6.5
CVE-2026-0530 - Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation orβ¦
6.5
CVE-2026-0528 - Improper Input Validation in Metricbeat Leading to Denial of Service
Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Inpuβ¦
8.7
CVE-2026-22871 - GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwritβ¦
7.1
CVE-2026-22870 - GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigaβ¦
5.1
CVE-2025-15056 - Quill 2.0.3 - Lack of data validation in HTML export allowing XSS
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.
8.9
CVE-2026-22869 - Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target trigger combined with checkout of untrusted β¦
7.1
CVE-2026-22868 - go-ethereum has a DoS via malicious p2p message
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.
7.1
CVE-2026-22862 - go-ethereum has a DoS via malicious p2p message
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.
8.8
CVE-2026-22861 - iccDEV has a heap-buffer-overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp. This vulnerabβ¦
5.5
CVE-2026-21301 - Substance3D - Modeler | NULL Pointer Dereference (CWE-476)
Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.