CVEinfo

2026

CVEBeschreibungEinreichungModerierenEintrag
CVE-2026-15486A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub_420 ...12.07.202612.07.2026377793
CVE-2026-15485A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub_4 ...12.07.202612.07.2026377792
CVE-2026-15484A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the functio ...12.07.202612.07.2026377791
CVE-2026-15483A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the funct ...12.07.202612.07.2026377790
CVE-2026-15482A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown pr ...12.07.202612.07.2026377789
CVE-2026-15481A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability aff ...12.07.202612.07.2026377788
CVE-2026-15480A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function s ...12.07.202612.07.2026377787
CVE-2026-15479A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function c ...12.07.202612.07.2026377785
CVE-2026-15478A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/ ...12.07.202612.07.2026377783
CVE-2026-15477A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function addition ...12.07.202612.07.2026377782
CVE-2026-15476A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element i ...12.07.202612.07.2026377781
CVE-2026-15475A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is ...12.07.202612.07.2026377780
CVE-2026-15474A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unkn ...12.07.202612.07.2026377779
CVE-2026-15473A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some ...12.07.202612.07.2026377778
CVE-2026-15472A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affec ...12.07.202612.07.2026377777
CVE-2026-15471A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part ...12.07.202612.07.2026377776
CVE-2026-15470A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue i ...12.07.202612.07.2026377775
CVE-2026-58281Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized atta ...11.07.202611.07.2026377832
CVE-2026-10660The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assist ...11.07.202611.07.2026377831
CVE-2026-61870ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory ...11.07.202611.07.2026377830
CVE-2026-61861ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption m ...11.07.202611.07.2026377825
CVE-2026-61858ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and exter ...11.07.202611.07.2026377827
CVE-2026-61857ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null ...11.07.202611.07.2026377826
CVE-2026-61465ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation l ...11.07.202611.07.2026377822
CVE-2026-61454The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript vari ...11.07.202611.07.2026377828
CVE-2026-61448Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions = 9.0 ...11.07.202611.07.2026377829
CVE-2026-61447PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_pyt ...11.07.202611.07.2026377820
CVE-2026-61445PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in t ...11.07.202611.07.2026377824
CVE-2026-61442PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization ...11.07.202611.07.2026377823
CVE-2026-61439PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the b ...11.07.202611.07.2026377821
CVE-2026-61429PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Craw ...11.07.202611.07.2026377819
CVE-2026-61428PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing ...11.07.202611.07.2026377816
CVE-2026-61426PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces w ...11.07.202611.07.2026377814
CVE-2026-60090PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVect ...11.07.202611.07.2026377813
CVE-2026-60088PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allo ...11.07.202611.07.2026377815
CVE-2026-56763Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting special ...11.07.202611.07.2026377812
CVE-2026-56372ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operati ...11.07.202611.07.2026377811
CVE-2026-56303Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_val ...11.07.202611.07.2026377810
CVE-2026-56296Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_a ...11.07.202611.07.2026377817
CVE-2026-56240Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid c ...11.07.202611.07.2026377818
CVE-2026-57828The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload tha ...11.07.202611.07.2026377786
CVE-2026-57827The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allo ...11.07.202611.07.2026377784
CVE-2026-1359The Genolve AI image AI video generation plugin for WordPress is vulnerable to unauthorized mo ...11.07.202611.07.2026377774
CVE-2026-6939The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Sit ...11.07.202611.07.2026377772
CVE-2026-6801The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all vers ...11.07.202611.07.2026377765
CVE-2026-4661The WP CTA Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerabl ...11.07.202611.07.2026377770
CVE-2026-1382The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &# ...11.07.202611.07.2026377771
CVE-2026-15155The Essential Addons for Elementor Popular Elementor Templates Widgets plugin for WordPress ...11.07.202611.07.2026377768
CVE-2026-12994The WCFM Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization ...11.07.202611.07.2026377767
CVE-2026-9282The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up ...11.07.202611.07.2026377766
CVE-2026-9017The NEX-Forms Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to author ...11.07.202611.07.2026377769
CVE-2026-15010The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions ...11.07.202611.07.2026377773
CVE-2026-12738The WP Easy Pay Payment and Donation form Builder for Square plugin for WordPress is vulnerabl ...11.07.202611.07.2026377760
CVE-2026-12126The WCFM Marketplace Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerabl ...11.07.202611.07.2026377763
CVE-2026-12103The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all ver ...11.07.202611.07.2026377762
CVE-2026-11901The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Aut ...11.07.202611.07.2026377756
CVE-2026-11898The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin ...11.07.202611.07.2026377764
CVE-2026-11591The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...11.07.202611.07.2026377761
CVE-2026-10865The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure ...11.07.202611.07.2026377758
CVE-2026-10041The WCFM Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direc ...11.07.202611.07.2026377757
CVE-2026-7655The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in ...11.07.202611.07.2026377753
CVE-2026-13378The Form Vibes Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-S ...11.07.202611.07.2026377754
CVE-2026-9738The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site S ...11.07.202611.07.2026377752
CVE-2026-7620The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all ...11.07.202611.07.2026377751
CVE-2026-7559The Affilia Affiliate Program Referral Tracking for WordPress plugin for WordPress is vulner ...11.07.202611.07.2026377750
CVE-2026-6804The AI Chatbot Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization ...11.07.202611.07.2026377749
CVE-2026-6803The AI Chatbot Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Autho ...11.07.202611.07.2026377748
CVE-2026-3576The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request F ...11.07.202611.07.2026377746
CVE-2026-3552The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data mod ...11.07.202611.07.2026377747
CVE-2026-2354The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a fl ...11.07.202611.07.2026377745
CVE-2026-1832The ThriveDesk Live Chat, AI Chatbot, Helpdesk Knowledge Base plugin for WordPress is vulner ...11.07.202611.07.2026377740
CVE-2026-15335The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email& ...11.07.202611.07.2026377737
CVE-2026-15097The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ' ...11.07.202611.07.2026377744
CVE-2026-15096The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Mo ...11.07.202611.07.2026377743
CVE-2026-14262The Simple JWT Login Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerab ...11.07.202611.07.2026377739
CVE-2026-13250The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up t ...11.07.202611.07.2026377736
CVE-2026-13116The PDF Invoices Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure ...11.07.202611.07.2026377738
CVE-2026-12141The Premium Addons for Elementor Powerful Elementor Templates Widgets plugin for WordPress i ...11.07.202611.07.2026377742
CVE-2026-8678The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, a ...11.07.202611.07.2026377727
CVE-2026-7544The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in a ...11.07.202611.07.2026377731
CVE-2026-5743The SimpLy Gallery Block Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scri ...11.07.202611.07.2026377734
CVE-2026-3367The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site ...11.07.202611.07.2026377735
CVE-2026-15338The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusi ...11.07.202611.07.2026377726
CVE-2026-15073The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to ge ...11.07.202611.07.2026377730
CVE-2026-15072The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to ge ...11.07.202611.07.2026377729
CVE-2026-13353The WP Ultimate CSV Importer WordPress Import Export for CSV, XML Excel plugin for WordPre ...11.07.202611.07.2026377725
CVE-2026-13262The Majestic Support The Leading-Edge Help Desk Customer Support Plugin plugin for WordPress ...11.07.202611.07.2026377728
CVE-2026-13114The Motors Car Dealership Classified Listings Plugin plugin for WordPress is vulnerable to S ...11.07.202611.07.2026377733
CVE-2026-12426The Members Membership User Role Editor Plugin plugin for WordPress is vulnerable to Sensiti ...11.07.202611.07.2026377724
CVE-2026-10628The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypas ...11.07.202611.07.2026377732
CVE-2026-13756The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions u ...11.07.202611.07.2026377722
CVE-2026-11426The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all v ...11.07.202611.07.2026377723
CVE-2026-59155Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O M tool. ...11.07.202611.07.2026377713
CVE-2026-58591Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377719
CVE-2026-58590Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affe ...11.07.202611.07.2026377721
CVE-2026-58589Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affe ...11.07.202611.07.2026377715
CVE-2026-58588Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377718
CVE-2026-58587Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377717
CVE-2026-55884Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0 ...11.07.202611.07.2026377714
CVE-2026-55883Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0 ...11.07.202611.07.2026377720
CVE-2026-55882Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0 ...11.07.202611.07.2026377716
CVE-2026-55810Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11.07.202611.07.2026377712
CVE-2026-55809Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11.07.202611.07.2026377706
CVE-2026-55808Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377710
CVE-2026-55807Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Reques ...11.07.202611.07.2026377708
CVE-2026-55806URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal cor ...11.07.202611.07.2026377705
CVE-2026-55804Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11.07.202611.07.2026377704
CVE-2026-55803Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11.07.202611.07.2026377703
CVE-2026-55187Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shippe ...11.07.202611.07.2026377709
CVE-2026-52761ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, ...11.07.202611.07.2026377707
CVE-2026-52747ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, ...11.07.202611.07.2026377702
CVE-2026-49213TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in pack ...11.07.202611.07.2026377711
CVE-2026-44795Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0 ...11.07.202611.07.2026377695
CVE-2026-15085Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377700
CVE-2026-15084Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377699
CVE-2026-15083Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11.07.202611.07.2026377694
CVE-2026-15082Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377698
CVE-2026-15081Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v ...11.07.202611.07.2026377693
CVE-2026-15080Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cros ...11.07.202611.07.2026377697
CVE-2026-15079Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable ...11.07.202611.07.2026377696
CVE-2026-13244Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11.07.202611.07.2026377692
CVE-2026-13243Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Req ...11.07.202611.07.2026377701
CVE-2026-13242Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v ...11.07.202611.07.2026377690
CVE-2026-13241Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue af ...11.07.202611.07.2026377691
CVE-2026-13240Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue af ...11.07.202611.07.2026377688
CVE-2026-13239Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affect ...11.07.202611.07.2026377687
CVE-2026-13238Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forcefu ...11.07.202611.07.2026377684
CVE-2026-13237Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue a ...11.07.202611.07.2026377683
CVE-2026-13236Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue aff ...11.07.202611.07.2026377686
CVE-2026-13235Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Brows ...11.07.202611.07.2026377682
CVE-2026-13234Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377689
CVE-2026-13233Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Re ...11.07.202611.07.2026377685
CVE-2026-13232Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) a ...11.07.202611.07.2026377674
CVE-2026-13231Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377680
CVE-2026-12535Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11.07.202611.07.2026377675
CVE-2026-11909Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. ...11.07.202611.07.2026377677
CVE-2026-11908Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377679
CVE-2026-10770Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377678
CVE-2026-10769Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11.07.202611.07.2026377676
CVE-2026-10768Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This ...11.07.202611.07.2026377681
CVE-2026-14480OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy w ...11.07.202611.07.2026377673
CVE-2026-14286This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.11.07.202611.07.2026
 
CVE-2026-55175Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1. ...11.07.202611.07.2026377664
CVE-2026-44383Multiple connections to the backend using the same charging station ID are allowed, which could ...11.07.202611.07.2026377670
CVE-2026-42952Previously, there was no throttling on repeated authentication attempts to the charging station ...11.07.202611.07.2026377672
CVE-2026-20744The charging station websocket endpoint accepts connections without proper authentication, whic ...11.07.202611.07.2026377671
CVE-2026-15089vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest r ...11.07.202611.07.2026377666
CVE-2026-15087vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.11.07.202611.07.2026377669
CVE-2026-15086vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Forma ...11.07.202611.07.2026377668
CVE-2026-11915vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force at ...11.07.202611.07.2026377665
CVE-2026-11914vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*.11.07.202611.07.2026377667
CVE-2026-11913vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.11.07.202611.07.2026377663
CVE-2026-58503Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeratio ...10.07.202611.07.2026377662
CVE-2026-57584Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC appl ...10.07.202611.07.2026377654
CVE-2026-55852Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was ...10.07.202611.07.2026377656
CVE-2026-54736Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Cry ...10.07.202610.07.2026377653
CVE-2026-49844Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Ap ...10.07.202610.07.2026377652
CVE-2026-49394Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was pos ...10.07.202611.07.2026377660
CVE-2026-48127Frappe is a full-stack web application framework. Prior to 16.20.0 and 15.110.0, users without w ...10.07.202611.07.2026377659
CVE-2026-47422Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in ...10.07.202611.07.2026377658
CVE-2026-47199Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, check_safe_sql_ ...10.07.202611.07.2026377655
CVE-2026-42219Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal ...10.07.202611.07.2026377657
CVE-2026-41482Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and ...10.07.202611.07.2026377661
CVE-2026-9726Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...10.07.202610.07.2026377645
CVE-2026-7639Software installed and run as a non-privileged user may conduct a sequence of improper GPU syste ...10.07.202610.07.2026377651
CVE-2026-58499EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in ...10.07.202610.07.2026377647
CVE-2026-57575Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains ...10.07.202610.07.2026377650
CVE-2026-57574Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains ...10.07.202610.07.2026377646
CVE-2026-57230OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analyt ...10.07.202610.07.2026377649
CVE-2026-55881OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returne ...10.07.202610.07.2026377648
CVE-2026-55880OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and not ...10.07.202610.07.2026377641
CVE-2026-55879OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay trac ...10.07.202610.07.2026377643
CVE-2026-55665Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist conta ...10.07.202610.07.2026377637
CVE-2026-55664Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /fo ...10.07.202610.07.2026377635
CVE-2026-55659Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several ser ...10.07.202610.07.2026377636
CVE-2026-55213h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4 ...10.07.202610.07.2026377640
CVE-2026-45203Kernel software installed and running inside a Host VM may post improper commands to the GPU Fir ...10.07.202610.07.2026377638
CVE-2026-45196Kernel software installed and running inside a Host VM may post improper commands to the GPU Fir ...10.07.202610.07.2026377644
CVE-2026-41154Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes ...10.07.202610.07.2026377639
CVE-2026-34196Software installed and run as a non-privileged user may conduct improper GPU system calls to cau ...10.07.202610.07.2026377642
CVE-2026-57807Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security So ...10.07.202610.07.2026377633
CVE-2026-57221RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, Rabbi ...10.07.202610.07.2026377630
CVE-2026-57220RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does ...10.07.202610.07.2026377628
CVE-2026-57219RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the o ...10.07.202610.07.2026377634
CVE-2026-57218RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an exis ...10.07.202610.07.2026377632
CVE-2026-57217RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, Rabbi ...10.07.202610.07.2026377631
CVE-2026-57216RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP ...10.07.202610.07.2026377629
CVE-2026-57215RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, Rabbi ...10.07.202610.07.2026377625
CVE-2026-57214RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders ...10.07.202610.07.2026377624
CVE-2026-57213RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the r ...10.07.202610.07.2026377627
CVE-2026-57212RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the r ...10.07.202610.07.2026377623
CVE-2026-57211RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ ...10.07.202610.07.2026377626
CVE-2026-55405LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1- ...10.07.202610.07.2026377621
CVE-2026-55233OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds ...10.07.202610.07.2026377622
CVE-2026-55229Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /fo ...10.07.202610.07.2026372589
CVE-2026-13039The Eventin Event Calendar, Event Registration, Tickets Booking (AI Powered) plugin for Word ...10.07.202610.07.2026377619
CVE-2026-12761The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPre ...10.07.202610.07.2026377620
CVE-2026-57850RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the serve ...10.07.202610.07.2026377612
CVE-2026-57158FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, Free ...10.07.202610.07.2026377617
CVE-2026-57157FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server ...10.07.202610.07.2026377616
CVE-2026-57156FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit build ...10.07.202610.07.2026377615
CVE-2026-55827FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP client ...10.07.202610.07.2026377614
CVE-2026-55789Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...10.07.202610.07.2026377613
CVE-2026-55515Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report ...10.07.202610.07.2026377618
CVE-2026-55481Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders hea ...10.07.202610.07.2026377610
CVE-2026-55479Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat licens ...10.07.202610.07.2026377611
CVE-2026-55475Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint all ...10.07.202610.07.2026377609
CVE-2026-55469Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with im ...10.07.202610.07.2026377608
CVE-2026-55466Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes S ...10.07.202610.07.2026377600
CVE-2026-55462Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and p ...10.07.202610.07.2026377607
CVE-2026-55461Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url ...10.07.202610.07.2026377604
CVE-2026-55452Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores ...10.07.202610.07.2026377606
CVE-2026-55377Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...10.07.202610.07.2026377603
CVE-2026-55370Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...10.07.202610.07.2026377602
CVE-2026-54714Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @log ...10.07.202610.07.2026377601
CVE-2026-15295The WordPress Infinite Scroll Ajax Load More plugin for WordPress is vulnerable to Stored Cros ...10.07.202610.07.2026377605
CVE-2026-11321The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field v ...10.07.202610.07.2026377599
CVE-2026-6212Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies ...10.07.202610.07.2026377598
CVE-2026-61460Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadContr ...10.07.202610.07.2026377597
CVE-2026-61459MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured to ...10.07.202610.07.2026377596
CVE-2026-55843Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() pas ...10.07.202610.07.2026377595
CVE-2026-55516Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintena ...10.07.202610.07.2026377594
CVE-2026-55478Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/li ...10.07.202610.07.2026377593
CVE-2026-55476Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemTy ...10.07.202610.07.2026377592
CVE-2026-55474Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displayS ...10.07.202610.07.2026377591
CVE-2026-55472Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies ...10.07.202610.07.2026377590
CVE-2026-55464Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML b ...10.07.202610.07.2026377589
CVE-2026-55460Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin us ...10.07.202610.07.2026377588
CVE-2026-54329Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create pa ...10.07.202610.07.2026377587
CVE-2026-15146GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FT ...10.07.202610.07.2026377586
CVE-2026-57476Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker w ...10.07.202610.07.2026377584
CVE-2026-57475Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API ...10.07.202610.07.2026377583
CVE-2026-57474Deloitte AI Assist for Customer disclosed some configuration information through public-facing A ...10.07.202610.07.2026377577
CVE-2026-6872** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes ...10.07.202610.07.2026
 
CVE-2026-61461Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backen ...10.07.202610.07.2026377581
CVE-2026-5801Improper neutralization of special elements used in an SQL command ('SQL injection') v ...10.07.202610.07.2026377580
CVE-2026-59151Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow t ...10.07.202610.07.2026377579
CVE-2026-53450Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rej ...10.07.202610.07.2026377582
CVE-2026-53449Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd pr ...10.07.202610.07.2026377578
CVE-2026-53448Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn ...10.07.202610.07.2026377574
CVE-2026-56668ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 T ...10.07.202610.07.2026377571
CVE-2026-56667ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC a ...10.07.202610.07.2026377570
CVE-2026-56666ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external ...10.07.202610.07.2026377573
CVE-2026-56665ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is a ...10.07.202610.07.2026377566
CVE-2026-56664ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...10.07.202610.07.2026377565
CVE-2026-55672ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...10.07.202610.07.2026377569
CVE-2026-55671ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL& ...10.07.202610.07.2026377572
CVE-2026-55670ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event st ...10.07.202610.07.2026377568
CVE-2026-53780This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.10.07.202610.07.2026
 
CVE-2026-2397Improper neutralization of special elements used in an SQL command ('SQL injection') v ...10.07.202610.07.2026377567
CVE-2026-59193Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash G ...10.07.202610.07.2026377562
CVE-2026-59190grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and ...10.07.202610.07.2026377563
CVE-2026-57167PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rende ...10.07.202610.07.2026377585
CVE-2026-55783NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...10.07.202610.07.2026377557
CVE-2026-55782NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...10.07.202610.07.2026377564
CVE-2026-55781NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...10.07.202610.07.2026377556
CVE-2026-55780NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...10.07.202610.07.2026377559
CVE-2026-55669ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...10.07.202610.07.2026377555
CVE-2026-51119An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /Syst ...10.07.202610.07.2026377561
CVE-2026-3251Improper neutralization of input during web page generation ('cross-site scripting') v ...10.07.202610.07.2026377560
CVE-2026-2398Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. Mo ...10.07.202610.07.2026377554
CVE-2026-1667The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and ...10.07.202610.07.2026377558
CVE-2026-59180Apprise is an open source library which allows you to send a notification to almost all of the m ...10.07.202610.07.2026377550
CVE-2026-59162Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...10.07.202610.07.2026377545
CVE-2026-59161Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...10.07.202610.07.2026377544
CVE-2026-59154Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorizat ...10.07.202610.07.2026377547
CVE-2026-58493grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call build ...10.07.202610.07.2026377552
CVE-2026-58492grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists m ...10.07.202610.07.2026377551
CVE-2026-566759Router is an AI router token saver. Prior to 0.5.2, 9router treats loopback requests as trust ...10.07.202610.07.2026377549
CVE-2026-55890Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XS ...10.07.202610.07.2026372596
CVE-2026-55885Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup p ...10.07.202610.07.2026377546
CVE-2026-55687ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, ...10.07.202610.07.2026377548
CVE-2026-556419Router is an AI router token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM prox ...10.07.202610.07.2026377543
CVE-2026-556389Router is an AI router token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, a ...10.07.202610.07.2026377538
CVE-2026-54919cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mb ...10.07.202610.07.2026377541
CVE-2026-54063Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...10.07.202610.07.2026377536
CVE-2026-53657Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3 ...10.07.202610.07.2026377539
CVE-2026-53653Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticate ...10.07.202610.07.2026377540
CVE-2026-39903Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization ...10.07.202610.07.2026377537
CVE-2026-39244adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulat ...10.07.202610.07.2026377542
CVE-2026-15377A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnera ...10.07.202610.07.2026377444
CVE-2026-15376A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown functi ...10.07.202610.07.2026377443
CVE-2026-8609An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique val ...10.07.202610.07.2026377526
CVE-2026-8595A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a mali ...10.07.202610.07.2026377528
CVE-2026-566769Router is an AI router token saver. Prior to 0.5.2, 9router validates image URLs by resolving ...10.07.202610.07.2026377525
CVE-2026-555019Router is an AI router token saver. Prior to 0.4.80, the dashboard login rate limiter in src/ ...10.07.202610.07.2026377523
CVE-2026-61492In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was pos ...10.07.202610.07.2026377531
CVE-2026-61456The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded ...10.07.202610.07.2026377529
CVE-2026-61455Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lac ...10.07.202610.07.2026377524
CVE-2026-61450Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user ...10.07.202610.07.2026377522
CVE-2026-61444PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where t ...10.07.202610.07.2026377521
CVE-2026-61441PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dep ...10.07.202610.07.2026377527
CVE-2026-61437PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading ...10.07.202610.07.2026377520
CVE-2026-555009Router is an AI router token saver. Prior to 0.4.80, the /api/settings/database endpoint allo ...10.07.202610.07.2026377515
CVE-2026-54149MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import func ...10.07.202610.07.2026377514
CVE-2026-54001osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...10.07.202610.07.2026377518
CVE-2026-54000osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...10.07.202610.07.2026377517
CVE-2026-46388osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...10.07.202610.07.2026377519
CVE-2026-33382Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the reques ...10.07.202610.07.2026377513
CVE-2026-15375A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown ...10.07.202610.07.2026377442
CVE-2026-15374A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function ...10.07.202610.07.2026377441
CVE-2026-15373A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an ...10.07.202610.07.2026377440
CVE-2026-15143A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability a ...10.07.202610.07.2026377516
CVE-2026-61434PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command exec ...10.07.202610.07.2026377506
CVE-2026-61432PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastCon ...10.07.202610.07.2026377505
CVE-2026-61431PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to ...10.07.202610.07.2026377504
CVE-2026-60091PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in ...10.07.202610.07.2026377508
CVE-2026-60089PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a projec ...10.07.202610.07.2026377507
CVE-2026-60086PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injec ...10.07.202610.07.2026377503
CVE-2026-59796In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permiss ...10.07.202610.07.2026377510
CVE-2026-59795In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible10.07.202610.07.2026377512
CVE-2026-59794In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agen ...10.07.202610.07.2026377511
CVE-2026-59793In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS in ...10.07.202610.07.2026377509
CVE-2026-59792In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project ...10.07.202610.07.2026377499
CVE-2026-59791In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible10.07.202610.07.2026377501
CVE-2026-58661n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulne ...10.07.202610.07.2026377498
CVE-2026-57994phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its ...10.07.202610.07.2026377493
CVE-2026-57961phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the con ...10.07.202610.07.2026377492
CVE-2026-56765Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint expos ...10.07.202610.07.2026377497
CVE-2026-56373ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses ...10.07.202610.07.2026377496
CVE-2026-56366ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when process ...10.07.202610.07.2026377494
CVE-2026-56354n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site sc ...10.07.202610.07.2026377500
CVE-2026-56335Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys ...10.07.202610.07.2026377495
CVE-2026-56329Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused b ...10.07.202610.07.2026377491
CVE-2026-56312Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation end ...10.07.202610.07.2026377484
CVE-2026-56309Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments ...10.07.202610.07.2026377488
CVE-2026-56305Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change end ...10.07.202610.07.2026377486
CVE-2026-56279Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid ...10.07.202610.07.2026377483
CVE-2026-56261Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker ...10.07.202610.07.2026377490
CVE-2026-56254In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme dis ...10.07.202610.07.2026377489
CVE-2026-38059The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. ...10.07.202610.07.2026377485
CVE-2026-38057The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentica ...10.07.202610.07.2026377530
CVE-2026-29519Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a ref ...10.07.202610.07.2026377487
CVE-2026-22660FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows ...10.07.202610.07.2026377482
CVE-2026-22659FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability t ...10.07.202610.07.2026377481
CVE-2026-56813Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allow ...10.07.202610.07.2026377480
CVE-2026-54470Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of ...10.07.202610.07.2026377479
CVE-2026-54469Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untr ...10.07.202610.07.2026377502
CVE-2026-56814Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multip ...10.07.202610.07.2026377474
CVE-2026-56690Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...10.07.202610.07.2026377476
CVE-2026-56689Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...10.07.202610.07.2026377478
CVE-2026-56688Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...10.07.202610.07.2026377475
CVE-2026-54468Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerab ...10.07.202610.07.2026377477
CVE-2026-53363In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared ...10.07.202610.07.2026377533
CVE-2026-58225SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTE ...10.07.202610.07.2026377471
CVE-2026-14461mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker wh ...10.07.202610.07.2026377472
CVE-2026-50810A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC maste ...10.07.202610.07.2026376733
CVE-2026-9857The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, ...10.07.202610.07.2026377467
CVE-2026-41880R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) modu ...10.07.202610.07.2026377470
CVE-2026-41879R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an atta ...10.07.202610.07.2026377468
CVE-2026-41878R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file down ...10.07.202610.07.2026377464
CVE-2026-41877R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can ...10.07.202610.07.2026377465
CVE-2026-41876R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document con ...10.07.202610.07.2026377473
CVE-2026-15378A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote att ...10.07.202610.07.2026377466
CVE-2026-15028A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap ov ...10.07.202610.07.2026377462
CVE-2026-13710The Jeg Kit for Elementor Powerful Addons for Elementor, Widgets Templates for WordPress plu ...10.07.202610.07.2026377463
CVE-2026-13247The Logo Slider Logo Carousel, Client Logo Slider Brand Showcase for WordPress plugin for Wo ...10.07.202610.07.2026377469
CVE-2026-13010The JoomSport for Sports: Team League, Football, Hockey more plugin for WordPress is vulne ...10.07.202610.07.2026377461
CVE-2026-12918The Mail Mint Email Marketing, Newsletter, Email Automation WooCommerce Emails plugin for Wo ...10.07.202610.07.2026377459
CVE-2026-11990The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to au ...10.07.202610.07.2026377460
CVE-2026-9838The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the &# ...10.07.202610.07.2026377456
CVE-2026-6802The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access ...10.07.202610.07.2026377454
CVE-2026-6440The GoodMeet Google Meet Integration for Webinar, Meeting Video Conference plugin for WordPr ...10.07.202610.07.2026377457
CVE-2026-3907The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphos ...10.07.202610.07.2026377455
CVE-2026-1946The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of dat ...10.07.202610.07.2026377448
CVE-2026-15104The BetterDocs AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for Word ...10.07.202610.07.2026377458
CVE-2026-15026The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Inform ...10.07.202610.07.2026377447
CVE-2026-14475The Cookie Banner for GDPR / CCPA WPLP Cookie Consent plugin for WordPress is vulnerable to ge ...10.07.202610.07.2026377451
CVE-2026-12955The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data ...10.07.202610.07.2026377446
CVE-2026-12924The Eventin Event Calendar, Event Registration, Tickets Booking (AI Powered) plugin for Word ...10.07.202610.07.2026377453
CVE-2026-12400The FlowForms Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direc ...10.07.202610.07.2026377450
CVE-2026-12108The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi ...10.07.202610.07.2026377452
CVE-2026-11992The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions ...10.07.202610.07.2026377449
CVE-2026-40454Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-b ...10.07.202610.07.2026377434
CVE-2026-40452Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization by ...10.07.202610.07.2026377433
CVE-2026-40009Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authentica ...10.07.202610.07.2026377432
CVE-2026-40008Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vul ...10.07.202610.07.2026377431
CVE-2026-40007Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pi ...10.07.202610.07.2026377427
CVE-2026-40006Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttlin ...10.07.202610.07.2026377426
CVE-2026-40005Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnera ...10.07.202610.07.2026377428
CVE-2026-28564Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache ...10.07.202610.07.2026377430
CVE-2026-13347The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to ...10.07.202610.07.2026377429
CVE-2026-12685The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfu ...10.07.202610.07.2026377423
CVE-2026-12276The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether use ...10.07.202610.07.2026377424
CVE-2026-12123The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery i ...10.07.202610.07.2026377425
CVE-2026-21057Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged atta ...10.07.202610.07.2026377422
CVE-2026-21056Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to a ...10.07.202610.07.2026377421
CVE-2026-21055Improper export of android application components in Bixby prior to version 4.0.70.8 allows loca ...10.07.202610.07.2026377420
CVE-2026-21054Improper export of android application components in InputSharing prior to version 2.7.01.4 allo ...10.07.202610.07.2026377419
CVE-2026-21053Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to c ...10.07.202610.07.2026377418
CVE-2026-21052Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged at ...10.07.202610.07.2026377417
CVE-2026-21051Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local atta ...10.07.202610.07.2026377416
CVE-2026-21050Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers ...10.07.202610.07.2026377415
CVE-2026-21049Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers ...10.07.202610.07.2026377414
CVE-2026-21048Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 ...10.07.202610.07.2026377413
CVE-2026-21046Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Relea ...10.07.202610.07.2026377412
CVE-2026-21045Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 ...10.07.202610.07.2026377405
CVE-2026-21044Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attacker ...10.07.202610.07.2026377411
CVE-2026-21043Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged atta ...10.07.202610.07.2026377410
CVE-2026-21042Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to ex ...10.07.202610.07.2026377409
CVE-2026-21041Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local at ...10.07.202610.07.2026377408
CVE-2026-21040Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged a ...10.07.202610.07.2026377407
CVE-2026-21039Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to co ...10.07.202610.07.2026377406
CVE-2026-15332A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an ...10.07.202610.07.2026377275
CVE-2026-15331A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the fun ...10.07.202610.07.2026377274
CVE-2026-15330A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build ...10.07.202610.07.2026377273
CVE-2026-15302The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, an ...10.07.202610.07.2026377400
CVE-2026-15301The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...10.07.202610.07.2026377404
CVE-2026-15300The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', ...10.07.202610.07.2026377397
CVE-2026-15299The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...10.07.202610.07.2026377398
CVE-2026-15298The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versio ...10.07.202610.07.2026377403
CVE-2026-15297The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin f ...10.07.202610.07.2026377402
CVE-2026-15296The affiliate-toolkit WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to St ...10.07.202610.07.2026377532
CVE-2026-15293The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in ...10.07.202610.07.2026377399
CVE-2026-15292The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the & ...10.07.202610.07.2026377401
CVE-2026-15291The Chat Help Click to Chat Button Form plugin for WordPress is vulnerable to Sensitive Info ...10.07.202610.07.2026377392
CVE-2026-15290The Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction ...10.07.202610.07.2026292456
CVE-2026-15289The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-base ...10.07.202610.07.2026377394
CVE-2026-15288The SureForms Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to I ...10.07.202610.07.2026377391
CVE-2026-15287The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-bas ...10.07.202610.07.2026377393
CVE-2026-15286The Gutenberg Blocks with AI by Kadence WP Page Builder Features plugin for WordPress is vulne ...10.07.202610.07.2026377390
CVE-2026-15285The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+ ...10.07.202610.07.2026377388
CVE-2026-15284The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...10.07.202610.07.2026377396
CVE-2026-15283The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...10.07.202610.07.2026377395
CVE-2026-15282The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to miss ...10.07.202610.07.2026377389
CVE-2026-5069The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'sub ...10.07.202610.07.2026377387
CVE-2026-54423In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPM ...10.07.202610.07.2026377385
CVE-2026-44918OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project wi ...10.07.202610.07.2026377386
CVE-2026-15329A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function Brow ...10.07.202610.07.2026377272
CVE-2026-15326A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUti ...10.07.202610.07.2026377265
CVE-2026-15321A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of ...10.07.202610.07.2026377263
CVE-2026-15070The Salon Booking System Free Version plugin for WordPress is vulnerable to Cross-Site Request ...10.07.202610.07.2026377381
CVE-2026-14894The Super Forms Drag Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File ...10.07.202610.07.2026377382
CVE-2026-13430The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in ...10.07.202610.07.2026377380
CVE-2026-11818The WPCafe Restaurant Menu, Online Food Ordering Table Booking System plugin for WordPress i ...10.07.202610.07.2026377383
CVE-2026-11392The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th ...10.07.202610.07.2026377384
CVE-2026-15320A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the func ...10.07.202610.07.2026377260
CVE-2026-15319A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the func ...10.07.202610.07.2026377259
CVE-2026-15318A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some un ...10.07.202610.07.2026377258
CVE-2026-55616** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49757. Reason: This candidat ...10.07.202610.07.2026
 
CVE-2026-54771Langroid is a framework for building large-language-model-powered applications. Prior to version ...10.07.202610.07.2026377379
CVE-2026-54769Langroid is a framework for building large-language-model-powered applications. Versions prior t ...10.07.202610.07.2026377378
CVE-2026-54760Langroid is a framework for building large-language-model-powered applications. Prior to version ...10.07.202610.07.2026367762
CVE-2026-50181Langroid is a framework for building large-language-model-powered applications. Prior to version ...10.07.202610.07.2026376435
CVE-2026-50180Langroid is a framework for building large-language-model-powered applications. Prior to version ...10.07.202610.07.2026377377
CVE-2026-15317A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerabili ...10.07.202610.07.2026377257
CVE-2026-15311A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this ...10.07.202610.07.2026377247
CVE-2026-55615Langroid is a framework for building large-language-model-powered applications. Prior to version ...10.07.202610.07.2026367762
CVE-2026-12598The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to ...10.07.202610.07.2026377374
CVE-2026-12597The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OA ...10.07.202610.07.2026377376
CVE-2026-12595The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OA ...10.07.202610.07.2026377375
CVE-2026-58123Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability tha ...10.07.202610.07.2026377369
CVE-2026-58122Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthe ...10.07.202610.07.2026377372
CVE-2026-59858Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script ...10.07.202610.07.2026377371
CVE-2026-59857Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of sp ...10.07.202610.07.2026377370
CVE-2026-59856Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion scri ...10.07.202610.07.2026377368
CVE-2026-59855SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in a ...10.07.202610.07.2026377363
CVE-2026-59854SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/gl ...10.07.202610.07.2026377358
CVE-2026-59853SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/ ...10.07.202610.07.2026377362
CVE-2026-59834SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search ...10.07.202610.07.2026377361
CVE-2026-59833SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders no ...10.07.202610.07.2026377367
CVE-2026-59832SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*fi ...10.07.202610.07.2026377359
CVE-2026-59831GitHub CLI (gh) is GitHub s official command line tool. From 2.10.0 through 2.95.0, connecting t ...10.07.202610.07.2026377366
CVE-2026-57501Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu ...10.07.202610.07.2026377365
CVE-2026-44342New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management ...10.07.202610.07.2026377360
CVE-2026-33655New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management ...10.07.202610.07.2026377364
CVE-2026-57054A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Jun ...10.07.202610.07.2026377352
CVE-2026-57032An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) ...10.07.202610.07.2026377350
CVE-2026-57031An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding e ...10.07.202610.07.2026377348
CVE-2026-57030A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition ...10.07.202610.07.2026377349
CVE-2026-57029A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos ...10.07.202610.07.2026377351
CVE-2026-59828Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377356
CVE-2026-58144Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allow ...10.07.202610.07.2026377353
CVE-2026-58143Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows ...10.07.202610.07.2026377354
CVE-2026-55424Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377355
CVE-2026-53963Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377357
CVE-2026-53962Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377346
CVE-2026-53961Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377341
CVE-2026-49256Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377345
CVE-2026-46413Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377344
CVE-2026-45788Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377343
CVE-2026-45780Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377342
CVE-2026-44787Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10.07.202610.07.2026377340
CVE-2026-38076An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows a ...10.07.202610.07.2026377347
CVE-2026-15276A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown cod ...10.07.202610.07.2026377216
CVE-2026-15274A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the ...10.07.202610.07.2026377215
CVE-2026-57028An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper ...10.07.202610.07.2026377336
CVE-2026-57027A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engi ...10.07.202610.07.2026377335
CVE-2026-57026An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juni ...10.07.202610.07.2026377339
CVE-2026-57025A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Junip ...10.07.202610.07.2026377338
CVE-2026-57024A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of ...10.07.202610.07.2026377331
CVE-2026-57023An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of J ...10.07.202610.07.2026377337
CVE-2026-57022An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding E ...10.07.202610.07.2026377334
CVE-2026-57021An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos ...10.07.202610.07.2026377330
CVE-2026-57020An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding e ...10.07.202610.07.2026377333
CVE-2026-57019An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Eng ...10.07.202610.07.2026377332
CVE-2026-55689OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA&#03 ...09.07.202610.07.2026377329
CVE-2026-55605DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to ver ...09.07.202610.07.2026377326
CVE-2026-55604DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to ver ...09.07.202610.07.2026377328
CVE-2026-55170OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL ...09.07.202610.07.2026377327
CVE-2026-39246decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When proces ...09.07.202609.07.2026377325
CVE-2026-39245decompress before 4.2.2 contains an improper path containment check that enables directory trave ...09.07.202609.07.2026154375
CVE-2026-39243decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling f ...09.07.202609.07.2026377324
CVE-2026-33803An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper ...09.07.202609.07.2026377322
CVE-2026-33802A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allow ...09.07.202609.07.2026377323
CVE-2026-15271A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450 ...09.07.202609.07.2026377214
CVE-2026-60120Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side templa ...09.07.202609.07.2026377320
CVE-2026-55865Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malfo ...09.07.202609.07.2026377319
CVE-2026-55212Pimcore is an Open Source Data Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, ...09.07.202609.07.2026377318
CVE-2026-55208Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 20 ...09.07.202610.07.2026377373
CVE-2026-55207Pimcore is an Open Source Data Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, ...09.07.202609.07.2026377321
CVE-2026-51926An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive infor ...09.07.202609.07.2026377317
CVE-2026-51925A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a ...09.07.202609.07.2026377310
CVE-2026-51924An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via ...09.07.202609.07.2026377313
CVE-2026-51923An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c ...09.07.202609.07.2026377314
CVE-2026-33801An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol da ...09.07.202609.07.2026377309
CVE-2026-33800An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Jun ...09.07.202609.07.2026377312
CVE-2026-33799An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and ...09.07.202609.07.2026377308
CVE-2026-33794An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwardin ...09.07.202609.07.2026377307
CVE-2026-31267Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the admini ...09.07.202609.07.2026377315
CVE-2026-21901A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Juno ...09.07.202609.07.2026377311
CVE-2026-15270A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerabil ...09.07.202609.07.2026377213
CVE-2026-0278Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) com ...09.07.202609.07.2026377305
CVE-2026-0277An improper certificate validation vulnerability in the Prisma Access Agent for iOS enables an ...09.07.202609.07.2026377303
CVE-2026-0276A privilege escalation vulnerability in Palo Alto Networks Cortex XDR Broker VM enables a local ...09.07.202609.07.2026377306
CVE-2026-0275A local privilege escalation vulnerability in Palo Alto Networks Prisma Browser allows a locall ...09.07.202609.07.2026377304
CVE-2026-55590CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 ba ...09.07.202609.07.2026377294
CVE-2026-54695Pipecat is an open-source Python framework for building real-time voice and multimodal conversat ...09.07.202609.07.2026377293
CVE-2026-54005Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a ...09.07.202609.07.2026377297
CVE-2026-54004Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with co ...09.07.202609.07.2026377300
CVE-2026-54003Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites wi ...09.07.202609.07.2026377299
CVE-2026-54002Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plu ...09.07.202609.07.2026377302
CVE-2026-50188Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plu ...09.07.202609.07.2026377298
CVE-2026-49276Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using t ...09.07.202609.07.2026377301
CVE-2026-49274Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using t ...09.07.202609.07.2026377296
CVE-2026-13492The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and ...09.07.202609.07.2026377295
CVE-2026-0287Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS software allow an unaut ...09.07.202609.07.2026377289
CVE-2026-0286A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS software ...09.07.202609.07.2026377283
CVE-2026-0285A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables ...09.07.202609.07.2026377291
CVE-2026-0284An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Network ...09.07.202609.07.2026377286
CVE-2026-0283An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Ne ...09.07.202609.07.2026377288
CVE-2026-0282A file deletion vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated ...09.07.202609.07.2026377287
CVE-2026-0281An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an unauth ...09.07.202609.07.2026377285
CVE-2026-0280An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS software ...09.07.202609.07.2026377284
CVE-2026-0279Multiple cross site scripting vulnerabilities in the User-ID Authentication Portal (aka Captive ...09.07.202609.07.2026377290
CVE-2026-59149Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath ...09.07.202609.07.2026377279
CVE-2026-59148Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in co ...09.07.202609.07.2026377278
CVE-2026-58198ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to ...09.07.202609.07.2026377280
CVE-2026-61344The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov expos ...09.07.202609.07.2026377270
CVE-2026-61343LibreBooking's email template editor save action passes the submitted template name directl ...09.07.202609.07.2026377266
CVE-2026-59827Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, ...09.07.202609.07.2026377267
CVE-2026-59826Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until ...09.07.202609.07.2026377282
CVE-2026-59817Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public don ...09.07.202609.07.2026377269
CVE-2026-59734Coolify is an open-source and self-hostable tool for managing servers, applications, and databas ...09.07.202609.07.2026377264
CVE-2026-59726Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default ...09.07.202609.07.2026377268
CVE-2026-59721Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfig ...09.07.202609.07.2026377255
CVE-2026-59720Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation ...09.07.202609.07.2026377281
CVE-2026-59221Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 ...09.07.202609.07.2026377262
CVE-2026-58378Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker ...09.07.202609.07.2026377261
CVE-2026-55420Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...09.07.202609.07.2026377254
CVE-2026-43752An authenticated administrator may be able to achieve arbitrary code execution on the host syste ...09.07.202609.07.2026377256
CVE-2026-15204A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. A ...09.07.202609.07.2026377125
CVE-2026-15202A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function get_url ...09.07.202609.07.2026377124
CVE-2026-15195A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts ...09.07.202609.07.2026377123
CVE-2026-14278After further coordination, CVE was determined to not be warranted.09.07.202609.07.2026
 
CVE-2026-59225Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.1 ...09.07.202609.07.2026377277
CVE-2026-59224Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09.07.202609.07.2026377276
CVE-2026-59223Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09.07.202609.07.2026377271
CVE-2026-59222Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 ...09.07.202609.07.2026377251
CVE-2026-59219Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 ...09.07.202609.07.2026377250
CVE-2026-59217Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09.07.202609.07.2026377249
CVE-2026-59216Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09.07.202609.07.2026377245
CVE-2026-59215Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09.07.202609.07.2026377244
CVE-2026-59213Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.2 ...09.07.202609.07.2026377248
CVE-2026-59212Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 ...09.07.202609.07.2026377243
CVE-2026-51603A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...09.07.202609.07.2026377253
CVE-2026-51602A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...09.07.202609.07.2026377252
CVE-2026-51601Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. T ...09.07.202609.07.2026377246
CVE-2026-51600Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP req ...09.07.202609.07.2026377236
CVE-2026-51599An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Bu ...09.07.202609.07.2026377238
CVE-2026-51598An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build ...09.07.202609.07.2026377241
CVE-2026-51597MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in ...09.07.202609.07.2026377240
CVE-2026-15308The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through re ...09.07.202609.07.2026377242
CVE-2026-15194A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_fina ...09.07.202609.07.2026377122
CVE-2026-15193A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element i ...09.07.202609.07.2026377120
CVE-2026-15192A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function ...09.07.202609.07.2026377118
CVE-2026-13462PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows ...09.07.202609.07.2026377237
CVE-2026-13461When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the ...09.07.202609.07.2026377239
CVE-2026-59715Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.1 ...09.07.202609.07.2026377234
CVE-2026-59227Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.1 ...09.07.202609.07.2026377232
CVE-2026-59226Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 ...09.07.202609.07.2026377231
CVE-2026-59220Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 ...09.07.202609.07.2026377233
CVE-2026-59218Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09.07.202609.07.2026377230
CVE-2026-59214Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09.07.202609.07.2026377225
CVE-2026-59209n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an a ...09.07.202609.07.2026377228
CVE-2026-58459gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability ...09.07.202609.07.2026377224
CVE-2026-53987The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and rende ...09.07.202609.07.2026377235
CVE-2026-51606An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9 ...09.07.202609.07.2026377229
CVE-2026-51605A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...09.07.202609.07.2026377227
CVE-2026-51604A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...09.07.202609.07.2026377226
CVE-2026-15191A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code ...09.07.202609.07.2026377117
CVE-2026-15190A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This af ...09.07.202609.07.2026377116
CVE-2026-61474An improper authorization check in MISP s attribute creation endpoint allowed an authenticated u ...09.07.202609.07.2026377220
CVE-2026-59208n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.2 ...09.07.202609.07.2026377223
CVE-2026-59207n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents fe ...09.07.202609.07.2026377222
CVE-2026-59206n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an a ...09.07.202609.07.2026377221
CVE-2026-58125This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.09.07.202609.07.2026
 
CVE-2026-42486[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09.07.202610.07.2026377535
CVE-2026-23562[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09.07.202610.07.2026377534
CVE-2026-23561[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09.07.202609.07.2026377219
CVE-2026-23560[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09.07.202609.07.2026377219
CVE-2026-23559[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09.07.202609.07.2026377219
CVE-2026-23556When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are l ...09.07.202609.07.2026377217
CVE-2026-15189A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aa ...09.07.202609.07.2026377115
CVE-2026-15188A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc1 ...09.07.202609.07.2026377114
CVE-2026-15187A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.s ...09.07.202609.07.2026377113
CVE-2026-11404Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function ...09.07.202609.07.2026377218
CVE-2026-60109Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol ana ...09.07.202609.07.2026377207
CVE-2026-60108Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer ...09.07.202609.07.2026377206
CVE-2026-5005Improper neutralization of input during web page generation ('cross-site scripting') v ...09.07.202609.07.2026377212
CVE-2026-56292A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting thi ...09.07.202609.07.2026377211
CVE-2026-54801A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...09.07.202609.07.2026377210
CVE-2026-54800A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...09.07.202609.07.2026377209
CVE-2026-54799A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...09.07.202609.07.2026377205
CVE-2026-54798A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...09.07.202609.07.2026377208
CVE-2026-60095Vinchin Backup Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in ...09.07.202609.07.2026377203
CVE-2026-60094Vinchin Backup Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that ...09.07.202609.07.2026377202
CVE-2026-4256Improper neutralization of special elements used in an LDAP query ('LDAP injection') v ...09.07.202609.07.2026377204
CVE-2026-15186A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function ...09.07.202609.07.2026377112
CVE-2026-15185A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of t ...09.07.202609.07.2026377111
CVE-2026-14261A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execu ...09.07.202609.07.2026377200
CVE-2026-12879An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior ...09.07.202609.07.2026377199
CVE-2026-12593The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{us ...09.07.202609.07.2026377201
CVE-2026-12116A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in th ...09.07.202609.07.2026377198
CVE-2026-3494In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_ ...09.07.202609.07.2026348595
CVE-2026-15184A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg ...09.07.202609.07.2026377110
CVE-2026-9253The WP Cost Estimation Payment Forms Builder (E P Forms) plugin for WordPress is vulnerable to ...09.07.202609.07.2026377197
CVE-2026-15182A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the functio ...09.07.202609.07.2026377109
CVE-2026-9240The Colissimo Officiel : M thodes de livraison pour WooCommerce plugin for WordPress is vulnerab ...09.07.202609.07.2026377195
CVE-2026-9237The Employee, Leave and Recruitment Management System Crew HRM plugin for WordPress is vulnera ...09.07.202609.07.2026377196
CVE-2026-9235The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized m ...09.07.202609.07.2026377194
CVE-2026-9028The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization by ...09.07.202609.07.2026377186
CVE-2026-9027The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass v ...09.07.202609.07.2026377185
CVE-2026-9021The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, ...09.07.202609.07.2026377184
CVE-2026-59692A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS h ...09.07.202609.07.2026377190
CVE-2026-59691A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client ...09.07.202609.07.2026377191
CVE-2026-58307Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Ove ...09.07.202609.07.2026377189
CVE-2026-58306Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers ...09.07.202609.07.2026377192
CVE-2026-58305Access of resource using incompatible type ('type confusion') vulnerability in Samsung ...09.07.202609.07.2026377188
CVE-2026-58304Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Ove ...09.07.202609.07.2026377187
CVE-2026-58303Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffer ...09.07.202609.07.2026377193
CVE-2026-56291The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload tha ...09.07.202609.07.2026377183
CVE-2026-56289GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single ...09.07.202609.07.2026377175
CVE-2026-56288GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unifie ...09.07.202609.07.2026377174
CVE-2026-50644SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker hold ...09.07.202609.07.2026377182
CVE-2026-4298The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all v ...09.07.202609.07.2026377177
CVE-2026-4275The Divi Torque Lite Divi Theme, Divi Builder Extra Theme plugin for WordPress is vulnerable ...09.07.202609.07.2026377181
CVE-2026-14372The Bit Form Contact Form, Payment Forms, Multi Step Forms, Calculator Custom Form Builder p ...09.07.202609.07.2026377176
CVE-2026-13441The EventPrime Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sto ...09.07.202609.07.2026377180
CVE-2026-12590Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser ...09.07.202609.07.2026377179
CVE-2026-12428The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due ...09.07.202609.07.2026377178
CVE-2026-5955Improper neutralization of special elements used in an SQL command ('SQL injection') v ...09.07.202609.07.2026377169
CVE-2026-5793Improper neutralization of input during web page generation ('cross-site scripting') v ...09.07.202609.07.2026377173
CVE-2026-56460HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authentica ...09.07.202609.07.2026377172
CVE-2026-56459HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The applicat ...09.07.202609.07.2026377170
CVE-2026-56458HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to car ...09.07.202609.07.2026377166
CVE-2026-2342Improper neutralization of input during web page generation ('cross-site scripting') v ...09.07.202609.07.2026377171
CVE-2026-1989Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solu ...09.07.202609.07.2026377168
CVE-2026-1365Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc ...09.07.202609.07.2026377167
CVE-2026-15158The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all version ...09.07.202609.07.2026377164
CVE-2026-12433The Hydra Booking Appointment Scheduling Booking Calendar plugin for WordPress is vulnerable ...09.07.202609.07.2026377165
CVE-2026-8996The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Inform ...09.07.202609.07.2026377160
CVE-2026-8848The Popup Maker Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Build ...09.07.202609.07.2026377158
CVE-2026-7558The Age Verification Identity Verification by Token of Trust plugin for WordPress is vulnerabl ...09.07.202609.07.2026377159
CVE-2026-6910The Bookero.pl system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Sit ...09.07.202609.07.2026377163
CVE-2026-59269A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain ...09.07.202609.07.2026377161
CVE-2026-57111Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.re ...09.07.202609.07.2026376957
CVE-2026-4653The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Sit ...09.07.202609.07.2026377162
CVE-2026-33390An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functional ...09.07.202609.07.2026377152
CVE-2026-31985When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the gener ...09.07.202609.07.2026377151
CVE-2026-31984A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the ...09.07.202609.07.2026377148
CVE-2026-31983A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. ...09.07.202609.07.2026377155
CVE-2026-31982An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to in ...09.07.202609.07.2026377154
CVE-2026-31981A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a ...09.07.202609.07.2026377157
CVE-2026-15000The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site ...09.07.202609.07.2026377153
CVE-2026-14343The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via &#039 ...09.07.202609.07.2026377156
CVE-2026-14342The Mail Mint Email Marketing, Newsletter, Email Automation WooCommerce Emails plugin for Wo ...09.07.202609.07.2026377150
CVE-2026-14245The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable ...09.07.202609.07.2026377149
CVE-2026-13771The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr ...09.07.202609.07.2026377143
CVE-2026-13450The GamiPress Gamification plugin to reward points, achievements, badges ranks in WordPress ...09.07.202609.07.2026377142
CVE-2026-13334The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the & ...09.07.202609.07.2026377147
CVE-2026-13253The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &#03 ...09.07.202609.07.2026377146
CVE-2026-13080The WPFunnels Funnel Builder for WooCommerce with Checkout One Click Upsell plugin for WordP ...09.07.202609.07.2026377138
CVE-2026-13011The ERP: Complete HR, Accounting CRM Suite with Recruitment and WooCommerce CRM Support plugin ...09.07.202609.07.2026377141
CVE-2026-12418The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership User Regis ...09.07.202609.07.2026377139
CVE-2026-12406The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership User Regis ...09.07.202609.07.2026377145
CVE-2026-12170The AcyMailing An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress p ...09.07.202609.07.2026377144
CVE-2026-11359The Memberships and User Profiles for WooCommerce ProfileGrid WooCommerce Integration plugin f ...09.07.202609.07.2026377140
CVE-2026-47840A network attacker positioned between UAA and its LDAP directory can impersonate the directory u ...09.07.202609.07.2026377137
CVE-2026-47831Use of a cryptographically weak random number generator in the GenerateRandomPassword function i ...09.07.202609.07.2026377136
CVE-2026-47830Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-build ...09.07.202609.07.2026377135
CVE-2026-47829Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH op ...09.07.202609.07.2026377127
CVE-2026-47828During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered j ...09.07.202609.07.2026377131
CVE-2026-47826The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write ...09.07.202609.07.2026377134
CVE-2026-12517The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the serv ...09.07.202609.07.2026377133
CVE-2026-12516The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the serv ...09.07.202609.07.2026377132
CVE-2026-12270The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several R ...09.07.202609.07.2026377126
CVE-2026-11875The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or ver ...09.07.202609.07.2026377130
CVE-2026-11869The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check ...09.07.202609.07.2026377129
CVE-2026-11571The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files ge ...09.07.202609.07.2026377128
CVE-2026-5523The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up ...09.07.202609.07.2026377119
CVE-2026-41857A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator&#0 ...09.07.202609.07.2026377121
CVE-2026-15138A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affec ...09.07.202609.07.2026376953
CVE-2026-15137A weakness has been identified in code-projects Interview Management System 1.0. This vulnerabil ...09.07.202609.07.2026376952
CVE-2026-47646Improper neutralization of input during web page generation ('cross-site scripting') i ...09.07.202609.07.2026372322
CVE-2026-15135A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects ...09.07.202609.07.2026376951
CVE-2026-8472GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19. ...09.07.202609.07.2026377103
CVE-2026-7492GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 1 ...09.07.202609.07.2026377102
CVE-2026-6896GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19 ...09.07.202609.07.2026377101
CVE-2026-6352GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19. ...09.07.202609.07.2026377100
CVE-2026-60105Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemote ...09.07.202609.07.2026377104
CVE-2026-59818etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and ...09.07.202609.07.2026377099
CVE-2026-58525Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to by ...09.07.202609.07.2026377108
CVE-2026-58192Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C W ...09.07.202609.07.2026377094
CVE-2026-58191Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C W ...09.07.202609.07.2026377097
CVE-2026-57481Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...09.07.202609.07.2026377092
CVE-2026-57480Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...09.07.202609.07.2026377090
CVE-2026-55778Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...09.07.202609.07.2026377095
CVE-2026-5923Malicious use of a stolen cookie might allow modifications to the contents of the IP phone s web ...09.07.202609.07.2026377098
CVE-2026-55878Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 befor ...09.07.202609.07.2026372595
CVE-2026-59723Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, ...09.07.202609.07.2026377096
CVE-2026-54784CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In ...09.07.202609.07.2026377093
CVE-2026-54783CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377091
CVE-2026-54782CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377089
CVE-2026-54781CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377105
CVE-2026-15133Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attac ...09.07.202609.07.2026377086
CVE-2026-15132Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...09.07.202609.07.2026377085
CVE-2026-15131Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a re ...09.07.202609.07.2026377084
CVE-2026-15130Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a ...09.07.202609.07.2026377082
CVE-2026-15129Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to po ...09.07.202609.07.2026377083
CVE-2026-15128Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote ...09.07.202609.07.2026377088
CVE-2026-15127Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote ...09.07.202609.07.2026377087
CVE-2026-15134A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected ...09.07.202609.07.2026376949
CVE-2026-15126Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...09.07.202609.07.2026377081
CVE-2026-15125Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote ...09.07.202609.07.2026377080
CVE-2026-15124Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a ...09.07.202609.07.2026377072
CVE-2026-15123Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote at ...09.07.202609.07.2026377079
CVE-2026-15122Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0. ...09.07.202609.07.2026377078
CVE-2026-15121Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to e ...09.07.202609.07.2026377077
CVE-2026-15120Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote atta ...09.07.202609.07.2026377076
CVE-2026-15119Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had ...09.07.202609.07.2026377075
CVE-2026-15118Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...09.07.202609.07.2026377074
CVE-2026-15117Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker wh ...09.07.202609.07.2026377073
CVE-2026-15116Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...09.07.202609.07.2026377069
CVE-2026-15115Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior t ...09.07.202609.07.2026377063
CVE-2026-15114Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote ...09.07.202609.07.2026377068
CVE-2026-15113Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote ...09.07.202609.07.2026377062
CVE-2026-15112Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to po ...09.07.202609.07.2026377067
CVE-2026-15111Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who c ...09.07.202609.07.2026377066
CVE-2026-15110Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who co ...09.07.202609.07.2026377071
CVE-2026-15109Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ...09.07.202609.07.2026377065
CVE-2026-15108Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker ...09.07.202609.07.2026377070
CVE-2026-15107Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker t ...09.07.202609.07.2026377064
CVE-2026-54780CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377061
CVE-2026-54779CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377056
CVE-2026-54778CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377060
CVE-2026-54776CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377059
CVE-2026-54775CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377058
CVE-2026-54774CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377057
CVE-2026-54773CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377055
CVE-2026-54772CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377054
CVE-2026-54499Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsin ...09.07.202609.07.2026377053
CVE-2026-15105A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::Pe ...09.07.202609.07.2026376946
CVE-2026-55877Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 befor ...09.07.202609.07.2026372593
CVE-2026-5922The IP phone might use malicious input stored in configuration parameters and render it as conte ...09.07.202609.07.2026377051
CVE-2026-54777CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09.07.202609.07.2026377046
CVE-2026-52200An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbi ...09.07.202609.07.2026377048
CVE-2026-51535In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists ...09.07.202609.07.2026377047
CVE-2026-39179A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitr ...09.07.202609.07.2026377050
CVE-2026-39178A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitr ...09.07.202609.07.2026377049
CVE-2026-35552In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0 ...09.07.202609.07.2026377045
CVE-2026-31309Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 a ...09.07.202609.07.2026377107
CVE-2026-15168BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disc ...09.07.202609.07.2026377044
CVE-2026-55849@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2. ...08.07.202609.07.2026377106
CVE-2026-55830RestrictedPython is a tool that helps to define a subset of the Python language which allows to ...08.07.202608.07.2026377036
CVE-2026-55471HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability ...08.07.202609.07.2026377043
CVE-2026-55470HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability ...08.07.202608.07.2026372591
CVE-2026-48492Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{obje ...08.07.202609.07.2026377039
CVE-2026-44161Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...08.07.202609.07.2026377042
CVE-2026-44160Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...08.07.202609.07.2026377040
CVE-2026-44025Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...08.07.202609.07.2026377041
CVE-2026-44024Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...08.07.202609.07.2026377037
CVE-2026-10037A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME ...08.07.202609.07.2026377038
CVE-2026-54528JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.f ...08.07.202608.07.2026377030
CVE-2026-54527JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff ...08.07.202608.07.2026377029
CVE-2026-49866libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossi ...08.07.202608.07.2026377028
CVE-2026-35211OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observab ...08.07.202608.07.2026377026
CVE-2026-35210OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observab ...08.07.202608.07.2026377027
CVE-2026-15174Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows ...08.07.202608.07.2026377035
CVE-2026-15173pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service08.07.202608.07.2026377034
CVE-2026-15172FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denia ...08.07.202608.07.2026377033
CVE-2026-15171SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of se ...08.07.202608.07.2026377032
CVE-2026-15170Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of ...08.07.202608.07.2026377031
CVE-2026-15169UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial o ...08.07.202608.07.2026377025
CVE-2026-15167DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial o ...08.07.202608.07.2026377024
CVE-2026-15166IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows deni ...08.07.202608.07.2026377023
CVE-2026-15165TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service08.07.202608.07.2026377022
CVE-2026-15164Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service08.07.202608.07.2026377016
CVE-2026-15163Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow ...08.07.202608.07.2026377021
CVE-2026-13320GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, ...08.07.202608.07.2026377020
CVE-2026-13151GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19 ...08.07.202608.07.2026377019
CVE-2026-11827GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 ...08.07.202608.07.2026377018
CVE-2026-58494Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-w ...08.07.202608.07.2026377012
CVE-2026-58211NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026377011
CVE-2026-58208NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026377014
CVE-2026-58207NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026377004
CVE-2026-56669Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, ...08.07.202608.07.2026377005
CVE-2026-55596Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed ren ...08.07.202608.07.2026377003
CVE-2026-55542Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature ...08.07.202608.07.2026377006
CVE-2026-55206py7zr is a Python-based library and utility to support 7zip archive compression, decompression, ...08.07.202608.07.2026377001
CVE-2026-55195py7zr is a Python-based library and utility to support 7zip archive compression, decompression, ...08.07.202608.07.2026377000
CVE-2026-54591AsyncSSH is a Python package which provides an asynchronous client and server implementation of ...08.07.202608.07.2026376999
CVE-2026-54590AsyncSSH is a Python package which provides an asynchronous client and server implementation of ...08.07.202608.07.2026376998
CVE-2026-14896HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in ...08.07.202608.07.2026377002
CVE-2026-0288Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of ...08.07.202608.07.2026376997
CVE-2026-8801Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue af ...08.07.202608.07.2026376996
CVE-2026-8800Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issu ...08.07.202608.07.2026376995
CVE-2026-8651Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS modul ...08.07.202608.07.2026376993
CVE-2026-8650Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This ...08.07.202608.07.2026376994
CVE-2026-8649Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit ...08.07.202608.07.2026377015
CVE-2026-60104Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-r ...08.07.202608.07.2026377013
CVE-2026-59948Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously ...08.07.202608.07.2026377009
CVE-2026-59947Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer ...08.07.202608.07.2026377008
CVE-2026-59946Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer pa ...08.07.202608.07.2026377007
CVE-2026-59939httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs u ...08.07.202608.07.2026377010
CVE-2026-59936pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft ...08.07.202608.07.2026376987
CVE-2026-59807Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows ...08.07.202608.07.2026376991
CVE-2026-59806Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability tha ...08.07.202608.07.2026376992
CVE-2026-59805Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesContr ...08.07.202608.07.2026376990
CVE-2026-58254NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026376988
CVE-2026-58253NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026376989
CVE-2026-58252NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026376981
CVE-2026-58250NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026376986
CVE-2026-58214NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026376985
CVE-2026-58213NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026376980
CVE-2026-58212Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of ...08.07.202608.07.2026
 
CVE-2026-58210NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026376984
CVE-2026-58209NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026376983
CVE-2026-15154A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerabil ...08.07.202608.07.2026376978
CVE-2026-14891HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task drive ...08.07.202608.07.2026376979
CVE-2026-14361The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in t ...08.07.202608.07.2026376982
CVE-2026-59935pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft ...08.07.202608.07.2026376970
CVE-2026-59822LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...08.07.202608.07.2026376976
CVE-2026-59821LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...08.07.202608.07.2026376969
CVE-2026-59820LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...08.07.202608.07.2026376975
CVE-2026-59819LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...08.07.202608.07.2026376977
CVE-2026-59804Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authenticatio ...08.07.202608.07.2026376971
CVE-2026-59803rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in proto ...08.07.202608.07.2026376972
CVE-2026-59802PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient va ...08.07.202608.07.2026376974
CVE-2026-58501Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but n ...08.07.202609.07.2026377052
CVE-2026-58251NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08.07.202608.07.2026376973
CVE-2026-55760Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, a ...08.07.202608.07.2026376965
CVE-2026-55575LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10. ...08.07.202608.07.2026376964
CVE-2026-55404yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-l ...08.07.202608.07.2026376963
CVE-2026-53624Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware ...08.07.202608.07.2026376966
CVE-2026-45045Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the Balanc ...08.07.202608.07.2026376962
CVE-2026-44512Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. F ...08.07.202608.07.2026376961
CVE-2026-44332Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer ...08.07.202608.07.2026376433
CVE-2026-36028A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical acc ...08.07.202608.07.2026376968
CVE-2026-36027An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to ex ...08.07.202608.07.2026376967
CVE-2026-14373HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Do ...08.07.202608.07.2026376960
CVE-2026-59938pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft ...08.07.202608.07.2026376955
CVE-2026-59937pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft ...08.07.202608.07.2026376954
CVE-2026-50813An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensiti ...08.07.202608.07.2026376959
CVE-2026-50812A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk bui ...08.07.202608.07.2026376958
CVE-2026-14362HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push ...08.07.202608.07.2026376956
CVE-2026-60102Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability ...08.07.202608.07.2026376950
CVE-2026-59928Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown docum ...08.07.202608.07.2026376948
CVE-2026-59927Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include dire ...08.07.202608.07.2026376947
CVE-2026-59924Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() ...08.07.202608.07.2026376945
CVE-2026-59731Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decis ...08.07.202608.07.2026376944
CVE-2026-9074IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthentica ...08.07.202608.07.2026376935
CVE-2026-59880Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immut ...08.07.202608.07.2026376943
CVE-2026-59877protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6. ...08.07.202608.07.2026376934
CVE-2026-59876protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, ...08.07.202608.07.2026376942
CVE-2026-59875node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not s ...08.07.202608.07.2026376941
CVE-2026-59874node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts ...08.07.202608.07.2026376940
CVE-2026-59930Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin a ...08.07.202608.07.2026376931
CVE-2026-59929Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url fil ...08.07.202608.07.2026376928
CVE-2026-59926Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonitio ...08.07.202608.07.2026376939
CVE-2026-59925Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences o ...08.07.202608.07.2026376930
CVE-2026-59923Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.saf ...08.07.202608.07.2026376927
CVE-2026-59922Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed ...08.07.202608.07.2026376929
CVE-2026-59897Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 ...08.07.202608.07.2026376933
CVE-2026-59896Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11. ...08.07.202608.07.2026376938
CVE-2026-59895Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 ...08.07.202608.07.2026376937
CVE-2026-59892OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/ ...08.07.202608.07.2026376932
CVE-2026-59890setuptools is a package that allows users to download, build, install, upgrade, and uninstall Py ...08.07.202608.07.2026376926
CVE-2026-59887linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: ...08.07.202608.07.2026376936
CVE-2026-59883Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies sco ...08.07.202608.07.2026376917
CVE-2026-59882guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::ass ...08.07.202608.07.2026376916
CVE-2026-59879Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List# ...08.07.202608.07.2026376924
CVE-2026-59261OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv fi ...08.07.202608.07.2026376923
CVE-2026-42505Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observe ...08.07.202608.07.2026376925
CVE-2026-39822On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside o ...08.07.202608.07.2026376920
CVE-2026-29009U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net ...08.07.202608.07.2026376922
CVE-2026-29008U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machi ...08.07.202608.07.2026376921
CVE-2026-29007U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine( ...08.07.202608.07.2026376919
CVE-2026-59873node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not e ...08.07.202608.07.2026376908
CVE-2026-59871node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces al ...08.07.202608.07.2026376907
CVE-2026-59870js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support f ...08.07.202608.07.2026376914
CVE-2026-59869js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4 ...08.07.202608.07.2026376913
CVE-2026-59868js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are ena ...08.07.202608.07.2026376912
CVE-2026-59725Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 bef ...08.07.202608.07.2026376911
CVE-2026-59724Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 bef ...08.07.202608.07.2026376910
CVE-2026-59702repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that ...08.07.202608.07.2026376915
CVE-2026-59262AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing docu ...08.07.202608.07.2026376909
CVE-2026-57439CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0 ...08.07.202608.07.2026376906
CVE-2026-55761Portainer Community Edition is a lightweight service delivery platform for containerized applica ...08.07.202608.07.2026376904
CVE-2026-54344ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, Tool ...08.07.202608.07.2026376903
CVE-2026-53951Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15. ...08.07.202608.07.2026376905
CVE-2026-49946This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.08.07.202608.07.2026
 
CVE-2026-49945This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.08.07.202608.07.2026
 
CVE-2026-49944This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.08.07.202608.07.2026
 
CVE-2026-3144IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker ...08.07.202608.07.2026376899
CVE-2026-15063A flaw was found in the gorch service template, which is part of the trustyai-service-operator. ...08.07.202608.07.2026376902
CVE-2026-14967BBOT's `github_workflows` module could be induced to write a downloaded artifact outside it ...08.07.202608.07.2026376901
CVE-2026-14966BBOT's unarchive module rejects archives containing symlink entries before extraction, but ...08.07.202608.07.2026376900
CVE-2026-59703repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unau ...08.07.202608.07.2026376896
CVE-2026-55874SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot ...08.07.202608.07.2026376890
CVE-2026-55873SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with S ...08.07.202608.07.2026376893
CVE-2026-55668File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the ne ...08.07.202608.07.2026376892
CVE-2026-54652Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} ...08.07.202608.07.2026376889
CVE-2026-49147App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filen ...08.07.202608.07.2026376888
CVE-2026-49146App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value ...08.07.202608.07.2026376887
CVE-2026-49145App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ac ...08.07.202608.07.2026376885
CVE-2026-24700An OS command injection vulnerability exists in the start_lltd() function of the rc binary in ...08.07.202608.07.2026376883
CVE-2026-24699An OS command injection vulnerability exists in the sub_34984() function of the rc binary in C ...08.07.202608.07.2026376882
CVE-2026-24698An OS command injection vulnerability exists in the save_syslog_to_file() function of the httpd ...08.07.202608.07.2026376881
CVE-2026-24697An OS command injection vulnerability exists in the start_bonjour() function of the rc binary ...08.07.202608.07.2026376872
CVE-2026-15067Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, ...08.07.202608.07.2026376875
CVE-2026-15062SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions pr ...08.07.202608.07.2026376873
CVE-2026-15044A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGua ...08.07.202608.07.2026376874
CVE-2026-15036A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function ...08.07.202608.07.2026376787
CVE-2026-11903Improper neutralization of input during web page generation ('cross-site scripting') v ...08.07.202608.07.2026376880
CVE-2026-10708This vulnerability enables large‑scale data harvesting without requiring app‑specific secret ...08.07.202608.07.2026376876
CVE-2026-10706In Adalo s no-code app builder, (Versions 1 and 2) the attackers may extract full user records a ...08.07.202608.07.2026376879
CVE-2026-10699Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Cu ...08.07.202608.07.2026376878
CVE-2026-10698Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit ...08.07.202608.07.2026376877
CVE-2026-60125MISP s importModule() path used getEnabledModule() to resolve a single import module by name, bu ...08.07.202608.07.2026376897
CVE-2026-60124An authorization bypass in MISP s EventsController::importModule() allowed authenticated users o ...08.07.202608.07.2026376895
CVE-2026-60092AVideo (Meet plugin) through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored c ...08.07.202608.07.2026376886
CVE-2026-59257n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulner ...08.07.202608.07.2026376884
CVE-2026-59253n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users ...08.07.202608.07.2026376894
CVE-2026-58657Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injecti ...08.07.202608.07.2026376891
CVE-2026-58656Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and r ...08.07.202608.07.2026376898
CVE-2026-58654The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains an unrestricted file upload vulnera ...08.07.202608.07.2026376862
CVE-2026-56778n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API ex ...08.07.202608.07.2026376869
CVE-2026-56776n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/ ...08.07.202608.07.2026376868
CVE-2026-56775n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutatin ...08.07.202608.07.2026376867
CVE-2026-56401Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inv ...08.07.202608.07.2026376864
CVE-2026-56374ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder du ...08.07.202608.07.2026376863
CVE-2026-56362ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex ...08.07.202608.07.2026376866
CVE-2026-56360n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhook ...08.07.202608.07.2026376865
CVE-2026-56359n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow ...08.07.202608.07.2026376871
CVE-2026-56298Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information ...08.07.202608.07.2026376870
CVE-2026-56297FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman ...08.07.202608.07.2026376853
CVE-2026-56293Capgo before 12.128.2 contains an authorization flaw in transfer_app() that fails to update depl ...08.07.202608.07.2026376857
CVE-2026-56284Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Sup ...08.07.202608.07.2026376856
CVE-2026-56283Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endp ...08.07.202608.07.2026376861
CVE-2026-56273Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector sto ...08.07.202608.07.2026376855
CVE-2026-56250Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable app_versions.r2_path f ...08.07.202608.07.2026376860
CVE-2026-56246Capgo before 12.128.2 contains a broken access control vulnerability in the organization managem ...08.07.202608.07.2026376852
CVE-2026-56226Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase PostgREST RPC function public.get_orgs ...08.07.202608.07.2026376859
CVE-2026-56220Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSE ...08.07.202608.07.2026376858
CVE-2026-56217Capgo before 12.128.2 contains a policy bypass vulnerability in app_versions update enforcement ...08.07.202608.07.2026376854
CVE-2026-56086Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 thr ...08.07.202608.07.2026376848
CVE-2026-54061Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exp ...08.07.202608.07.2026376846
CVE-2026-53482Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...08.07.202608.07.2026376847
CVE-2026-53480Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...08.07.202608.07.2026376845
CVE-2026-44840Dgraph is an open source distributed GraphQL database. Prior to version 25.3.4, the `checkUserPa ...08.07.202608.07.2026374768
CVE-2026-41122Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...08.07.202608.07.2026376849
CVE-2026-22927Omnissa Workspace ONE Tunnel for Windows addresses a Local Privilege Escalation Vulnerability.08.07.202608.07.2026376851

2025

CVEBeschreibungEinreichungModerierenEintrag
CVE-2025-6784The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up t ...11.07.202611.07.2026377755
CVE-2025-5017The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL ...11.07.202611.07.2026377759
CVE-2025-13968The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Sit ...11.07.202611.07.2026377741
CVE-2025-30008HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authentic ...10.07.202610.07.2026377575
CVE-2025-30007HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows l ...10.07.202610.07.2026377576
CVE-2025-70796An unauthenticated path traversal vulnerability exists in the web management interface of WTI (W ...10.07.202610.07.2026377553
CVE-2025-12127** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes ...10.07.202610.07.2026
 
CVE-2025-11977The Happyforms Form Builder for WordPress: Drag Drop Contact Forms, Surveys, Payments Mult ...10.07.202610.07.2026377445
CVE-2025-45422Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass nor ...09.07.202609.07.2026377316
CVE-2025-63579Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book ...09.07.202609.07.2026377292
CVE-2025-58151varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a commu ...09.07.202609.07.2026342998
CVE-2025-58146There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try ...09.07.202609.07.2026323606
CVE-2025-27464[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09.07.202609.07.2026310613
CVE-2025-27463[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09.07.202609.07.2026310613
CVE-2025-27462[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09.07.202609.07.2026310613
CVE-2025-12506GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, ...08.07.202608.07.2026377017
CVE-2025-3110OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header va ...08.07.202608.07.2026376918

Want to stay up to date on a daily basis?

Enable the mail alert feature now!