Common Vulnerabilities and Exposures (CVE)

CVE-2026-0612

Jan 16, 2026 21:42:52 UTC

The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastruct...

CVE-2026-0613

Jan 16, 2026 21:41:53 UTC

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner...

CVE-2026-0616

Jan 16, 2026 21:40:36 UTC

TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.

CVE-2026-23634

Jan 16, 2026 21:38:59 UTC

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting ...

CVE-2026-23645

Jan 16, 2026 21:37:58 UTC

SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads...

CVE-2026-23723

Jan 16, 2026 21:36:57 UTC

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database e...

CVE-2026-23722

Jan 16, 2026 21:35:52 UTC

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fa...

CVE-2026-23724

Jan 16, 2026 21:33:07 UTC

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/atendido/cadastro_ocorrencia.php endpoint of the WeGIA application. The application does not sa...

CVE-2021-47827

Jan 16, 2026 21:32:47 UTC

WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of ...

CVE-2021-47826

Jan 16, 2026 21:30:42 UTC

Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\NT...

CVE-2021-47825

Jan 16, 2026 21:28:43 UTC

Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to injec...

CVE-2026-21226

Jan 16, 2026 21:28:29 UTC

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

CVE-2026-20941

Jan 16, 2026 21:28:29 UTC

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CVE-2026-20958

Jan 16, 2026 21:28:28 UTC

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

CVE-2026-20957

Jan 16, 2026 21:28:27 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.