CVE

CVE-2026-7788 A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/c… cve.org/CVERecord?id=C…

CVE-2026-44028 An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when th… cve.org/CVERecord?id=C…

CVE-2026-44029 An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory tra… cve.org/CVERecord?id=C…

CVE-2026-7783 A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/Abst… cve.org/CVERecord?id=C…

CVE-2026-7784 A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component… cve.org/CVERecord?id=C…

CVE-2026-7780 A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the compone… cve.org/CVERecord?id=C…

CVE-2026-7791 Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local n… cve.org/CVERecord?id=C…

CVE-2026-7781 A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/… cve.org/CVERecord?id=C…

CVE-2026-7782 A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the com… cve.org/CVERecord?id=C…

CVE-2026-7776 Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attack… cve.org/CVERecord?id=C…

CVE-2026-41923 WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote at… cve.org/CVERecord?id=C…

CVE-2026-41924 WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote… cve.org/CVERecord?id=C…

CVE-2026-7768 @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated cli… cve.org/CVERecord?id=C…

CVE-2026-41925 WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that allows unauthe… cve.org/CVERecord?id=C…

CVE-2026-41926 WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that app… cve.org/CVERecord?id=C…

CVE-2026-41927 WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allo… cve.org/CVERecord?id=C…

CVE-2026-6321 fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was tr… cve.org/CVERecord?id=C…

CVE-2026-42220 Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configurati… cve.org/CVERecord?id=C…

CVE-2026-42221 Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial admin… cve.org/CVERecord?id=C…

CVE-2026-42222 Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation … cve.org/CVERecord?id=C…