6.3
CVE-2026-6736 - Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accoβ¦
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce the β¦
6.9
CVE-2026-41928 - Vvveb < 1.0.8.2 Information Disclosure via Cron Controller
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response, enβ¦
5.1
CVE-2026-41929 - Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and _component_ajax POST parameter. Attackers can craft a malicious link orβ¦
9.3
CVE-2026-7891 -
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights areβ¦
5.3
CVE-2026-8112 - 8421bit MiniClaw kernel.ts executeCognitivePulse os command injection
A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been madβ¦
10
CVE-2026-42826 - Azure DevOps Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
9.6
CVE-2026-35428 - Azure Cloud Shell Spoofing Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
8.6
CVE-2026-35435 - Azure AI Foundry Elevation of Privilege Vulnerability
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
8.2
CVE-2026-34327 - Microsoft Partner Center Spoofing Vulnerability
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
9
CVE-2026-33844 - Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.