8.5
CVE-2026-33451 - Arbitrary read/write vulnerability in Windows clients prior to 14.50
CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.
2.3
CVE-2026-33450 - Out of bounds read in Secure Access MacOS clients prior to 14.50
CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.
2.3
CVE-2026-33449 - Message handler buffer overflow in clients prior to 14.50
CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service.
4.8
CVE-2026-33448 - Format string vulnerability in MacOS clients prior to 14.50
CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets.
2.1
CVE-2026-7429 - SSCMS v7.4.0 Reflected Cross-Site Scripting via STL Processing
SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output enβ¦
2.3
CVE-2026-33447 - Buffer Overflow in Secure Access Client May Cause Denial of Service
CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service.
2.3
CVE-2026-33446 - Buffer overflow in client authentication prior to version 14.50
CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service.
7.5
CVE-2026-7461 - OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a speciaβ¦
6.5
CVE-2026-40603 - Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does notβ¦
7.5
CVE-2026-40601 - Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the taβ¦