7.5
CVE-2026-33806 - fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify >= 5.β¦
6.5
CVE-2026-40105 - XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability (XSS) in the comparison view between revβ¦
6.9
CVE-2026-40104 - XWiki's REST APIs can list all pages/spaces, leading to unavailability
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationCβ¦
8.8
CVE-2026-6359 - chromium-browser: Use after free in Video
Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
7.5
CVE-2026-30364 - CentSDR Commit e40795 Stack Overflow in Thread1 Function
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
8.6
CVE-2026-30995 - SQL Injection via vereador_ver.php in Slah CMS
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint.
9.6
CVE-2026-6296 - chromium-browser: Heap buffer overflow in ANGLE
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
7.5
CVE-2025-67841 - Algorithmic Complexity Flaw Causing Resource Exhaustion in Nordic Semiconductor IronSide SE
Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.
7.5
CVE-2026-30994 - Unauthenticated Access to Config File Exposes Session Credentials in Slah v1.5.0 and Earlier
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.
8.8
CVE-2026-6318 - chromium-browser: Use after free in Codecs
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)