8.8
CVE-2026-29089 - TimescaleDB uses untrusted search path during extension upgrade
TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the search_path setting to locate unqualified database objects (tables, functions, operators). If the search_path includes user-writable scβ¦
7.5
CVE-2026-29087 - @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Staβ¦
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections (e.g. protecting /admin/*), inconsistent URL decoding can allow protected static resources to be accessed wβ¦
7.5
CVE-2026-29783 - GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execβ¦
The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent (e.g., via prompt injection through repository files, MCP server reβ¦
7.3
CVE-2026-29082 - Kestra: Stored Cross-Site Scripting in Markdown File Preview
Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestraβs execution-file preview renders user-supplied Markdown (.md) with markdown-it instantiated as html:true and injects the resulting HTML with Vueβs v-html without sanitisation. At time of publication, there aβ¦
8.3
CVE-2026-29075 - Mesa: Checking out of untrusted code in `benchmarks.yml` workflow may lead to code execution in priβ¦
Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commit β¦
8.7
CVE-2025-15602 - Snipe-IT < 8.3.7 Mass Assignment Vulnerability Leading to Privilege Escalation
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Supeβ¦
8.2
CVE-2026-29064 - Zarf: Symlink targets in archives are not validated against destination directory
Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or writβ¦
7.7
CVE-2026-26017 - CoreDNS ACL Bypass
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-oβ¦
7.5
CVE-2026-26018 - CoreDNS Loop Detection Denial of Service Vulnerability
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-raβ¦
6.9
CVE-2026-27027 - Everon api.everon.io Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.