Common Vulnerabilities and Exposures (CVE)

CVE-2026-41434

Jul 7, 2026 15:06:13 UTC

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion...

CVE-2026-53694

Jul 7, 2026 15:04:57 UTC

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2.

CVE-2026-40140

Jul 7, 2026 15:01:24 UTC

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote at...

CVE-2026-40139

Jul 7, 2026 15:00:13 UTC

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain...

CVE-2026-48588

Jul 7, 2026 14:59:53 UTC

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote...

CVE-2026-40138

Jul 7, 2026 14:59:19 UTC

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass acce...

CVE-2026-53877

Jul 7, 2026 14:59:07 UTC

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degrada...

CVE-2026-53878

Jul 7, 2026 14:58:18 UTC

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newlines). If an application uses values with...

CVE-2026-12352

Jul 7, 2026 14:56:48 UTC

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.

CVE-2026-40141

Jul 7, 2026 14:56:42 UTC

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow a...

CVE-2026-12948

Jul 7, 2026 14:56:24 UTC

A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system conf...

CVE-2026-57571

Jul 7, 2026 14:53:40 UTC

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confi...

CVE-2026-34153

Jul 7, 2026 14:51:37 UTC

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fs_path and parent_dir values before val...

CVE-2026-42204

Jul 7, 2026 14:47:36 UTC

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom Docker Compose build, st...

CVE-2026-50133

Jul 7, 2026 14:44:31 UTC

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type (typically .html files under /content, or pages produced by a content adapter that sets conten...