Common Vulnerabilities and Exposures (CVE)

CVE-2026-44020

Jun 25, 2026 17:07:57 UTC

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString() without protection ...

CVE-2026-48721

Jun 25, 2026 17:06:14 UTC

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non...

CVE-2026-54686

Jun 25, 2026 17:05:10 UTC

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitte...

CVE-2026-48945

Jun 25, 2026 17:03:51 UTC

The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and rem...

CVE-2026-48940

Jun 25, 2026 17:03:33 UTC

A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page.

CVE-2026-48941

Jun 25, 2026 17:03:04 UTC

The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`

CVE-2026-54297

Jun 25, 2026 17:02:51 UTC

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decode...

CVE-2026-48944

Jun 25, 2026 17:01:48 UTC

The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An A...

CVE-2026-48942

Jun 25, 2026 17:00:41 UTC

K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.

CVE-2026-55180

Jun 25, 2026 17:00:35 UTC

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious rep...

CVE-2026-48943

Jun 25, 2026 16:59:53 UTC

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `note...

CVE-2026-11999

Jun 25, 2026 16:56:14 UTC

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supp...

CVE-2026-50017

Jun 25, 2026 16:56:04 UTC

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a defaul...

CVE-2026-55967

Jun 25, 2026 16:53:14 UTC

AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.

CVE-2026-50015

Jun 25, 2026 16:52:01 UTC

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a ...