vLLM – Authentication Bypass via Host Header Manipulation (CVE-2026-48746)

Scope: vLLM AI Inference Deployments, All Vulnerable Versions

Severity: High

Read More

n8n – Credential Vault Exfiltration via Endpoint Abuse (CVE-2026-56348)

Scope: n8n Workflow Automation Platform, All Vulnerable Versions

Severity: High

Read More

Claude Code – Indirect Prompt Injection and WebFetch Data Exfiltration (CVE-2026-54316)

Scope: Anthropic Claude Code Developer Tool, All Vulnerable Versions

Severity: High

Read More

CPython configparser – Configuration Injection via Carriage Return (CVE-2026-0864)

Scope: CPython, All Versions Prior to 3.15.0

Severity: Medium

Read More

ManageEngine Products – Predictable SSO Ticket Generation / Account Takeover (CVE-2026-11374)

Scope: ADSelfService Plus (prior to build 6529), RecoveryManager Plus (prior to 6321), M365 Manager Plus (prior to 4817), and ADAudit Plus (prior to 8703)

Read More

Contest Gallery WordPress Plugin Authenticated Privilege Escalation to Administrator (CVE-2026-12165)

Scope: Contest Gallery WordPress Plugin Versions 0 through 30.0.2

Severity: High

Read More