CVEinformación

2026

CVEDescripciónSumisiónModeraciónArtículo
CVE-2026-15475A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is ...2026-07-122026-07-12377780
CVE-2026-15474A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unkn ...2026-07-122026-07-12377779
CVE-2026-15473A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some ...2026-07-122026-07-12377778
CVE-2026-15472A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affec ...2026-07-122026-07-12377777
CVE-2026-15471A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part ...2026-07-122026-07-12377776
CVE-2026-15470A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue i ...2026-07-122026-07-12377775
CVE-2026-58281Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized atta ...2026-07-112026-07-11377832
CVE-2026-10660The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assist ...2026-07-112026-07-11377831
CVE-2026-61870ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory ...2026-07-112026-07-11377830
CVE-2026-61861ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption m ...2026-07-112026-07-11377825
CVE-2026-61858ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and exter ...2026-07-112026-07-11377827
CVE-2026-61857ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null ...2026-07-112026-07-11377826
CVE-2026-61465ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation l ...2026-07-112026-07-11377822
CVE-2026-61454The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript vari ...2026-07-112026-07-11377828
CVE-2026-61448Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions = 9.0 ...2026-07-112026-07-11377829
CVE-2026-61447PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_pyt ...2026-07-112026-07-11377820
CVE-2026-61445PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in t ...2026-07-112026-07-11377824
CVE-2026-61442PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization ...2026-07-112026-07-11377823
CVE-2026-61439PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the b ...2026-07-112026-07-11377821
CVE-2026-61429PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Craw ...2026-07-112026-07-11377819
CVE-2026-61428PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing ...2026-07-112026-07-11377816
CVE-2026-61426PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces w ...2026-07-112026-07-11377814
CVE-2026-60090PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVect ...2026-07-112026-07-11377813
CVE-2026-60088PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allo ...2026-07-112026-07-11377815
CVE-2026-56763Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting special ...2026-07-112026-07-11377812
CVE-2026-56372ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operati ...2026-07-112026-07-11377811
CVE-2026-56303Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_val ...2026-07-112026-07-11377810
CVE-2026-56296Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_a ...2026-07-112026-07-11377817
CVE-2026-56240Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid c ...2026-07-112026-07-11377818
CVE-2026-57828The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload tha ...2026-07-112026-07-11377786
CVE-2026-57827The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allo ...2026-07-112026-07-11377784
CVE-2026-1359The Genolve AI image AI video generation plugin for WordPress is vulnerable to unauthorized mo ...2026-07-112026-07-11377774
CVE-2026-6939The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Sit ...2026-07-112026-07-11377772
CVE-2026-6801The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all vers ...2026-07-112026-07-11377765
CVE-2026-4661The WP CTA Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerabl ...2026-07-112026-07-11377770
CVE-2026-1382The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &# ...2026-07-112026-07-11377771
CVE-2026-15155The Essential Addons for Elementor Popular Elementor Templates Widgets plugin for WordPress ...2026-07-112026-07-11377768
CVE-2026-12994The WCFM Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization ...2026-07-112026-07-11377767
CVE-2026-9282The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up ...2026-07-112026-07-11377766
CVE-2026-9017The NEX-Forms Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to author ...2026-07-112026-07-11377769
CVE-2026-15010The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions ...2026-07-112026-07-11377773
CVE-2026-12738The WP Easy Pay Payment and Donation form Builder for Square plugin for WordPress is vulnerabl ...2026-07-112026-07-11377760
CVE-2026-12126The WCFM Marketplace Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerabl ...2026-07-112026-07-11377763
CVE-2026-12103The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all ver ...2026-07-112026-07-11377762
CVE-2026-11901The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Aut ...2026-07-112026-07-11377756
CVE-2026-11898The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin ...2026-07-112026-07-11377764
CVE-2026-11591The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...2026-07-112026-07-11377761
CVE-2026-10865The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure ...2026-07-112026-07-11377758
CVE-2026-10041The WCFM Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direc ...2026-07-112026-07-11377757
CVE-2026-7655The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in ...2026-07-112026-07-11377753
CVE-2026-13378The Form Vibes Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-S ...2026-07-112026-07-11377754
CVE-2026-9738The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site S ...2026-07-112026-07-11377752
CVE-2026-7620The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all ...2026-07-112026-07-11377751
CVE-2026-7559The Affilia Affiliate Program Referral Tracking for WordPress plugin for WordPress is vulner ...2026-07-112026-07-11377750
CVE-2026-6804The AI Chatbot Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization ...2026-07-112026-07-11377749
CVE-2026-6803The AI Chatbot Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Autho ...2026-07-112026-07-11377748
CVE-2026-3576The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request F ...2026-07-112026-07-11377746
CVE-2026-3552The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data mod ...2026-07-112026-07-11377747
CVE-2026-2354The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a fl ...2026-07-112026-07-11377745
CVE-2026-1832The ThriveDesk Live Chat, AI Chatbot, Helpdesk Knowledge Base plugin for WordPress is vulner ...2026-07-112026-07-11377740
CVE-2026-15335The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email& ...2026-07-112026-07-11377737
CVE-2026-15097The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ' ...2026-07-112026-07-11377744
CVE-2026-15096The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Mo ...2026-07-112026-07-11377743
CVE-2026-14262The Simple JWT Login Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerab ...2026-07-112026-07-11377739
CVE-2026-13250The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up t ...2026-07-112026-07-11377736
CVE-2026-13116The PDF Invoices Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure ...2026-07-112026-07-11377738
CVE-2026-12141The Premium Addons for Elementor Powerful Elementor Templates Widgets plugin for WordPress i ...2026-07-112026-07-11377742
CVE-2026-8678The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, a ...2026-07-112026-07-11377727
CVE-2026-7544The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in a ...2026-07-112026-07-11377731
CVE-2026-5743The SimpLy Gallery Block Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scri ...2026-07-112026-07-11377734
CVE-2026-3367The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site ...2026-07-112026-07-11377735
CVE-2026-15338The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusi ...2026-07-112026-07-11377726
CVE-2026-15073The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to ge ...2026-07-112026-07-11377730
CVE-2026-15072The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to ge ...2026-07-112026-07-11377729
CVE-2026-13353The WP Ultimate CSV Importer WordPress Import Export for CSV, XML Excel plugin for WordPre ...2026-07-112026-07-11377725
CVE-2026-13262The Majestic Support The Leading-Edge Help Desk Customer Support Plugin plugin for WordPress ...2026-07-112026-07-11377728
CVE-2026-13114The Motors Car Dealership Classified Listings Plugin plugin for WordPress is vulnerable to S ...2026-07-112026-07-11377733
CVE-2026-12426The Members Membership User Role Editor Plugin plugin for WordPress is vulnerable to Sensiti ...2026-07-112026-07-11377724
CVE-2026-10628The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypas ...2026-07-112026-07-11377732
CVE-2026-13756The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions u ...2026-07-112026-07-11377722
CVE-2026-11426The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all v ...2026-07-112026-07-11377723
CVE-2026-59155Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O M tool. ...2026-07-112026-07-11377713
CVE-2026-58591Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377719
CVE-2026-58590Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affe ...2026-07-112026-07-11377721
CVE-2026-58589Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affe ...2026-07-112026-07-11377715
CVE-2026-58588Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377718
CVE-2026-58587Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377717
CVE-2026-55884Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0 ...2026-07-112026-07-11377714
CVE-2026-55883Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0 ...2026-07-112026-07-11377720
CVE-2026-55882Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0 ...2026-07-112026-07-11377716
CVE-2026-55810Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026-07-112026-07-11377712
CVE-2026-55809Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026-07-112026-07-11377706
CVE-2026-55808Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377710
CVE-2026-55807Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Reques ...2026-07-112026-07-11377708
CVE-2026-55806URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal cor ...2026-07-112026-07-11377705
CVE-2026-55804Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026-07-112026-07-11377704
CVE-2026-55803Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026-07-112026-07-11377703
CVE-2026-55187Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shippe ...2026-07-112026-07-11377709
CVE-2026-52761ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, ...2026-07-112026-07-11377707
CVE-2026-52747ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, ...2026-07-112026-07-11377702
CVE-2026-49213TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in pack ...2026-07-112026-07-11377711
CVE-2026-44795Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0 ...2026-07-112026-07-11377695
CVE-2026-15085Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377700
CVE-2026-15084Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377699
CVE-2026-15083Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026-07-112026-07-11377694
CVE-2026-15082Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377698
CVE-2026-15081Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v ...2026-07-112026-07-11377693
CVE-2026-15080Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cros ...2026-07-112026-07-11377697
CVE-2026-15079Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable ...2026-07-112026-07-11377696
CVE-2026-13244Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026-07-112026-07-11377692
CVE-2026-13243Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Req ...2026-07-112026-07-11377701
CVE-2026-13242Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v ...2026-07-112026-07-11377690
CVE-2026-13241Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue af ...2026-07-112026-07-11377691
CVE-2026-13240Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue af ...2026-07-112026-07-11377688
CVE-2026-13239Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affect ...2026-07-112026-07-11377687
CVE-2026-13238Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forcefu ...2026-07-112026-07-11377684
CVE-2026-13237Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue a ...2026-07-112026-07-11377683
CVE-2026-13236Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue aff ...2026-07-112026-07-11377686
CVE-2026-13235Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Brows ...2026-07-112026-07-11377682
CVE-2026-13234Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377689
CVE-2026-13233Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Re ...2026-07-112026-07-11377685
CVE-2026-13232Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) a ...2026-07-112026-07-11377674
CVE-2026-13231Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377680
CVE-2026-12535Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026-07-112026-07-11377675
CVE-2026-11909Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. ...2026-07-112026-07-11377677
CVE-2026-11908Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377679
CVE-2026-10770Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377678
CVE-2026-10769Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026-07-112026-07-11377676
CVE-2026-10768Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This ...2026-07-112026-07-11377681
CVE-2026-14480OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy w ...2026-07-112026-07-11377673
CVE-2026-14286This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026-07-112026-07-11
 
CVE-2026-55175Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1. ...2026-07-112026-07-11377664
CVE-2026-44383Multiple connections to the backend using the same charging station ID are allowed, which could ...2026-07-112026-07-11377670
CVE-2026-42952Previously, there was no throttling on repeated authentication attempts to the charging station ...2026-07-112026-07-11377672
CVE-2026-20744The charging station websocket endpoint accepts connections without proper authentication, whic ...2026-07-112026-07-11377671
CVE-2026-15089vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest r ...2026-07-112026-07-11377666
CVE-2026-15087vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.2026-07-112026-07-11377669
CVE-2026-15086vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Forma ...2026-07-112026-07-11377668
CVE-2026-11915vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force at ...2026-07-112026-07-11377665
CVE-2026-11914vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*.2026-07-112026-07-11377667
CVE-2026-11913vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.2026-07-112026-07-11377663
CVE-2026-58503Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeratio ...2026-07-102026-07-11377662
CVE-2026-57584Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC appl ...2026-07-102026-07-11377654
CVE-2026-55852Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was ...2026-07-102026-07-11377656
CVE-2026-54736Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Cry ...2026-07-102026-07-10377653
CVE-2026-49844Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Ap ...2026-07-102026-07-10377652
CVE-2026-49394Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was pos ...2026-07-102026-07-11377660
CVE-2026-48127Frappe is a full-stack web application framework. Prior to 16.20.0 and 15.110.0, users without w ...2026-07-102026-07-11377659
CVE-2026-47422Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in ...2026-07-102026-07-11377658
CVE-2026-47199Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, check_safe_sql_ ...2026-07-102026-07-11377655
CVE-2026-42219Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal ...2026-07-102026-07-11377657
CVE-2026-41482Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and ...2026-07-102026-07-11377661
CVE-2026-9726Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026-07-102026-07-10377645
CVE-2026-7639Software installed and run as a non-privileged user may conduct a sequence of improper GPU syste ...2026-07-102026-07-10377651
CVE-2026-58499EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in ...2026-07-102026-07-10377647
CVE-2026-57575Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains ...2026-07-102026-07-10377650
CVE-2026-57574Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains ...2026-07-102026-07-10377646
CVE-2026-57230OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analyt ...2026-07-102026-07-10377649
CVE-2026-55881OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returne ...2026-07-102026-07-10377648
CVE-2026-55880OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and not ...2026-07-102026-07-10377641
CVE-2026-55879OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay trac ...2026-07-102026-07-10377643
CVE-2026-55665Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist conta ...2026-07-102026-07-10377637
CVE-2026-55664Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /fo ...2026-07-102026-07-10377635
CVE-2026-55659Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several ser ...2026-07-102026-07-10377636
CVE-2026-55213h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4 ...2026-07-102026-07-10377640
CVE-2026-45203Kernel software installed and running inside a Host VM may post improper commands to the GPU Fir ...2026-07-102026-07-10377638
CVE-2026-45196Kernel software installed and running inside a Host VM may post improper commands to the GPU Fir ...2026-07-102026-07-10377644
CVE-2026-41154Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes ...2026-07-102026-07-10377639
CVE-2026-34196Software installed and run as a non-privileged user may conduct improper GPU system calls to cau ...2026-07-102026-07-10377642
CVE-2026-57807Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security So ...2026-07-102026-07-10377633
CVE-2026-57221RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, Rabbi ...2026-07-102026-07-10377630
CVE-2026-57220RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does ...2026-07-102026-07-10377628
CVE-2026-57219RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the o ...2026-07-102026-07-10377634
CVE-2026-57218RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an exis ...2026-07-102026-07-10377632
CVE-2026-57217RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, Rabbi ...2026-07-102026-07-10377631
CVE-2026-57216RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP ...2026-07-102026-07-10377629
CVE-2026-57215RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, Rabbi ...2026-07-102026-07-10377625
CVE-2026-57214RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders ...2026-07-102026-07-10377624
CVE-2026-57213RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the r ...2026-07-102026-07-10377627
CVE-2026-57212RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the r ...2026-07-102026-07-10377623
CVE-2026-57211RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ ...2026-07-102026-07-10377626
CVE-2026-55405LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1- ...2026-07-102026-07-10377621
CVE-2026-55233OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds ...2026-07-102026-07-10377622
CVE-2026-55229Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /fo ...2026-07-102026-07-10372589
CVE-2026-13039The Eventin Event Calendar, Event Registration, Tickets Booking (AI Powered) plugin for Word ...2026-07-102026-07-10377619
CVE-2026-12761The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPre ...2026-07-102026-07-10377620
CVE-2026-57850RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the serve ...2026-07-102026-07-10377612
CVE-2026-57158FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, Free ...2026-07-102026-07-10377617
CVE-2026-57157FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server ...2026-07-102026-07-10377616
CVE-2026-57156FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit build ...2026-07-102026-07-10377615
CVE-2026-55827FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP client ...2026-07-102026-07-10377614
CVE-2026-55789Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...2026-07-102026-07-10377613
CVE-2026-55515Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report ...2026-07-102026-07-10377618
CVE-2026-55481Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders hea ...2026-07-102026-07-10377610
CVE-2026-55479Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat licens ...2026-07-102026-07-10377611
CVE-2026-55475Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint all ...2026-07-102026-07-10377609
CVE-2026-55469Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with im ...2026-07-102026-07-10377608
CVE-2026-55466Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes S ...2026-07-102026-07-10377600
CVE-2026-55462Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and p ...2026-07-102026-07-10377607
CVE-2026-55461Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url ...2026-07-102026-07-10377604
CVE-2026-55452Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores ...2026-07-102026-07-10377606
CVE-2026-55377Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...2026-07-102026-07-10377603
CVE-2026-55370Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...2026-07-102026-07-10377602
CVE-2026-54714Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @log ...2026-07-102026-07-10377601
CVE-2026-15295The WordPress Infinite Scroll Ajax Load More plugin for WordPress is vulnerable to Stored Cros ...2026-07-102026-07-10377605
CVE-2026-11321The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field v ...2026-07-102026-07-10377599
CVE-2026-6212Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies ...2026-07-102026-07-10377598
CVE-2026-61460Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadContr ...2026-07-102026-07-10377597
CVE-2026-61459MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured to ...2026-07-102026-07-10377596
CVE-2026-55843Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() pas ...2026-07-102026-07-10377595
CVE-2026-55516Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintena ...2026-07-102026-07-10377594
CVE-2026-55478Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/li ...2026-07-102026-07-10377593
CVE-2026-55476Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemTy ...2026-07-102026-07-10377592
CVE-2026-55474Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displayS ...2026-07-102026-07-10377591
CVE-2026-55472Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies ...2026-07-102026-07-10377590
CVE-2026-55464Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML b ...2026-07-102026-07-10377589
CVE-2026-55460Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin us ...2026-07-102026-07-10377588
CVE-2026-54329Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create pa ...2026-07-102026-07-10377587
CVE-2026-15146GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FT ...2026-07-102026-07-10377586
CVE-2026-57476Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker w ...2026-07-102026-07-10377584
CVE-2026-57475Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API ...2026-07-102026-07-10377583
CVE-2026-57474Deloitte AI Assist for Customer disclosed some configuration information through public-facing A ...2026-07-102026-07-10377577
CVE-2026-6872** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes ...2026-07-102026-07-10
 
CVE-2026-61461Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backen ...2026-07-102026-07-10377581
CVE-2026-5801Improper neutralization of special elements used in an SQL command ('SQL injection') v ...2026-07-102026-07-10377580
CVE-2026-59151Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow t ...2026-07-102026-07-10377579
CVE-2026-53450Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rej ...2026-07-102026-07-10377582
CVE-2026-53449Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd pr ...2026-07-102026-07-10377578
CVE-2026-53448Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn ...2026-07-102026-07-10377574
CVE-2026-56668ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 T ...2026-07-102026-07-10377571
CVE-2026-56667ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC a ...2026-07-102026-07-10377570
CVE-2026-56666ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external ...2026-07-102026-07-10377573
CVE-2026-56665ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is a ...2026-07-102026-07-10377566
CVE-2026-56664ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...2026-07-102026-07-10377565
CVE-2026-55672ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...2026-07-102026-07-10377569
CVE-2026-55671ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL& ...2026-07-102026-07-10377572
CVE-2026-55670ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event st ...2026-07-102026-07-10377568
CVE-2026-53780This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026-07-102026-07-10
 
CVE-2026-2397Improper neutralization of special elements used in an SQL command ('SQL injection') v ...2026-07-102026-07-10377567
CVE-2026-59193Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash G ...2026-07-102026-07-10377562
CVE-2026-59190grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and ...2026-07-102026-07-10377563
CVE-2026-57167PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rende ...2026-07-102026-07-10377585
CVE-2026-55783NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...2026-07-102026-07-10377557
CVE-2026-55782NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...2026-07-102026-07-10377564
CVE-2026-55781NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...2026-07-102026-07-10377556
CVE-2026-55780NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...2026-07-102026-07-10377559
CVE-2026-55669ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...2026-07-102026-07-10377555
CVE-2026-51119An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /Syst ...2026-07-102026-07-10377561
CVE-2026-3251Improper neutralization of input during web page generation ('cross-site scripting') v ...2026-07-102026-07-10377560
CVE-2026-2398Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. Mo ...2026-07-102026-07-10377554
CVE-2026-1667The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and ...2026-07-102026-07-10377558
CVE-2026-59180Apprise is an open source library which allows you to send a notification to almost all of the m ...2026-07-102026-07-10377550
CVE-2026-59162Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...2026-07-102026-07-10377545
CVE-2026-59161Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...2026-07-102026-07-10377544
CVE-2026-59154Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorizat ...2026-07-102026-07-10377547
CVE-2026-58493grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call build ...2026-07-102026-07-10377552
CVE-2026-58492grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists m ...2026-07-102026-07-10377551
CVE-2026-566759Router is an AI router token saver. Prior to 0.5.2, 9router treats loopback requests as trust ...2026-07-102026-07-10377549
CVE-2026-55890Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XS ...2026-07-102026-07-10372596
CVE-2026-55885Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup p ...2026-07-102026-07-10377546
CVE-2026-55687ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, ...2026-07-102026-07-10377548
CVE-2026-556419Router is an AI router token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM prox ...2026-07-102026-07-10377543
CVE-2026-556389Router is an AI router token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, a ...2026-07-102026-07-10377538
CVE-2026-54919cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mb ...2026-07-102026-07-10377541
CVE-2026-54063Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...2026-07-102026-07-10377536
CVE-2026-53657Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3 ...2026-07-102026-07-10377539
CVE-2026-53653Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticate ...2026-07-102026-07-10377540
CVE-2026-39903Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization ...2026-07-102026-07-10377537
CVE-2026-39244adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulat ...2026-07-102026-07-10377542
CVE-2026-15377A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnera ...2026-07-102026-07-10377444
CVE-2026-15376A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown functi ...2026-07-102026-07-10377443
CVE-2026-8609An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique val ...2026-07-102026-07-10377526
CVE-2026-8595A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a mali ...2026-07-102026-07-10377528
CVE-2026-566769Router is an AI router token saver. Prior to 0.5.2, 9router validates image URLs by resolving ...2026-07-102026-07-10377525
CVE-2026-555019Router is an AI router token saver. Prior to 0.4.80, the dashboard login rate limiter in src/ ...2026-07-102026-07-10377523
CVE-2026-61492In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was pos ...2026-07-102026-07-10377531
CVE-2026-61456The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded ...2026-07-102026-07-10377529
CVE-2026-61455Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lac ...2026-07-102026-07-10377524
CVE-2026-61450Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user ...2026-07-102026-07-10377522
CVE-2026-61444PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where t ...2026-07-102026-07-10377521
CVE-2026-61441PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dep ...2026-07-102026-07-10377527
CVE-2026-61437PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading ...2026-07-102026-07-10377520
CVE-2026-555009Router is an AI router token saver. Prior to 0.4.80, the /api/settings/database endpoint allo ...2026-07-102026-07-10377515
CVE-2026-54149MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import func ...2026-07-102026-07-10377514
CVE-2026-54001osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...2026-07-102026-07-10377518
CVE-2026-54000osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...2026-07-102026-07-10377517
CVE-2026-46388osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...2026-07-102026-07-10377519
CVE-2026-33382Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the reques ...2026-07-102026-07-10377513
CVE-2026-15375A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown ...2026-07-102026-07-10377442
CVE-2026-15374A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function ...2026-07-102026-07-10377441
CVE-2026-15373A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an ...2026-07-102026-07-10377440
CVE-2026-15143A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability a ...2026-07-102026-07-10377516
CVE-2026-61434PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command exec ...2026-07-102026-07-10377506
CVE-2026-61432PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastCon ...2026-07-102026-07-10377505
CVE-2026-61431PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to ...2026-07-102026-07-10377504
CVE-2026-60091PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in ...2026-07-102026-07-10377508
CVE-2026-60089PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a projec ...2026-07-102026-07-10377507
CVE-2026-60086PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injec ...2026-07-102026-07-10377503
CVE-2026-59796In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permiss ...2026-07-102026-07-10377510
CVE-2026-59795In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible2026-07-102026-07-10377512
CVE-2026-59794In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agen ...2026-07-102026-07-10377511
CVE-2026-59793In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS in ...2026-07-102026-07-10377509
CVE-2026-59792In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project ...2026-07-102026-07-10377499
CVE-2026-59791In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible2026-07-102026-07-10377501
CVE-2026-58661n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulne ...2026-07-102026-07-10377498
CVE-2026-57994phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its ...2026-07-102026-07-10377493
CVE-2026-57961phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the con ...2026-07-102026-07-10377492
CVE-2026-56765Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint expos ...2026-07-102026-07-10377497
CVE-2026-56373ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses ...2026-07-102026-07-10377496
CVE-2026-56366ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when process ...2026-07-102026-07-10377494
CVE-2026-56354n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site sc ...2026-07-102026-07-10377500
CVE-2026-56335Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys ...2026-07-102026-07-10377495
CVE-2026-56329Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused b ...2026-07-102026-07-10377491
CVE-2026-56312Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation end ...2026-07-102026-07-10377484
CVE-2026-56309Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments ...2026-07-102026-07-10377488
CVE-2026-56305Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change end ...2026-07-102026-07-10377486
CVE-2026-56279Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid ...2026-07-102026-07-10377483
CVE-2026-56261Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker ...2026-07-102026-07-10377490
CVE-2026-56254In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme dis ...2026-07-102026-07-10377489
CVE-2026-38059The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. ...2026-07-102026-07-10377485
CVE-2026-38057The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentica ...2026-07-102026-07-10377530
CVE-2026-29519Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a ref ...2026-07-102026-07-10377487
CVE-2026-22660FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows ...2026-07-102026-07-10377482
CVE-2026-22659FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability t ...2026-07-102026-07-10377481
CVE-2026-56813Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allow ...2026-07-102026-07-10377480
CVE-2026-54470Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of ...2026-07-102026-07-10377479
CVE-2026-54469Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untr ...2026-07-102026-07-10377502
CVE-2026-56814Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multip ...2026-07-102026-07-10377474
CVE-2026-56690Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...2026-07-102026-07-10377476
CVE-2026-56689Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...2026-07-102026-07-10377478
CVE-2026-56688Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...2026-07-102026-07-10377475
CVE-2026-54468Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerab ...2026-07-102026-07-10377477
CVE-2026-53363In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared ...2026-07-102026-07-10377533
CVE-2026-58225SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTE ...2026-07-102026-07-10377471
CVE-2026-14461mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker wh ...2026-07-102026-07-10377472
CVE-2026-50810A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC maste ...2026-07-102026-07-10376733
CVE-2026-9857The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, ...2026-07-102026-07-10377467
CVE-2026-41880R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) modu ...2026-07-102026-07-10377470
CVE-2026-41879R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an atta ...2026-07-102026-07-10377468
CVE-2026-41878R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file down ...2026-07-102026-07-10377464
CVE-2026-41877R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can ...2026-07-102026-07-10377465
CVE-2026-41876R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document con ...2026-07-102026-07-10377473
CVE-2026-15378A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote att ...2026-07-102026-07-10377466
CVE-2026-15028A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap ov ...2026-07-102026-07-10377462
CVE-2026-13710The Jeg Kit for Elementor Powerful Addons for Elementor, Widgets Templates for WordPress plu ...2026-07-102026-07-10377463
CVE-2026-13247The Logo Slider Logo Carousel, Client Logo Slider Brand Showcase for WordPress plugin for Wo ...2026-07-102026-07-10377469
CVE-2026-13010The JoomSport for Sports: Team League, Football, Hockey more plugin for WordPress is vulne ...2026-07-102026-07-10377461
CVE-2026-12918The Mail Mint Email Marketing, Newsletter, Email Automation WooCommerce Emails plugin for Wo ...2026-07-102026-07-10377459
CVE-2026-11990The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to au ...2026-07-102026-07-10377460
CVE-2026-9838The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the &# ...2026-07-102026-07-10377456
CVE-2026-6802The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access ...2026-07-102026-07-10377454
CVE-2026-6440The GoodMeet Google Meet Integration for Webinar, Meeting Video Conference plugin for WordPr ...2026-07-102026-07-10377457
CVE-2026-3907The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphos ...2026-07-102026-07-10377455
CVE-2026-1946The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of dat ...2026-07-102026-07-10377448
CVE-2026-15104The BetterDocs AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for Word ...2026-07-102026-07-10377458
CVE-2026-15026The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Inform ...2026-07-102026-07-10377447
CVE-2026-14475The Cookie Banner for GDPR / CCPA WPLP Cookie Consent plugin for WordPress is vulnerable to ge ...2026-07-102026-07-10377451
CVE-2026-12955The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data ...2026-07-102026-07-10377446
CVE-2026-12924The Eventin Event Calendar, Event Registration, Tickets Booking (AI Powered) plugin for Word ...2026-07-102026-07-10377453
CVE-2026-12400The FlowForms Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direc ...2026-07-102026-07-10377450
CVE-2026-12108The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi ...2026-07-102026-07-10377452
CVE-2026-11992The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions ...2026-07-102026-07-10377449
CVE-2026-40454Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-b ...2026-07-102026-07-10377434
CVE-2026-40452Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization by ...2026-07-102026-07-10377433
CVE-2026-40009Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authentica ...2026-07-102026-07-10377432
CVE-2026-40008Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vul ...2026-07-102026-07-10377431
CVE-2026-40007Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pi ...2026-07-102026-07-10377427
CVE-2026-40006Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttlin ...2026-07-102026-07-10377426
CVE-2026-40005Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnera ...2026-07-102026-07-10377428
CVE-2026-28564Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache ...2026-07-102026-07-10377430
CVE-2026-13347The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to ...2026-07-102026-07-10377429
CVE-2026-12685The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfu ...2026-07-102026-07-10377423
CVE-2026-12276The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether use ...2026-07-102026-07-10377424
CVE-2026-12123The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery i ...2026-07-102026-07-10377425
CVE-2026-21057Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged atta ...2026-07-102026-07-10377422
CVE-2026-21056Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to a ...2026-07-102026-07-10377421
CVE-2026-21055Improper export of android application components in Bixby prior to version 4.0.70.8 allows loca ...2026-07-102026-07-10377420
CVE-2026-21054Improper export of android application components in InputSharing prior to version 2.7.01.4 allo ...2026-07-102026-07-10377419
CVE-2026-21053Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to c ...2026-07-102026-07-10377418
CVE-2026-21052Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged at ...2026-07-102026-07-10377417
CVE-2026-21051Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local atta ...2026-07-102026-07-10377416
CVE-2026-21050Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers ...2026-07-102026-07-10377415
CVE-2026-21049Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers ...2026-07-102026-07-10377414
CVE-2026-21048Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 ...2026-07-102026-07-10377413
CVE-2026-21046Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Relea ...2026-07-102026-07-10377412
CVE-2026-21045Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 ...2026-07-102026-07-10377405
CVE-2026-21044Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attacker ...2026-07-102026-07-10377411
CVE-2026-21043Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged atta ...2026-07-102026-07-10377410
CVE-2026-21042Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to ex ...2026-07-102026-07-10377409
CVE-2026-21041Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local at ...2026-07-102026-07-10377408
CVE-2026-21040Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged a ...2026-07-102026-07-10377407
CVE-2026-21039Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to co ...2026-07-102026-07-10377406
CVE-2026-15332A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an ...2026-07-102026-07-10377275
CVE-2026-15331A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the fun ...2026-07-102026-07-10377274
CVE-2026-15330A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build ...2026-07-102026-07-10377273
CVE-2026-15302The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, an ...2026-07-102026-07-10377400
CVE-2026-15301The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...2026-07-102026-07-10377404
CVE-2026-15300The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', ...2026-07-102026-07-10377397
CVE-2026-15299The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...2026-07-102026-07-10377398
CVE-2026-15298The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versio ...2026-07-102026-07-10377403
CVE-2026-15297The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin f ...2026-07-102026-07-10377402
CVE-2026-15296The affiliate-toolkit WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to St ...2026-07-102026-07-10377532
CVE-2026-15293The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in ...2026-07-102026-07-10377399
CVE-2026-15292The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the & ...2026-07-102026-07-10377401
CVE-2026-15291The Chat Help Click to Chat Button Form plugin for WordPress is vulnerable to Sensitive Info ...2026-07-102026-07-10377392
CVE-2026-15290The Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction ...2026-07-102026-07-10292456
CVE-2026-15289The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-base ...2026-07-102026-07-10377394
CVE-2026-15288The SureForms Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to I ...2026-07-102026-07-10377391
CVE-2026-15287The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-bas ...2026-07-102026-07-10377393
CVE-2026-15286The Gutenberg Blocks with AI by Kadence WP Page Builder Features plugin for WordPress is vulne ...2026-07-102026-07-10377390
CVE-2026-15285The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+ ...2026-07-102026-07-10377388
CVE-2026-15284The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...2026-07-102026-07-10377396
CVE-2026-15283The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...2026-07-102026-07-10377395
CVE-2026-15282The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to miss ...2026-07-102026-07-10377389
CVE-2026-5069The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'sub ...2026-07-102026-07-10377387
CVE-2026-54423In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPM ...2026-07-102026-07-10377385
CVE-2026-44918OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project wi ...2026-07-102026-07-10377386
CVE-2026-15329A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function Brow ...2026-07-102026-07-10377272
CVE-2026-15326A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUti ...2026-07-102026-07-10377265
CVE-2026-15321A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of ...2026-07-102026-07-10377263
CVE-2026-15070The Salon Booking System Free Version plugin for WordPress is vulnerable to Cross-Site Request ...2026-07-102026-07-10377381
CVE-2026-14894The Super Forms Drag Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File ...2026-07-102026-07-10377382
CVE-2026-13430The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in ...2026-07-102026-07-10377380
CVE-2026-11818The WPCafe Restaurant Menu, Online Food Ordering Table Booking System plugin for WordPress i ...2026-07-102026-07-10377383
CVE-2026-11392The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th ...2026-07-102026-07-10377384
CVE-2026-15320A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the func ...2026-07-102026-07-10377260
CVE-2026-15319A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the func ...2026-07-102026-07-10377259
CVE-2026-15318A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some un ...2026-07-102026-07-10377258
CVE-2026-55616** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49757. Reason: This candidat ...2026-07-102026-07-10
 
CVE-2026-54771Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026-07-102026-07-10377379
CVE-2026-54769Langroid is a framework for building large-language-model-powered applications. Versions prior t ...2026-07-102026-07-10377378
CVE-2026-54760Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026-07-102026-07-10367762
CVE-2026-50181Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026-07-102026-07-10376435
CVE-2026-50180Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026-07-102026-07-10377377
CVE-2026-15317A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerabili ...2026-07-102026-07-10377257
CVE-2026-15311A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this ...2026-07-102026-07-10377247
CVE-2026-55615Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026-07-102026-07-10367762
CVE-2026-12598The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to ...2026-07-102026-07-10377374
CVE-2026-12597The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OA ...2026-07-102026-07-10377376
CVE-2026-12595The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OA ...2026-07-102026-07-10377375
CVE-2026-58123Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability tha ...2026-07-102026-07-10377369
CVE-2026-58122Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthe ...2026-07-102026-07-10377372
CVE-2026-59858Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script ...2026-07-102026-07-10377371
CVE-2026-59857Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of sp ...2026-07-102026-07-10377370
CVE-2026-59856Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion scri ...2026-07-102026-07-10377368
CVE-2026-59855SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in a ...2026-07-102026-07-10377363
CVE-2026-59854SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/gl ...2026-07-102026-07-10377358
CVE-2026-59853SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/ ...2026-07-102026-07-10377362
CVE-2026-59834SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search ...2026-07-102026-07-10377361
CVE-2026-59833SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders no ...2026-07-102026-07-10377367
CVE-2026-59832SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*fi ...2026-07-102026-07-10377359
CVE-2026-59831GitHub CLI (gh) is GitHub s official command line tool. From 2.10.0 through 2.95.0, connecting t ...2026-07-102026-07-10377366
CVE-2026-57501Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu ...2026-07-102026-07-10377365
CVE-2026-44342New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management ...2026-07-102026-07-10377360
CVE-2026-33655New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management ...2026-07-102026-07-10377364
CVE-2026-57054A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Jun ...2026-07-102026-07-10377352
CVE-2026-57032An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) ...2026-07-102026-07-10377350
CVE-2026-57031An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding e ...2026-07-102026-07-10377348
CVE-2026-57030A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition ...2026-07-102026-07-10377349
CVE-2026-57029A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos ...2026-07-102026-07-10377351
CVE-2026-59828Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377356
CVE-2026-58144Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allow ...2026-07-102026-07-10377353
CVE-2026-58143Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows ...2026-07-102026-07-10377354
CVE-2026-55424Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377355
CVE-2026-53963Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377357
CVE-2026-53962Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377346
CVE-2026-53961Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377341
CVE-2026-49256Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377345
CVE-2026-46413Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377344
CVE-2026-45788Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377343
CVE-2026-45780Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377342
CVE-2026-44787Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-102026-07-10377340
CVE-2026-38076An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows a ...2026-07-102026-07-10377347
CVE-2026-15276A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown cod ...2026-07-102026-07-10377216
CVE-2026-15274A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the ...2026-07-102026-07-10377215
CVE-2026-57028An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper ...2026-07-102026-07-10377336
CVE-2026-57027A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engi ...2026-07-102026-07-10377335
CVE-2026-57026An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juni ...2026-07-102026-07-10377339
CVE-2026-57025A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Junip ...2026-07-102026-07-10377338
CVE-2026-57024A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of ...2026-07-102026-07-10377331
CVE-2026-57023An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of J ...2026-07-102026-07-10377337
CVE-2026-57022An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding E ...2026-07-102026-07-10377334
CVE-2026-57021An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos ...2026-07-102026-07-10377330
CVE-2026-57020An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding e ...2026-07-102026-07-10377333
CVE-2026-57019An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Eng ...2026-07-102026-07-10377332
CVE-2026-55689OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA&#03 ...2026-07-092026-07-10377329
CVE-2026-55605DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to ver ...2026-07-092026-07-10377326
CVE-2026-55604DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to ver ...2026-07-092026-07-10377328
CVE-2026-55170OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL ...2026-07-092026-07-10377327
CVE-2026-39246decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When proces ...2026-07-092026-07-09377325
CVE-2026-39245decompress before 4.2.2 contains an improper path containment check that enables directory trave ...2026-07-092026-07-09154375
CVE-2026-39243decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling f ...2026-07-092026-07-09377324
CVE-2026-33803An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper ...2026-07-092026-07-09377322
CVE-2026-33802A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allow ...2026-07-092026-07-09377323
CVE-2026-15271A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450 ...2026-07-092026-07-09377214
CVE-2026-60120Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side templa ...2026-07-092026-07-09377320
CVE-2026-55865Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malfo ...2026-07-092026-07-09377319
CVE-2026-55212Pimcore is an Open Source Data Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, ...2026-07-092026-07-09377318
CVE-2026-55208Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 20 ...2026-07-092026-07-10377373
CVE-2026-55207Pimcore is an Open Source Data Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, ...2026-07-092026-07-09377321
CVE-2026-51926An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive infor ...2026-07-092026-07-09377317
CVE-2026-51925A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a ...2026-07-092026-07-09377310
CVE-2026-51924An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via ...2026-07-092026-07-09377313
CVE-2026-51923An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c ...2026-07-092026-07-09377314
CVE-2026-33801An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol da ...2026-07-092026-07-09377309
CVE-2026-33800An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Jun ...2026-07-092026-07-09377312
CVE-2026-33799An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and ...2026-07-092026-07-09377308
CVE-2026-33794An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwardin ...2026-07-092026-07-09377307
CVE-2026-31267Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the admini ...2026-07-092026-07-09377315
CVE-2026-21901A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Juno ...2026-07-092026-07-09377311
CVE-2026-15270A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerabil ...2026-07-092026-07-09377213
CVE-2026-0278Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) com ...2026-07-092026-07-09377305
CVE-2026-0277An improper certificate validation vulnerability in the Prisma Access Agent for iOS enables an ...2026-07-092026-07-09377303
CVE-2026-0276A privilege escalation vulnerability in Palo Alto Networks Cortex XDR Broker VM enables a local ...2026-07-092026-07-09377306
CVE-2026-0275A local privilege escalation vulnerability in Palo Alto Networks Prisma Browser allows a locall ...2026-07-092026-07-09377304
CVE-2026-55590CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 ba ...2026-07-092026-07-09377294
CVE-2026-54695Pipecat is an open-source Python framework for building real-time voice and multimodal conversat ...2026-07-092026-07-09377293
CVE-2026-54005Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a ...2026-07-092026-07-09377297
CVE-2026-54004Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with co ...2026-07-092026-07-09377300
CVE-2026-54003Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites wi ...2026-07-092026-07-09377299
CVE-2026-54002Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plu ...2026-07-092026-07-09377302
CVE-2026-50188Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plu ...2026-07-092026-07-09377298
CVE-2026-49276Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using t ...2026-07-092026-07-09377301
CVE-2026-49274Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using t ...2026-07-092026-07-09377296
CVE-2026-13492The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and ...2026-07-092026-07-09377295
CVE-2026-0287Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS software allow an unaut ...2026-07-092026-07-09377289
CVE-2026-0286A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS software ...2026-07-092026-07-09377283
CVE-2026-0285A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables ...2026-07-092026-07-09377291
CVE-2026-0284An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Network ...2026-07-092026-07-09377286
CVE-2026-0283An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Ne ...2026-07-092026-07-09377288
CVE-2026-0282A file deletion vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated ...2026-07-092026-07-09377287
CVE-2026-0281An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an unauth ...2026-07-092026-07-09377285
CVE-2026-0280An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS software ...2026-07-092026-07-09377284
CVE-2026-0279Multiple cross site scripting vulnerabilities in the User-ID Authentication Portal (aka Captive ...2026-07-092026-07-09377290
CVE-2026-59149Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath ...2026-07-092026-07-09377279
CVE-2026-59148Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in co ...2026-07-092026-07-09377278
CVE-2026-58198ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to ...2026-07-092026-07-09377280
CVE-2026-61344The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov expos ...2026-07-092026-07-09377270
CVE-2026-61343LibreBooking's email template editor save action passes the submitted template name directl ...2026-07-092026-07-09377266
CVE-2026-59827Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, ...2026-07-092026-07-09377267
CVE-2026-59826Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until ...2026-07-092026-07-09377282
CVE-2026-59817Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public don ...2026-07-092026-07-09377269
CVE-2026-59734Coolify is an open-source and self-hostable tool for managing servers, applications, and databas ...2026-07-092026-07-09377264
CVE-2026-59726Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default ...2026-07-092026-07-09377268
CVE-2026-59721Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfig ...2026-07-092026-07-09377255
CVE-2026-59720Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation ...2026-07-092026-07-09377281
CVE-2026-59221Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 ...2026-07-092026-07-09377262
CVE-2026-58378Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker ...2026-07-092026-07-09377261
CVE-2026-55420Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026-07-092026-07-09377254
CVE-2026-43752An authenticated administrator may be able to achieve arbitrary code execution on the host syste ...2026-07-092026-07-09377256
CVE-2026-15204A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. A ...2026-07-092026-07-09377125
CVE-2026-15202A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function get_url ...2026-07-092026-07-09377124
CVE-2026-15195A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts ...2026-07-092026-07-09377123
CVE-2026-14278After further coordination, CVE was determined to not be warranted.2026-07-092026-07-09
 
CVE-2026-59225Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.1 ...2026-07-092026-07-09377277
CVE-2026-59224Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026-07-092026-07-09377276
CVE-2026-59223Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026-07-092026-07-09377271
CVE-2026-59222Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 ...2026-07-092026-07-09377251
CVE-2026-59219Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 ...2026-07-092026-07-09377250
CVE-2026-59217Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026-07-092026-07-09377249
CVE-2026-59216Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026-07-092026-07-09377245
CVE-2026-59215Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026-07-092026-07-09377244
CVE-2026-59213Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.2 ...2026-07-092026-07-09377248
CVE-2026-59212Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 ...2026-07-092026-07-09377243
CVE-2026-51603A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...2026-07-092026-07-09377253
CVE-2026-51602A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...2026-07-092026-07-09377252
CVE-2026-51601Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. T ...2026-07-092026-07-09377246
CVE-2026-51600Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP req ...2026-07-092026-07-09377236
CVE-2026-51599An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Bu ...2026-07-092026-07-09377238
CVE-2026-51598An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build ...2026-07-092026-07-09377241
CVE-2026-51597MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in ...2026-07-092026-07-09377240
CVE-2026-15308The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through re ...2026-07-092026-07-09377242
CVE-2026-15194A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_fina ...2026-07-092026-07-09377122
CVE-2026-15193A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element i ...2026-07-092026-07-09377120
CVE-2026-15192A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function ...2026-07-092026-07-09377118
CVE-2026-13462PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows ...2026-07-092026-07-09377237
CVE-2026-13461When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the ...2026-07-092026-07-09377239
CVE-2026-59715Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.1 ...2026-07-092026-07-09377234
CVE-2026-59227Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.1 ...2026-07-092026-07-09377232
CVE-2026-59226Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 ...2026-07-092026-07-09377231
CVE-2026-59220Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 ...2026-07-092026-07-09377233
CVE-2026-59218Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026-07-092026-07-09377230
CVE-2026-59214Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026-07-092026-07-09377225
CVE-2026-59209n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an a ...2026-07-092026-07-09377228
CVE-2026-58459gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability ...2026-07-092026-07-09377224
CVE-2026-53987The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and rende ...2026-07-092026-07-09377235
CVE-2026-51606An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9 ...2026-07-092026-07-09377229
CVE-2026-51605A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...2026-07-092026-07-09377227
CVE-2026-51604A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...2026-07-092026-07-09377226
CVE-2026-15191A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code ...2026-07-092026-07-09377117
CVE-2026-15190A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This af ...2026-07-092026-07-09377116
CVE-2026-61474An improper authorization check in MISP s attribute creation endpoint allowed an authenticated u ...2026-07-092026-07-09377220
CVE-2026-59208n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.2 ...2026-07-092026-07-09377223
CVE-2026-59207n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents fe ...2026-07-092026-07-09377222
CVE-2026-59206n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an a ...2026-07-092026-07-09377221
CVE-2026-58125This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026-07-092026-07-09
 
CVE-2026-42486[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026-07-092026-07-10377535
CVE-2026-23562[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026-07-092026-07-10377534
CVE-2026-23561[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026-07-092026-07-09377219
CVE-2026-23560[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026-07-092026-07-09377219
CVE-2026-23559[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026-07-092026-07-09377219
CVE-2026-23556When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are l ...2026-07-092026-07-09377217
CVE-2026-15189A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aa ...2026-07-092026-07-09377115
CVE-2026-15188A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc1 ...2026-07-092026-07-09377114
CVE-2026-15187A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.s ...2026-07-092026-07-09377113
CVE-2026-11404Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function ...2026-07-092026-07-09377218
CVE-2026-60109Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol ana ...2026-07-092026-07-09377207
CVE-2026-60108Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer ...2026-07-092026-07-09377206
CVE-2026-5005Improper neutralization of input during web page generation ('cross-site scripting') v ...2026-07-092026-07-09377212
CVE-2026-56292A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting thi ...2026-07-092026-07-09377211
CVE-2026-54801A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...2026-07-092026-07-09377210
CVE-2026-54800A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...2026-07-092026-07-09377209
CVE-2026-54799A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...2026-07-092026-07-09377205
CVE-2026-54798A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...2026-07-092026-07-09377208
CVE-2026-60095Vinchin Backup Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in ...2026-07-092026-07-09377203
CVE-2026-60094Vinchin Backup Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that ...2026-07-092026-07-09377202
CVE-2026-4256Improper neutralization of special elements used in an LDAP query ('LDAP injection') v ...2026-07-092026-07-09377204
CVE-2026-15186A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function ...2026-07-092026-07-09377112
CVE-2026-15185A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of t ...2026-07-092026-07-09377111
CVE-2026-14261A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execu ...2026-07-092026-07-09377200
CVE-2026-12879An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior ...2026-07-092026-07-09377199
CVE-2026-12593The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{us ...2026-07-092026-07-09377201
CVE-2026-12116A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in th ...2026-07-092026-07-09377198
CVE-2026-3494In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_ ...2026-07-092026-07-09348595
CVE-2026-15184A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg ...2026-07-092026-07-09377110
CVE-2026-9253The WP Cost Estimation Payment Forms Builder (E P Forms) plugin for WordPress is vulnerable to ...2026-07-092026-07-09377197
CVE-2026-15182A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the functio ...2026-07-092026-07-09377109
CVE-2026-9240The Colissimo Officiel : M thodes de livraison pour WooCommerce plugin for WordPress is vulnerab ...2026-07-092026-07-09377195
CVE-2026-9237The Employee, Leave and Recruitment Management System Crew HRM plugin for WordPress is vulnera ...2026-07-092026-07-09377196
CVE-2026-9235The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized m ...2026-07-092026-07-09377194
CVE-2026-9028The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization by ...2026-07-092026-07-09377186
CVE-2026-9027The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass v ...2026-07-092026-07-09377185
CVE-2026-9021The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, ...2026-07-092026-07-09377184
CVE-2026-59692A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS h ...2026-07-092026-07-09377190
CVE-2026-59691A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client ...2026-07-092026-07-09377191
CVE-2026-58307Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Ove ...2026-07-092026-07-09377189
CVE-2026-58306Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers ...2026-07-092026-07-09377192
CVE-2026-58305Access of resource using incompatible type ('type confusion') vulnerability in Samsung ...2026-07-092026-07-09377188
CVE-2026-58304Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Ove ...2026-07-092026-07-09377187
CVE-2026-58303Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffer ...2026-07-092026-07-09377193
CVE-2026-56291The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload tha ...2026-07-092026-07-09377183
CVE-2026-56289GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single ...2026-07-092026-07-09377175
CVE-2026-56288GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unifie ...2026-07-092026-07-09377174
CVE-2026-50644SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker hold ...2026-07-092026-07-09377182
CVE-2026-4298The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all v ...2026-07-092026-07-09377177
CVE-2026-4275The Divi Torque Lite Divi Theme, Divi Builder Extra Theme plugin for WordPress is vulnerable ...2026-07-092026-07-09377181
CVE-2026-14372The Bit Form Contact Form, Payment Forms, Multi Step Forms, Calculator Custom Form Builder p ...2026-07-092026-07-09377176
CVE-2026-13441The EventPrime Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sto ...2026-07-092026-07-09377180
CVE-2026-12590Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser ...2026-07-092026-07-09377179
CVE-2026-12428The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due ...2026-07-092026-07-09377178
CVE-2026-5955Improper neutralization of special elements used in an SQL command ('SQL injection') v ...2026-07-092026-07-09377169
CVE-2026-5793Improper neutralization of input during web page generation ('cross-site scripting') v ...2026-07-092026-07-09377173
CVE-2026-56460HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authentica ...2026-07-092026-07-09377172
CVE-2026-56459HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The applicat ...2026-07-092026-07-09377170
CVE-2026-56458HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to car ...2026-07-092026-07-09377166
CVE-2026-2342Improper neutralization of input during web page generation ('cross-site scripting') v ...2026-07-092026-07-09377171
CVE-2026-1989Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solu ...2026-07-092026-07-09377168
CVE-2026-1365Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc ...2026-07-092026-07-09377167
CVE-2026-15158The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all version ...2026-07-092026-07-09377164
CVE-2026-12433The Hydra Booking Appointment Scheduling Booking Calendar plugin for WordPress is vulnerable ...2026-07-092026-07-09377165
CVE-2026-8996The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Inform ...2026-07-092026-07-09377160
CVE-2026-8848The Popup Maker Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Build ...2026-07-092026-07-09377158
CVE-2026-7558The Age Verification Identity Verification by Token of Trust plugin for WordPress is vulnerabl ...2026-07-092026-07-09377159
CVE-2026-6910The Bookero.pl system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Sit ...2026-07-092026-07-09377163
CVE-2026-59269A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain ...2026-07-092026-07-09377161
CVE-2026-57111Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.re ...2026-07-092026-07-09376957
CVE-2026-4653The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Sit ...2026-07-092026-07-09377162
CVE-2026-33390An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functional ...2026-07-092026-07-09377152
CVE-2026-31985When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the gener ...2026-07-092026-07-09377151
CVE-2026-31984A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the ...2026-07-092026-07-09377148
CVE-2026-31983A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. ...2026-07-092026-07-09377155
CVE-2026-31982An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to in ...2026-07-092026-07-09377154
CVE-2026-31981A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a ...2026-07-092026-07-09377157
CVE-2026-15000The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site ...2026-07-092026-07-09377153
CVE-2026-14343The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via &#039 ...2026-07-092026-07-09377156
CVE-2026-14342The Mail Mint Email Marketing, Newsletter, Email Automation WooCommerce Emails plugin for Wo ...2026-07-092026-07-09377150
CVE-2026-14245The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable ...2026-07-092026-07-09377149
CVE-2026-13771The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr ...2026-07-092026-07-09377143
CVE-2026-13450The GamiPress Gamification plugin to reward points, achievements, badges ranks in WordPress ...2026-07-092026-07-09377142
CVE-2026-13334The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the & ...2026-07-092026-07-09377147
CVE-2026-13253The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &#03 ...2026-07-092026-07-09377146
CVE-2026-13080The WPFunnels Funnel Builder for WooCommerce with Checkout One Click Upsell plugin for WordP ...2026-07-092026-07-09377138
CVE-2026-13011The ERP: Complete HR, Accounting CRM Suite with Recruitment and WooCommerce CRM Support plugin ...2026-07-092026-07-09377141
CVE-2026-12418The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership User Regis ...2026-07-092026-07-09377139
CVE-2026-12406The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership User Regis ...2026-07-092026-07-09377145
CVE-2026-12170The AcyMailing An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress p ...2026-07-092026-07-09377144
CVE-2026-11359The Memberships and User Profiles for WooCommerce ProfileGrid WooCommerce Integration plugin f ...2026-07-092026-07-09377140
CVE-2026-47840A network attacker positioned between UAA and its LDAP directory can impersonate the directory u ...2026-07-092026-07-09377137
CVE-2026-47831Use of a cryptographically weak random number generator in the GenerateRandomPassword function i ...2026-07-092026-07-09377136
CVE-2026-47830Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-build ...2026-07-092026-07-09377135
CVE-2026-47829Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH op ...2026-07-092026-07-09377127
CVE-2026-47828During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered j ...2026-07-092026-07-09377131
CVE-2026-47826The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write ...2026-07-092026-07-09377134
CVE-2026-12517The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the serv ...2026-07-092026-07-09377133
CVE-2026-12516The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the serv ...2026-07-092026-07-09377132
CVE-2026-12270The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several R ...2026-07-092026-07-09377126
CVE-2026-11875The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or ver ...2026-07-092026-07-09377130
CVE-2026-11869The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check ...2026-07-092026-07-09377129
CVE-2026-11571The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files ge ...2026-07-092026-07-09377128
CVE-2026-5523The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up ...2026-07-092026-07-09377119
CVE-2026-41857A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator&#0 ...2026-07-092026-07-09377121
CVE-2026-15138A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affec ...2026-07-092026-07-09376953
CVE-2026-15137A weakness has been identified in code-projects Interview Management System 1.0. This vulnerabil ...2026-07-092026-07-09376952
CVE-2026-47646Improper neutralization of input during web page generation ('cross-site scripting') i ...2026-07-092026-07-09372322
CVE-2026-15135A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects ...2026-07-092026-07-09376951
CVE-2026-8472GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19. ...2026-07-092026-07-09377103
CVE-2026-7492GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 1 ...2026-07-092026-07-09377102
CVE-2026-6896GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19 ...2026-07-092026-07-09377101
CVE-2026-6352GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19. ...2026-07-092026-07-09377100
CVE-2026-60105Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemote ...2026-07-092026-07-09377104
CVE-2026-59818etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and ...2026-07-092026-07-09377099
CVE-2026-58525Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to by ...2026-07-092026-07-09377108
CVE-2026-58192Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C W ...2026-07-092026-07-09377094
CVE-2026-58191Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C W ...2026-07-092026-07-09377097
CVE-2026-57481Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...2026-07-092026-07-09377092
CVE-2026-57480Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...2026-07-092026-07-09377090
CVE-2026-55778Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...2026-07-092026-07-09377095
CVE-2026-5923Malicious use of a stolen cookie might allow modifications to the contents of the IP phone s web ...2026-07-092026-07-09377098
CVE-2026-55878Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 befor ...2026-07-092026-07-09372595
CVE-2026-59723Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, ...2026-07-092026-07-09377096
CVE-2026-54784CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In ...2026-07-092026-07-09377093
CVE-2026-54783CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377091
CVE-2026-54782CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377089
CVE-2026-54781CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377105
CVE-2026-15133Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attac ...2026-07-092026-07-09377086
CVE-2026-15132Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...2026-07-092026-07-09377085
CVE-2026-15131Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a re ...2026-07-092026-07-09377084
CVE-2026-15130Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a ...2026-07-092026-07-09377082
CVE-2026-15129Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to po ...2026-07-092026-07-09377083
CVE-2026-15128Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote ...2026-07-092026-07-09377088
CVE-2026-15127Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote ...2026-07-092026-07-09377087
CVE-2026-15134A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected ...2026-07-092026-07-09376949
CVE-2026-15126Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...2026-07-092026-07-09377081
CVE-2026-15125Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote ...2026-07-092026-07-09377080
CVE-2026-15124Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a ...2026-07-092026-07-09377072
CVE-2026-15123Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote at ...2026-07-092026-07-09377079
CVE-2026-15122Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0. ...2026-07-092026-07-09377078
CVE-2026-15121Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to e ...2026-07-092026-07-09377077
CVE-2026-15120Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote atta ...2026-07-092026-07-09377076
CVE-2026-15119Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had ...2026-07-092026-07-09377075
CVE-2026-15118Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...2026-07-092026-07-09377074
CVE-2026-15117Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker wh ...2026-07-092026-07-09377073
CVE-2026-15116Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...2026-07-092026-07-09377069
CVE-2026-15115Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior t ...2026-07-092026-07-09377063
CVE-2026-15114Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote ...2026-07-092026-07-09377068
CVE-2026-15113Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote ...2026-07-092026-07-09377062
CVE-2026-15112Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to po ...2026-07-092026-07-09377067
CVE-2026-15111Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who c ...2026-07-092026-07-09377066
CVE-2026-15110Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who co ...2026-07-092026-07-09377071
CVE-2026-15109Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ...2026-07-092026-07-09377065
CVE-2026-15108Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker ...2026-07-092026-07-09377070
CVE-2026-15107Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker t ...2026-07-092026-07-09377064
CVE-2026-54780CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377061
CVE-2026-54779CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377056
CVE-2026-54778CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377060
CVE-2026-54776CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377059
CVE-2026-54775CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377058
CVE-2026-54774CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377057
CVE-2026-54773CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377055
CVE-2026-54772CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377054
CVE-2026-54499Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsin ...2026-07-092026-07-09377053
CVE-2026-15105A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::Pe ...2026-07-092026-07-09376946
CVE-2026-55877Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 befor ...2026-07-092026-07-09372593
CVE-2026-5922The IP phone might use malicious input stored in configuration parameters and render it as conte ...2026-07-092026-07-09377051
CVE-2026-54777CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026-07-092026-07-09377046
CVE-2026-52200An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbi ...2026-07-092026-07-09377048
CVE-2026-51535In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists ...2026-07-092026-07-09377047
CVE-2026-39179A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitr ...2026-07-092026-07-09377050
CVE-2026-39178A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitr ...2026-07-092026-07-09377049
CVE-2026-35552In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0 ...2026-07-092026-07-09377045
CVE-2026-31309Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 a ...2026-07-092026-07-09377107
CVE-2026-15168BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disc ...2026-07-092026-07-09377044
CVE-2026-55849@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2. ...2026-07-082026-07-09377106
CVE-2026-55830RestrictedPython is a tool that helps to define a subset of the Python language which allows to ...2026-07-082026-07-08377036
CVE-2026-55471HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability ...2026-07-082026-07-09377043
CVE-2026-55470HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability ...2026-07-082026-07-08372591
CVE-2026-48492Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{obje ...2026-07-082026-07-09377039
CVE-2026-44161Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...2026-07-082026-07-09377042
CVE-2026-44160Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...2026-07-082026-07-09377040
CVE-2026-44025Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...2026-07-082026-07-09377041
CVE-2026-44024Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...2026-07-082026-07-09377037
CVE-2026-10037A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME ...2026-07-082026-07-09377038
CVE-2026-54528JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.f ...2026-07-082026-07-08377030
CVE-2026-54527JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff ...2026-07-082026-07-08377029
CVE-2026-49866libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossi ...2026-07-082026-07-08377028
CVE-2026-35211OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observab ...2026-07-082026-07-08377026
CVE-2026-35210OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observab ...2026-07-082026-07-08377027
CVE-2026-15174Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows ...2026-07-082026-07-08377035
CVE-2026-15173pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service2026-07-082026-07-08377034
CVE-2026-15172FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denia ...2026-07-082026-07-08377033
CVE-2026-15171SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of se ...2026-07-082026-07-08377032
CVE-2026-15170Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of ...2026-07-082026-07-08377031
CVE-2026-15169UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial o ...2026-07-082026-07-08377025
CVE-2026-15167DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial o ...2026-07-082026-07-08377024
CVE-2026-15166IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows deni ...2026-07-082026-07-08377023
CVE-2026-15165TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service2026-07-082026-07-08377022
CVE-2026-15164Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service2026-07-082026-07-08377016
CVE-2026-15163Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow ...2026-07-082026-07-08377021
CVE-2026-13320GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, ...2026-07-082026-07-08377020
CVE-2026-13151GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19 ...2026-07-082026-07-08377019
CVE-2026-11827GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 ...2026-07-082026-07-08377018
CVE-2026-58494Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-w ...2026-07-082026-07-08377012
CVE-2026-58211NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08377011
CVE-2026-58208NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08377014
CVE-2026-58207NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08377004
CVE-2026-56669Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, ...2026-07-082026-07-08377005
CVE-2026-55596Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed ren ...2026-07-082026-07-08377003
CVE-2026-55542Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature ...2026-07-082026-07-08377006
CVE-2026-55206py7zr is a Python-based library and utility to support 7zip archive compression, decompression, ...2026-07-082026-07-08377001
CVE-2026-55195py7zr is a Python-based library and utility to support 7zip archive compression, decompression, ...2026-07-082026-07-08377000
CVE-2026-54591AsyncSSH is a Python package which provides an asynchronous client and server implementation of ...2026-07-082026-07-08376999
CVE-2026-54590AsyncSSH is a Python package which provides an asynchronous client and server implementation of ...2026-07-082026-07-08376998
CVE-2026-14896HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in ...2026-07-082026-07-08377002
CVE-2026-0288Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of ...2026-07-082026-07-08376997
CVE-2026-8801Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue af ...2026-07-082026-07-08376996
CVE-2026-8800Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issu ...2026-07-082026-07-08376995
CVE-2026-8651Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS modul ...2026-07-082026-07-08376993
CVE-2026-8650Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This ...2026-07-082026-07-08376994
CVE-2026-8649Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit ...2026-07-082026-07-08377015
CVE-2026-60104Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-r ...2026-07-082026-07-08377013
CVE-2026-59948Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously ...2026-07-082026-07-08377009
CVE-2026-59947Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer ...2026-07-082026-07-08377008
CVE-2026-59946Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer pa ...2026-07-082026-07-08377007
CVE-2026-59939httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs u ...2026-07-082026-07-08377010
CVE-2026-59936pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft ...2026-07-082026-07-08376987
CVE-2026-59807Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows ...2026-07-082026-07-08376991
CVE-2026-59806Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability tha ...2026-07-082026-07-08376992
CVE-2026-59805Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesContr ...2026-07-082026-07-08376990
CVE-2026-58254NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08376988
CVE-2026-58253NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08376989
CVE-2026-58252NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08376981
CVE-2026-58250NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08376986
CVE-2026-58214NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08376985
CVE-2026-58213NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08376980
CVE-2026-58212Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of ...2026-07-082026-07-08
 
CVE-2026-58210NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08376984
CVE-2026-58209NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08376983
CVE-2026-15154A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerabil ...2026-07-082026-07-08376978
CVE-2026-14891HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task drive ...2026-07-082026-07-08376979
CVE-2026-14361The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in t ...2026-07-082026-07-08376982
CVE-2026-59935pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft ...2026-07-082026-07-08376970
CVE-2026-59822LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...2026-07-082026-07-08376976
CVE-2026-59821LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...2026-07-082026-07-08376969
CVE-2026-59820LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...2026-07-082026-07-08376975
CVE-2026-59819LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...2026-07-082026-07-08376977
CVE-2026-59804Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authenticatio ...2026-07-082026-07-08376971
CVE-2026-59803rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in proto ...2026-07-082026-07-08376972
CVE-2026-59802PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient va ...2026-07-082026-07-08376974
CVE-2026-58501Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but n ...2026-07-082026-07-09377052
CVE-2026-58251NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026-07-082026-07-08376973
CVE-2026-55760Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, a ...2026-07-082026-07-08376965
CVE-2026-55575LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10. ...2026-07-082026-07-08376964
CVE-2026-55404yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-l ...2026-07-082026-07-08376963
CVE-2026-53624Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware ...2026-07-082026-07-08376966
CVE-2026-45045Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the Balanc ...2026-07-082026-07-08376962
CVE-2026-44512Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. F ...2026-07-082026-07-08376961
CVE-2026-44332Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer ...2026-07-082026-07-08376433
CVE-2026-36028A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical acc ...2026-07-082026-07-08376968
CVE-2026-36027An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to ex ...2026-07-082026-07-08376967
CVE-2026-14373HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Do ...2026-07-082026-07-08376960
CVE-2026-59938pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft ...2026-07-082026-07-08376955
CVE-2026-59937pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft ...2026-07-082026-07-08376954
CVE-2026-50813An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensiti ...2026-07-082026-07-08376959
CVE-2026-50812A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk bui ...2026-07-082026-07-08376958
CVE-2026-14362HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push ...2026-07-082026-07-08376956
CVE-2026-60102Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability ...2026-07-082026-07-08376950
CVE-2026-59928Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown docum ...2026-07-082026-07-08376948
CVE-2026-59927Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include dire ...2026-07-082026-07-08376947
CVE-2026-59924Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() ...2026-07-082026-07-08376945
CVE-2026-59731Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decis ...2026-07-082026-07-08376944
CVE-2026-9074IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthentica ...2026-07-082026-07-08376935
CVE-2026-59880Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immut ...2026-07-082026-07-08376943
CVE-2026-59877protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6. ...2026-07-082026-07-08376934
CVE-2026-59876protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, ...2026-07-082026-07-08376942
CVE-2026-59875node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not s ...2026-07-082026-07-08376941
CVE-2026-59874node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts ...2026-07-082026-07-08376940
CVE-2026-59930Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin a ...2026-07-082026-07-08376931
CVE-2026-59929Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url fil ...2026-07-082026-07-08376928
CVE-2026-59926Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonitio ...2026-07-082026-07-08376939
CVE-2026-59925Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences o ...2026-07-082026-07-08376930
CVE-2026-59923Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.saf ...2026-07-082026-07-08376927
CVE-2026-59922Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed ...2026-07-082026-07-08376929
CVE-2026-59897Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 ...2026-07-082026-07-08376933
CVE-2026-59896Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11. ...2026-07-082026-07-08376938
CVE-2026-59895Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 ...2026-07-082026-07-08376937
CVE-2026-59892OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/ ...2026-07-082026-07-08376932
CVE-2026-59890setuptools is a package that allows users to download, build, install, upgrade, and uninstall Py ...2026-07-082026-07-08376926
CVE-2026-59887linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: ...2026-07-082026-07-08376936
CVE-2026-59883Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies sco ...2026-07-082026-07-08376917
CVE-2026-59882guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::ass ...2026-07-082026-07-08376916
CVE-2026-59879Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List# ...2026-07-082026-07-08376924
CVE-2026-59261OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv fi ...2026-07-082026-07-08376923
CVE-2026-42505Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observe ...2026-07-082026-07-08376925
CVE-2026-39822On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside o ...2026-07-082026-07-08376920
CVE-2026-29009U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net ...2026-07-082026-07-08376922
CVE-2026-29008U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machi ...2026-07-082026-07-08376921
CVE-2026-29007U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine( ...2026-07-082026-07-08376919
CVE-2026-59873node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not e ...2026-07-082026-07-08376908
CVE-2026-59871node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces al ...2026-07-082026-07-08376907
CVE-2026-59870js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support f ...2026-07-082026-07-08376914
CVE-2026-59869js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4 ...2026-07-082026-07-08376913
CVE-2026-59868js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are ena ...2026-07-082026-07-08376912
CVE-2026-59725Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 bef ...2026-07-082026-07-08376911
CVE-2026-59724Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 bef ...2026-07-082026-07-08376910
CVE-2026-59702repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that ...2026-07-082026-07-08376915
CVE-2026-59262AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing docu ...2026-07-082026-07-08376909
CVE-2026-57439CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0 ...2026-07-082026-07-08376906
CVE-2026-55761Portainer Community Edition is a lightweight service delivery platform for containerized applica ...2026-07-082026-07-08376904
CVE-2026-54344ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, Tool ...2026-07-082026-07-08376903
CVE-2026-53951Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15. ...2026-07-082026-07-08376905
CVE-2026-49946This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026-07-082026-07-08
 
CVE-2026-49945This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026-07-082026-07-08
 
CVE-2026-49944This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026-07-082026-07-08
 
CVE-2026-3144IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker ...2026-07-082026-07-08376899
CVE-2026-15063A flaw was found in the gorch service template, which is part of the trustyai-service-operator. ...2026-07-082026-07-08376902
CVE-2026-14967BBOT's `github_workflows` module could be induced to write a downloaded artifact outside it ...2026-07-082026-07-08376901
CVE-2026-14966BBOT's unarchive module rejects archives containing symlink entries before extraction, but ...2026-07-082026-07-08376900
CVE-2026-59703repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unau ...2026-07-082026-07-08376896
CVE-2026-55874SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot ...2026-07-082026-07-08376890
CVE-2026-55873SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with S ...2026-07-082026-07-08376893
CVE-2026-55668File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the ne ...2026-07-082026-07-08376892
CVE-2026-54652Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} ...2026-07-082026-07-08376889
CVE-2026-49147App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filen ...2026-07-082026-07-08376888
CVE-2026-49146App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value ...2026-07-082026-07-08376887
CVE-2026-49145App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ac ...2026-07-082026-07-08376885
CVE-2026-24700An OS command injection vulnerability exists in the start_lltd() function of the rc binary in ...2026-07-082026-07-08376883
CVE-2026-24699An OS command injection vulnerability exists in the sub_34984() function of the rc binary in C ...2026-07-082026-07-08376882
CVE-2026-24698An OS command injection vulnerability exists in the save_syslog_to_file() function of the httpd ...2026-07-082026-07-08376881
CVE-2026-24697An OS command injection vulnerability exists in the start_bonjour() function of the rc binary ...2026-07-082026-07-08376872
CVE-2026-15067Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, ...2026-07-082026-07-08376875
CVE-2026-15062SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions pr ...2026-07-082026-07-08376873
CVE-2026-15044A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGua ...2026-07-082026-07-08376874
CVE-2026-15036A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function ...2026-07-082026-07-08376787
CVE-2026-11903Improper neutralization of input during web page generation ('cross-site scripting') v ...2026-07-082026-07-08376880
CVE-2026-10708This vulnerability enables large‑scale data harvesting without requiring app‑specific secret ...2026-07-082026-07-08376876
CVE-2026-10706In Adalo s no-code app builder, (Versions 1 and 2) the attackers may extract full user records a ...2026-07-082026-07-08376879
CVE-2026-10699Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Cu ...2026-07-082026-07-08376878
CVE-2026-10698Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit ...2026-07-082026-07-08376877
CVE-2026-60125MISP s importModule() path used getEnabledModule() to resolve a single import module by name, bu ...2026-07-082026-07-08376897
CVE-2026-60124An authorization bypass in MISP s EventsController::importModule() allowed authenticated users o ...2026-07-082026-07-08376895
CVE-2026-60092AVideo (Meet plugin) through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored c ...2026-07-082026-07-08376886
CVE-2026-59257n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulner ...2026-07-082026-07-08376884
CVE-2026-59253n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users ...2026-07-082026-07-08376894
CVE-2026-58657Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injecti ...2026-07-082026-07-08376891
CVE-2026-58656Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and r ...2026-07-082026-07-08376898
CVE-2026-58654The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains an unrestricted file upload vulnera ...2026-07-082026-07-08376862
CVE-2026-56778n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API ex ...2026-07-082026-07-08376869
CVE-2026-56776n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/ ...2026-07-082026-07-08376868
CVE-2026-56775n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutatin ...2026-07-082026-07-08376867
CVE-2026-56401Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inv ...2026-07-082026-07-08376864
CVE-2026-56374ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder du ...2026-07-082026-07-08376863
CVE-2026-56362ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex ...2026-07-082026-07-08376866
CVE-2026-56360n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhook ...2026-07-082026-07-08376865
CVE-2026-56359n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow ...2026-07-082026-07-08376871
CVE-2026-56298Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information ...2026-07-082026-07-08376870
CVE-2026-56297FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman ...2026-07-082026-07-08376853
CVE-2026-56293Capgo before 12.128.2 contains an authorization flaw in transfer_app() that fails to update depl ...2026-07-082026-07-08376857
CVE-2026-56284Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Sup ...2026-07-082026-07-08376856
CVE-2026-56283Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endp ...2026-07-082026-07-08376861
CVE-2026-56273Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector sto ...2026-07-082026-07-08376855
CVE-2026-56250Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable app_versions.r2_path f ...2026-07-082026-07-08376860
CVE-2026-56246Capgo before 12.128.2 contains a broken access control vulnerability in the organization managem ...2026-07-082026-07-08376852
CVE-2026-56226Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase PostgREST RPC function public.get_orgs ...2026-07-082026-07-08376859
CVE-2026-56220Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSE ...2026-07-082026-07-08376858
CVE-2026-56217Capgo before 12.128.2 contains a policy bypass vulnerability in app_versions update enforcement ...2026-07-082026-07-08376854
CVE-2026-56086Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 thr ...2026-07-082026-07-08376848
CVE-2026-54061Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exp ...2026-07-082026-07-08376846
CVE-2026-53482Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...2026-07-082026-07-08376847
CVE-2026-53480Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...2026-07-082026-07-08376845
CVE-2026-44840Dgraph is an open source distributed GraphQL database. Prior to version 25.3.4, the `checkUserPa ...2026-07-082026-07-08374768
CVE-2026-41122Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...2026-07-082026-07-08376849
CVE-2026-22927Omnissa Workspace ONE Tunnel for Windows addresses a Local Privilege Escalation Vulnerability.2026-07-082026-07-08376851
CVE-2026-15053Tanium addressed a denial of service vulnerability in Tanium Server.2026-07-082026-07-08376850
CVE-2026-15035A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command ...2026-07-082026-07-08376786
CVE-2026-15034A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affecte ...2026-07-082026-07-08376785
CVE-2026-14476A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_component ...2026-07-082026-07-08376626
CVE-2026-14474A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not ...2026-07-082026-07-08376627
CVE-2026-14651A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the fu ...2026-07-082026-07-08376164
CVE-2026-14650A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function gr ...2026-07-082026-07-08376163
CVE-2026-14935A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() ...2026-07-082026-07-08376648
CVE-2026-50811An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ec ...2026-07-082026-07-08376734
CVE-2026-14969A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded sta ...2026-07-082026-07-08376650
CVE-2026-14940A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a ...2026-07-082026-07-08376641

2025

CVEDescripciónSumisiónModeraciónArtículo
CVE-2025-6784The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up t ...2026-07-112026-07-11377755
CVE-2025-5017The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL ...2026-07-112026-07-11377759
CVE-2025-13968The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Sit ...2026-07-112026-07-11377741
CVE-2025-30008HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authentic ...2026-07-102026-07-10377575
CVE-2025-30007HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows l ...2026-07-102026-07-10377576
CVE-2025-70796An unauthenticated path traversal vulnerability exists in the web management interface of WTI (W ...2026-07-102026-07-10377553
CVE-2025-12127** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes ...2026-07-102026-07-10
 
CVE-2025-11977The Happyforms Form Builder for WordPress: Drag Drop Contact Forms, Surveys, Payments Mult ...2026-07-102026-07-10377445
CVE-2025-45422Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass nor ...2026-07-092026-07-09377316
CVE-2025-63579Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book ...2026-07-092026-07-09377292
CVE-2025-58151varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a commu ...2026-07-092026-07-09342998
CVE-2025-58146There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try ...2026-07-092026-07-09323606
CVE-2025-27464[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026-07-092026-07-09310613
CVE-2025-27463[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026-07-092026-07-09310613
CVE-2025-27462[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026-07-092026-07-09310613
CVE-2025-12506GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, ...2026-07-082026-07-08377017
CVE-2025-3110OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header va ...2026-07-082026-07-08376918

Do you want to use VulDB in your project?

Use the official API to access entries easily!