5.1
CVE-2026-41456 - Bludit CMS Reflected XSS via Search Plugin
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit craftβ¦
7.5
CVE-2026-40613 - Coturn: Misaligned Memory Access in coturn STUN Attribute Parser (Remote DoS on ARM64)
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries,β¦
5.3
CVE-2026-6744 - Bagisto Downloadable Link copy server-side request forgery
A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted earβ¦
8.8
CVE-2026-40611 - Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider
Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to wβ¦
6.2
CVE-2026-40608 - Next AI Draw.io: Unbounded HTTP Body β Denial of Service
Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, and /api/history-svg) that process incoming requests by accumulating the entire request body into a β¦
4.8
CVE-2026-40606 - ProxyAuth Addon LDAP Injection in mitmproxy
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP serβ¦
8.2
CVE-2026-40604 - ClearanceKit: opfilter system extension can be suspended or signalled by a root process, disabling β¦
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancekit.opfilter) can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any proβ¦
5.6
CVE-2026-40602 - hass-cli: Handling of user-supplied Jinja2 templates
The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no β¦
8.4
CVE-2026-40599 - ClearanceKit: Ad-hoc signed binaries can spoof Apple process identities in the global allowlist
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple pβ¦
5.4
CVE-2026-41194 - FreeScout's Mailbox OAuth disconnect uses a state-changing GET and is CSRFable
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET /mailbox/oauth-disconnect/{id}/{in_out}/{provider}`. It removes stored OAuth metadata from the mailbox and then redirects. Because it is a GET route, noβ¦