7.5
CVE-2026-40613 - Coturn: Misaligned Memory Access in coturn STUN Attribute Parser (Remote DoS on ARM64)
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries,β¦
5.3
CVE-2026-6744 - Bagisto Downloadable Link copy server-side request forgery
A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted earβ¦
8.8
CVE-2026-40611 - Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider
Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to wβ¦
6.2
CVE-2026-40608 - Next AI Draw.io: Unbounded HTTP Body β Denial of Service
Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, and /api/history-svg) that process incoming requests by accumulating the entire request body into a β¦
4.8
CVE-2026-40606 - ProxyAuth Addon LDAP Injection in mitmproxy
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP serβ¦
8.2
CVE-2026-40604 - ClearanceKit: opfilter system extension can be suspended or signalled by a root process, disabling β¦
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancekit.opfilter) can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any proβ¦
5.6
CVE-2026-40602 - hass-cli: Handling of user-supplied Jinja2 templates
The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no β¦
8.4
CVE-2026-40599 - ClearanceKit: Ad-hoc signed binaries can spoof Apple process identities in the global allowlist
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple pβ¦
5.4
CVE-2026-41194 - FreeScout's Mailbox OAuth disconnect uses a state-changing GET and is CSRFable
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET /mailbox/oauth-disconnect/{id}/{in_out}/{provider}`. It removes stored OAuth metadata from the mailbox and then redirects. Because it is a GET route, noβ¦
9.1
CVE-2026-41193 - FreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leadiβ¦
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. Versiβ¦