Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 2.1 CVE-2026-5476

NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow_CVE-2026-5476

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tb...

NASA cFS 7.0 CVE
LOW 3.7 CVE-2026-3184

Util-linux: util-linux: access control bypass due to improper hostname canonicalization_CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the sup...

Red Hat Red Hat Enterprise Linux 10 CVE
LOW 2.7 CVE-2026-34947

Discourse: Staged user custom fields are exposed on public invite pages_CVE-2026-34947

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0...

discourse discourse >= 2026.1.0-latest, < 2026.1.3 CVE
LOW 3.9 CVE-2026-34768

Electron: Unquoted executable path in app.setLoginItemSettings on Windows_CVE-2026-34768

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, a...

electron electron < 38.8.6 CVE
LOW 3.3 CVE-2026-34766

Electron: USB device selection not validated against filtered device list_CVE-2026-34766

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, a...

electron electron < 38.8.6 CVE
LOW 3.5 CVE-2026-35679

CVE-2026-35679_CVE-2026-35679

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draini...

Zcash zcashd CVE
LOW 3.7 CVE-2026-37977

Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim_CVE-2026-37977

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's Use...

Red Hat Red Hat Build of Keycloak CVE
LOW 3.4 CVE-2026-33404

Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard_CVE-2026-33404

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6...

pi-hole web >= 6.0, < 6.5 CVE
LOW 3.1 CVE-2026-33405

Pi-hole has a Stored HTML Injection in queries.js_CVE-2026-33405

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6...

pi-hole web >= 6.0, < 6.5 CVE
LOW 2.3 CVE-2026-34969

Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback_CVE-2026-34969

Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh toke...

nhost nhost < 0.48.0 CVE