A vulnerability in Go’s x509 certificate verification, tracked as CVE-2026-27145, causes incorrect hostname validation when a certificate contains multiple DNS Subject Alternative Name (SAN) entries. … Read More
A vulnerability in AIOHTTP, the popular asynchronous HTTP client/server framework for Python, tracked as CVE-2026-47265 (CVSS 7.5 High), causes cookies set with the cookies parameter … Read More
Two critical web security vulnerabilities have been disclosed in elixir-mint, the HTTP client library for the Elixir programming language, tracked as CVE-2026-48861 (CVSS 9.1 Critical) … Read More
Three vulnerabilities have been disclosed in MISP, the widely deployed open-source threat intelligence sharing platform, tracked as CVE-2026-10868 (CVSS 9.8 Critical), CVE-2026-10864 (CVSS 7.5 High), … Read More
Three vulnerabilities have been disclosed in LibreChat, the open-source ChatGPT clone supporting multiple AI providers, tracked as CVE-2026-32625 (CVSS 9.8 Critical), CVE-2026-44653 (CVSS 7.5 High), … Read More
A CRLF injection vulnerability in the morgan HTTP request logger for Node.js, tracked as CVE-2026-5078, allows attackers to inject arbitrary log entries by supplying crafted … Read More
A vulnerability in MLflow versions prior to 3.11.0, tracked as CVE-2026-4035, allows the resolution of environment variables in AI Gateway secrets, enabling attackers to exfiltrate … Read More
A critical stack-based buffer overflow vulnerability in the BIRD Internet Routing Daemon, tracked as CVE-2026-49943, allows remote attackers to trigger a buffer overflow through crafted … Read More
Five vulnerabilities have been disclosed in authentik, the open-source identity provider, affecting versions prior to the 2025.12.6, 2026.2.4, and 2026.5.1 patch releases. The most severe … Read More
A path traversal bypass in Python’s tarfile module, tracked as CVE-2026-7774, allows a malicious tar archive to circumvent the data_filter — the security mechanism designed … Read More
