7.8
CVE-2026-40516 - OpenHarness SSRF via web_fetch and web_search
OpenHarness before commitΒ bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an β¦
8.7
CVE-2026-40515 - OpenHarness Permission Bypass via grep and glob root argument
OpenHarness before commitΒ bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properβ¦
6.7
CVE-2026-21709 -
A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.
5.3
CVE-2026-6497 - prasathmani TinyFileManager File Upload filemanager.php server-side request forgery
A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request forgβ¦
9.3
CVE-2026-6284 - Horner Automation Cscape and XL4, XL7 PLC Weak password requirements
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
5.3
CVE-2026-6496 - prasathmani TinyFileManager POST Parameter filemanager.php path traversal
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file[] results in path traversal. The attack may be performed from remote. The exploit has been β¦
5.8
CVE-2026-41153 -
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file
5.1
CVE-2026-6493 - lukevella rallly Reset Password reset-password-form.tsx cross site scripting
A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site β¦
6.9
CVE-2026-6492 - arnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosure
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. β¦
4.8
CVE-2026-6491 - libvips nip2 vips7compat.c im_minpos_vec heap-based overflow
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached β¦