7.1
CVE-2026-35167 - Kedro has a path traversal in versioned dataset loading via unsanitized version string
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequencβ¦
8.8
CVE-2026-35470 - OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $_GET['righe'] is directly concatenated into anβ¦
5.3
CVE-2026-35166 - Hugo does not properly escape some Markdown links
Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in 0.15β¦
8.8
CVE-2026-35164 - Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies entireβ¦
5.3
CVE-2026-35052 - D-Tale affected by Remote Code Execution through redis/shelf storage
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the serverβ¦
9.1
CVE-2026-35050 - text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session ->β¦
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, this β¦
7.5
CVE-2026-35209 - defu: Prototype pollution via `__proto__` key in defaults argument
defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to `defu()` are vulnerable to prototypeβ¦
9.3
CVE-2026-35047 - Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint
Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, β¦
5.4
CVE-2026-35046 - Tandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level)
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary <style> tags into recipe step instructions. The bleach.clean() sanitizer explicitly whitelists the <style> tag, causingβ¦
8.1
CVE-2026-35045 - Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by β¦