NVD CVEs — 本日公開 (24 件)
CVE-2026-42455
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript content. When the archiv
CVE-2026-44313 9.1 CRITICAL
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal s
CVE-2026-41705 8.6 HIGH
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.
Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o
CVE-2026-6664 7.5 HIGH
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
CVE-2026-6665 8.1 HIGH
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.
CVE-2026-6666 5.9 MEDIUM
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
CVE-2026-6667 4.3 MEDIUM
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in the admin_users par
CVE-2026-7652 5.3 MEDIUM
The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the save_connected_wordpress_user() function propagating a LatePoint customer's email address to
CVE-2026-8207
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation requires Teacher or high
CVE-2026-41163
bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily u
GitHub Security Advisories — 本日公開 (16 件)
GHSA-25hw-9r4r-54w4
MEDIUM
The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery...
GHSA-jhg5-9w7p-xm6m
HIGH
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by...
GHSA-gc77-jrv9-6fjp
MEDIUM
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT...
GHSA-4463-8rvf-rj9f
MEDIUM
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server...
GHSA-mhmx-mjv6-w337
HIGH
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly...
GHSA-pmgp-q838-fh9g
HIGH
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary...
GHSA-v632-2m87-7469
HIGH
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression...
GHSA-qp7p-654g-cw7p
MEDIUM
npm
Hono has CSS Declaration Injection via Style Object Values in JSX SSR
GHSA-hm8q-7f3q-5f36
LOW
npm
Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()
GHSA-v6wj-c83f-v46x
CRITICAL
npm
@profullstack/mcp-server vulnerable to OS Command Injection in domain_lookup Module