6.6
CVE-2026-28801 - Natro Macro: Code Injection through Pattern/Path files
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which is β¦
6.4
CVE-2026-28800 - Natro Macro: Malicious actions allowed through Discord RC Commands by any user
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This includβ¦
6.9
CVE-2026-28438 - CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements
CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements (ALTER TABLE). So, in the application code, if the table name is provided by an untrusted upstream, it expose vulnerabβ¦
8.7
CVE-2026-28799 - PJSIP: Heap use-after-free in PJSIP presence subscription termination handler
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patchedβ¦
8.7
CVE-2026-29068 - PJSIP: Stack buffer overflow in Opus codec parser
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.
8.7
CVE-2026-28795 - OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vβ¦
9.8
CVE-2026-2446 - Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update
The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users
4.3
CVE-2026-1128 - WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF
The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack
3.9
CVE-2026-3634 - Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type hβ¦
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbiβ¦
3.9
CVE-2026-3633 - Libsoup: libsoup: header and http request injection via crlf injection
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not propeβ¦