CVE ID :CVE-2026-8915 Published : May 28, 2026, 12:16 a.m. | 53 minutes ago Description :Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31. Severity: 8.8…
CVE-2026-9739 – Google Chrome SSE DNS Rebinding
CVE ID :CVE-2026-9739 Published : May 27, 2026, 11:16 p.m. | 1 hour, 53 minutes ago Description :Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and…
CVE-2026-46414 – Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking
CVE ID :CVE-2026-46414 Published : May 27, 2026, 11:16 p.m. | 1 hour, 53 minutes ago Description :Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO’s WebSocket control…
CVE-2026-46402 – Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory
CVE ID :CVE-2026-46402 Published : May 27, 2026, 11:16 p.m. | 1 hour, 53 minutes ago Description :Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the…
CVE-2026-9208 – Tanium addressed an unauthorized code execution vulnerability in Connect.
CVE ID :CVE-2026-9208 Published : May 27, 2026, 10:16 p.m. | 2 hours, 53 minutes ago Description :Tanium addressed an unauthorized code execution vulnerability in Connect. Severity: 8.8 | HIGH Visit the link for…
CVE-2026-9312 – Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint
CVE ID :CVE-2026-9312 Published : May 27, 2026, 12:16 a.m. | 50 minutes ago Description :A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to…
CVE-2026-5260 – Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
CVE ID :CVE-2026-5260 Published : May 26, 2026, 10:16 p.m. | 2 hours, 50 minutes ago Description :A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during…
CVE-2026-45574 – epa4all-client: TLS Certificate Validation Disabled in Production
CVE ID :CVE-2026-45574 Published : May 26, 2026, 10:16 p.m. | 2 hours, 50 minutes ago Description :epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2,…
CVE-2026-45298 – Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)
CVE ID :CVE-2026-45298 Published : May 26, 2026, 10:16 p.m. | 2 hours, 50 minutes ago Description :Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy…
CVE-2026-44985 – Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication
CVE ID :CVE-2026-44985 Published : May 26, 2026, 10:16 p.m. | 2 hours, 50 minutes ago Description :Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the…