| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can embed ESC+backslash sequences in the current working directory or branch URL to execute malicious ANSI codes including text color changes, forged prompts, and OSC 52 clipboard writes, or trigger outbound HTTP requests to attacker-controlled remotes when hyperlinks are clicked. |
| In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py` creates directories with group-writable permissions (0o770). These insecure permissions allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects, and achieve arbitrary code execution when the tampered artifacts are deserialized via `cloudpickle.load()`. This vulnerability is particularly critical in environments with shared NFS mounts, such as Databricks, where NFS is enabled by default. The issue is a continuation of the vulnerability class addressed in CVE-2025-10279, which was only partially fixed. |
| FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadata, which included GPS coordinates, device information, timestamps, embedded comments/notes, thumbnail previews, and other personally identifiable information (PII) preserved in the image metadata. Of all FacturaScripts' image upload features, only the Library module combined unrestricted uploads, persistent storage, authenticated download access, and a total lack of server-side metadata sanitization. This vulnerability carries significant real-world impact: an employee uploading a photo taken at their home inadvertently discloses their precise home address to every user with Library download access. This issue has been fixed in version 2026. |
| Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create a global profile despite not having manage_global_profile_threshold, by tampering with the user_id parameter in a valid profile creation request. This issue has been fixed in version 2.28.2. |
| A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. |
| Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections.
The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.
Note that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names. |
| NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions.
This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9. |
| in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. |
| in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. |
| in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. |
| in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. |
| in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. |
| in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak. |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key (generated in OWUI) and the Chat ID of another user to continue the conversation of the other user. This vulnerability is fixed in 0.9.0. |
| in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. |
| in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filter_allowed_access_grants on either create or update paths. A non-admin user who can create group channels (or who owns a channel) can submit arbitrary access grants — including public wildcard grants — and those grants are stored verbatim, bypassing the admin's permission framework. This vulnerability is fixed in 0.9.0. |
| in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution. |
| in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. |
| NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation.
This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9. |
