NVD disclosure day

Published threat advisories for June 30, 2026

CVE advisoryCRITICAL

CVE-2026-56700

Grav CMS Unsafe Deserialization and Command Injection Vulnerabilities.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Grav CMS has critical code-execution vulnerabilities due to unsafe deserialization and command injection flaws, allowing attackers to run arbitrary code. These issues can be triggered through crafted input or during plugin/theme installation, potentially compromising the server.

CVE advisoryCRITICAL

CVE-2026-56413

Storage Concentrator Command Injection allows Root Execution

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A command injection vulnerability exists in the Storage Concentrator's `ms_service.pl` service. Unauthenticated remote attackers can exploit this by sending a crafted network packet to execute arbitrary commands with root privileges, potentially impacting system integrity and availability.

CVE advisoryCRITICAL

CVE-2026-56278

Flowise Session Hijacking Via Weak Default Secret

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A security flaw exists in Flowise where a weak, hardcoded default secret for session management can be exploited. If this default secret is not changed, an attacker can forge session cookies to bypass authentication and impersonate users, potentially leading to unauthorized access. It is uncertain if sensitive data is

CVE advisoryCRITICAL

CVE-2026-56264

Crawl4AI Arbitrary JavaScript Execution and SSRF Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Crawl4AI's Docker API server contains an arbitrary JavaScript execution vulnerability in the `/execute_js` endpoint. If reachable, an attacker could execute JavaScript with relaxed security settings, potentially enabling server-side request forgery against internal services. It is uncertain if this technology is in use

CVE advisoryCRITICAL

CVE-2026-55721

Storage Concentrator SQL Injection via Cookie Values

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical SQL injection vulnerability exists in Storage Concentrator products, specifically within the login.pl and debug.pl scripts. Unauthenticated remote attackers can exploit this by sending specially crafted cookie values, allowing them to manipulate database queries and potentially extract sensitive information

CVE advisoryCRITICAL

CVE-2026-14152

ANGLE Out of Bounds Read Write in Chrome Allows Sandbox Escape

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in ANGLE, a component of Google Chrome, allows for an out-of-bounds read and write. If reachable, an attacker who has compromised the renderer process could exploit this via a crafted HTML page, potentially leading to a sandbox escape. This issue is relevant if user-facing Chrome deployments are present

CVE advisoryCRITICAL

CVE-2026-14121

Chromium Chromoting Use After Free Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability in Google Chrome's Chromoting feature on Linux allows remote code execution via malicious network traffic. While the Chromium security severity is low, a critical CVSS score indicates a significant risk if this feature is reachable, potentially leading to system compromise.

CVE advisoryCRITICAL

CVE-2026-14120

Google Chrome DevTools Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Google Chrome's DevTools could allow a compromised renderer process to escape the browser sandbox via a crafted HTML page. The specific impact and exploitability are uncertain, but it highlights a potential avenue for further system compromise if the affected component is reachable.

CVE advisoryCRITICAL

CVE-2026-14113

Google Chrome Updater Use After Free Vulnerability Allows Sandbox Escape

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability in Google Chrome's Updater on Windows could allow a sandbox escape. This requires an attacker to have already compromised the browser's renderer process and then present a specially crafted HTML page. The Chromium security team rates the severity as low.

CVE advisoryCRITICAL

CVE-2026-14106

Google Chrome for Android Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

Google Chrome on Android has a vulnerability where insufficient input validation could allow a compromised renderer process to escape the browser sandbox. This is triggered by visiting a crafted HTML page, potentially impacting system data and service behavior. The exact risk depends on how the technology is used and a

CVE advisoryMEDIUM

CVE-2026-14105

Google Chrome Same Origin Policy Bypass Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Google Chrome's Speech component could allow a remote attacker to bypass the same-origin policy via a crafted HTML page. This might enable unauthorized access to sensitive information or manipulation of web services within a user's browser. The risk is considered low due to the requirement for a user

CVE advisoryCRITICAL

CVE-2026-14104

Google Chrome Sandbox Escape via Malicious HTML Page

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

Google Chrome has a vulnerability in WebAppInstalls that may allow remote attackers to execute arbitrary code via a crafted HTML page. While the flaw could allow code execution inside the browser's sandbox, exploitation requires user interaction, making the risk to the organization very unlikely.

CVE advisoryCRITICAL

CVE-2026-14097

Chrome Sandbox Escape Vulnerability on macOS

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in Google Chrome on Mac allows a remote attacker who has compromised the renderer process to potentially escape the browser's sandbox by luring a user to a crafted HTML page. This could lead to unauthorized access to system resources. The Chromium security severity is rated as Low.

CVE advisoryCRITICAL

CVE-2026-14095

Chrome Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A security flaw in Chrome allows a remote attacker who has compromised the renderer process to potentially escape the browser's sandbox via a crafted HTML page. This could impact system integrity and confidentiality when a user visits such a page. Identifying Chrome installations and assessing their reachability is imp

CVE advisoryCRITICAL

CVE-2026-14093

Chrome Cast Use After Free Vulnerability Allows Sandbox Escape

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability in Chrome's Cast feature could allow an attacker who has compromised the renderer process to escape the browser sandbox via a crafted HTML page. While the severity is rated low, this could potentially impact system integrity if a user visits a malicious site.

CVE advisoryHIGH

CVE-2026-14090

ChromeOS CameraCapture Memory Read Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability exists in ChromeOS's CameraCapture component, allowing remote attackers to read out-of-bounds memory via a crafted HTML page. This could potentially expose sensitive information related to camera functionality. While the Chromium project rates this as low severity, its presence in a widely used browser

CVE advisoryCRITICAL

CVE-2026-14056

Chrome Media Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

Google Chrome's media component has a vulnerability that may allow a remote attacker who has compromised the renderer process to escape the sandbox using a crafted video file. This issue has a low security severity rating and is unlikely to be exploited in typical enterprise environments due to the specific conditions

CVE advisoryCRITICAL

CVE-2026-14044

ANGLE Use After Free Vulnerability in Chrome Allows Sandbox Escape

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability exists in ANGLE, a component within Google Chrome. If reachable, an attacker who has already compromised the renderer process could exploit this flaw via a crafted HTML page to potentially escape the browser's sandbox. This issue is relevant because sandbox escapes can escalate an attacke

CVE advisoryCRITICAL

CVE-2026-14038

Chrome New Tab Page Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability exists in Google Chrome's New Tab Page that, if an attacker has already compromised the renderer process, could allow a sandbox escape via a crafted HTML page. This could potentially lead to unauthorized access or manipulation, and its relevance requires confirmation.

CVE advisoryCRITICAL

CVE-2026-13934

Chrome for Android Dawn Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Google Chrome on Android allows a compromised renderer process to potentially escape the browser's sandbox via a crafted HTML page. This could enable unauthorized access to system resources. The primary concern is confirming if organizational Android Chrome usage is exposed to this risk.

CVE advisoryCRITICAL

CVE-2026-13920

Google Chrome Media Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Google Chrome's media handling allows a remote attacker to escape the browser's sandbox via a crafted HTML page. This could potentially lead to broader system compromise by breaking out of the restricted environment. The exploit requires user interaction and a compromised renderer process.

CVE advisoryCRITICAL

CVE-2026-13909

Google Chrome DevTools Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Chrome's DevTools may allow an attacker who has already compromised the renderer process to escape the browser sandbox. This could enable elevated privileges on the user's system, though it requires a prior compromise. While the immediate risk is low, understanding potential browser security exposure

CVE advisoryCRITICAL

CVE-2026-13901

Chrome Serial Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Google Chrome's Serial component allows a compromised renderer process to potentially escape the browser sandbox via a malicious HTML page. This could affect data or behavior within the renderer process if reachable and relevant. Further analysis is needed to confirm environmental relevance and poten

CVE advisoryCRITICAL

CVE-2026-13878

Google Chrome Bluetooth Use After Free Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability in Google Chrome's Bluetooth component on Mac could allow a remote attacker to escape the browser's sandbox via a crafted HTML page. This requires the attacker to have already compromised the renderer process. The Chromium security team assessed this vulnerability's severity as Medium.

CVE advisoryCRITICAL

CVE-2026-13869

Chrome Device Use After Free Vulnerability Allows Sandbox Escape.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability in Google Chrome's Device component could allow a remote attacker to escape the browser's sandbox via a crafted HTML page. This could potentially lead to elevated privileges if the renderer process is already compromised and a user visits a malicious page. The relevance to our environment

CVE advisoryCRITICAL

CVE-2026-13859

ANGLE Sandbox Escape Vulnerability in Google Chrome

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A flaw in Google Chrome's ANGLE component could allow a remote attacker to escape the browser's sandbox via a crafted HTML page. This vulnerability is relevant for user-facing systems and could potentially lead to unauthorized access to system resources. Confirmation of relevance and any exposure within the environment

CVE advisoryCRITICAL

CVE-2026-13852

Chrome for Android WebAppInstalls Local Access Control Bypass.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Google Chrome on Android allows a local attacker to bypass access controls by tricking a user into visiting a malicious webpage. This could affect application installations on the device. The potential impact and relevance to your organization need to be confirmed.

CVE advisoryCRITICAL

CVE-2026-13851

Chrome for Android WebAppInstalls Access Control Bypass

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Chrome on Android allows a local attacker to bypass access controls via a crafted HTML page, potentially affecting data integrity and application functionality. This requires local access, making typical internet-based exploitation unlikely.

CVE advisoryCRITICAL

CVE-2026-13796

Chromecast Integer Overflow Allows Sandbox Escape in Google Chrome

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

An integer overflow in Google Chrome's Chromecast component could allow a compromised renderer process to escape the browser's sandbox via a crafted HTML page. This vulnerability is reachable over the network and requires user interaction to exploit.

CVE advisoryCRITICAL

CVE-2026-13792

Google Chrome Touchbar Use After Free Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability in Google Chrome's Touchbar feature on Mac allows remote attackers to potentially escape the browser sandbox via a crafted HTML page. This could enable unauthorized access to the operating system if a user visits a malicious website. The likelihood of exploitation is considered very unlik

CVE advisoryCRITICAL

CVE-2026-13782

Chrome Sandbox Escape Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability in Google Chrome could allow a remote attacker to escape the browser's sandbox. This occurs if an attacker can compromise the renderer process and then trick a user into visiting a crafted HTML page. This could potentially impact system data and integrity.

CVE advisoryCRITICAL

CVE-2026-58449

txtai Unauthenticated API RCE via Unsafe Reflection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An unauthenticated remote attacker can achieve code execution in txtai by exploiting an API endpoint when the API is exposed, authentication is disabled, and the index is writable. This vulnerability allows arbitrary code execution as the server process during reindexing. The risk is considered likely due to txtai's co

CVE advisoryCRITICAL

CVE-2026-37106

DokuWiki Account Creation via Self-Registration Flaw

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in DokuWiki's registration function could allow remote attackers to create accounts without authentication. This is potentially intended behavior if self-registration is enabled, but could lead to unauthorized access if exploited. The relevance depends on the configuration of self-registration and exter

CVE advisoryCRITICAL

CVE-2026-11541

IBM WebSphere HTTP Request Smuggling Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

IBM WebSphere Application Server is affected by an HTTP request smuggling vulnerability. An attacker could exploit this to interfere with how the server processes HTTP requests, potentially leading to unauthorized access or data manipulation. It is important to confirm if deployed instances are relevant and exposed.

CVE advisoryCRITICAL

CVE-2026-7874

IBM Langflow Credentials Disclosure via Weak Encryption

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in IBM Langflow OSS could allow disclosure of stored credentials due to weak encryption. This affects systems used for building AI workflows and applications. The issue arises from a weak and reversible key derivation mechanism used for encrypting data at rest. If reachable, this could potentially expos

CVE advisoryCRITICAL

CVE-2026-7873

IBM Langflow Command Execution and Sensitive File Read Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

IBM Langflow OSS has a vulnerability that allows authenticated attackers to execute arbitrary OS commands and read sensitive files, potentially leading to system compromise. Readers should care because this could expose credentials and allow unauthorized access to the network. The uncertainty lies in confirming if this

CVE advisoryCRITICAL

CVE-2026-7803

IBM Langflow OSS Arbitrary Code Execution via Improper Flow Node Validation.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability exists in IBM Langflow OSS due to improper validation of flow nodes, potentially allowing arbitrary code execution. This issue affects how the software handles workflow automation and AI model orchestration components. The reachability and impact of this vulnerability depend on the specific dep

CVE advisoryCRITICAL

CVE-2026-7663

IBM Langflow OSS Improper Authorization Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

IBM Langflow OSS has an improper authorization vulnerability that could allow unauthenticated attackers to access protected project resources and execute operations. This is a concern if the technology is deployed and reachable, as it may lead to unauthorized access to sensitive information.

CVE advisoryCRITICAL

CVE-2026-13773

IBM WebSphere Extreme Scale CORBA Stub SSRF to RCE

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability exists in IBM WebSphere Extreme Scale concerning CORBA stub classes that can lead to outbound Server-Side Request Forgery (SSRF) and, when chained with another flaw, Remote Code Execution (RCE). This occurs when processing attacker-controlled input during Java deserialization, potentially allowing an at

CVE advisoryCRITICAL

CVE-2026-13772

IBM WebSphere Extreme Scale OQL Injection via ClassforName Enables Arbitrary Constructor Execution

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An unauthenticated attacker could exploit a vulnerability in IBM WebSphere Extreme Scale's Object Query Language engine to execute arbitrary constructors on the JVM. This is possible because the OQL engine resolves attacker-supplied class names without sufficient validation. The attacker's ability to influence OQL quer

CVE advisoryCRITICAL

CVE-2026-13449

IBM Business Automation Manager XXE Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical XML external entity injection vulnerability exists in IBM Business Automation Manager Open Editions, potentially allowing remote attackers to access sensitive information or consume memory. This issue is relevant if your organization uses this IBM product, as it could lead to data exposure or denial of servi

CVE advisoryCRITICAL

CVE-2026-11714

IBM WebSphere Liberty SSRF Vulnerability with apiDiscovery-1.0 Enabled.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A server-side request forgery vulnerability exists in IBM WebSphere Application Server Liberty when the `apiDiscovery-1.0` feature is enabled. This flaw could allow an unauthenticated attacker to trick the server into making requests to arbitrary hosts, potentially exposing internal network resources or sensitive infor

CVE advisoryCRITICAL

CVE-2026-11712

IBM WebSphere Administrative Console Help Cross-Site Scripting

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

IBM WebSphere Application Server has a cross-site scripting vulnerability in its administrative console help system. If reachable, this flaw could allow an attacker to execute malicious scripts in a user's browser, potentially leading to the exposure of sensitive information. You should care if your organization uses t

CVE advisoryCRITICAL

CVE-2026-11708

IBM WebSphere Administrative Console Cross-Site Scripting Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A cross-site scripting vulnerability exists in the administrative console's integrated help system for IBM WebSphere Application Server. If reachable, an attacker could inject malicious scripts, potentially leading to script execution in a user's browser within the console's context. This vulnerability could impact sys

CVE advisoryCRITICAL

CVE-2026-11546

IBM WebSphere Liberty SSRF Vulnerability in Admin Center

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A server-side request forgery vulnerability exists in IBM WebSphere Application Server Liberty when the adminCenter-1.0 feature is enabled. This could allow an unauthenticated attacker to make the server issue requests to arbitrary internal or external resources, potentially exposing sensitive information or disrupting

CVE advisoryCRITICAL

CVE-2026-10560

IBM Langflow OSS Missing Authentication Information Disclosure and Denial of Service

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

IBM Langflow OSS has a missing authentication vulnerability in its API endpoints that could allow unauthenticated attackers to read build event data or cancel jobs. This may result in the disclosure of sensitive information and denial of service if the affected endpoints are reachable.

CVE advisoryCRITICAL

CVE-2026-10140

IBM Langflow OSS API Client Reuse Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An improper shared-state handling vulnerability exists in IBM Langflow OSS voice mode. An authenticated attacker could manipulate cache state to reuse API clients across tenant boundaries, causing requests to be processed with incorrect upstream API credentials. This could lead to cross-tenant billing and accountabilit

CVE advisoryCRITICAL

CVE-2026-10134

IBM Langflow OSS Remote Code Execution and Data Tampering Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability in IBM Langflow OSS allows unauthorized access and manipulation of secrets, flows, conversations, and files within the Langflow database. Attackers could also connect to internal services, abuse cloud metadata, move laterally to other tenants, and establish persistence by modifying code, leadin

CVE advisoryCRITICAL

CVE-2026-10109

IBM Db2 DRDA Remote Code Execution Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

IBM Db2 is vulnerable to remote code execution through improper DRDA handshake handling, potentially allowing unauthenticated attackers to gain control. This critical flaw could impact data integrity and system availability. Understanding the specific exposure and relevance within our environment is crucial.

CVE advisoryCRITICAL

CVE-2026-58138

Orkes Conductor Unauthenticated Remote Code Execution via GraalVM Script Evaluators.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability exists in Orkes Conductor that allows unauthenticated remote attackers to execute arbitrary operating system commands via the workflow API. This can occur by submitting malicious JavaScript or Python expressions within workflow definitions, which can then leverage unsandboxed GraalVM evaluators

CVE advisoryCRITICAL

CVE-2026-58370

Woodpecker Approval Bypass via Spoofed Commit Author Name.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability exists in Woodpecker CI systems when using the GitLab forge driver, allowing an attacker to bypass required pipeline approvals by spoofing the commit author name. This could lead to unauthorized code execution on Woodpecker agents and exfiltration of sensitive data. Readers should confirm if their envir

CVE advisoryCRITICAL

CVE-2026-58172

Ocelot IP Restriction Bypass via WebSocket Upgrade

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Ocelot, an API gateway, has a security control bypass vulnerability allowing denied clients to circumvent IP-based access restrictions via WebSocket upgrade requests. This issue, stemming from omitted security middleware, could permit requests from blocked IP addresses to reach downstream services without proper enforc

CVE advisoryCRITICAL

CVE-2026-48315

Adobe ColdFusion Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An Improper Input Validation vulnerability in Adobe ColdFusion enables attackers to achieve arbitrary code execution by tricking users into opening malicious files, potentially leading to elevated access or session control. This vulnerability requires user interaction and can result in the injection of malicious script

CVE advisoryCRITICAL

CVE-2026-48286

Adobe Campaign Classic Arbitrary Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Adobe Campaign Classic is affected by an incorrect authorization vulnerability that could allow arbitrary code execution in the context of the current user without requiring user interaction. This could impact the platform's ability to manage and deliver marketing campaigns.

CVE advisoryCRITICAL

CVE-2026-48283

Adobe ColdFusion Unrestricted File Upload for Code Execution

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An unrestricted file upload vulnerability in Adobe ColdFusion could allow attackers to execute arbitrary code. This issue does not require user interaction and can change the scope of an attack, potentially impacting system data and services. You should care because this critical vulnerability can lead to code executio

CVE advisoryCRITICAL

CVE-2026-48281

Adobe ColdFusion Improper Input Validation Vulnerability Allows Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An Improper Input Validation vulnerability in Adobe ColdFusion allows unauthenticated attackers to execute arbitrary code remotely. This affects the web application server platform, potentially leading to unauthorized access and control of the system.

CVE advisoryCRITICAL

CVE-2026-48277

Adobe ColdFusion Improper Input Validation Vulnerability Leading to Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical Improper Input Validation vulnerability in Adobe ColdFusion could allow an unauthenticated attacker to execute arbitrary code remotely on affected servers. Exploiting this flaw does not require user interaction and could impact the confidentiality, integrity, and availability of systems. This issue is releva

CVE advisoryCRITICAL

CVE-2026-14241

Firefox Memory Corruption Vulnerability in 152.0.3

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

Memory safety bugs in Firefox have been found that could potentially allow an attacker to execute arbitrary code if reachable. This means an attacker might be able to control actions performed by the browser, affecting the user's system or data when the browser is used.

CVE advisoryCRITICAL

CVE-2026-6556

@fastify/express Middleware Path Bypass Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability exists in `@fastify/express` that allows unauthenticated attackers to bypass middleware, such as authentication or authorization, on prefixed routes. This occurs when non-string path arguments are used for middleware mounting within prefixed plugin scopes. Applications relying on this middleware for sec

CVE advisoryCRITICAL

CVE-2026-58116

LLaMA-Factory RCE via Unvalidated Model Path in WebUI

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability in LLaMA-Factory's WebUI allows unauthenticated remote code execution by supplying a malicious model path. This can lead to arbitrary Python code being run with the server's privileges, potentially compromising the application and its data. Organizations should assess if they use LLaMA-Factory

CVE advisoryCRITICAL

CVE-2026-58016

GLib Denial of Service Due to Malformed D-Bus Introspection XML.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A flaw in GLib's handling of malformed D-Bus introspection XML can lead to denial of service. This issue arises from a state confusion when processing specific XML structures, potentially causing an integer overflow and out-of-bounds read. The significance depends on whether this GLib component is exposed in a reachabl

CVE advisoryCRITICAL

CVE-2026-44946

Rancher SAML Assertion Replay Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SAML authentication vulnerability in Rancher's Assertion Consumer Service handler did not enforce one-time use of SAML assertions, potentially allowing man-in-the-middle attacks. This could enable an attacker to replay SAML assertions, leading to unauthorized access to Rancher and potentially the environments it mana