8.6
CVE-2026-39983 - FTP Command Injection via CRLF in basic-ftp
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), and removeDir(). The library's protectWhitespace() heβ¦
8.8
CVE-2026-39981 - AGiXT has a Path Traversal in safe_join()
AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or β¦
6.9
CVE-2026-5970 - FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Theβ¦
9.1
CVE-2026-39980 - OpenCTI affected by RCE via notifier template
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform proceβ¦
7.1
CVE-2026-39976 - Laravel Passport's TokenGuard Authenticates Unrelated User for Client Credentials Tokens
Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier (since there's no user). The token guard then passes this valueβ¦
8.5
CVE-2026-39974 - n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode
n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTH_TOKEN to cause the server to isβ¦
7.1
CVE-2026-39972 - Mercure has a Topic Selector Cache Key Collision
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unβ¦
8.8
CVE-2026-39962 - LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled sβ¦
6.9
CVE-2026-5962 - Tenda CH22 httpd R7WebsSecurityHandlerfunction path traversal
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.
7.1
CVE-2026-39959 - Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause deβ¦
Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sendβ¦