4.8
CVE-2026-8084 - OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit haβ¦
7.8
CVE-2026-44243 - GitPython: Path traversal in GitPython reference APIs allows arbitrary file write and delete outsidβ¦
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repositoryβs .git directory vβ¦
7.8
CVE-2026-44244 - GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \nβ¦
8.1
CVE-2026-42284 - GitPython: Unsafe option check validates multi_options before shlex.split transforms it
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch)β¦
8.8
CVE-2026-42215 - GitPython: Command injection via Git options bypass
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an applβ¦
6.9
CVE-2026-8083 - SourceCodester Pharmacy Sales and Inventory System ajax.php save_user sql injection
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be β¦
7.8
CVE-2026-42214 - Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which exeβ¦
7.1
CVE-2026-41906 - FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversation_change_customer action accepts any supplied customβ¦
7.2
CVE-2026-44742 - Unescaped HTML in Message Subject Enables XSS via Held Messages Popβup
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.
7.7
CVE-2026-41905 - FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, β¦
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final redirect destination. An β¦