4.3
CVE-2026-25934 - go-git improperly verifies data integrity values for .idx and .pack files
go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likelyβ¦
7.8
CVE-2026-25931 - vscode-spell-checker has a workspace-trust bypass Code Execution
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true (package.json) and is read from workspace cβ¦
7.8
CVE-2026-25925 - PowerDocu Affected by Remote Code Execution via Insecure Deserialization
PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to insβ¦
8.7
CVE-2026-25923 - Phar Deserialization leading to Arbitrary File Deletion in my little forum
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file (disguised as JPEG) via the image uβ¦
7.5
CVE-2026-25808 - Hollo DMs get leaked and can be seen on Webfinger Browser
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is fixβ¦
6.7
CVE-2025-15315 - Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
6.7
CVE-2025-15316 - Tanium addressed a local privilege escalation vulnerability in Tanium Server.
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
8.8
CVE-2026-25807 - Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple socβ¦
6.5
CVE-2025-15317 - Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
7.5
CVE-2026-25961 - SumatraPDF Update MITM -> Arbitrary Code Execution
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker with any valid TLS certificate (e.g., Let's Encrypt) β¦