CVE ID :CVE-2026-47646 Published : July 9, 2026, 12:17 a.m. | 1 hour, 42 minutes ago Description :Improper neutralization of input during web page generation (‘cross-site scripting’) in Dynamics 365 Customer Voice allows an…
CVE-2026-59723 – Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)
CVE ID :CVE-2026-59723 Published : July 8, 2026, 11:16 p.m. | 2 hours, 42 minutes ago Description :Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30,…
CVE-2026-54782 – CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
CVE ID :CVE-2026-54782 Published : July 8, 2026, 11:16 p.m. | 2 hours, 42 minutes ago Description :CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior…
CVE-2026-55849 – @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `–workspace` Argument
CVE ID :CVE-2026-55849 Published : July 8, 2026, 10:17 p.m. | 57 minutes ago Description :@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied…
CVE-2026-55830 – RestrictedPython guard hooks can be shadowed via positional-only arguments
CVE ID :CVE-2026-55830 Published : July 8, 2026, 10:17 p.m. | 57 minutes ago Description :RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide…
CVE-2026-55471 – HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory
CVE ID :CVE-2026-55471 Published : July 8, 2026, 10:17 p.m. | 57 minutes ago Description :HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to…
CVE-2026-44024 – Fluentd: Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder
CVE ID :CVE-2026-44024 Published : July 8, 2026, 10:17 p.m. | 57 minutes ago Description :Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and…
CVE-2026-10037 – Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal
CVE ID :CVE-2026-10037 Published : July 8, 2026, 10:17 p.m. | 58 minutes ago Description :A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by…
CVE-2026-55429 – Coder’s workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
CVE ID :CVE-2026-55429 Published : July 8, 2026, 12:16 a.m. | 58 minutes ago Description :Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2,…
CVE-2026-55428 – Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
CVE ID :CVE-2026-55428 Published : July 8, 2026, 12:16 a.m. | 58 minutes ago Description :Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2,…