Three vulnerabilities have been disclosed in LibreChat, the open-source ChatGPT clone supporting multiple AI providers, tracked as CVE-2026-32625 (CVSS 9.8 Critical), CVE-2026-44653 (CVSS 7.5 High), … Read More
A CRLF injection vulnerability in the morgan HTTP request logger for Node.js, tracked as CVE-2026-5078, allows attackers to inject arbitrary log entries by supplying crafted … Read More
A vulnerability in MLflow versions prior to 3.11.0, tracked as CVE-2026-4035, allows the resolution of environment variables in AI Gateway secrets, enabling attackers to exfiltrate … Read More
A critical stack-based buffer overflow vulnerability in the BIRD Internet Routing Daemon, tracked as CVE-2026-49943, allows remote attackers to trigger a buffer overflow through crafted … Read More
Five vulnerabilities have been disclosed in authentik, the open-source identity provider, affecting versions prior to the 2025.12.6, 2026.2.4, and 2026.5.1 patch releases. The most severe … Read More
A path traversal bypass in Python’s tarfile module, tracked as CVE-2026-7774, allows a malicious tar archive to circumvent the data_filter — the security mechanism designed … Read More
Three vulnerabilities have been disclosed in Tautulli, the popular Python-based monitoring and tracking tool for Plex Media Server, tracked as CVE-2026-43984, CVE-2026-43985, and CVE-2026-43986. The … Read More
A TLS hostname verification vulnerability in OpenStack’s oslo.messaging library, tracked as CVE-2026-44393, allows an attacker who can intercept control-plane traffic to impersonate the RabbitMQ message … Read More
A server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager, tracked as CVE-2026-20230, allows an unauthenticated remote attacker to write files to the underlying … Read More
Acer has confirmed two maximum-severity zero-day vulnerabilities in its Wave 7 mesh routers, tracked as CVE-2026-49200 and CVE-2026-49201. Together, they enable a complete device compromise … Read More
