Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 2.4 CVE-2026-47090

Claude HUD 0.0.12 Terminal Injection via OSC 8 Hyperlinks_CVE-2026-47090

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values witho...

jarrodwatts claude-hud CVE
LOW 3.5 CVE-2026-6333

SSRF via Host Header Spoofing in Custom Slash Commands_CVE-2026-6333

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 3.5 CVE-2026-4643

Calling window.close() from server-side content causes crash in the Mattermost Desktop App_CVE-2026-4643

Mattermost Desktop App versions

Mattermost Mattermost CVE
LOW 3.1 CVE-2026-4286

Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update_CVE-2026-4286

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 3.7 MS:CVE-2026-6638

PostgreSQL REFRESH PUBLICATION allows SQL injection via table name_MS:CVE-2026-6638

{“lastseen”:”2026-05-18T09:15:25″,”description”:””,”published”:”2026-05-16T08:04:...

N/A N/A MSCVE
LOW 3.1 CVE-2026-6334

OAuth authorization code client binding not enforced during token redemption in Mattermost_CVE-2026-6334

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 3.7 CVE-2026-4273

Insufficient token rotation validation in remote cluster invite confirmation_CVE-2026-4273

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 3.8 CVE-2026-3495

Unescaped variables during error page composition_CVE-2026-3495

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 2.3 CVE-2026-8767

vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection_CVE-2026-8767

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of t...

vercel ai 3.0.0 CVE
LOW 2.3 CVE-2026-8741

EMQX QoS 2 PUBLISH Packet emqx_persistent_session_ds.erl race condition_CVE-2026-8741

A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of th...

n/a EMQX 6.0 CVE