Common Vulnerabilities and Exposures (CVE)

CVE-2026-59855

Jul 9, 2026 22:19:42 UTC

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a d...

CVE-2026-59831

Jul 9, 2026 22:11:05 UTC

GitHub CLI (gh) is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process i...

CVE-2026-45780

Jul 9, 2026 22:08:52 UTC

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were no...

CVE-2026-53963

Jul 9, 2026 22:05:46 UTC

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-...

CVE-2026-44787

Jul 9, 2026 22:03:41 UTC

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primary_group_id and gain whisper-group privileges without legitimate group memb...

CVE-2026-53962

Jul 9, 2026 22:02:27 UTC

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that...

CVE-2026-15276

Jul 9, 2026 22:00:12 UTC

A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been p...

CVE-2026-58122

Jul 9, 2026 21:30:17 UTC

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with ...

CVE-2026-42504

Jul 9, 2026 21:13:59 UTC

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

CVE-2026-55212

Jul 9, 2026 20:53:36 UTC

Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, the Studio API class definition creation endpoint POST /pimcore-studio/api/class/definition/configuration-view/detail/create is guarded by the ...

CVE-2026-55865

Jul 9, 2026 20:34:38 UTC

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed {% case %} tag without an associated {% when %} or {% else %} block and no terminating {% endcase %} tag, Python Liquid hangs in an infinit...

CVE-2026-9072

Jul 9, 2026 19:54:37 UTC

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerabi...

CVE-2026-8858

Jul 9, 2026 19:54:33 UTC

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker ...

CVE-2026-10852

Jul 9, 2026 19:54:28 UTC

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.

CVE-2026-54004

Jul 9, 2026 19:48:01 UTC

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media U...