3.7
CVE-2026-44602 - NULL Pointer Dereference in Tor upon OutโofโOrder CERT Cell
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
9.1
CVE-2026-41201 - CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM โฆ
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via โฆ
8.6
CVE-2026-41587 - CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execuโฆ
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remoteโฆ
3.7
CVE-2026-44601 -
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
6.8
CVE-2026-42194 - Incomplete fix for CVE-2026-32812: SSRF in admidio
Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes the original hostname-based URL to curl_init(), leaving a DNS rebinding TOCTOU window that allows redirecting requests to โฆ
6.8
CVE-2026-41671 - Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation
Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint (/modules/sso/index.php/oidc/introspect) always returns {"active": true} for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or coโฆ
8.2
CVE-2026-41670 - Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest
Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the reโฆ
8.2
CVE-2026-41669 - Admidio: SAML Signature Validation Result Ignored โ Forged AuthnRequests and LogoutRequests Processโฆ
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method at both call sites (handleSSORequest() line 418 and handleSLORequest() line 613). The method returns error stringโฆ
3.5
CVE-2026-41663 - Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GEโฆ
5.2
CVE-2026-41662 - Admidio: Missing Minimum Administrator Check in Role Membership Removal
Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership() contains this safety check, but the current code path bypassโฆ