8.8
CVE-2026-25575 - NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying uโฆ
9.2
CVE-2026-25547 - Uncontrolled Resource Consumption in @isaacs/brace-expansion
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, tโฆ
7.8
CVE-2026-25546 - Godot MCP is vulnerable to Command Injection via unsanitized projectPath
Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) directly to exec(), whicโฆ
6.3
CVE-2026-25543 - HtmlSanitizer has a bypass via template tag
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contโฆ
6.5
CVE-2026-25540 - Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent โฆ
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via `Rails.cache. When AUTHORIZED_FETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that โฆ
9.1
CVE-2026-25539 - SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive โฆ
8.7
CVE-2026-25538 - Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including low-privileged CI/CD Developers) to obtain the global API Token signing key by accessing the /orchโฆ
5.1
CVE-2026-1884 - ZenTao Webhook model.php fetchHook server-side request forgery
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made avaโฆ
5.5
CVE-2026-25537 - jsonwebtoken has Type Confusion that leads to potential authorization bypass
jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an incorrect JSON type (Like a String instead of a Number), the libraryโs intโฆ
7.1
CVE-2026-25536 - @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHโฆ