6.8
CVE-2026-4270 - AWS API MCP File Access Restriction Bypass
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To reβ¦
2
CVE-2026-4251 - CityData CityChat ai.citydata.citychat credentials.json credentials storage
A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutter_assets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storageβ¦
2
CVE-2026-4250 - Albert SaΔlΔ±k Hizmetleri ve Ticaret Albert Health Google Cloud Service Account Key service-account.β¦
A vulnerability was found in Albert SaΔlΔ±k Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storagβ¦
7.5
CVE-2026-4276 - LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to fβ¦
LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.
9.8
CVE-2025-62319 - Boolean-Based SQL Injection in Multiple Unica Components
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the iβ¦
5.4
CVE-2026-32587 - WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11.
5.3
CVE-2026-32583 - WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0.
2
CVE-2026-4243 - La Nacion App app.lanacion.activity BuildConfig.java credentials storage
A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/app/lanacion/clublanacion/BuildConfig.java of the component app.lanacion.activity. Executing a manipulation of the argument API_KEY_WEBSOCKET_CV can lead to unprotected storage ofβ¦
4.3
CVE-2026-24692 - Guest users can bypass read permissions via search API
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554
3.1
CVE-2026-22545 - Password Change Bypass via Auth Switch Endpoint
Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00β¦