8.1
CVE-2026-33942 - Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes => true. An attacker who can control the serializedโฆ
8
CVE-2026-33183 - Saloon has a Fixture Name Path Traversal Vulnerability
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments (e.g. ../traversal or ../../etc/passwd) resulted in a patโฆ
6.6
CVE-2026-33182 - Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base Uโฆ
6.3
CVE-2026-4830 - kalcaddle kodbox Public Share userShare.class.php add privilege escalation
A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is characterizโฆ
9.2
CVE-2026-33526 - Squid vulnerable to Denial of Service in ICP Request handling
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocoโฆ
6.9
CVE-2026-33515 - Squid has issues in ICP message handling
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding wiโฆ
8.7
CVE-2026-32748 - Squid has Denial of Service in ICP Response handling
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Deniโฆ
9.8
CVE-2026-30457 -
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
9.1
CVE-2026-30458 -
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
7.7
CVE-2026-30463 - SQL Injection via Login Controller in FuelCMS 1.5.2
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.