Common Vulnerabilities and Exposures (CVE)

CVE-2025-59616

Jul 7, 2026 13:11:17 UTC

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.

CVE-2025-59617

Jul 7, 2026 13:11:08 UTC

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.

CVE-2026-21368

Jul 7, 2026 13:10:54 UTC

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.

CVE-2026-21369

Jul 7, 2026 13:10:43 UTC

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.

CVE-2026-21370

Jul 7, 2026 13:10:34 UTC

Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.

CVE-2026-29049

Jul 7, 2026 13:10:28 UTC

melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout (pkg/renovate/cache/cache....

CVE-2026-21384

Jul 7, 2026 13:10:27 UTC

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.

CVE-2026-48316

Jul 7, 2026 13:10:00 UTC

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user in...

CVE-2023-45815

Jul 7, 2026 13:08:32 UTC

ArchiveBox is an open source self-hosted web archiving system. Any users who are using the `wget` extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same brow...

CVE-2026-34171

Jul 7, 2026 12:56:28 UTC

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/{uuid} endpoint can perform a state-changing password reset using an attacker-known invitation...

CVE-2026-34034

Jul 7, 2026 12:51:01 UTC

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentinel_token setting is used in shell commands without sufficient validation, allowing an authenticated user ...

CVE-2026-58593

Jul 7, 2026 12:50:17 UTC

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo c...

CVE-2026-42200

Jul 7, 2026 12:49:05 UTC

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script (generate_init_scripts() method in app/Actions/Database/StartPostgresql.php) filen...

CVE-2026-43927

Jul 7, 2026 12:47:00 UTC

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending ...

CVE-2026-34049

Jul 7, 2026 12:46:10 UTC

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacter...