8.1
CVE-2026-33496 - Ory Oathkeeper has an authentication bypass by cache key confusion
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distiβ¦
7.8
CVE-2026-32857 - Firecrawl Playwright Service SSRF Protection Bypass via Missing Post-Redirect Validation
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an extβ¦
6.5
CVE-2026-33495 - Ory Oathkeeper has an authentication bypass by usage of untrusted header
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the rβ¦
10
CVE-2026-33494 - Ory Oathkeeper has a path traversal authorization bypass
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequencesβ¦
4.8
CVE-2026-33732 - srvx is vulnerable to middleware bypass via absolute URI in request line
srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's `FastURL` allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme (e.g. `file://`). Starting in version 0.11.13, the β¦
3.7
CVE-2026-33490 - h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefiβ¦
H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc.16, the `mount()` method in h3 uses a simple `startsWith()` check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary (i.e., that β¦
7.5
CVE-2026-33487 - goxmldsig has validateSignature Loop Variable Capture Signature Bypass
goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mod` uses an older veβ¦
6.8
CVE-2026-33486 - Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents
Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web sβ¦
5.3
CVE-2026-33481 - Syft improper temporary file cleanup
Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack thoseβ¦
4.3
CVE-2026-33477 - FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other uβ¦
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uplβ¦