4.3
CVE-2026-3925 - Google Chrome Android UI Spoofing via LookalikeChecks
Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
5.3
CVE-2026-3961 - zyddnys manga-image-translator Translate Endpoints request_extraction.py to_pil_image server-side rβ¦
A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is pβ¦
7.8
CVE-2026-32133 - 2FAuth has Blind SSRF in image parameter allows internal network access and more
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Thβ¦
9.8
CVE-2026-32136 - AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTβ¦
7.4
CVE-2026-32132 - ZITADEL: Reactivation of Expired Passkey Registration Codes
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow anβ¦
7.7
CVE-2026-32131 - ZITADEL Cross-Tenant Information Disclosure in Management API
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, project.grant.read, or project.app.read) to retrieve managemenβ¦
7.5
CVE-2026-32130 - ZITADEL SCIM Authentication Bypass via URL Encoding
ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management (SCIM) API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed buβ¦
4.8
CVE-2026-3959 - 0xKoda WireMCP Tshark CLI index.js server.tool os command injection
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The exploitβ¦
5.3
CVE-2026-3958 - Woahai321 ListSync JSON api_server.py requests.post server-side request forgery
A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploβ¦
6.3
CVE-2026-32128 - FastGPT Python Sandbox Bypass of File-Write Restriction
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdout (fd 1) to an arbitrary writable file descriptor using fcnβ¦