7.3
CVE-2026-5485 - OS command injection in Amazon Athena ODBC driver on Linux
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To rβ¦
5.3
CVE-2026-25742 - Zulip: Anonymous File Access After Disabling Spectator Access
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access (enable_spectator_access / WEB_PUBLIC_STREAMS_ENABLED) is disabled, attachments originating from web-publicβ¦
6.9
CVE-2026-32662 - Gardyn Cloud API Active Debug Code
Development and test API endpoints are present that mirror production functionality.
8.7
CVE-2026-35562 - Allocation of resources without limits in parsing components in Amazon Athena ODBC driver
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this isβ¦
9.1
CVE-2026-35561 - Insufficient authentication security controls in browser-based authentication components in Amazon β¦
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediateβ¦
9.1
CVE-2026-35560 - Improper certificate validation in identity provider connection components in Amazon Athena ODBC drβ¦
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This β¦
8.1
CVE-2026-25726 - Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG β¦
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secret_key, and hash_id_salt. These secrets are generβ¦
9.1
CVE-2026-28798 - Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's web interface can be abused (via an externally reachable domain using a Cloudflare Tunnel) to make requests to internal localhoβ¦
6.9
CVE-2026-5484 - BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible tβ¦
2.1
CVE-2026-5476 - NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow
A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told tβ¦