8.1
CVE-2026-41105 - Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
7.5
CVE-2026-26129 - M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
7.5
CVE-2026-26164 - M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
8.5
CVE-2026-42449 - n8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRFβ¦
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and validateInstanceContext()), the synchronous URL validator in SSβ¦
8.6
CVE-2026-42047 - Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serβ¦
6.9
CVE-2026-8098 - code-projects Feedback System checklogin.php sql injection
A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly aβ¦
5.3
CVE-2026-8097 - CodeAstro Online Classroom askquery.php sql injection
A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may bβ¦
6.5
CVE-2026-41691 - i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns
Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL template β¦
4.7
CVE-2026-41692 - i18nextify is vulnerable to DOM XSS via javascript:/data: URL schemes in translated href/src attribβ¦
i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute {{key}} interpolation tokens inside src and href attribute values with the raw string returned by i18next.t(). The substitution logic in src/loβ¦
0.0
CVE-2026-8142 - CVE-2026-8142
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.