7.8
CVE-2026-27309 - Substance3D - Stager | Use After Free (CWE-416)
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.2
CVE-2026-33946 - MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sβ¦
7.6
CVE-2019-25652 - UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMβ¦
7.5
CVE-2026-34226 - Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { credentials: "include" })` is used. This can leak cookiesβ¦
8.7
CVE-2019-25651 - Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknessβ¦
8.8
CVE-2026-33943 - Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (RCE) by injecting arbitrary JavaScript expressions inβ¦
8.3
CVE-2026-33941 - Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings β template file names and several CLI options β directly into the JavaScript β¦
8.1
CVE-2026-33940 - Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic parβ¦
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to return `undefined`. The Handlebars runtime then treaβ¦
7.5
CVE-2026-33939 - Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls `lookupProperty(decorators, "n")`, which returns `uβ¦
8.1
CVE-2026-33938 - Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper oβ¦