5.1
CVE-2026-30838 - league/commonmark: DisallowedRawHtml extension bypass via whitespace in HTML tag names
league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing >. For example, <script\n> would pass through unfiltered and be renβ¦
9.1
CVE-2026-30832 - Soft Serve: SSRF via unvalidated LFS endpoint in repo import
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is blβ¦
7.5
CVE-2026-30834 - PinchTab: SSRF with Full Response Exfiltration via Download Handler
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, inclβ¦
5.3
CVE-2026-29787 - mcp-memory-service: System Information Disclosure via Health Endpoint
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCP_ALβ¦
8.2
CVE-2026-29786 - node-tar: Hardlink Path Traversal via Drive-Relative Linkpath
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. Thβ¦
4.8
CVE-2026-3667 - Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization
A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has beβ¦
4.8
CVE-2026-3665 - xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. β¦
7.5
CVE-2026-29784 - Ghost: Incomplete CSRF protections around OTC use
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost sβ¦
7.1
CVE-2026-29778 - pyLoad: Arbitrary File Write via Path Traversal in edit_package()
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of "../", which can be β¦
2.1
CVE-2026-29781 - Sliver: Authenticated Nil-Pointer Dereference in Handlers
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nesβ¦