protocol Buffers for JavaScript and TypeScript. Fast, conformant, and versatile. No protoc required. - fix: Use own-property semantics for internal maps (#2335) Β· protobufjs/protobuf.js@9f97fe4
π¨ CVE-2026-59877
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends prematurely can cause parse, Root.load, or Root.loadSync to loop indefinitely. This issue is fixed in versions 7.6.5 and 8.6.6.
π@cveNotify
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends prematurely can cause parse, Root.load, or Root.loadSync to loop indefinitely. This issue is fixed in versions 7.6.5 and 8.6.6.
π@cveNotify
GitHub
fix: handle EOF during options parsing (#2352) (#2356) Β· protobufjs/protobuf.js@10fba6d
Protocol Buffers for JavaScript and TypeScript. Fast, conformant, and versatile. No protoc required. - fix: handle EOF during options parsing (#2352) (#2356) Β· protobufjs/protobuf.js@10fba6d
π¨ CVE-2026-39822
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.
π@cveNotify
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.
π@cveNotify
π¨ CVE-2026-42505
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
π@cveNotify
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
π@cveNotify
π¨ CVE-2026-59882
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost() to disagree with the URI authority used for security or routing decisions. This issue is fixed in version 2.12.3.
π@cveNotify
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost() to disagree with the URI authority used for security or routing decisions. This issue is fixed in version 2.12.3.
π@cveNotify
GitHub
Validate the URI host so `getHost()` matches the URI authority (#811) Β· guzzle/psr7@ddd64f1
PSR-7 HTTP message library. Contribute to guzzle/psr7 development by creating an account on GitHub.
π¨ CVE-2026-59887
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test() and .match() can be invoked at every mailto: occurrence and scan the remaining input through src_email_name in lib/re.mjs, causing O(n^2) CPU consumption on crafted user text. This issue is fixed in version 5.0.2.
π@cveNotify
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test() and .match() can be invoked at every mailto: occurrence and scan the remaining input through src_email_name in lib/re.mjs, causing O(n^2) CPU consumption on crafted user text. This issue is fixed in version 5.0.2.
π@cveNotify
GitHub
Restrict scan length in email name and http auth Β· markdown-it/linkify-it@105e5d7
Links recognition library with full unicode support - Restrict scan length in email name and http auth Β· markdown-it/linkify-it@105e5d7
π¨ CVE-2026-59890
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.
π@cveNotify
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.
π@cveNotify
GitHub
Normalize Unicode form when matching MANIFEST.in patterns Β· pypa/setuptools@dd9f436
FileList matched MANIFEST.in patterns against on-disk names byte-for-byte
with no Unicode normalization. On macOS APFS/HFS+, a file stored NFD and a
pattern authored NFC denote the same file but di...
with no Unicode normalization. On macOS APFS/HFS+, a file stored NFD and a
pattern authored NFC denote the same file but di...
π¨ CVE-2026-44332
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username enumeration through response timing differences. This issue is fixed in version 3.3.0.
π@cveNotify
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username enumeration through response timing differences. This issue is fixed in version 3.3.0.
π@cveNotify
GitHub
Merge pull request #4245 from gofiber/update-default-authorizer-for-p⦠· gofiber/fiber@c7ac00e
β¦assword-verification
π¨ CVE-2026-44512
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0.
π@cveNotify
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0.
π@cveNotify
GitHub
fix: add input/output bounds checks in version converter adapter (#7813) Β· onnx/onnx@cd31040
### Motivation and Context
## Summary
Several version converter adapters accessed `node->inputs()[N]` or
`node->outputs()[N]` without first verifying the node has enough
inputs/outp...
## Summary
Several version converter adapters accessed `node->inputs()[N]` or
`node->outputs()[N]` without first verifying the node has enough
inputs/outp...