7.5
CVE-2026-32241 - Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that alloβ¦
6.8
CVE-2026-31951 - LibreChat's MCP Server Header Injection Enables OAuth Token Theft
LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Protocol) servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containinβ¦
5.3
CVE-2026-31950 - LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats
LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and β¦
7.7
CVE-2026-31945 - LibreChat Server-Side Request Forgery using DNS resolution
LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-β¦
8.5
CVE-2026-31943 - LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requeβ¦
6.6
CVE-2026-34391 - Fleet Vulnerable to Windows MDM cross-device command disclosure
Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets, β¦
4.9
CVE-2026-34389 - Fleet's user account creation via invite does not enforce invited email address
Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token coulβ¦
4.8
CVE-2026-4972 - code-projects Online Reviewer System btn_functions.php cross site scripting
A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be peβ¦
5.3
CVE-2026-4971 - SourceCodester Note Taking App cross-site request forgery
A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
6.6
CVE-2026-34388 - Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint
Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connβ¦