Security Vulnerabilities
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with Pepr and create resources dynamically without needing to pre-configure RBAC. This vulnerability is fixed in 1.0.5.
EPSS Score
0.0
Published
2026-01-16
SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session. This vulnerability is fixed in 3.5.4-dev2.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-01-16
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.
CVSS Score
8.0
EPSS Score
0.0
Published
2026-01-16
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-16
In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-16
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-01-16
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-01-16
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-16
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.
CVSS Score
2.4
EPSS Score
0.0
Published
2026-01-16
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-16