CVE ID :CVE-2026-42606 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally…
CVE-2026-42605 – AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload
CVE ID :CVE-2026-42605 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter…
CVE-2026-42601 – ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
CVE ID :CVE-2026-42601 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint…
CVE-2026-42571 – Privilege Escalation Attack affecting Pelican Web UI
CVE ID :CVE-2026-42571 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before…
CVE-2026-42569 – phpvms: /importer authorization bypass causing full database wipe
CVE ID :CVE-2026-42569 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical…
CVE-2026-42556 – Postiz stored XSS in public preview page
CVE ID :CVE-2026-42556 Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated…
CVE-2026-42454 – Termix: OS Command Injection in Docker Container Management Endpoints
CVE ID :CVE-2026-42454 Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to…
CVE-2026-42453 – Termix: Command injection in extractArchive/compressFiles via double-quote escaping bypass
CVE ID :CVE-2026-42453 Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to…
CVE-2026-42452 – Termix: Pending-TOTP temporary token can regenerate backup codes and neutralize TOTP
CVE ID :CVE-2026-42452 Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to…
CVE-2026-42354 – Sentry: Improper authentication on SAML SSO process allows user identity linking
CVE ID :CVE-2026-42354 Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a…