8.5
CVE-2026-39974 - n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode
n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTH_TOKEN to cause the server to isβ¦
7.1
CVE-2026-39972 - Mercure has a Topic Selector Cache Key Collision
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unβ¦
8.8
CVE-2026-39962 - LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled sβ¦
6.9
CVE-2026-5962 - Tenda CH22 httpd R7WebsSecurityHandlerfunction path traversal
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.
7.1
CVE-2026-39959 - Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause deβ¦
Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sendβ¦
5.2
CVE-2026-39958 - oma-topic: name Field in Topic Manifests (topic.json) May Allow CRLF Injection
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) from remote repository servers, registering them as APT source entries. However, the name field in saβ¦
6.9
CVE-2026-5961 - code-projects Simple IT Discussion Forum topic-details.php sql injection
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument post_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed pβ¦
2.3
CVE-2026-39957 - Lychee has Broken Access Control in SharingController::listAll() leaks private album sharing metadaβ¦
Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll() causes the orWhereNotNull('user_group_id') clause to escape the ownership filter applied by the when() block. Any authenticated non-admin user with upload permission whβ¦
6.5
CVE-2026-39943 - Directus exposes sensitive fields in revision history
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensiβ¦
8.5
CVE-2026-39942 - Directus has a Path Traversal and Broken Access Control in File Management API
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content β¦