8.8
CVE-2026-40897 - Math.js: Unsafe object property setter in mathjs
Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjsβ¦
7.5
CVE-2026-41066 - lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internaβ¦
8.7
CVE-2026-6912 - Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API β¦
9.3
CVE-2026-6911 - Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deβ¦
9.3
CVE-2026-39920 - BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE
BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console uβ¦
0.0
CVE-2026-31639 - rxrpc: Fix key reference count leak from call->key
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call->key When creating a client call in rxrpc_alloc_client_call(), the code obtains a reference to the key. This is never cleaned up and gets leaked when the call is destroyed. Fix thisβ¦
0.0
CVE-2026-31636 - rxrpc: fix RESPONSE authenticator parser OOB read
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and then passes p + auth_len as the parser limit to rxgk_do_verify_authenticator(). Since p is a __be32 *β¦
9.8
CVE-2026-31589 - mm: call ->free_folio() directly in folio_unmap_invalidate()
In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or hold a lock on) the mapping. Otherwise, we've already removed the folio from the mapping so it no lβ¦
7.5
CVE-2026-31538 - smb: server: make use of smbdirect_socket.recv_io.credits.available
In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_io and granted credits is racy. That's because the peer might already consumed a credit, but betweenβ¦
9.3
CVE-2026-25660 - Authentication bypass for certain API calls
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls.Β This bypass allows assigning arbitrary permission to any user existing in CodeChecβ¦