6.3
CVE-2026-40942 - DSF: Inverted Time Comparison in OIDC JWKS and Token Cache
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison (isBefore instead of isAfter), causing the cache to never return cached values. Every incβ¦
6.8
CVE-2026-40939 - DSF: Missing Session Timeout for OIDC Sessions
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Thisβ¦
10
CVE-2026-40933 - Flowise: Authenticated RCE Via MCP Adapters
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerability β¦
5.3
CVE-2026-6799 - Comfast CF-N1-S Endpoint mbox-config command injection
A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The attβ¦
8.4
CVE-2026-40931 - Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing
Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but faiβ¦
5.4
CVE-2026-40927 - Docmost: XSS in Comments with JavaScript URI
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0.
5.4
CVE-2026-40923 - Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses striβ¦
6.5
CVE-2026-40924 - Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Eβ¦
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the Hβ¦
7.5
CVE-2026-40938 - Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leadinβ¦
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parsesβ¦
5.3
CVE-2026-6797 - Sanluan PublicCMS DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to lauβ¦