CVE ID :CVE-2026-7574 Published : June 23, 2026, 11:54 p.m. | 1 hour, 16 minutes ago Description :Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0)…
CVE-2026-56785 – FlatPress – Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields
CVE ID :CVE-2026-56785 Published : June 23, 2026, 10:09 p.m. | 3 hours, 1 minute ago Description :FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms…
CVE-2026-11972 – tarfile opened in streaming mode mishandles EOF
CVE ID :CVE-2026-11972 Published : June 23, 2026, 10:02 p.m. | 3 hours, 8 minutes ago Description :When using the “tarfile” module with a file opened in “streaming mode” (mode=”r|”) the tarfile module did…
CVE-2026-41862 – Spring Statemachine Deserialisation Vulnerability
CVE ID :CVE-2026-41862 Published : June 23, 2026, 8:59 p.m. | 4 hours, 11 minutes ago Description :Spring Statemachine’s Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a…
CVE-2026-54512 – jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation
CVE ID :CVE-2026-54512 Published : June 23, 2026, 8:56 p.m. | 4 hours, 14 minutes ago Description :jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4,…
CVE-2026-48109 – MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input
CVE ID :CVE-2026-48109 Published : June 22, 2026, 9:19 p.m. | 3 hours, 50 minutes ago Description :MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists…
CVE-2026-56348 – n8n – Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint
CVE ID :CVE-2026-56348 Published : June 22, 2026, 9:04 p.m. | 4 hours, 5 minutes ago Description :n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users…
CVE-2026-56324 – Capgo – Rate Limit Bypass via User-Controlled device_id Parameter
CVE ID :CVE-2026-56324 Published : June 22, 2026, 9:04 p.m. | 4 hours, 5 minutes ago Description :Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to…
CVE-2026-56266 – Crawl4AI – Server-Side Request Forgery via Direct Crawl Endpoints
CVE ID :CVE-2026-56266 Published : June 22, 2026, 9:04 p.m. | 4 hours, 5 minutes ago Description :Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints…
CVE-2025-71358 – picklescan – Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity
CVE ID :CVE-2025-71358 Published : June 22, 2026, 9:04 p.m. | 4 hours, 5 minutes ago Description :picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers…