4.8
CVE-2026-22212 - TinyOS <= 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this β¦
6.8
CVE-2026-22801 - LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap bβ¦
6.1
CVE-2026-22695 - LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 β¦
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs withβ¦
9.4
CVE-2026-22813 - Malicious website can execute commands on the local system through XSS in the OpenCode web UI
OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response foβ¦
8.8
CVE-2026-22812 - OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
2.1
CVE-2026-22805 - Metabase channel test endpoint can reach internal local addresses
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57β¦
8
CVE-2026-22804 - Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Sessiβ¦
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thiβ¦
2.4
CVE-2026-22800 - PILOS affected by a CSRF via GET request allows unintentional termination of all active video confeβ¦
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performβ¦
9.3
CVE-2026-22799 - emlog Arbitrary File Upload Vulnerability
Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers (with a valid API keyβ¦
5.9
CVE-2026-22798 - hermes's raw options logging may disclose secrets passed in via subcommand options argument
hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens (e.g., via heβ¦