Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 2.1 CVE-2026-45244

Summarize < 0.15.1 Unapproved Browser Automation Execution_CVE-2026-45244

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-ca...

steipete summarize CVE
LOW 2.4 CVE-2026-47090

Claude HUD 0.0.12 Terminal Injection via OSC 8 Hyperlinks_CVE-2026-47090

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values witho...

jarrodwatts claude-hud CVE
LOW 3.5 CVE-2026-6333

SSRF via Host Header Spoofing in Custom Slash Commands_CVE-2026-6333

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 3.5 CVE-2026-4643

Calling window.close() from server-side content causes crash in the Mattermost Desktop App_CVE-2026-4643

Mattermost Desktop App versions

Mattermost Mattermost CVE
LOW 3.1 CVE-2026-4286

Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update_CVE-2026-4286

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 3.7 MS:CVE-2026-6638

PostgreSQL REFRESH PUBLICATION allows SQL injection via table name_MS:CVE-2026-6638

{“lastseen”:”2026-05-18T09:15:25″,”description”:””,”published”:”2026-05-16T08:04:...

N/A N/A MSCVE
LOW 3.1 CVE-2026-6334

OAuth authorization code client binding not enforced during token redemption in Mattermost_CVE-2026-6334

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 3.7 CVE-2026-4273

Insufficient token rotation validation in remote cluster invite confirmation_CVE-2026-4273

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 3.8 CVE-2026-3495

Unescaped variables during error page composition_CVE-2026-3495

Mattermost versions 11.5.x

Mattermost Mattermost 11.5.0 CVE
LOW 2.3 CVE-2026-8767

vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection_CVE-2026-8767

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of t...

vercel ai 3.0.0 CVE