Permalink CVE-2026-48994

5.9 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): High (H)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): High (H)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse ignored
  2 packages

  • graphicsmagick-imagemagick-compat
  • haskellPackages.ihp-imagemagick
  7 minutes ago
• @LeSuisse ignored
  3 maintainers

  • @rhendric
  • @faukah
  • @dotlambda
  7 minutes ago maintainer.ignore
• @LeSuisse accepted 7 minutes ago
• @LeSuisse published on GitHub 5 minutes ago

ImageMagick: Heap Buffer Over-Write in MAT decoder on 32-bit systems

• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc x_refsource_CONFIRM

---

ImageMagick

• ==< 6.9.13-48
• ==< 7.1.2-24

Permalink CVE-2026-47712

3.3 LOW

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): Required (R)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): Low (L)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): Low (L)
• Modified Availability (MA): None (N)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse accepted an hour ago
• @LeSuisse published on GitHub 5 minutes ago

Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

• https://github.com/jelmer/dulwich/security/advisories/GHSA-555p-6grf-mh7f x_refsource_CONFIRM
• https://github.com/jelmer/dulwich/commit/c2446e51b x_refsource_MISC
• https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5 x_refsource_MISC

---

dulwich

• ==>= 0.24.0, < 1.2.5

Permalink CVE-2026-48724

5.5 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): Required (R)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse ignored
  2 packages

  • graphicsmagick-imagemagick-compat
  • haskellPackages.ihp-imagemagick
  6 minutes ago
• @LeSuisse ignored
  3 maintainers

  • @rhendric
  • @faukah
  • @dotlambda
  6 minutes ago maintainer.ignore
• @LeSuisse accepted 6 minutes ago
• @LeSuisse published on GitHub 5 minutes ago

ImageMagick: Heap Buffer Underwrite in Floyd-Steinberg depth dithering

• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r x_refsource_CONFIRM

---

ImageMagick

• ==< 7.1.2-24

Permalink CVE-2026-48733

4.7 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): High (H)
• Privileges Required (PR): None (N)
• User Interaction (UI): Required (R)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): High (H)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse ignored
  2 packages

  • graphicsmagick-imagemagick-compat
  • haskellPackages.ihp-imagemagick
  7 minutes ago
• @LeSuisse ignored
  3 maintainers

  • @rhendric
  • @faukah
  • @dotlambda
  7 minutes ago maintainer.ignore
• @LeSuisse accepted 7 minutes ago
• @LeSuisse published on GitHub 5 minutes ago

ImageMagick: Infinite Loop in subimage-search with crafted image

• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m x_refsource_CONFIRM

---

ImageMagick

• ==< 6.9.13-49
• ==< 7.1.2-24

Permalink CVE-2026-49219

5.5 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): None (N)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): None (N)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse ignored
  2 packages

  • haskellPackages.ihp-imagemagick
  • graphicsmagick-imagemagick-compat
  7 minutes ago
• @LeSuisse ignored
  3 maintainers

  • @dotlambda
  • @rhendric
  • @faukah
  7 minutes ago maintainer.ignore
• @LeSuisse accepted 7 minutes ago
• @LeSuisse published on GitHub 5 minutes ago

ImageMagick: Policy Bypass can read disallowed files

• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669 x_refsource_CONFIRM

---

ImageMagick

• ==< 6.9.13-48
• ==< 7.1.2-24

Permalink CVE-2026-42563

7.7 HIGH

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): Present (P)
• Privileges Required (PR): None (N)
• User Interaction (UI): Passive (P)
• Vulnerable System Impact Confidentiality (VC): High (H)
• Vulnerable System Impact Integrity (VI): High (H)
• Vulnerable System Impact Availability (VA): High (H)
• Subsequent System Impact Confidentiality (SC): None (N)
• Subsequent System Impact Integrity (SI): None (N)
• Subsequent System Impact Availability (SA): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): Present (P)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Passive (P)
• Modified Vulnerable System Impact Confidentiality (MVC): High (H)
• Modified Vulnerable System Impact Integrity (MVI): High (H)
• Modified Vulnerable System Impact Availability (MVA): High (H)
• Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
• Modified Subsequent System Impact Integrity (MSI): Negligible (N)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)
• Exploit Maturity (E): Not Defined (X)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse accepted an hour ago
• @LeSuisse published on GitHub 5 minutes ago

Dulwich Vulnerable to Command Injection via Merge Driver Path

• https://github.com/jelmer/dulwich/security/advisories/GHSA-9277-mp7x-85jf x_refsource_CONFIRM
• https://github.com/jelmer/dulwich/commit/e3331b3b3a122fc313460182f928f59723580b7b x_refsource_MISC
• https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5 x_refsource_MISC

---

dulwich

• ==>= 0.24.0, < 1.2.5

Permalink CVE-2026-49218

7.5 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse ignored
  2 packages

  • graphicsmagick-imagemagick-compat
  • haskellPackages.ihp-imagemagick
  8 minutes ago
• @LeSuisse ignored
  3 maintainers

  • @rhendric
  • @faukah
  • @dotlambda
  8 minutes ago maintainer.ignore
• @LeSuisse accepted 8 minutes ago
• @LeSuisse published on GitHub 5 minutes ago

ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions

• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc x_refsource_CONFIRM

---

ImageMagick

• ==< 6.9.13-48
• ==< 7.1.2-24

Permalink CVE-2026-48734

5.5 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): Required (R)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse ignored
  2 packages

  • haskellPackages.ihp-imagemagick
  • graphicsmagick-imagemagick-compat
  10 minutes ago
• @LeSuisse ignored
  3 maintainers

  • @rhendric
  • @faukah
  • @dotlambda
  9 minutes ago maintainer.ignore
• @LeSuisse accepted 8 minutes ago
• @LeSuisse published on GitHub 5 minutes ago

ImageMagick: Stack Overflow in MVG decoder

• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489 x_refsource_CONFIRM

---

ImageMagick

• ==< 6.9.13-49
• ==< 7.1.2-24

Permalink CVE-2026-47734

5.7 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): Required (R)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse accepted an hour ago
• @LeSuisse published on GitHub 5 minutes ago

Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

• https://github.com/jelmer/dulwich/security/advisories/GHSA-xrvj-v92f-53gj x_refsource_CONFIRM
• https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5 x_refsource_MISC

---

dulwich

• ==>= 0.1.0, < 1.2.5

Permalink CVE-2026-52726

7.5 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 5 minutes ago by @LeSuisse Activity log

• Created suggestion 5 hours ago
• @LeSuisse accepted an hour ago
• @LeSuisse published on GitHub 5 minutes ago

Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

• https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544 x_refsource_CONFIRM
• https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5 x_refsource_MISC

---

dulwich

• ==>= 0.23.2, < 1.2.5

Permalink CVE-2026-49847

7.5 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON

• https://github.com/signalwire/freeswitch/security/advisories/GHSA-2v74-pcgh-75wg x_refsource_CONFIRM
• https://github.com/signalwire/freeswitch/releases/tag/v1.11.1 x_refsource_MISC

---

freeswitch

• ==< 1.11.1

Permalink CVE-2026-49472

5.3 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): High (H)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): High (H)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat

• https://github.com/signalwire/freeswitch/security/advisories/GHSA-4jm3-xpcm-mwwq x_refsource_CONFIRM
• https://github.com/signalwire/freeswitch/releases/tag/v1.11.0 x_refsource_MISC

---

freeswitch

• ==< 1.11.0

Permalink CVE-2026-49841

9.8 CRITICAL

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): High (H)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): High (H)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read

• https://github.com/signalwire/freeswitch/security/advisories/GHSA-wfrq-qvg2-f88f x_refsource_CONFIRM
• https://github.com/signalwire/freeswitch/releases/tag/v1.11.1 x_refsource_MISC

---

freeswitch

• ==< 1.11.1

Permalink CVE-2026-49843

5.3 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): Low (L)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): Low (L)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 4 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`

• https://github.com/signalwire/freeswitch/security/advisories/GHSA-9457-fxr9-x78m x_refsource_CONFIRM
• https://github.com/signalwire/freeswitch/releases/tag/v1.11.1 x_refsource_MISC

---

freeswitch

• ==< 1.11.1

Permalink CVE-2026-49848

4.3 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): Low (L)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): Low (L)
• Modified Availability (MA): None (N)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

• https://github.com/signalwire/freeswitch/security/advisories/GHSA-j38x-xm7f-9p2f x_refsource_CONFIRM
• https://github.com/signalwire/freeswitch/releases/tag/v1.11.1 x_refsource_MISC

---

freeswitch

• ==< 1.11.1

Permalink CVE-2026-49475

7.5 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing

• https://github.com/signalwire/freeswitch/security/advisories/GHSA-9j6h-hc95-q926 x_refsource_CONFIRM
• https://github.com/signalwire/freeswitch/releases/tag/v1.11.0 x_refsource_MISC

---

freeswitch

• ==< 1.11.0

Permalink CVE-2026-49840

9.1 CRITICAL

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): High (H)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): High (H)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing

• https://github.com/signalwire/freeswitch/security/advisories/GHSA-g597-9fgg-ghg9 x_refsource_CONFIRM
• https://github.com/signalwire/freeswitch/releases/tag/v1.11.1 x_refsource_MISC

---

freeswitch

• ==< 1.11.1

Permalink CVE-2026-49842

7.5 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

• https://github.com/signalwire/freeswitch/security/advisories/GHSA-p3gx-p2w7-wp35 x_refsource_CONFIRM
• https://github.com/signalwire/freeswitch/releases/tag/v1.11.1 x_refsource_MISC

---

freeswitch

• ==< 1.11.1

Permalink CVE-2026-49762

5.1 MEDIUM

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): None (N)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Vulnerable System Impact Confidentiality (VC): None (N)
• Vulnerable System Impact Integrity (VI): None (N)
• Vulnerable System Impact Availability (VA): Low (L)
• Subsequent System Impact Confidentiality (SC): None (N)
• Subsequent System Impact Integrity (SI): None (N)
• Subsequent System Impact Availability (SA): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): None (N)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Vulnerable System Impact Confidentiality (MVC): None (N)
• Modified Vulnerable System Impact Integrity (MVI): None (N)
• Modified Vulnerable System Impact Availability (MVA): Low (L)
• Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
• Modified Subsequent System Impact Integrity (MSI): Negligible (N)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)
• Exploit Maturity (E): Not Defined (X)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse ignored
  40 packages

  • elixir-ls
  • elixir_1_17
  • elixir_1_18
  • elixir_1_19
  • protoc-gen-elixir
  • beam27Packages.elixir
  • beam28Packages.elixir
  • beam29Packages.elixir
  • beam27Packages.elixir-ls
  • beam28Packages.elixir-ls
  • python314Packages.tree-sitter-grammars.tree-sitter-elixir
  • python313Packages.tree-sitter-grammars.tree-sitter-elixir
  • vimPlugins.nvim-treesitter-parsers.elixir
  • beamMinimal29Packages.elixir_1_20
  • beamMinimal28Packages.elixir_1_20
  • beamMinimal29Packages.elixir_1_18
  • tree-sitter-grammars.tree-sitter-elixir
  • vscode-extensions.elixir-lsp.vscode-elixir-ls
  • beamMinimal29Packages.elixir-ls
  • beamMinimal27Packages.elixir_1_17
  • beamMinimal27Packages.elixir_1_18
  • beamMinimal27Packages.elixir_1_19
  • beamMinimal27Packages.elixir_1_20
  • beamMinimal28Packages.elixir_1_18
  • beamMinimal28Packages.elixir-ls
  • beamMinimal27Packages.elixir-ls
  • beamMinimal29Packages.elixir
  • beamMinimal28Packages.elixir
  • beamMinimal27Packages.elixir
  • beam29Packages.elixir_1_20
  • beam29Packages.elixir_1_18
  • beam28Packages.elixir_1_20
  • beam28Packages.elixir_1_19
  • beam28Packages.elixir_1_18
  • beam27Packages.elixir_1_20
  • beam27Packages.elixir_1_19
  • beam27Packages.elixir_1_18
  • beam27Packages.elixir_1_17
  • beam29Packages.elixir-ls
  • beamMinimal28Packages.elixir_1_19
  20 hours ago
• @LeSuisse restored
  3 packages

  • elixir_1_17
  • elixir_1_18
  • elixir_1_19
  20 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

• https://github.com/elixir-lang/elixir/security/advisories/GHSA-w2h8-8x3g-278p relatedvendor-advisory
• https://cna.erlef.org/cves/CVE-2026-49762.html related
• https://osv.dev/vulnerability/EEF-CVE-2026-49762 related
• https://github.com/elixir-lang/elixir/commit/c64417d72fd5c7d09e963ca3ac5fa2b140… patch

---

elixir-lang/elixir

• <c64417d72fd5c7d09e963ca3ac5fa2b140978d9e
• <1.20.1

Permalink CVE-2009-10007

9.1 CRITICAL

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): High (H)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): None (N)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

• https://metacpan.org/release/ETHER/Catalyst-Plugin-Authentication-0.10_027/chan… release-notes
• https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b1385ea8… patch
• https://metacpan.org/pod/Catalyst::Plugin::Session#change_session_id
• https://metacpan.org/pod/Plack::Middleware::Session#change_id
• http://www.openwall.com/lists/oss-security/2026/06/09/10

---

Catalyst-Plugin-Authentication

• <0.10_027

Permalink CVE-2026-50636

8.7 HIGH

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): None (N)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Vulnerable System Impact Confidentiality (VC): High (H)
• Vulnerable System Impact Integrity (VI): High (H)
• Vulnerable System Impact Availability (VA): High (H)
• Subsequent System Impact Confidentiality (SC): None (N)
• Subsequent System Impact Integrity (SI): None (N)
• Subsequent System Impact Availability (SA): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): None (N)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Vulnerable System Impact Confidentiality (MVC): High (H)
• Modified Vulnerable System Impact Integrity (MVI): High (H)
• Modified Vulnerable System Impact Availability (MVA): High (H)
• Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
• Modified Subsequent System Impact Integrity (MSI): Negligible (N)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)
• Exploit Maturity (E): Not Defined (X)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse ignored reference Official … 20 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

• GitHub Pull Request 5031 patch
• VulnCheck Advisory: LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection third-party-advisory

Ignored references (1)

• Official Product Homepage product

---

LimeSurvey

• =<7.0

Permalink CVE-2026-50635

8.7 HIGH

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): None (N)
• Privileges Required (PR): None (N)
• User Interaction (UI): Passive (P)
• Vulnerable System Impact Confidentiality (VC): High (H)
• Vulnerable System Impact Integrity (VI): High (H)
• Vulnerable System Impact Availability (VA): High (H)
• Subsequent System Impact Confidentiality (SC): None (N)
• Subsequent System Impact Integrity (SI): None (N)
• Subsequent System Impact Availability (SA): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): None (N)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Passive (P)
• Modified Vulnerable System Impact Confidentiality (MVC): High (H)
• Modified Vulnerable System Impact Integrity (MVI): High (H)
• Modified Vulnerable System Impact Availability (MVA): High (H)
• Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
• Modified Subsequent System Impact Integrity (MSI): Negligible (N)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)
• Exploit Maturity (E): Not Defined (X)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse ignored reference Official … 20 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

LimeSurvey Password Reset Host Header Injection Discloses Reset Token

• GitHub Pull Request 5032 patch
• VulnCheck Advisory: LimeSurvey Password Reset Host Header Injection Discloses Reset Token third-party-advisory

Ignored references (1)

• Official Product Homepage product

---

LimeSurvey

• =<7.0

Permalink CVE-2026-11572

7.4 HIGH

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): None (N)
• Privileges Required (PR): None (N)
• User Interaction (UI): Passive (P)
• Vulnerable System Impact Confidentiality (VC): High (H)
• Vulnerable System Impact Integrity (VI): High (H)
• Vulnerable System Impact Availability (VA): High (H)
• Subsequent System Impact Confidentiality (SC): None (N)
• Subsequent System Impact Integrity (SI): None (N)
• Subsequent System Impact Availability (SA): None (N)
• Exploit Maturity (E): POC (P)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): None (N)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Passive (P)
• Modified Vulnerable System Impact Confidentiality (MVC): High (H)
• Modified Vulnerable System Impact Integrity (MVI): High (H)
• Modified Vulnerable System Impact Availability (MVA): High (H)
• Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
• Modified Subsequent System Impact Integrity (MSI): Negligible (N)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

Versions of the package degit before 2.8.6, from 3.0.0 and …

• https://security.snyk.io/vuln/SNYK-JS-DEGIT-17116207
• https://gist.github.com/badp3te/cf22a939eedbd3d8ade9123827d61639 exploit
• https://github.com/Rich-Harris/degit/commit/d55bfd7cea79c0b387f69ec8477b6c34abf…
• https://github.com/Rich-Harris/degit/commit/4ac99e4a4c3f53ca3b5c997bcd7542742ad…

---

degit

• <3.3.1
• <2.8.6

Permalink CVE-2026-9279

8.7 HIGH

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): Present (P)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Vulnerable System Impact Confidentiality (VC): High (H)
• Vulnerable System Impact Integrity (VI): High (H)
• Vulnerable System Impact Availability (VA): None (N)
• Subsequent System Impact Confidentiality (SC): High (H)
• Subsequent System Impact Integrity (SI): High (H)
• Subsequent System Impact Availability (SA): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): Present (P)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Vulnerable System Impact Confidentiality (MVC): High (H)
• Modified Vulnerable System Impact Integrity (MVI): High (H)
• Modified Vulnerable System Impact Availability (MVA): None (N)
• Modified Subsequent System Impact Confidentiality (MSC): High (H)
• Modified Subsequent System Impact Integrity (MSI): High (H)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)
• Exploit Maturity (E): Not Defined (X)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse ignored reference https://l… 20 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

Shell command injection in Logseq

• https://cert.pl/en/posts/2026/06/CVE-2026-9279/ third-party-advisory

Ignored references (1)

• https://logseq.com/ product

---

logseq

• =<0.10.15

Permalink CVE-2026-47899

8.7 HIGH

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): Present (P)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Vulnerable System Impact Confidentiality (VC): High (H)
• Vulnerable System Impact Integrity (VI): High (H)
• Vulnerable System Impact Availability (VA): None (N)
• Subsequent System Impact Confidentiality (SC): High (H)
• Subsequent System Impact Integrity (SI): High (H)
• Subsequent System Impact Availability (SA): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): Present (P)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Vulnerable System Impact Confidentiality (MVC): High (H)
• Modified Vulnerable System Impact Integrity (MVI): High (H)
• Modified Vulnerable System Impact Availability (MVA): None (N)
• Modified Subsequent System Impact Confidentiality (MSC): High (H)
• Modified Subsequent System Impact Integrity (MSI): High (H)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)
• Exploit Maturity (E): Not Defined (X)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse ignored reference https://l… 20 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

Arbitrary File Read, Write, Rename, and Delete in Logseq

• https://cert.pl/en/posts/2026/06/CVE-2026-9279/ third-party-advisory

Ignored references (1)

• https://logseq.com/ product

---

logseq

• =<0.10.15

Permalink CVE-2026-47901

4.6 MEDIUM

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): None (N)
• Privileges Required (PR): None (N)
• User Interaction (UI): Active (A)
• Vulnerable System Impact Confidentiality (VC): Low (L)
• Vulnerable System Impact Integrity (VI): Low (L)
• Vulnerable System Impact Availability (VA): None (N)
• Subsequent System Impact Confidentiality (SC): None (N)
• Subsequent System Impact Integrity (SI): None (N)
• Subsequent System Impact Availability (SA): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): None (N)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Active (A)
• Modified Vulnerable System Impact Confidentiality (MVC): Low (L)
• Modified Vulnerable System Impact Integrity (MVI): Low (L)
• Modified Vulnerable System Impact Availability (MVA): None (N)
• Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
• Modified Subsequent System Impact Integrity (MSI): Negligible (N)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)
• Exploit Maturity (E): Not Defined (X)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse ignored reference https://l… 20 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

Iframe escape by plugins in Logseq

• https://cert.pl/en/posts/2026/06/CVE-2026-9279/ third-party-advisory

Ignored references (1)

• https://logseq.com/ product

---

logseq

• =<0.10.15

Permalink CVE-2026-47900

4.6 MEDIUM

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): None (N)
• Privileges Required (PR): None (N)
• User Interaction (UI): Active (A)
• Vulnerable System Impact Confidentiality (VC): Low (L)
• Vulnerable System Impact Integrity (VI): Low (L)
• Vulnerable System Impact Availability (VA): None (N)
• Subsequent System Impact Confidentiality (SC): None (N)
• Subsequent System Impact Integrity (SI): None (N)
• Subsequent System Impact Availability (SA): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): None (N)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Active (A)
• Modified Vulnerable System Impact Confidentiality (MVC): Low (L)
• Modified Vulnerable System Impact Integrity (MVI): Low (L)
• Modified Vulnerable System Impact Availability (MVA): None (N)
• Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
• Modified Subsequent System Impact Integrity (MSI): Negligible (N)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)
• Exploit Maturity (E): Not Defined (X)

updated 20 hours ago by @LeSuisse Activity log

• Created suggestion 1 day, 5 hours ago
• @LeSuisse ignored reference https://l… 20 hours ago
• @LeSuisse accepted 20 hours ago
• @LeSuisse published on GitHub 20 hours ago

Stored XSS via Unsanitized Plugin Metadata in Logseq

• https://cert.pl/en/posts/2026/06/CVE-2026-9279/ third-party-advisory

Ignored references (1)

• https://logseq.com/ product

---

logseq

• =<0.10.15

Permalink CVE-2026-11611

6.5 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 2 days ago by @LeSuisse Activity log

• Created suggestion 2 days, 5 hours ago
• @LeSuisse ignored reference https://r… 2 days ago
• @LeSuisse accepted 2 days ago
• @LeSuisse published on GitHub 2 days ago

389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

• https://access.redhat.com/security/cve/CVE-2026-11611 vdb-entryx_refsource_REDHAT
• RHBZ#2485424 issue-trackingx_refsource_REDHAT

Ignored references (1)

• https://redhat.atlassian.net/browse/PSIRTSUPT-7600

---

389-ds-base

redhat-ds:11/389-ds-base

redhat-ds:12/389-ds-base

Permalink CVE-2026-41448

9.2 CRITICAL

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): Present (P)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Vulnerable System Impact Confidentiality (VC): High (H)
• Vulnerable System Impact Integrity (VI): High (H)
• Vulnerable System Impact Availability (VA): Low (L)
• Subsequent System Impact Confidentiality (SC): None (N)
• Subsequent System Impact Integrity (SI): None (N)
• Subsequent System Impact Availability (SA): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): Present (P)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Vulnerable System Impact Confidentiality (MVC): High (H)
• Modified Vulnerable System Impact Integrity (MVI): High (H)
• Modified Vulnerable System Impact Availability (MVA): Low (L)
• Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
• Modified Subsequent System Impact Integrity (MSI): Negligible (N)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)
• Exploit Maturity (E): Not Defined (X)

updated 2 days ago by @LeSuisse Activity log

• Created suggestion 2 days, 5 hours ago
• @LeSuisse ignored
  2 packages

  • python313Packages.adguardhome
  • python314Packages.adguardhome
  2 days ago
• @LeSuisse accepted 2 days ago
• @LeSuisse published on GitHub 2 days ago

AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie

• https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.77 release-notes
• https://www.vulncheck.com/advisories/adguard-home-authentication-bypass-via-pat… third-party-advisory

---

AdGuardHome

• <0.107.77

Permalink CVE-2026-11487

1.9 LOW

• CVSS version (CVSS): 4.0
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Attack Requirement (AT): None (N)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Vulnerable System Impact Confidentiality (VC): Low (L)
• Vulnerable System Impact Integrity (VI): Low (L)
• Vulnerable System Impact Availability (VA): Low (L)
• Subsequent System Impact Confidentiality (SC): None (N)
• Subsequent System Impact Integrity (SI): None (N)
• Subsequent System Impact Availability (SA): None (N)
• Exploit Maturity (E): POC (P)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Attack Requirement (MAT): None (N)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Vulnerable System Impact Confidentiality (MVC): Low (L)
• Modified Vulnerable System Impact Integrity (MVI): Low (L)
• Modified Vulnerable System Impact Availability (MVA): Low (L)
• Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
• Modified Subsequent System Impact Integrity (MSI): Negligible (N)
• Modified Subsequent System Impact Availability (MSA): Negligible (N)
• Safety (S): Not Defined (X)
• Automatable (AU): Not Defined (X)
• Recovery (R): Not Defined (X)
• Value Density (V): Not Defined (X)
• Vulnerability Response Effort (RE): Not Defined (X)
• Provider Urgency (U): Not Defined (X)
• Confidentiality Req. (CR): Not Defined (X)
• Integrity Req. (IR): Not Defined (X)
• Availability Req. (AR): Not Defined (X)

updated 2 days ago by @LeSuisse Activity log

• Created suggestion 2 days, 5 hours ago
• @LeSuisse ignored
  4 references

  • https://github.com/neovim/neovim/
  • CVE-2026-11487 | CVE Analysis and Report
  • VDB-369107 | CTI Indicators (IOB, IOC, …
  • Submit #834495 | Neovim Neovim <= 0.12…
  2 days ago
• @LeSuisse ignored
  9 packages

  • libvterm-neovim
  • neovim-remote
  • neovim-gtk
  • neovim-qt
  • neovim-qt-unwrapped
  • perlPackages.NeovimExt
  • perl5Packages.NeovimExt
  • vimPlugins.LanguageClient-neovim
  • vscode-extensions.asvetliakov.vscode-neovim
  2 days ago
• @LeSuisse accepted 2 days ago
• @LeSuisse published on GitHub 2 days ago

Neovim View Branch secure.lua M.read command injection

• VDB-369107 | Neovim View Branch secure.lua M.read command injection vdb-entrytechnical-description
• https://github.com/neovim/neovim/issues/39914 issue-trackingexploit
• https://github.com/neovim/neovim/pull/39918 issue-trackingpatch
• https://github.com/neovim/neovim/commit/f83e0dcaf8cf18de94828341b0a1a61a86c75baf patch

Ignored references (4)

• https://github.com/neovim/neovim/ product
• CVE-2026-11487 | CVE Analysis and Report third-party-advisory
• VDB-369107 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
• Submit #834495 | Neovim Neovim <= 0.12.2 command injection third-party-advisory

---

Neovim

• ==0.12.0
• ==0.12.1
• ==0.12.2