9.4
CVE-2026-25047 - deepHas vulnerable to Prototype Pollution via constructor.prototype
deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8.
2.9
CVE-2026-25046 - [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js
Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $(cmd) could executeβ¦
5.7
CVE-2026-25040 - Budibase Vulnerable to Privilege Escalation via API Abuse β Creator Can Invite Users with Admin/Anyβ¦
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or App β¦
9.8
CVE-2026-1340 - Unauthenticated Remote Code Execution via Code Injection in Ivanti Endpoint Manager Mobile
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
9.8
CVE-2026-1281 - Unauthenticated Remote Code Injection in Ivanti Endpoint Manager Mobile
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
6.6
CVE-2026-24905 - Inspektor Gadget has a Command Injection vulnerability in Makefile.build
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file β¦
7.1
CVE-2026-24902 - TrustTunnel has SSRF and private network restriction bypass via numeric address destinations
TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In `tcp_forwarder.rs`, SSRF protection for `allow_private_network_connections = false` was only applied in the `TcpDestination::HostName(peer)` pathβ¦
5.3
CVE-2026-24904 - TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In `tls_listener.rs`, `TlsListener::listen()` peeks 1024 bytes and calls `extract_client_random(...)`. If `parse_tls_plaintext` fails (for example, a fragmented/partial ClientHello split across TCP wriβ¦
5.5
CVE-2026-24846 - malcontent's archive extraction could write outside extraction directory
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The `haβ¦
6.5
CVE-2026-24845 - malcontent's OCI image scanning could expose registry credentials
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses google/go-coβ¦