2.3
CVE-2026-34969 - Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback
Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer headers, a…
5.1
CVE-2026-34951 - Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input befor…
9.1
CVE-2026-34950 - fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed …
fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patch…
0
CVE-2026-34940 - KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary co…
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via ba…
2.3
CVE-2026-34764 - Electron has a use-after-free in offscreen shared texture release() callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain condition…
6.5
CVE-2026-34756 - vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Se…
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques…
6.5
CVE-2026-34755 - vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_fr…
5.4
CVE-2026-34753 - vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19.0, a server-side request forgery (SSRF) vulnerability in download_bytes_from_url allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests f…
7.8
CVE-2026-21382 - Buffer Copy Without Checking Size of Input in Power Management IC
Memory Corruption when handling power management requests with improperly sized input/output buffers.
7.6
CVE-2026-21381 - Buffer Over-read in WLAN Firmware
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.