Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

npm/flattedflatted: Prototype Pollution via parse()

Risk 61
Severity
8.9
EPSS
0.03%
First published (updated )
CVE-2026-33228

npm/undiciundici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation

Risk 43
Severity
7.5
First published (updated )
CVE-2026-2229

npm/undiciundici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1528

npm/undiciundici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1526

npm/minimatchminimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Risk 33
Severity
8.7
EPSS
0.05%
First published (updated )
CVE-2026-26996
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/tarnode-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction

Risk 38
Severity
7.1
EPSS
0.01%
First published (updated )
CVE-2026-26960

Apache TomcatApache Tomcat Native, Apache Tomcat: OCSP revocation bypass

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2026-24734

pip/pillowPillow has an out-of-bounds write when loading PSD images

Risk 61
Severity
8.9
EPSS
0.02%
First published (updated )
CVE-2026-25990

pip/cryptographycryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Risk 33
Severity
8.2
EPSS
0.01%
First published (updated )
CVE-2026-26007

Axios Axios Node.jsAxios affected by Denial of Service via __proto__ Key in mergeConfig

Risk 31
Severity
7.5
EPSS
0.03%
First published (updated )
CVE-2026-25639
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

IBM WebSphere Application Server LibertyIBM WebSphere Application Server Liberty Path Traversal

Risk 60
Severity
7.6
First published (updated )
CVE-2025-14914

npm/fast-xml-parserfast-xml-parser has RangeError DoS Numeric Entities Bug

Risk 31
Severity
7.5
EPSS
0.03%
First published (updated )
CVE-2026-25128

npm/node-tarnode-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

Risk 38
Severity
8.2
EPSS
0.01%
First published (updated )
CVE-2026-24842

pip/python-multipartPython-Multipart has Arbitrary File Write via Non-Default Configuration

Risk 65
Severity
8.6
Exploited
EPSS
0.02%
First published (updated )
CVE-2026-24486

maven/org.assertj:assertj-coreAssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

Risk 47
Severity
8.2
EPSS
0.01%
First published (updated )
CVE-2026-24400
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pypi/protobufDenial of Service in Python Protobuf

Risk 43
Severity
8.2
First published (updated )
CVE-2026-0994

npm/node-tarnode-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

Risk 46
Severity
8.8
EPSS
0.01%
First published (updated )
CVE-2026-23950

npm/tarnode-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

Risk 36
Severity
8.2
EPSS
0.01%
First published (updated )
CVE-2026-23745

Oracle JDKJava SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue th…

Risk 31
Severity
7.5
EPSS
0.05%
First published (updated )
CVE-2026-21945

Oracle JDKDesktop.browse() will run a program if the URI is a filename while the documentation says that the d…

Risk 30
Severity
7.4
EPSS
0.03%
First published (updated )
CVE-2026-21932
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/@remix-run/routerReact Router vulnerable to XSS via Open Redirects

Risk 43
Severity
8
EPSS
0.01%
First published (updated )
CVE-2026-22029

npm/@remix-run/reactReact Router SSR XSS in ScrollRestoration

Risk 38
Severity
8.2
EPSS
0.01%
First published (updated )
CVE-2026-21884

pip/urllib3urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

Risk 33
Severity
8.9
EPSS
0.02%
First published (updated )
CVE-2026-21441

npm/qsarrayLimit bypass in bracket notation allows DoS via memory exhaustion

Risk 47
Severity
8.7
First published (updated )
CVE-2025-15284

Hugging Face Transformers(0Day) Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability

Risk 68
Severity
7.8
First published (updated )
CVE-2025-14930
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pypi/transformers(0Day) Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability

Risk 68
Severity
7.8
First published (updated )
CVE-2025-14928

pypi/transformers(0Day) Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability

Risk 68
Severity
7.8
First published (updated )
CVE-2025-14924

pypi/transformers(0Day) Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability

Risk 68
Severity
7.8
First published (updated )
CVE-2025-14929

pypi/urllib3urllib3 Streaming API improperly handles highly compressed data

Risk 50
Severity
8.9
First published (updated )
CVE-2025-66471

pypi/urllib3urllib3 allows an unbounded number of links in the decompression chain

Risk 50
Severity
8.9
First published (updated )
CVE-2025-66418
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203