8.1
CVE-2026-22038 - AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using logβ¦
7.8
CVE-2026-25585 - iccDEV vulnerable to OOB in CIccXform3DLut::Apply()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile triggerβ¦
7.8
CVE-2026-25584 - iccDEV vulnerable to Stack-based Buffer Overflow in CIccTagFloatNum::GetValues()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed ICC β¦
7.8
CVE-2026-25583 - iccDEV vulnerable to Heap Buffer Overflow in CIccFileIO::Read8()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked freadβ¦
7.8
CVE-2026-25582 - iccDEV vulnerable to Heap Buffer Overflow in CIccIO::WriteUInt16Float()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles viaβ¦
5.5
CVE-2026-25541 - Bytes is vulnerable to integer overflow in BytesMut::reserve
Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "v_capacity >= new_cap + offset" uses an unchecked addition. When new_cap + offset β¦
2.3
CVE-2026-1892 - WeKan REST API boards.js setBoardOrgs improper authorization
A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched remoβ¦
6.1
CVE-2026-25578 - Navidrome is vulnerable to XSS via comment from song metadata
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched in β¦
9.2
CVE-2026-25579 - Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/resβ¦
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL (/share/img/<token>). When processing such requests,β¦
8.8
CVE-2026-25575 - NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying uβ¦