8.7
CVE-2026-41475 - BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated WPMβ¦
7
CVE-2026-6966 - Signature Threshold Bypass in awslabs/tough Delegated Roles
Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role metβ¦
8.4
CVE-2026-41433 - OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overβ¦
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is rβ¦
7.1
CVE-2026-41427 - Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict cβ¦
8.8
CVE-2026-41429 - Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the device listens on UDPβ¦
9.1
CVE-2026-41428 - Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher β Unauthenticated Aβ¦
Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint β¦
6.1
CVE-2026-41426 - pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displayβ¦
5.4
CVE-2026-41425 - Authlib: Cross-site request forging when using cache
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.
4.7
CVE-2026-41244 - Mojic: Observable Timing Discrepancy in HMAC Verification
Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator (!==) to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy (CWE-208), aβ¦
7.1
CVE-2026-41894 - SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/exporβ¦
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause β a redundant url.PathUnescape() call in serveExport(). An authenticated attacker can use double URL encoding (%β¦