Mastodawn

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22816

EUVD

European Vulnerability Database

EUVD Bot 2m ago

🚨 EUVD-2026-22816

📊 Score: 5.1/10 (CVSS v3.1)
📦 Product: immich
🏢 Vendor: immich-app
📅 Updated: 2026-04-14

📝 immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a <meta> tag in api.service.ts...

EUVD

European Vulnerability Database

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22809

🚨 EUVD-2026-22809

📊 Score: 6.9/10 (CVSS v3.1)
📦 Product: serendipity
🏢 Vendor: s9y
📅 Updated: 2026-04-14

📝 Serendipity has a Host Header Injection allows authentication cookie scoping to attacker-controlled domain in functions_config.inc.php

EUVD

European Vulnerability Database

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22811

🚨 EUVD-2026-22811

📊 Score: 7.2/10 (CVSS v3.1)
📦 Product: serendipity
🏢 Vendor: s9y
📅 Updated: 2026-04-14

📝 Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header

EUVD

European Vulnerability Database

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22814

🚨 EUVD-2026-22814

📊 Score: 7.1/10 (CVSS v3.1)
📦 Product: zarf
🏢 Vendor: zarf-dev
📅 Updated: 2026-04-14

📝 Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write

EUVD

European Vulnerability Database

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22815

🚨 EUVD-2026-22815

📊 Score: 6.0/10 (CVSS v3.1)
📦 Product: spicedb
🏢 Vendor: authzed
📅 Updated: 2026-04-14

📝 SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, in...

EUVD

European Vulnerability Database

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22800

🚨 EUVD-2026-22800

📊 Score: 4.0/10 (CVSS v3.1)
📦 Product: podman
🏢 Vendor: containers
📅 Updated: 2026-04-14

📝 PowerShell Command Injection in Podman HyperV Machine

EUVD

European Vulnerability Database

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22806

🚨 EUVD-2026-22806

📊 Score: 10.0/10 (CVSS v3.1)
📦 Product: openremote
🏢 Vendor: openremote
📅 Updated: 2026-04-14

📝 Expression Injection in OpenRemote

EUVD

European Vulnerability Database

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22807

🚨 EUVD-2026-22807

📊 Score: 8.3/10 (CVSS v3.1)
📦 Product: mcp-server-kubernetes
🏢 Vendor: Flux159
📅 Updated: 2026-04-14

📝 MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22808

🚨 EUVD-2026-22808

📊 Score: 6.7/10 (CVSS v3.1)
📦 Product: FortiWeb, FortiWeb, FortiWeb
🏢 Vendor: Fortinet
📅 Updated: 2026-04-14

📝 A out-of-bounds write vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow attacker to execute unauthorized code or commands via <insert attack vector here>