8.5
CVE-2026-26225 - Intego Personal Backup Task File Privilege Escalation
Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileβ¦
5.3
CVE-2026-26185 - Directus Affected by User Enumeration via Password Reset Timing Attack
Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reset_url parameter is provided, the response time differs by approximately 500ms between existiβ¦
6.9
CVE-2026-26076 - ntpd-rs affected by excessive CPU load from malformed packets
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more eβ¦
6.9
CVE-2026-26075 - Cross-Site Request Forgery (CSRF) in FastGPT
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment, β¦
5.4
CVE-2025-14282 - Dropbear: privilege escalation via unix domain socket forwardings
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files.β¦
9.1
CVE-2026-26069 - Scraparr Readarr Integration exposes sensitive values as metric labels.
Scraparr is a Prometheus Exporter for various components of the *arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions areβ¦
9.3
CVE-2026-1358 - Airleader Master Unrestricted Upload of File with Dangerous Type
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.
8.8
CVE-2026-26056 - Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a mβ¦
7.5
CVE-2026-26055 - Unauthenticated Admission Webhook Endpoints in Yoke ATC
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send Aβ¦
9.4
CVE-2026-26020 - AutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__)
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution (RCE) on the backend server by embedding a disabled block inside a graph. The Bβ¦