CVE ID :CVE-2026-40316 Published : April 15, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and…
CVE-2026-40192 – Pillow is vulnerable to a FITS GZIP decompression bomb
CVE ID :CVE-2026-40192 Published : April 15, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed…
CVE-2026-6388 – Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation
CVE ID :CVE-2026-6388 Published : April 15, 2026, 10:17 p.m. | 2 hours, 23 minutes ago Description :A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create…
CVE-2026-40261 – Composer has Command Injection via Malicious Perforce Reference
CVE ID :CVE-2026-40261 Published : April 15, 2026, 9:17 p.m. | 3 hours, 23 minutes ago Description :Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a…
CVE-2026-40173 – Dgraph: Unauthenticated pprof endpoint leaks admin auth token
CVE ID :CVE-2026-40173 Published : April 15, 2026, 9:17 p.m. | 3 hours, 23 minutes ago Description :Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure…
CVE-2026-39399 – NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation
CVE ID :CVE-2026-39399 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend…
CVE-2026-35589 – nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update)
CVE ID :CVE-2026-35589 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability…
CVE-2026-35033 – Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection
CVE ID :CVE-2026-35033 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary…
CVE-2026-35032 – Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner
CVE ID :CVE-2026-35032 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain…
CVE-2026-35031 – Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain
CVE ID :CVE-2026-35031 Published : April 14, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain…