5.3
CVE-2026-3967 - Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStreβ¦
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization Sysβ¦
5.3
CVE-2026-3966 - 648540858 wvp-GB28181-pro IP Address ABLMediaNodeServerService.java getDownloadFilePath server-sideβ¦
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the aβ¦
5.3
CVE-2026-3965 - whyour qinglong API express.ts protection mechanism
A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The eβ¦
6.8
CVE-2026-2808 - Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.
4.8
CVE-2026-3964 - OpenAkita Chat API Endpoint shell.py run os command injection
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The exβ¦
6.3
CVE-2026-3963 - perfree go-fastdfs-web Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key
A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key . β¦
6.9
CVE-2026-31988 - yauzl 3.2.0 - Denial of Service via Off-by-One Error in NTFS Timestamp Parser
yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE()β¦
5.3
CVE-2026-3962 - Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting
A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render_template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template Haβ¦
0.0
CVE-2026-3942 -
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
0.0
CVE-2026-3941 -
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)