NVD disclosure day
CVE-2026-44649
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
A vulnerability in SillyTavern's single sign-on configuration could allow unauthorized users to impersonate any user, including administrators, without a password. This affects organizations using specific, optional SSO features. The business risk involves potential unauthorized access and control of the application.
CVE-2026-45661
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in Dokploy allows authenticated users to write arbitrary files to remote servers, leading to code execution and potential server compromise. This impacts organizations by risking data exfiltration and persistent backdoor installations. The business risk involves unauthorized access and operational disru
CVE-2026-45632
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Dokploy contains a flaw where its schedule router fails to enforce organization and role checks, allowing authenticated users to manipulate schedules outside their own organization. This can lead to unauthorized script execution on servers, enabling remote code execution and posing a significant business risk.
CVE-2026-45629
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An authenticated command injection vulnerability in Dokploy allows execution of arbitrary commands on remote servers, leading to full server compromise. This impacts organizations by potentially exposing systems to unauthorized access and disruption.
CVE-2026-45663
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A command injection vulnerability in Dokploy's file upload functionality allows authenticated users to execute arbitrary operating system commands on the host. This impacts affected organizations by posing risks to systems, data, and services. The realistic business risk includes unauthorized control over the host envi
CVE-2026-45312
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in RAGFlow's prompt generator allows authenticated users to execute OS commands, potentially impacting system integrity and data. The risk involves unauthorized access and data compromise. Affected organizations should prioritize risk mitigation.
CVE-2026-45043
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in RustFS, a distributed object storage system, allows a user with specific privileges to escalate their access to full administrative control. This could impact organizations by enabling unauthorized access to and manipulation of stored data. The realistic business risk involves potential data breaches
CVE-2026-49199
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical vulnerability in network-connected devices allows for root-level command injection through crafted network messages. This could enable unauthorized code execution and complete device compromise if reachable over a network. Understanding the reachability and criticality of affected devices is essential.