8.5
CVE-2026-32753 - FreeScout: Stored XSS through SVG file upload with filter bypass
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of image/svg+β¦
0
CVE-2026-32752 - FreeScout: Broken Access Control in ThreadPolicy β Any User Can Read/Edit All Customer Messages
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a broken access control vulnerability that allows any authenticated user (regardless of role or mailbox access) to read and modify all customer-β¦
9.8
CVE-2026-32194 - Microsoft Bing Images Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
1.2
CVE-2026-4159 - wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted cβ¦
8.7
CVE-2026-27934 - Discourse leaks private topic title and post excerpt via user action API endpoint
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions 2β¦
6.8
CVE-2026-32750 - SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their conβ¦
5.1
CVE-2026-32751 - SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree (MobileFiles.ts) renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version (Files.ts) properly uses escapeHtml() for the same opeβ¦
7.6
CVE-2026-32749 - SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outsideβ¦
1.2
CVE-2026-3229 - Integer Overflow in Certificate Chain Allocation
An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTβ¦
8.9
CVE-2026-26137 - Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.