5.5
CVE-2026-26123 - Microsoft Authenticator Information Disclosure Vulnerability
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.
7.5
CVE-2026-26308 - Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eacβ¦
5.3
CVE-2026-3582 - Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search resultβ¦
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token (PAT) lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user β¦
7.4
CVE-2026-2266 - Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that alloβ¦
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTML β¦
9.1
CVE-2026-27825 - MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained dowβ¦
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforcement. An attacker who can call thiβ¦
5.1
CVE-2026-23868 - giflib: Giflib: Double-free vulnerability leading to memory corruption
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
5.5
CVE-2026-27218 - Substance3D - Painter | NULL Pointer Dereference (CWE-476)
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires useβ¦
5.5
CVE-2026-27219 - Substance3D - Painter | Out-of-bounds Read (CWE-125)
Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a viβ¦
5.5
CVE-2026-27214 - Substance3D - Painter | NULL Pointer Dereference (CWE-476)
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires useβ¦
5.5
CVE-2026-21364 - Substance3D - Painter | NULL Pointer Dereference (CWE-476)
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires useβ¦