Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-nginx-2026-42945 | NGINX ngx_http_rewrite_module vulnerability | 2026-05-15T08:50:08.298Z | 2026-05-22T09:16:34.647Z |
| bit-memcached-2026-47784 | 2026-05-22T08:47:49.029Z | 2026-05-22T09:16:34.647Z | |
| bit-memcached-2026-47783 | 2026-05-22T08:47:47.555Z | 2026-05-22T09:16:34.647Z | |
| bit-jupyterlab-2026-42266 | JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request. | 2026-05-15T08:42:28.664Z | 2026-05-22T09:16:34.647Z |
| bit-rclone-2026-41179 | RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution | 2026-04-24T08:51:09.638Z | 2026-05-21T09:12:24.336Z |
| bit-drupal-2026-6367 | Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003 | 2026-05-21T08:39:58.541Z | 2026-05-21T09:12:24.336Z |
| bit-drupal-2026-6366 | Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002 | 2026-05-21T08:39:56.806Z | 2026-05-21T09:12:24.336Z |
| bit-drupal-2026-6365 | Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001 | 2026-05-21T08:39:55.313Z | 2026-05-21T09:12:24.336Z |
| bit-python-2026-6100 | Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure | 2026-04-16T23:50:36.926Z | 2026-05-20T16:54:12.697Z |
| bit-python-2026-6019 | BaseCookie.js_output() does not neutralize embedded characters | 2026-04-24T16:10:57.623Z | 2026-05-20T16:54:12.697Z |
| bit-python-2026-4786 | Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() | 2026-04-16T23:50:33.477Z | 2026-05-20T16:54:12.697Z |
| bit-python-2026-3298 | Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes | 2026-04-23T08:52:48.858Z | 2026-05-20T16:54:12.697Z |
| bit-python-2026-3087 | shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs | 2026-04-29T11:50:21.474Z | 2026-05-20T16:54:12.697Z |
| bit-python-2026-1502 | HTTP client proxy tunnel headers not validated for CR/LF | 2026-04-16T23:50:28.207Z | 2026-05-20T16:54:12.697Z |
| bit-libpython-2026-6100 | Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure | 2026-04-16T23:43:14.482Z | 2026-05-20T16:54:12.697Z |
| bit-libpython-2026-6019 | BaseCookie.js_output() does not neutralize embedded characters | 2026-04-24T16:04:44.111Z | 2026-05-20T16:54:12.697Z |
| bit-libpython-2026-4786 | Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() | 2026-04-16T23:43:11.016Z | 2026-05-20T16:54:12.697Z |
| bit-libpython-2026-3087 | shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs | 2026-04-29T11:42:50.850Z | 2026-05-20T16:54:12.697Z |
| bit-libpython-2026-1502 | HTTP client proxy tunnel headers not validated for CR/LF | 2026-04-16T23:43:06.028Z | 2026-05-20T16:54:12.697Z |
| bit-python-2026-8328 | FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address | 2026-05-20T12:04:45.838Z | 2026-05-20T12:26:38.146Z |
| bit-python-2026-4224 | Stack overflow parsing XML with deeply nested DTD content models | 2026-05-20T12:04:32.997Z | 2026-05-20T12:26:38.146Z |
| bit-libpython-2026-8328 | FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address | 2026-05-20T11:55:24.298Z | 2026-05-20T12:26:38.146Z |
| bit-libpython-2026-4224 | Stack overflow parsing XML with deeply nested DTD content models | 2026-05-20T11:55:08.191Z | 2026-05-20T12:26:38.146Z |
| bit-gdal-2026-8213 | OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow | 2026-05-20T11:48:27.961Z | 2026-05-20T12:26:38.146Z |
| bit-gdal-2026-8212 | OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow | 2026-05-20T11:48:25.675Z | 2026-05-20T12:26:38.146Z |
| bit-discourse-2026-32244 | Discourse: Cached outdated summaries can leak removed content | 2026-05-20T11:55:56.888Z | 2026-05-20T12:26:38.146Z |
| bit-postgresql-2026-6638 | PostgreSQL REFRESH PUBLICATION allows SQL injection via table name | 2026-05-18T05:53:12.118Z | 2026-05-19T09:16:23.954Z |
| bit-mongodb-2026-8336 | Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands | 2026-05-19T08:53:52.401Z | 2026-05-19T09:16:23.954Z |
| bit-mongodb-2026-8202 | Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators | 2026-05-19T08:53:50.955Z | 2026-05-19T09:16:23.954Z |
| bit-mongodb-2026-8200 | Schema validation log messages may not redact user data | 2026-05-19T08:53:47.596Z | 2026-05-19T09:16:23.954Z |