NVD disclosure day
CVE-2026-32625
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An authenticated user can exploit a vulnerability in LibreChat's server integration to expose sensitive credentials. This could lead to a compromise of cryptographic materials and database access for the affected organization. The risk involves unauthorized access to critical business data.
CVE-2026-49448
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
Organizations using the authentik identity provider face a bypass vulnerability in the Source stage. This could allow unauthorized access to systems and data, creating business risk. The issue is addressed in updated versions.
CVE-2026-42849
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An authentik identity provider vulnerability could allow cross-site scripting (XSS) attacks, potentially impacting organizations by compromising user data and unauthorized access. The issue has been addressed in recent software versions.
CVE-2026-5076
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
The ARMember Premium WordPress plugin has a password reset flaw, allowing attackers to take over user accounts by accessing plaintext reset keys. This could lead to unauthorized access and disruption for affected organizations.