6.8
CVE-2026-22214 - RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in ethos Serial Frame Parser
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appendedโฆ
2.4
CVE-2026-22213 - RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utilityโฆ
4.8
CVE-2026-22212 - TinyOS <= 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this โฆ
6.8
CVE-2026-22801 - LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap bโฆ
6.1
CVE-2026-22695 - LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 โฆ
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs withโฆ
9.4
CVE-2026-22813 - Malicious website can execute commands on the local system through XSS in the OpenCode web UI
OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response foโฆ
8.8
CVE-2026-22812 - OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
2.1
CVE-2026-22805 - Metabase channel test endpoint can reach internal local addresses
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57โฆ
8
CVE-2026-22804 - Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Sessiโฆ
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thiโฆ
2.4
CVE-2026-22800 - PILOS affected by a CSRF via GET request allows unintentional termination of all active video confeโฆ
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performโฆ