CVE정보

2026

CVE설명제출모더레이션항목
CVE-2026-15475A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is ...2026. 07. 12.2026. 07. 12.377780
CVE-2026-15474A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unkn ...2026. 07. 12.2026. 07. 12.377779
CVE-2026-15473A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some ...2026. 07. 12.2026. 07. 12.377778
CVE-2026-15472A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affec ...2026. 07. 12.2026. 07. 12.377777
CVE-2026-15471A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part ...2026. 07. 12.2026. 07. 12.377776
CVE-2026-15470A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue i ...2026. 07. 12.2026. 07. 12.377775
CVE-2026-58281Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized atta ...2026. 07. 11.2026. 07. 11.377832
CVE-2026-10660The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assist ...2026. 07. 11.2026. 07. 11.377831
CVE-2026-61870ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory ...2026. 07. 11.2026. 07. 11.377830
CVE-2026-61861ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption m ...2026. 07. 11.2026. 07. 11.377825
CVE-2026-61858ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and exter ...2026. 07. 11.2026. 07. 11.377827
CVE-2026-61857ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null ...2026. 07. 11.2026. 07. 11.377826
CVE-2026-61465ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation l ...2026. 07. 11.2026. 07. 11.377822
CVE-2026-61454The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript vari ...2026. 07. 11.2026. 07. 11.377828
CVE-2026-61448Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions = 9.0 ...2026. 07. 11.2026. 07. 11.377829
CVE-2026-61447PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_pyt ...2026. 07. 11.2026. 07. 11.377820
CVE-2026-61445PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in t ...2026. 07. 11.2026. 07. 11.377824
CVE-2026-61442PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization ...2026. 07. 11.2026. 07. 11.377823
CVE-2026-61439PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the b ...2026. 07. 11.2026. 07. 11.377821
CVE-2026-61429PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Craw ...2026. 07. 11.2026. 07. 11.377819
CVE-2026-61428PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing ...2026. 07. 11.2026. 07. 11.377816
CVE-2026-61426PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces w ...2026. 07. 11.2026. 07. 11.377814
CVE-2026-60090PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVect ...2026. 07. 11.2026. 07. 11.377813
CVE-2026-60088PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allo ...2026. 07. 11.2026. 07. 11.377815
CVE-2026-56763Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting special ...2026. 07. 11.2026. 07. 11.377812
CVE-2026-56372ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operati ...2026. 07. 11.2026. 07. 11.377811
CVE-2026-56303Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_val ...2026. 07. 11.2026. 07. 11.377810
CVE-2026-56296Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_a ...2026. 07. 11.2026. 07. 11.377817
CVE-2026-56240Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid c ...2026. 07. 11.2026. 07. 11.377818
CVE-2026-57828The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload tha ...2026. 07. 11.2026. 07. 11.377786
CVE-2026-57827The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allo ...2026. 07. 11.2026. 07. 11.377784
CVE-2026-1359The Genolve AI image AI video generation plugin for WordPress is vulnerable to unauthorized mo ...2026. 07. 11.2026. 07. 11.377774
CVE-2026-6939The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Sit ...2026. 07. 11.2026. 07. 11.377772
CVE-2026-6801The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all vers ...2026. 07. 11.2026. 07. 11.377765
CVE-2026-4661The WP CTA Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerabl ...2026. 07. 11.2026. 07. 11.377770
CVE-2026-1382The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &# ...2026. 07. 11.2026. 07. 11.377771
CVE-2026-15155The Essential Addons for Elementor Popular Elementor Templates Widgets plugin for WordPress ...2026. 07. 11.2026. 07. 11.377768
CVE-2026-12994The WCFM Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization ...2026. 07. 11.2026. 07. 11.377767
CVE-2026-9282The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up ...2026. 07. 11.2026. 07. 11.377766
CVE-2026-9017The NEX-Forms Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to author ...2026. 07. 11.2026. 07. 11.377769
CVE-2026-15010The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions ...2026. 07. 11.2026. 07. 11.377773
CVE-2026-12738The WP Easy Pay Payment and Donation form Builder for Square plugin for WordPress is vulnerabl ...2026. 07. 11.2026. 07. 11.377760
CVE-2026-12126The WCFM Marketplace Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerabl ...2026. 07. 11.2026. 07. 11.377763
CVE-2026-12103The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all ver ...2026. 07. 11.2026. 07. 11.377762
CVE-2026-11901The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Aut ...2026. 07. 11.2026. 07. 11.377756
CVE-2026-11898The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin ...2026. 07. 11.2026. 07. 11.377764
CVE-2026-11591The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...2026. 07. 11.2026. 07. 11.377761
CVE-2026-10865The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure ...2026. 07. 11.2026. 07. 11.377758
CVE-2026-10041The WCFM Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direc ...2026. 07. 11.2026. 07. 11.377757
CVE-2026-7655The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in ...2026. 07. 11.2026. 07. 11.377753
CVE-2026-13378The Form Vibes Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-S ...2026. 07. 11.2026. 07. 11.377754
CVE-2026-9738The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site S ...2026. 07. 11.2026. 07. 11.377752
CVE-2026-7620The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all ...2026. 07. 11.2026. 07. 11.377751
CVE-2026-7559The Affilia Affiliate Program Referral Tracking for WordPress plugin for WordPress is vulner ...2026. 07. 11.2026. 07. 11.377750
CVE-2026-6804The AI Chatbot Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization ...2026. 07. 11.2026. 07. 11.377749
CVE-2026-6803The AI Chatbot Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Autho ...2026. 07. 11.2026. 07. 11.377748
CVE-2026-3576The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request F ...2026. 07. 11.2026. 07. 11.377746
CVE-2026-3552The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data mod ...2026. 07. 11.2026. 07. 11.377747
CVE-2026-2354The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a fl ...2026. 07. 11.2026. 07. 11.377745
CVE-2026-1832The ThriveDesk Live Chat, AI Chatbot, Helpdesk Knowledge Base plugin for WordPress is vulner ...2026. 07. 11.2026. 07. 11.377740
CVE-2026-15335The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email& ...2026. 07. 11.2026. 07. 11.377737
CVE-2026-15097The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ' ...2026. 07. 11.2026. 07. 11.377744
CVE-2026-15096The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Mo ...2026. 07. 11.2026. 07. 11.377743
CVE-2026-14262The Simple JWT Login Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerab ...2026. 07. 11.2026. 07. 11.377739
CVE-2026-13250The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up t ...2026. 07. 11.2026. 07. 11.377736
CVE-2026-13116The PDF Invoices Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure ...2026. 07. 11.2026. 07. 11.377738
CVE-2026-12141The Premium Addons for Elementor Powerful Elementor Templates Widgets plugin for WordPress i ...2026. 07. 11.2026. 07. 11.377742
CVE-2026-8678The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, a ...2026. 07. 11.2026. 07. 11.377727
CVE-2026-7544The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in a ...2026. 07. 11.2026. 07. 11.377731
CVE-2026-5743The SimpLy Gallery Block Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scri ...2026. 07. 11.2026. 07. 11.377734
CVE-2026-3367The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site ...2026. 07. 11.2026. 07. 11.377735
CVE-2026-15338The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusi ...2026. 07. 11.2026. 07. 11.377726
CVE-2026-15073The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to ge ...2026. 07. 11.2026. 07. 11.377730
CVE-2026-15072The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to ge ...2026. 07. 11.2026. 07. 11.377729
CVE-2026-13353The WP Ultimate CSV Importer WordPress Import Export for CSV, XML Excel plugin for WordPre ...2026. 07. 11.2026. 07. 11.377725
CVE-2026-13262The Majestic Support The Leading-Edge Help Desk Customer Support Plugin plugin for WordPress ...2026. 07. 11.2026. 07. 11.377728
CVE-2026-13114The Motors Car Dealership Classified Listings Plugin plugin for WordPress is vulnerable to S ...2026. 07. 11.2026. 07. 11.377733
CVE-2026-12426The Members Membership User Role Editor Plugin plugin for WordPress is vulnerable to Sensiti ...2026. 07. 11.2026. 07. 11.377724
CVE-2026-10628The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypas ...2026. 07. 11.2026. 07. 11.377732
CVE-2026-13756The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions u ...2026. 07. 11.2026. 07. 11.377722
CVE-2026-11426The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all v ...2026. 07. 11.2026. 07. 11.377723
CVE-2026-59155Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O M tool. ...2026. 07. 11.2026. 07. 11.377713
CVE-2026-58591Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377719
CVE-2026-58590Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affe ...2026. 07. 11.2026. 07. 11.377721
CVE-2026-58589Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affe ...2026. 07. 11.2026. 07. 11.377715
CVE-2026-58588Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377718
CVE-2026-58587Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377717
CVE-2026-55884Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0 ...2026. 07. 11.2026. 07. 11.377714
CVE-2026-55883Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0 ...2026. 07. 11.2026. 07. 11.377720
CVE-2026-55882Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0 ...2026. 07. 11.2026. 07. 11.377716
CVE-2026-55810Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026. 07. 11.2026. 07. 11.377712
CVE-2026-55809Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026. 07. 11.2026. 07. 11.377706
CVE-2026-55808Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377710
CVE-2026-55807Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Reques ...2026. 07. 11.2026. 07. 11.377708
CVE-2026-55806URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal cor ...2026. 07. 11.2026. 07. 11.377705
CVE-2026-55804Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026. 07. 11.2026. 07. 11.377704
CVE-2026-55803Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026. 07. 11.2026. 07. 11.377703
CVE-2026-55187Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shippe ...2026. 07. 11.2026. 07. 11.377709
CVE-2026-52761ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, ...2026. 07. 11.2026. 07. 11.377707
CVE-2026-52747ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, ...2026. 07. 11.2026. 07. 11.377702
CVE-2026-49213TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in pack ...2026. 07. 11.2026. 07. 11.377711
CVE-2026-44795Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0 ...2026. 07. 11.2026. 07. 11.377695
CVE-2026-15085Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377700
CVE-2026-15084Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377699
CVE-2026-15083Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026. 07. 11.2026. 07. 11.377694
CVE-2026-15082Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377698
CVE-2026-15081Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v ...2026. 07. 11.2026. 07. 11.377693
CVE-2026-15080Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cros ...2026. 07. 11.2026. 07. 11.377697
CVE-2026-15079Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable ...2026. 07. 11.2026. 07. 11.377696
CVE-2026-13244Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026. 07. 11.2026. 07. 11.377692
CVE-2026-13243Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Req ...2026. 07. 11.2026. 07. 11.377701
CVE-2026-13242Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v ...2026. 07. 11.2026. 07. 11.377690
CVE-2026-13241Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue af ...2026. 07. 11.2026. 07. 11.377691
CVE-2026-13240Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue af ...2026. 07. 11.2026. 07. 11.377688
CVE-2026-13239Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affect ...2026. 07. 11.2026. 07. 11.377687
CVE-2026-13238Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forcefu ...2026. 07. 11.2026. 07. 11.377684
CVE-2026-13237Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue a ...2026. 07. 11.2026. 07. 11.377683
CVE-2026-13236Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue aff ...2026. 07. 11.2026. 07. 11.377686
CVE-2026-13235Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Brows ...2026. 07. 11.2026. 07. 11.377682
CVE-2026-13234Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377689
CVE-2026-13233Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Re ...2026. 07. 11.2026. 07. 11.377685
CVE-2026-13232Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) a ...2026. 07. 11.2026. 07. 11.377674
CVE-2026-13231Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377680
CVE-2026-12535Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026. 07. 11.2026. 07. 11.377675
CVE-2026-11909Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. ...2026. 07. 11.2026. 07. 11.377677
CVE-2026-11908Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377679
CVE-2026-10770Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377678
CVE-2026-10769Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...2026. 07. 11.2026. 07. 11.377676
CVE-2026-10768Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This ...2026. 07. 11.2026. 07. 11.377681
CVE-2026-14480OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy w ...2026. 07. 11.2026. 07. 11.377673
CVE-2026-14286This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026. 07. 11.2026. 07. 11.
 
CVE-2026-55175Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1. ...2026. 07. 11.2026. 07. 11.377664
CVE-2026-44383Multiple connections to the backend using the same charging station ID are allowed, which could ...2026. 07. 11.2026. 07. 11.377670
CVE-2026-42952Previously, there was no throttling on repeated authentication attempts to the charging station ...2026. 07. 11.2026. 07. 11.377672
CVE-2026-20744The charging station websocket endpoint accepts connections without proper authentication, whic ...2026. 07. 11.2026. 07. 11.377671
CVE-2026-15089vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest r ...2026. 07. 11.2026. 07. 11.377666
CVE-2026-15087vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.2026. 07. 11.2026. 07. 11.377669
CVE-2026-15086vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Forma ...2026. 07. 11.2026. 07. 11.377668
CVE-2026-11915vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force at ...2026. 07. 11.2026. 07. 11.377665
CVE-2026-11914vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*.2026. 07. 11.2026. 07. 11.377667
CVE-2026-11913vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.2026. 07. 11.2026. 07. 11.377663
CVE-2026-58503Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeratio ...2026. 07. 10.2026. 07. 11.377662
CVE-2026-57584Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC appl ...2026. 07. 10.2026. 07. 11.377654
CVE-2026-55852Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was ...2026. 07. 10.2026. 07. 11.377656
CVE-2026-54736Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Cry ...2026. 07. 10.2026. 07. 10.377653
CVE-2026-49844Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Ap ...2026. 07. 10.2026. 07. 10.377652
CVE-2026-49394Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was pos ...2026. 07. 10.2026. 07. 11.377660
CVE-2026-48127Frappe is a full-stack web application framework. Prior to 16.20.0 and 15.110.0, users without w ...2026. 07. 10.2026. 07. 11.377659
CVE-2026-47422Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in ...2026. 07. 10.2026. 07. 11.377658
CVE-2026-47199Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, check_safe_sql_ ...2026. 07. 10.2026. 07. 11.377655
CVE-2026-42219Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal ...2026. 07. 10.2026. 07. 11.377657
CVE-2026-41482Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and ...2026. 07. 10.2026. 07. 11.377661
CVE-2026-9726Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...2026. 07. 10.2026. 07. 10.377645
CVE-2026-7639Software installed and run as a non-privileged user may conduct a sequence of improper GPU syste ...2026. 07. 10.2026. 07. 10.377651
CVE-2026-58499EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in ...2026. 07. 10.2026. 07. 10.377647
CVE-2026-57575Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains ...2026. 07. 10.2026. 07. 10.377650
CVE-2026-57574Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains ...2026. 07. 10.2026. 07. 10.377646
CVE-2026-57230OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analyt ...2026. 07. 10.2026. 07. 10.377649
CVE-2026-55881OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returne ...2026. 07. 10.2026. 07. 10.377648
CVE-2026-55880OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and not ...2026. 07. 10.2026. 07. 10.377641
CVE-2026-55879OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay trac ...2026. 07. 10.2026. 07. 10.377643
CVE-2026-55665Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist conta ...2026. 07. 10.2026. 07. 10.377637
CVE-2026-55664Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /fo ...2026. 07. 10.2026. 07. 10.377635
CVE-2026-55659Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several ser ...2026. 07. 10.2026. 07. 10.377636
CVE-2026-55213h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4 ...2026. 07. 10.2026. 07. 10.377640
CVE-2026-45203Kernel software installed and running inside a Host VM may post improper commands to the GPU Fir ...2026. 07. 10.2026. 07. 10.377638
CVE-2026-45196Kernel software installed and running inside a Host VM may post improper commands to the GPU Fir ...2026. 07. 10.2026. 07. 10.377644
CVE-2026-41154Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes ...2026. 07. 10.2026. 07. 10.377639
CVE-2026-34196Software installed and run as a non-privileged user may conduct improper GPU system calls to cau ...2026. 07. 10.2026. 07. 10.377642
CVE-2026-57807Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security So ...2026. 07. 10.2026. 07. 10.377633
CVE-2026-57221RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, Rabbi ...2026. 07. 10.2026. 07. 10.377630
CVE-2026-57220RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does ...2026. 07. 10.2026. 07. 10.377628
CVE-2026-57219RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the o ...2026. 07. 10.2026. 07. 10.377634
CVE-2026-57218RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an exis ...2026. 07. 10.2026. 07. 10.377632
CVE-2026-57217RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, Rabbi ...2026. 07. 10.2026. 07. 10.377631
CVE-2026-57216RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP ...2026. 07. 10.2026. 07. 10.377629
CVE-2026-57215RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, Rabbi ...2026. 07. 10.2026. 07. 10.377625
CVE-2026-57214RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders ...2026. 07. 10.2026. 07. 10.377624
CVE-2026-57213RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the r ...2026. 07. 10.2026. 07. 10.377627
CVE-2026-57212RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the r ...2026. 07. 10.2026. 07. 10.377623
CVE-2026-57211RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ ...2026. 07. 10.2026. 07. 10.377626
CVE-2026-55405LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1- ...2026. 07. 10.2026. 07. 10.377621
CVE-2026-55233OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds ...2026. 07. 10.2026. 07. 10.377622
CVE-2026-55229Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /fo ...2026. 07. 10.2026. 07. 10.372589
CVE-2026-13039The Eventin Event Calendar, Event Registration, Tickets Booking (AI Powered) plugin for Word ...2026. 07. 10.2026. 07. 10.377619
CVE-2026-12761The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPre ...2026. 07. 10.2026. 07. 10.377620
CVE-2026-57850RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the serve ...2026. 07. 10.2026. 07. 10.377612
CVE-2026-57158FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, Free ...2026. 07. 10.2026. 07. 10.377617
CVE-2026-57157FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server ...2026. 07. 10.2026. 07. 10.377616
CVE-2026-57156FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit build ...2026. 07. 10.2026. 07. 10.377615
CVE-2026-55827FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP client ...2026. 07. 10.2026. 07. 10.377614
CVE-2026-55789Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...2026. 07. 10.2026. 07. 10.377613
CVE-2026-55515Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report ...2026. 07. 10.2026. 07. 10.377618
CVE-2026-55481Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders hea ...2026. 07. 10.2026. 07. 10.377610
CVE-2026-55479Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat licens ...2026. 07. 10.2026. 07. 10.377611
CVE-2026-55475Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint all ...2026. 07. 10.2026. 07. 10.377609
CVE-2026-55469Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with im ...2026. 07. 10.2026. 07. 10.377608
CVE-2026-55466Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes S ...2026. 07. 10.2026. 07. 10.377600
CVE-2026-55462Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and p ...2026. 07. 10.2026. 07. 10.377607
CVE-2026-55461Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url ...2026. 07. 10.2026. 07. 10.377604
CVE-2026-55452Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores ...2026. 07. 10.2026. 07. 10.377606
CVE-2026-55377Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...2026. 07. 10.2026. 07. 10.377603
CVE-2026-55370Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...2026. 07. 10.2026. 07. 10.377602
CVE-2026-54714Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @log ...2026. 07. 10.2026. 07. 10.377601
CVE-2026-15295The WordPress Infinite Scroll Ajax Load More plugin for WordPress is vulnerable to Stored Cros ...2026. 07. 10.2026. 07. 10.377605
CVE-2026-11321The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field v ...2026. 07. 10.2026. 07. 10.377599
CVE-2026-6212Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies ...2026. 07. 10.2026. 07. 10.377598
CVE-2026-61460Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadContr ...2026. 07. 10.2026. 07. 10.377597
CVE-2026-61459MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured to ...2026. 07. 10.2026. 07. 10.377596
CVE-2026-55843Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() pas ...2026. 07. 10.2026. 07. 10.377595
CVE-2026-55516Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintena ...2026. 07. 10.2026. 07. 10.377594
CVE-2026-55478Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/li ...2026. 07. 10.2026. 07. 10.377593
CVE-2026-55476Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemTy ...2026. 07. 10.2026. 07. 10.377592
CVE-2026-55474Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displayS ...2026. 07. 10.2026. 07. 10.377591
CVE-2026-55472Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies ...2026. 07. 10.2026. 07. 10.377590
CVE-2026-55464Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML b ...2026. 07. 10.2026. 07. 10.377589
CVE-2026-55460Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin us ...2026. 07. 10.2026. 07. 10.377588
CVE-2026-54329Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create pa ...2026. 07. 10.2026. 07. 10.377587
CVE-2026-15146GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FT ...2026. 07. 10.2026. 07. 10.377586
CVE-2026-57476Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker w ...2026. 07. 10.2026. 07. 10.377584
CVE-2026-57475Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API ...2026. 07. 10.2026. 07. 10.377583
CVE-2026-57474Deloitte AI Assist for Customer disclosed some configuration information through public-facing A ...2026. 07. 10.2026. 07. 10.377577
CVE-2026-6872** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes ...2026. 07. 10.2026. 07. 10.
 
CVE-2026-61461Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backen ...2026. 07. 10.2026. 07. 10.377581
CVE-2026-5801Improper neutralization of special elements used in an SQL command ('SQL injection') v ...2026. 07. 10.2026. 07. 10.377580
CVE-2026-59151Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow t ...2026. 07. 10.2026. 07. 10.377579
CVE-2026-53450Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rej ...2026. 07. 10.2026. 07. 10.377582
CVE-2026-53449Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd pr ...2026. 07. 10.2026. 07. 10.377578
CVE-2026-53448Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn ...2026. 07. 10.2026. 07. 10.377574
CVE-2026-56668ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 T ...2026. 07. 10.2026. 07. 10.377571
CVE-2026-56667ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC a ...2026. 07. 10.2026. 07. 10.377570
CVE-2026-56666ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external ...2026. 07. 10.2026. 07. 10.377573
CVE-2026-56665ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is a ...2026. 07. 10.2026. 07. 10.377566
CVE-2026-56664ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...2026. 07. 10.2026. 07. 10.377565
CVE-2026-55672ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...2026. 07. 10.2026. 07. 10.377569
CVE-2026-55671ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL& ...2026. 07. 10.2026. 07. 10.377572
CVE-2026-55670ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event st ...2026. 07. 10.2026. 07. 10.377568
CVE-2026-53780This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026. 07. 10.2026. 07. 10.
 
CVE-2026-2397Improper neutralization of special elements used in an SQL command ('SQL injection') v ...2026. 07. 10.2026. 07. 10.377567
CVE-2026-59193Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash G ...2026. 07. 10.2026. 07. 10.377562
CVE-2026-59190grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and ...2026. 07. 10.2026. 07. 10.377563
CVE-2026-57167PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rende ...2026. 07. 10.2026. 07. 10.377585
CVE-2026-55783NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...2026. 07. 10.2026. 07. 10.377557
CVE-2026-55782NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...2026. 07. 10.2026. 07. 10.377564
CVE-2026-55781NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...2026. 07. 10.2026. 07. 10.377556
CVE-2026-55780NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...2026. 07. 10.2026. 07. 10.377559
CVE-2026-55669ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...2026. 07. 10.2026. 07. 10.377555
CVE-2026-51119An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /Syst ...2026. 07. 10.2026. 07. 10.377561
CVE-2026-3251Improper neutralization of input during web page generation ('cross-site scripting') v ...2026. 07. 10.2026. 07. 10.377560
CVE-2026-2398Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. Mo ...2026. 07. 10.2026. 07. 10.377554
CVE-2026-1667The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and ...2026. 07. 10.2026. 07. 10.377558
CVE-2026-59180Apprise is an open source library which allows you to send a notification to almost all of the m ...2026. 07. 10.2026. 07. 10.377550
CVE-2026-59162Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...2026. 07. 10.2026. 07. 10.377545
CVE-2026-59161Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...2026. 07. 10.2026. 07. 10.377544
CVE-2026-59154Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorizat ...2026. 07. 10.2026. 07. 10.377547
CVE-2026-58493grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call build ...2026. 07. 10.2026. 07. 10.377552
CVE-2026-58492grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists m ...2026. 07. 10.2026. 07. 10.377551
CVE-2026-566759Router is an AI router token saver. Prior to 0.5.2, 9router treats loopback requests as trust ...2026. 07. 10.2026. 07. 10.377549
CVE-2026-55890Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XS ...2026. 07. 10.2026. 07. 10.372596
CVE-2026-55885Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup p ...2026. 07. 10.2026. 07. 10.377546
CVE-2026-55687ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, ...2026. 07. 10.2026. 07. 10.377548
CVE-2026-556419Router is an AI router token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM prox ...2026. 07. 10.2026. 07. 10.377543
CVE-2026-556389Router is an AI router token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, a ...2026. 07. 10.2026. 07. 10.377538
CVE-2026-54919cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mb ...2026. 07. 10.2026. 07. 10.377541
CVE-2026-54063Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...2026. 07. 10.2026. 07. 10.377536
CVE-2026-53657Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3 ...2026. 07. 10.2026. 07. 10.377539
CVE-2026-53653Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticate ...2026. 07. 10.2026. 07. 10.377540
CVE-2026-39903Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization ...2026. 07. 10.2026. 07. 10.377537
CVE-2026-39244adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulat ...2026. 07. 10.2026. 07. 10.377542
CVE-2026-15377A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnera ...2026. 07. 10.2026. 07. 10.377444
CVE-2026-15376A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown functi ...2026. 07. 10.2026. 07. 10.377443
CVE-2026-8609An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique val ...2026. 07. 10.2026. 07. 10.377526
CVE-2026-8595A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a mali ...2026. 07. 10.2026. 07. 10.377528
CVE-2026-566769Router is an AI router token saver. Prior to 0.5.2, 9router validates image URLs by resolving ...2026. 07. 10.2026. 07. 10.377525
CVE-2026-555019Router is an AI router token saver. Prior to 0.4.80, the dashboard login rate limiter in src/ ...2026. 07. 10.2026. 07. 10.377523
CVE-2026-61492In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was pos ...2026. 07. 10.2026. 07. 10.377531
CVE-2026-61456The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded ...2026. 07. 10.2026. 07. 10.377529
CVE-2026-61455Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lac ...2026. 07. 10.2026. 07. 10.377524
CVE-2026-61450Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user ...2026. 07. 10.2026. 07. 10.377522
CVE-2026-61444PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where t ...2026. 07. 10.2026. 07. 10.377521
CVE-2026-61441PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dep ...2026. 07. 10.2026. 07. 10.377527
CVE-2026-61437PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading ...2026. 07. 10.2026. 07. 10.377520
CVE-2026-555009Router is an AI router token saver. Prior to 0.4.80, the /api/settings/database endpoint allo ...2026. 07. 10.2026. 07. 10.377515
CVE-2026-54149MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import func ...2026. 07. 10.2026. 07. 10.377514
CVE-2026-54001osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...2026. 07. 10.2026. 07. 10.377518
CVE-2026-54000osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...2026. 07. 10.2026. 07. 10.377517
CVE-2026-46388osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...2026. 07. 10.2026. 07. 10.377519
CVE-2026-33382Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the reques ...2026. 07. 10.2026. 07. 10.377513
CVE-2026-15375A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown ...2026. 07. 10.2026. 07. 10.377442
CVE-2026-15374A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function ...2026. 07. 10.2026. 07. 10.377441
CVE-2026-15373A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an ...2026. 07. 10.2026. 07. 10.377440
CVE-2026-15143A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability a ...2026. 07. 10.2026. 07. 10.377516
CVE-2026-61434PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command exec ...2026. 07. 10.2026. 07. 10.377506
CVE-2026-61432PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastCon ...2026. 07. 10.2026. 07. 10.377505
CVE-2026-61431PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to ...2026. 07. 10.2026. 07. 10.377504
CVE-2026-60091PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in ...2026. 07. 10.2026. 07. 10.377508
CVE-2026-60089PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a projec ...2026. 07. 10.2026. 07. 10.377507
CVE-2026-60086PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injec ...2026. 07. 10.2026. 07. 10.377503
CVE-2026-59796In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permiss ...2026. 07. 10.2026. 07. 10.377510
CVE-2026-59795In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible2026. 07. 10.2026. 07. 10.377512
CVE-2026-59794In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agen ...2026. 07. 10.2026. 07. 10.377511
CVE-2026-59793In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS in ...2026. 07. 10.2026. 07. 10.377509
CVE-2026-59792In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project ...2026. 07. 10.2026. 07. 10.377499
CVE-2026-59791In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible2026. 07. 10.2026. 07. 10.377501
CVE-2026-58661n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulne ...2026. 07. 10.2026. 07. 10.377498
CVE-2026-57994phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its ...2026. 07. 10.2026. 07. 10.377493
CVE-2026-57961phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the con ...2026. 07. 10.2026. 07. 10.377492
CVE-2026-56765Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint expos ...2026. 07. 10.2026. 07. 10.377497
CVE-2026-56373ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses ...2026. 07. 10.2026. 07. 10.377496
CVE-2026-56366ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when process ...2026. 07. 10.2026. 07. 10.377494
CVE-2026-56354n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site sc ...2026. 07. 10.2026. 07. 10.377500
CVE-2026-56335Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys ...2026. 07. 10.2026. 07. 10.377495
CVE-2026-56329Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused b ...2026. 07. 10.2026. 07. 10.377491
CVE-2026-56312Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation end ...2026. 07. 10.2026. 07. 10.377484
CVE-2026-56309Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments ...2026. 07. 10.2026. 07. 10.377488
CVE-2026-56305Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change end ...2026. 07. 10.2026. 07. 10.377486
CVE-2026-56279Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid ...2026. 07. 10.2026. 07. 10.377483
CVE-2026-56261Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker ...2026. 07. 10.2026. 07. 10.377490
CVE-2026-56254In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme dis ...2026. 07. 10.2026. 07. 10.377489
CVE-2026-38059The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. ...2026. 07. 10.2026. 07. 10.377485
CVE-2026-38057The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentica ...2026. 07. 10.2026. 07. 10.377530
CVE-2026-29519Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a ref ...2026. 07. 10.2026. 07. 10.377487
CVE-2026-22660FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows ...2026. 07. 10.2026. 07. 10.377482
CVE-2026-22659FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability t ...2026. 07. 10.2026. 07. 10.377481
CVE-2026-56813Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allow ...2026. 07. 10.2026. 07. 10.377480
CVE-2026-54470Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of ...2026. 07. 10.2026. 07. 10.377479
CVE-2026-54469Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untr ...2026. 07. 10.2026. 07. 10.377502
CVE-2026-56814Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multip ...2026. 07. 10.2026. 07. 10.377474
CVE-2026-56690Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...2026. 07. 10.2026. 07. 10.377476
CVE-2026-56689Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...2026. 07. 10.2026. 07. 10.377478
CVE-2026-56688Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...2026. 07. 10.2026. 07. 10.377475
CVE-2026-54468Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerab ...2026. 07. 10.2026. 07. 10.377477
CVE-2026-53363In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared ...2026. 07. 10.2026. 07. 10.377533
CVE-2026-58225SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTE ...2026. 07. 10.2026. 07. 10.377471
CVE-2026-14461mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker wh ...2026. 07. 10.2026. 07. 10.377472
CVE-2026-50810A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC maste ...2026. 07. 10.2026. 07. 10.376733
CVE-2026-9857The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, ...2026. 07. 10.2026. 07. 10.377467
CVE-2026-41880R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) modu ...2026. 07. 10.2026. 07. 10.377470
CVE-2026-41879R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an atta ...2026. 07. 10.2026. 07. 10.377468
CVE-2026-41878R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file down ...2026. 07. 10.2026. 07. 10.377464
CVE-2026-41877R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can ...2026. 07. 10.2026. 07. 10.377465
CVE-2026-41876R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document con ...2026. 07. 10.2026. 07. 10.377473
CVE-2026-15378A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote att ...2026. 07. 10.2026. 07. 10.377466
CVE-2026-15028A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap ov ...2026. 07. 10.2026. 07. 10.377462
CVE-2026-13710The Jeg Kit for Elementor Powerful Addons for Elementor, Widgets Templates for WordPress plu ...2026. 07. 10.2026. 07. 10.377463
CVE-2026-13247The Logo Slider Logo Carousel, Client Logo Slider Brand Showcase for WordPress plugin for Wo ...2026. 07. 10.2026. 07. 10.377469
CVE-2026-13010The JoomSport for Sports: Team League, Football, Hockey more plugin for WordPress is vulne ...2026. 07. 10.2026. 07. 10.377461
CVE-2026-12918The Mail Mint Email Marketing, Newsletter, Email Automation WooCommerce Emails plugin for Wo ...2026. 07. 10.2026. 07. 10.377459
CVE-2026-11990The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to au ...2026. 07. 10.2026. 07. 10.377460
CVE-2026-9838The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the &# ...2026. 07. 10.2026. 07. 10.377456
CVE-2026-6802The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access ...2026. 07. 10.2026. 07. 10.377454
CVE-2026-6440The GoodMeet Google Meet Integration for Webinar, Meeting Video Conference plugin for WordPr ...2026. 07. 10.2026. 07. 10.377457
CVE-2026-3907The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphos ...2026. 07. 10.2026. 07. 10.377455
CVE-2026-1946The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of dat ...2026. 07. 10.2026. 07. 10.377448
CVE-2026-15104The BetterDocs AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for Word ...2026. 07. 10.2026. 07. 10.377458
CVE-2026-15026The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Inform ...2026. 07. 10.2026. 07. 10.377447
CVE-2026-14475The Cookie Banner for GDPR / CCPA WPLP Cookie Consent plugin for WordPress is vulnerable to ge ...2026. 07. 10.2026. 07. 10.377451
CVE-2026-12955The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data ...2026. 07. 10.2026. 07. 10.377446
CVE-2026-12924The Eventin Event Calendar, Event Registration, Tickets Booking (AI Powered) plugin for Word ...2026. 07. 10.2026. 07. 10.377453
CVE-2026-12400The FlowForms Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direc ...2026. 07. 10.2026. 07. 10.377450
CVE-2026-12108The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi ...2026. 07. 10.2026. 07. 10.377452
CVE-2026-11992The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions ...2026. 07. 10.2026. 07. 10.377449
CVE-2026-40454Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-b ...2026. 07. 10.2026. 07. 10.377434
CVE-2026-40452Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization by ...2026. 07. 10.2026. 07. 10.377433
CVE-2026-40009Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authentica ...2026. 07. 10.2026. 07. 10.377432
CVE-2026-40008Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vul ...2026. 07. 10.2026. 07. 10.377431
CVE-2026-40007Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pi ...2026. 07. 10.2026. 07. 10.377427
CVE-2026-40006Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttlin ...2026. 07. 10.2026. 07. 10.377426
CVE-2026-40005Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnera ...2026. 07. 10.2026. 07. 10.377428
CVE-2026-28564Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache ...2026. 07. 10.2026. 07. 10.377430
CVE-2026-13347The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to ...2026. 07. 10.2026. 07. 10.377429
CVE-2026-12685The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfu ...2026. 07. 10.2026. 07. 10.377423
CVE-2026-12276The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether use ...2026. 07. 10.2026. 07. 10.377424
CVE-2026-12123The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery i ...2026. 07. 10.2026. 07. 10.377425
CVE-2026-21057Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged atta ...2026. 07. 10.2026. 07. 10.377422
CVE-2026-21056Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to a ...2026. 07. 10.2026. 07. 10.377421
CVE-2026-21055Improper export of android application components in Bixby prior to version 4.0.70.8 allows loca ...2026. 07. 10.2026. 07. 10.377420
CVE-2026-21054Improper export of android application components in InputSharing prior to version 2.7.01.4 allo ...2026. 07. 10.2026. 07. 10.377419
CVE-2026-21053Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to c ...2026. 07. 10.2026. 07. 10.377418
CVE-2026-21052Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged at ...2026. 07. 10.2026. 07. 10.377417
CVE-2026-21051Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local atta ...2026. 07. 10.2026. 07. 10.377416
CVE-2026-21050Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers ...2026. 07. 10.2026. 07. 10.377415
CVE-2026-21049Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers ...2026. 07. 10.2026. 07. 10.377414
CVE-2026-21048Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 ...2026. 07. 10.2026. 07. 10.377413
CVE-2026-21046Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Relea ...2026. 07. 10.2026. 07. 10.377412
CVE-2026-21045Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 ...2026. 07. 10.2026. 07. 10.377405
CVE-2026-21044Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attacker ...2026. 07. 10.2026. 07. 10.377411
CVE-2026-21043Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged atta ...2026. 07. 10.2026. 07. 10.377410
CVE-2026-21042Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to ex ...2026. 07. 10.2026. 07. 10.377409
CVE-2026-21041Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local at ...2026. 07. 10.2026. 07. 10.377408
CVE-2026-21040Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged a ...2026. 07. 10.2026. 07. 10.377407
CVE-2026-21039Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to co ...2026. 07. 10.2026. 07. 10.377406
CVE-2026-15332A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an ...2026. 07. 10.2026. 07. 10.377275
CVE-2026-15331A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the fun ...2026. 07. 10.2026. 07. 10.377274
CVE-2026-15330A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build ...2026. 07. 10.2026. 07. 10.377273
CVE-2026-15302The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, an ...2026. 07. 10.2026. 07. 10.377400
CVE-2026-15301The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...2026. 07. 10.2026. 07. 10.377404
CVE-2026-15300The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', ...2026. 07. 10.2026. 07. 10.377397
CVE-2026-15299The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...2026. 07. 10.2026. 07. 10.377398
CVE-2026-15298The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versio ...2026. 07. 10.2026. 07. 10.377403
CVE-2026-15297The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin f ...2026. 07. 10.2026. 07. 10.377402
CVE-2026-15296The affiliate-toolkit WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to St ...2026. 07. 10.2026. 07. 10.377532
CVE-2026-15293The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in ...2026. 07. 10.2026. 07. 10.377399
CVE-2026-15292The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the & ...2026. 07. 10.2026. 07. 10.377401
CVE-2026-15291The Chat Help Click to Chat Button Form plugin for WordPress is vulnerable to Sensitive Info ...2026. 07. 10.2026. 07. 10.377392
CVE-2026-15290The Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction ...2026. 07. 10.2026. 07. 10.292456
CVE-2026-15289The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-base ...2026. 07. 10.2026. 07. 10.377394
CVE-2026-15288The SureForms Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to I ...2026. 07. 10.2026. 07. 10.377391
CVE-2026-15287The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-bas ...2026. 07. 10.2026. 07. 10.377393
CVE-2026-15286The Gutenberg Blocks with AI by Kadence WP Page Builder Features plugin for WordPress is vulne ...2026. 07. 10.2026. 07. 10.377390
CVE-2026-15285The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+ ...2026. 07. 10.2026. 07. 10.377388
CVE-2026-15284The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...2026. 07. 10.2026. 07. 10.377396
CVE-2026-15283The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...2026. 07. 10.2026. 07. 10.377395
CVE-2026-15282The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to miss ...2026. 07. 10.2026. 07. 10.377389
CVE-2026-5069The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'sub ...2026. 07. 10.2026. 07. 10.377387
CVE-2026-54423In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPM ...2026. 07. 10.2026. 07. 10.377385
CVE-2026-44918OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project wi ...2026. 07. 10.2026. 07. 10.377386
CVE-2026-15329A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function Brow ...2026. 07. 10.2026. 07. 10.377272
CVE-2026-15326A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUti ...2026. 07. 10.2026. 07. 10.377265
CVE-2026-15321A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of ...2026. 07. 10.2026. 07. 10.377263
CVE-2026-15070The Salon Booking System Free Version plugin for WordPress is vulnerable to Cross-Site Request ...2026. 07. 10.2026. 07. 10.377381
CVE-2026-14894The Super Forms Drag Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File ...2026. 07. 10.2026. 07. 10.377382
CVE-2026-13430The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in ...2026. 07. 10.2026. 07. 10.377380
CVE-2026-11818The WPCafe Restaurant Menu, Online Food Ordering Table Booking System plugin for WordPress i ...2026. 07. 10.2026. 07. 10.377383
CVE-2026-11392The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th ...2026. 07. 10.2026. 07. 10.377384
CVE-2026-15320A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the func ...2026. 07. 10.2026. 07. 10.377260
CVE-2026-15319A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the func ...2026. 07. 10.2026. 07. 10.377259
CVE-2026-15318A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some un ...2026. 07. 10.2026. 07. 10.377258
CVE-2026-55616** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49757. Reason: This candidat ...2026. 07. 10.2026. 07. 10.
 
CVE-2026-54771Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026. 07. 10.2026. 07. 10.377379
CVE-2026-54769Langroid is a framework for building large-language-model-powered applications. Versions prior t ...2026. 07. 10.2026. 07. 10.377378
CVE-2026-54760Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026. 07. 10.2026. 07. 10.367762
CVE-2026-50181Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026. 07. 10.2026. 07. 10.376435
CVE-2026-50180Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026. 07. 10.2026. 07. 10.377377
CVE-2026-15317A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerabili ...2026. 07. 10.2026. 07. 10.377257
CVE-2026-15311A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this ...2026. 07. 10.2026. 07. 10.377247
CVE-2026-55615Langroid is a framework for building large-language-model-powered applications. Prior to version ...2026. 07. 10.2026. 07. 10.367762
CVE-2026-12598The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to ...2026. 07. 10.2026. 07. 10.377374
CVE-2026-12597The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OA ...2026. 07. 10.2026. 07. 10.377376
CVE-2026-12595The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OA ...2026. 07. 10.2026. 07. 10.377375
CVE-2026-58123Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability tha ...2026. 07. 10.2026. 07. 10.377369
CVE-2026-58122Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthe ...2026. 07. 10.2026. 07. 10.377372
CVE-2026-59858Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script ...2026. 07. 10.2026. 07. 10.377371
CVE-2026-59857Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of sp ...2026. 07. 10.2026. 07. 10.377370
CVE-2026-59856Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion scri ...2026. 07. 10.2026. 07. 10.377368
CVE-2026-59855SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in a ...2026. 07. 10.2026. 07. 10.377363
CVE-2026-59854SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/gl ...2026. 07. 10.2026. 07. 10.377358
CVE-2026-59853SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/ ...2026. 07. 10.2026. 07. 10.377362
CVE-2026-59834SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search ...2026. 07. 10.2026. 07. 10.377361
CVE-2026-59833SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders no ...2026. 07. 10.2026. 07. 10.377367
CVE-2026-59832SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*fi ...2026. 07. 10.2026. 07. 10.377359
CVE-2026-59831GitHub CLI (gh) is GitHub s official command line tool. From 2.10.0 through 2.95.0, connecting t ...2026. 07. 10.2026. 07. 10.377366
CVE-2026-57501Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu ...2026. 07. 10.2026. 07. 10.377365
CVE-2026-44342New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management ...2026. 07. 10.2026. 07. 10.377360
CVE-2026-33655New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management ...2026. 07. 10.2026. 07. 10.377364
CVE-2026-57054A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Jun ...2026. 07. 10.2026. 07. 10.377352
CVE-2026-57032An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) ...2026. 07. 10.2026. 07. 10.377350
CVE-2026-57031An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding e ...2026. 07. 10.2026. 07. 10.377348
CVE-2026-57030A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition ...2026. 07. 10.2026. 07. 10.377349
CVE-2026-57029A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos ...2026. 07. 10.2026. 07. 10.377351
CVE-2026-59828Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377356
CVE-2026-58144Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allow ...2026. 07. 10.2026. 07. 10.377353
CVE-2026-58143Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows ...2026. 07. 10.2026. 07. 10.377354
CVE-2026-55424Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377355
CVE-2026-53963Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377357
CVE-2026-53962Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377346
CVE-2026-53961Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377341
CVE-2026-49256Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377345
CVE-2026-46413Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377344
CVE-2026-45788Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377343
CVE-2026-45780Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377342
CVE-2026-44787Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 10.2026. 07. 10.377340
CVE-2026-38076An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows a ...2026. 07. 10.2026. 07. 10.377347
CVE-2026-15276A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown cod ...2026. 07. 10.2026. 07. 10.377216
CVE-2026-15274A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the ...2026. 07. 10.2026. 07. 10.377215
CVE-2026-57028An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper ...2026. 07. 10.2026. 07. 10.377336
CVE-2026-57027A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engi ...2026. 07. 10.2026. 07. 10.377335
CVE-2026-57026An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juni ...2026. 07. 10.2026. 07. 10.377339
CVE-2026-57025A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Junip ...2026. 07. 10.2026. 07. 10.377338
CVE-2026-57024A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of ...2026. 07. 10.2026. 07. 10.377331
CVE-2026-57023An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of J ...2026. 07. 10.2026. 07. 10.377337
CVE-2026-57022An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding E ...2026. 07. 10.2026. 07. 10.377334
CVE-2026-57021An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos ...2026. 07. 10.2026. 07. 10.377330
CVE-2026-57020An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding e ...2026. 07. 10.2026. 07. 10.377333
CVE-2026-57019An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Eng ...2026. 07. 10.2026. 07. 10.377332
CVE-2026-55689OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA&#03 ...2026. 07. 09.2026. 07. 10.377329
CVE-2026-55605DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to ver ...2026. 07. 09.2026. 07. 10.377326
CVE-2026-55604DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to ver ...2026. 07. 09.2026. 07. 10.377328
CVE-2026-55170OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL ...2026. 07. 09.2026. 07. 10.377327
CVE-2026-39246decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When proces ...2026. 07. 09.2026. 07. 09.377325
CVE-2026-39245decompress before 4.2.2 contains an improper path containment check that enables directory trave ...2026. 07. 09.2026. 07. 09.154375
CVE-2026-39243decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling f ...2026. 07. 09.2026. 07. 09.377324
CVE-2026-33803An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper ...2026. 07. 09.2026. 07. 09.377322
CVE-2026-33802A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allow ...2026. 07. 09.2026. 07. 09.377323
CVE-2026-15271A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450 ...2026. 07. 09.2026. 07. 09.377214
CVE-2026-60120Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side templa ...2026. 07. 09.2026. 07. 09.377320
CVE-2026-55865Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malfo ...2026. 07. 09.2026. 07. 09.377319
CVE-2026-55212Pimcore is an Open Source Data Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, ...2026. 07. 09.2026. 07. 09.377318
CVE-2026-55208Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 20 ...2026. 07. 09.2026. 07. 10.377373
CVE-2026-55207Pimcore is an Open Source Data Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, ...2026. 07. 09.2026. 07. 09.377321
CVE-2026-51926An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive infor ...2026. 07. 09.2026. 07. 09.377317
CVE-2026-51925A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a ...2026. 07. 09.2026. 07. 09.377310
CVE-2026-51924An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via ...2026. 07. 09.2026. 07. 09.377313
CVE-2026-51923An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c ...2026. 07. 09.2026. 07. 09.377314
CVE-2026-33801An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol da ...2026. 07. 09.2026. 07. 09.377309
CVE-2026-33800An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Jun ...2026. 07. 09.2026. 07. 09.377312
CVE-2026-33799An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and ...2026. 07. 09.2026. 07. 09.377308
CVE-2026-33794An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwardin ...2026. 07. 09.2026. 07. 09.377307
CVE-2026-31267Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the admini ...2026. 07. 09.2026. 07. 09.377315
CVE-2026-21901A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Juno ...2026. 07. 09.2026. 07. 09.377311
CVE-2026-15270A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerabil ...2026. 07. 09.2026. 07. 09.377213
CVE-2026-0278Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) com ...2026. 07. 09.2026. 07. 09.377305
CVE-2026-0277An improper certificate validation vulnerability in the Prisma Access Agent for iOS enables an ...2026. 07. 09.2026. 07. 09.377303
CVE-2026-0276A privilege escalation vulnerability in Palo Alto Networks Cortex XDR Broker VM enables a local ...2026. 07. 09.2026. 07. 09.377306
CVE-2026-0275A local privilege escalation vulnerability in Palo Alto Networks Prisma Browser allows a locall ...2026. 07. 09.2026. 07. 09.377304
CVE-2026-55590CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 ba ...2026. 07. 09.2026. 07. 09.377294
CVE-2026-54695Pipecat is an open-source Python framework for building real-time voice and multimodal conversat ...2026. 07. 09.2026. 07. 09.377293
CVE-2026-54005Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a ...2026. 07. 09.2026. 07. 09.377297
CVE-2026-54004Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with co ...2026. 07. 09.2026. 07. 09.377300
CVE-2026-54003Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites wi ...2026. 07. 09.2026. 07. 09.377299
CVE-2026-54002Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plu ...2026. 07. 09.2026. 07. 09.377302
CVE-2026-50188Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plu ...2026. 07. 09.2026. 07. 09.377298
CVE-2026-49276Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using t ...2026. 07. 09.2026. 07. 09.377301
CVE-2026-49274Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using t ...2026. 07. 09.2026. 07. 09.377296
CVE-2026-13492The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and ...2026. 07. 09.2026. 07. 09.377295
CVE-2026-0287Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS software allow an unaut ...2026. 07. 09.2026. 07. 09.377289
CVE-2026-0286A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS software ...2026. 07. 09.2026. 07. 09.377283
CVE-2026-0285A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables ...2026. 07. 09.2026. 07. 09.377291
CVE-2026-0284An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Network ...2026. 07. 09.2026. 07. 09.377286
CVE-2026-0283An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Ne ...2026. 07. 09.2026. 07. 09.377288
CVE-2026-0282A file deletion vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated ...2026. 07. 09.2026. 07. 09.377287
CVE-2026-0281An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an unauth ...2026. 07. 09.2026. 07. 09.377285
CVE-2026-0280An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS software ...2026. 07. 09.2026. 07. 09.377284
CVE-2026-0279Multiple cross site scripting vulnerabilities in the User-ID Authentication Portal (aka Captive ...2026. 07. 09.2026. 07. 09.377290
CVE-2026-59149Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath ...2026. 07. 09.2026. 07. 09.377279
CVE-2026-59148Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in co ...2026. 07. 09.2026. 07. 09.377278
CVE-2026-58198ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to ...2026. 07. 09.2026. 07. 09.377280
CVE-2026-61344The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov expos ...2026. 07. 09.2026. 07. 09.377270
CVE-2026-61343LibreBooking's email template editor save action passes the submitted template name directl ...2026. 07. 09.2026. 07. 09.377266
CVE-2026-59827Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, ...2026. 07. 09.2026. 07. 09.377267
CVE-2026-59826Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until ...2026. 07. 09.2026. 07. 09.377282
CVE-2026-59817Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public don ...2026. 07. 09.2026. 07. 09.377269
CVE-2026-59734Coolify is an open-source and self-hostable tool for managing servers, applications, and databas ...2026. 07. 09.2026. 07. 09.377264
CVE-2026-59726Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default ...2026. 07. 09.2026. 07. 09.377268
CVE-2026-59721Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfig ...2026. 07. 09.2026. 07. 09.377255
CVE-2026-59720Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation ...2026. 07. 09.2026. 07. 09.377281
CVE-2026-59221Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 ...2026. 07. 09.2026. 07. 09.377262
CVE-2026-58378Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker ...2026. 07. 09.2026. 07. 09.377261
CVE-2026-55420Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...2026. 07. 09.2026. 07. 09.377254
CVE-2026-43752An authenticated administrator may be able to achieve arbitrary code execution on the host syste ...2026. 07. 09.2026. 07. 09.377256
CVE-2026-15204A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. A ...2026. 07. 09.2026. 07. 09.377125
CVE-2026-15202A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function get_url ...2026. 07. 09.2026. 07. 09.377124
CVE-2026-15195A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts ...2026. 07. 09.2026. 07. 09.377123
CVE-2026-14278After further coordination, CVE was determined to not be warranted.2026. 07. 09.2026. 07. 09.
 
CVE-2026-59225Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.1 ...2026. 07. 09.2026. 07. 09.377277
CVE-2026-59224Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026. 07. 09.2026. 07. 09.377276
CVE-2026-59223Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026. 07. 09.2026. 07. 09.377271
CVE-2026-59222Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 ...2026. 07. 09.2026. 07. 09.377251
CVE-2026-59219Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 ...2026. 07. 09.2026. 07. 09.377250
CVE-2026-59217Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026. 07. 09.2026. 07. 09.377249
CVE-2026-59216Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026. 07. 09.2026. 07. 09.377245
CVE-2026-59215Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026. 07. 09.2026. 07. 09.377244
CVE-2026-59213Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.2 ...2026. 07. 09.2026. 07. 09.377248
CVE-2026-59212Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 ...2026. 07. 09.2026. 07. 09.377243
CVE-2026-51603A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...2026. 07. 09.2026. 07. 09.377253
CVE-2026-51602A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...2026. 07. 09.2026. 07. 09.377252
CVE-2026-51601Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. T ...2026. 07. 09.2026. 07. 09.377246
CVE-2026-51600Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP req ...2026. 07. 09.2026. 07. 09.377236
CVE-2026-51599An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Bu ...2026. 07. 09.2026. 07. 09.377238
CVE-2026-51598An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build ...2026. 07. 09.2026. 07. 09.377241
CVE-2026-51597MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in ...2026. 07. 09.2026. 07. 09.377240
CVE-2026-15308The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through re ...2026. 07. 09.2026. 07. 09.377242
CVE-2026-15194A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_fina ...2026. 07. 09.2026. 07. 09.377122
CVE-2026-15193A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element i ...2026. 07. 09.2026. 07. 09.377120
CVE-2026-15192A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function ...2026. 07. 09.2026. 07. 09.377118
CVE-2026-13462PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows ...2026. 07. 09.2026. 07. 09.377237
CVE-2026-13461When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the ...2026. 07. 09.2026. 07. 09.377239
CVE-2026-59715Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.1 ...2026. 07. 09.2026. 07. 09.377234
CVE-2026-59227Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.1 ...2026. 07. 09.2026. 07. 09.377232
CVE-2026-59226Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 ...2026. 07. 09.2026. 07. 09.377231
CVE-2026-59220Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 ...2026. 07. 09.2026. 07. 09.377233
CVE-2026-59218Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026. 07. 09.2026. 07. 09.377230
CVE-2026-59214Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...2026. 07. 09.2026. 07. 09.377225
CVE-2026-59209n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an a ...2026. 07. 09.2026. 07. 09.377228
CVE-2026-58459gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability ...2026. 07. 09.2026. 07. 09.377224
CVE-2026-53987The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and rende ...2026. 07. 09.2026. 07. 09.377235
CVE-2026-51606An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9 ...2026. 07. 09.2026. 07. 09.377229
CVE-2026-51605A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...2026. 07. 09.2026. 07. 09.377227
CVE-2026-51604A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...2026. 07. 09.2026. 07. 09.377226
CVE-2026-15191A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code ...2026. 07. 09.2026. 07. 09.377117
CVE-2026-15190A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This af ...2026. 07. 09.2026. 07. 09.377116
CVE-2026-61474An improper authorization check in MISP s attribute creation endpoint allowed an authenticated u ...2026. 07. 09.2026. 07. 09.377220
CVE-2026-59208n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.2 ...2026. 07. 09.2026. 07. 09.377223
CVE-2026-59207n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents fe ...2026. 07. 09.2026. 07. 09.377222
CVE-2026-59206n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an a ...2026. 07. 09.2026. 07. 09.377221
CVE-2026-58125This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026. 07. 09.2026. 07. 09.
 
CVE-2026-42486[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026. 07. 09.2026. 07. 10.377535
CVE-2026-23562[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026. 07. 09.2026. 07. 10.377534
CVE-2026-23561[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026. 07. 09.2026. 07. 09.377219
CVE-2026-23560[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026. 07. 09.2026. 07. 09.377219
CVE-2026-23559[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026. 07. 09.2026. 07. 09.377219
CVE-2026-23556When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are l ...2026. 07. 09.2026. 07. 09.377217
CVE-2026-15189A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aa ...2026. 07. 09.2026. 07. 09.377115
CVE-2026-15188A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc1 ...2026. 07. 09.2026. 07. 09.377114
CVE-2026-15187A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.s ...2026. 07. 09.2026. 07. 09.377113
CVE-2026-11404Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function ...2026. 07. 09.2026. 07. 09.377218
CVE-2026-60109Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol ana ...2026. 07. 09.2026. 07. 09.377207
CVE-2026-60108Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer ...2026. 07. 09.2026. 07. 09.377206
CVE-2026-5005Improper neutralization of input during web page generation ('cross-site scripting') v ...2026. 07. 09.2026. 07. 09.377212
CVE-2026-56292A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting thi ...2026. 07. 09.2026. 07. 09.377211
CVE-2026-54801A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...2026. 07. 09.2026. 07. 09.377210
CVE-2026-54800A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...2026. 07. 09.2026. 07. 09.377209
CVE-2026-54799A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...2026. 07. 09.2026. 07. 09.377205
CVE-2026-54798A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...2026. 07. 09.2026. 07. 09.377208
CVE-2026-60095Vinchin Backup Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in ...2026. 07. 09.2026. 07. 09.377203
CVE-2026-60094Vinchin Backup Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that ...2026. 07. 09.2026. 07. 09.377202
CVE-2026-4256Improper neutralization of special elements used in an LDAP query ('LDAP injection') v ...2026. 07. 09.2026. 07. 09.377204
CVE-2026-15186A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function ...2026. 07. 09.2026. 07. 09.377112
CVE-2026-15185A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of t ...2026. 07. 09.2026. 07. 09.377111
CVE-2026-14261A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execu ...2026. 07. 09.2026. 07. 09.377200
CVE-2026-12879An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior ...2026. 07. 09.2026. 07. 09.377199
CVE-2026-12593The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{us ...2026. 07. 09.2026. 07. 09.377201
CVE-2026-12116A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in th ...2026. 07. 09.2026. 07. 09.377198
CVE-2026-3494In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_ ...2026. 07. 09.2026. 07. 09.348595
CVE-2026-15184A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg ...2026. 07. 09.2026. 07. 09.377110
CVE-2026-9253The WP Cost Estimation Payment Forms Builder (E P Forms) plugin for WordPress is vulnerable to ...2026. 07. 09.2026. 07. 09.377197
CVE-2026-15182A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the functio ...2026. 07. 09.2026. 07. 09.377109
CVE-2026-9240The Colissimo Officiel : M thodes de livraison pour WooCommerce plugin for WordPress is vulnerab ...2026. 07. 09.2026. 07. 09.377195
CVE-2026-9237The Employee, Leave and Recruitment Management System Crew HRM plugin for WordPress is vulnera ...2026. 07. 09.2026. 07. 09.377196
CVE-2026-9235The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized m ...2026. 07. 09.2026. 07. 09.377194
CVE-2026-9028The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization by ...2026. 07. 09.2026. 07. 09.377186
CVE-2026-9027The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass v ...2026. 07. 09.2026. 07. 09.377185
CVE-2026-9021The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, ...2026. 07. 09.2026. 07. 09.377184
CVE-2026-59692A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS h ...2026. 07. 09.2026. 07. 09.377190
CVE-2026-59691A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client ...2026. 07. 09.2026. 07. 09.377191
CVE-2026-58307Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Ove ...2026. 07. 09.2026. 07. 09.377189
CVE-2026-58306Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers ...2026. 07. 09.2026. 07. 09.377192
CVE-2026-58305Access of resource using incompatible type ('type confusion') vulnerability in Samsung ...2026. 07. 09.2026. 07. 09.377188
CVE-2026-58304Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Ove ...2026. 07. 09.2026. 07. 09.377187
CVE-2026-58303Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffer ...2026. 07. 09.2026. 07. 09.377193
CVE-2026-56291The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload tha ...2026. 07. 09.2026. 07. 09.377183
CVE-2026-56289GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single ...2026. 07. 09.2026. 07. 09.377175
CVE-2026-56288GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unifie ...2026. 07. 09.2026. 07. 09.377174
CVE-2026-50644SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker hold ...2026. 07. 09.2026. 07. 09.377182
CVE-2026-4298The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all v ...2026. 07. 09.2026. 07. 09.377177
CVE-2026-4275The Divi Torque Lite Divi Theme, Divi Builder Extra Theme plugin for WordPress is vulnerable ...2026. 07. 09.2026. 07. 09.377181
CVE-2026-14372The Bit Form Contact Form, Payment Forms, Multi Step Forms, Calculator Custom Form Builder p ...2026. 07. 09.2026. 07. 09.377176
CVE-2026-13441The EventPrime Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sto ...2026. 07. 09.2026. 07. 09.377180
CVE-2026-12590Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser ...2026. 07. 09.2026. 07. 09.377179
CVE-2026-12428The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due ...2026. 07. 09.2026. 07. 09.377178
CVE-2026-5955Improper neutralization of special elements used in an SQL command ('SQL injection') v ...2026. 07. 09.2026. 07. 09.377169
CVE-2026-5793Improper neutralization of input during web page generation ('cross-site scripting') v ...2026. 07. 09.2026. 07. 09.377173
CVE-2026-56460HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authentica ...2026. 07. 09.2026. 07. 09.377172
CVE-2026-56459HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The applicat ...2026. 07. 09.2026. 07. 09.377170
CVE-2026-56458HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to car ...2026. 07. 09.2026. 07. 09.377166
CVE-2026-2342Improper neutralization of input during web page generation ('cross-site scripting') v ...2026. 07. 09.2026. 07. 09.377171
CVE-2026-1989Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solu ...2026. 07. 09.2026. 07. 09.377168
CVE-2026-1365Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc ...2026. 07. 09.2026. 07. 09.377167
CVE-2026-15158The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all version ...2026. 07. 09.2026. 07. 09.377164
CVE-2026-12433The Hydra Booking Appointment Scheduling Booking Calendar plugin for WordPress is vulnerable ...2026. 07. 09.2026. 07. 09.377165
CVE-2026-8996The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Inform ...2026. 07. 09.2026. 07. 09.377160
CVE-2026-8848The Popup Maker Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Build ...2026. 07. 09.2026. 07. 09.377158
CVE-2026-7558The Age Verification Identity Verification by Token of Trust plugin for WordPress is vulnerabl ...2026. 07. 09.2026. 07. 09.377159
CVE-2026-6910The Bookero.pl system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Sit ...2026. 07. 09.2026. 07. 09.377163
CVE-2026-59269A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain ...2026. 07. 09.2026. 07. 09.377161
CVE-2026-57111Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.re ...2026. 07. 09.2026. 07. 09.376957
CVE-2026-4653The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Sit ...2026. 07. 09.2026. 07. 09.377162
CVE-2026-33390An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functional ...2026. 07. 09.2026. 07. 09.377152
CVE-2026-31985When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the gener ...2026. 07. 09.2026. 07. 09.377151
CVE-2026-31984A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the ...2026. 07. 09.2026. 07. 09.377148
CVE-2026-31983A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. ...2026. 07. 09.2026. 07. 09.377155
CVE-2026-31982An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to in ...2026. 07. 09.2026. 07. 09.377154
CVE-2026-31981A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a ...2026. 07. 09.2026. 07. 09.377157
CVE-2026-15000The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site ...2026. 07. 09.2026. 07. 09.377153
CVE-2026-14343The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via &#039 ...2026. 07. 09.2026. 07. 09.377156
CVE-2026-14342The Mail Mint Email Marketing, Newsletter, Email Automation WooCommerce Emails plugin for Wo ...2026. 07. 09.2026. 07. 09.377150
CVE-2026-14245The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable ...2026. 07. 09.2026. 07. 09.377149
CVE-2026-13771The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr ...2026. 07. 09.2026. 07. 09.377143
CVE-2026-13450The GamiPress Gamification plugin to reward points, achievements, badges ranks in WordPress ...2026. 07. 09.2026. 07. 09.377142
CVE-2026-13334The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the & ...2026. 07. 09.2026. 07. 09.377147
CVE-2026-13253The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &#03 ...2026. 07. 09.2026. 07. 09.377146
CVE-2026-13080The WPFunnels Funnel Builder for WooCommerce with Checkout One Click Upsell plugin for WordP ...2026. 07. 09.2026. 07. 09.377138
CVE-2026-13011The ERP: Complete HR, Accounting CRM Suite with Recruitment and WooCommerce CRM Support plugin ...2026. 07. 09.2026. 07. 09.377141
CVE-2026-12418The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership User Regis ...2026. 07. 09.2026. 07. 09.377139
CVE-2026-12406The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership User Regis ...2026. 07. 09.2026. 07. 09.377145
CVE-2026-12170The AcyMailing An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress p ...2026. 07. 09.2026. 07. 09.377144
CVE-2026-11359The Memberships and User Profiles for WooCommerce ProfileGrid WooCommerce Integration plugin f ...2026. 07. 09.2026. 07. 09.377140
CVE-2026-47840A network attacker positioned between UAA and its LDAP directory can impersonate the directory u ...2026. 07. 09.2026. 07. 09.377137
CVE-2026-47831Use of a cryptographically weak random number generator in the GenerateRandomPassword function i ...2026. 07. 09.2026. 07. 09.377136
CVE-2026-47830Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-build ...2026. 07. 09.2026. 07. 09.377135
CVE-2026-47829Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH op ...2026. 07. 09.2026. 07. 09.377127
CVE-2026-47828During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered j ...2026. 07. 09.2026. 07. 09.377131
CVE-2026-47826The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write ...2026. 07. 09.2026. 07. 09.377134
CVE-2026-12517The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the serv ...2026. 07. 09.2026. 07. 09.377133
CVE-2026-12516The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the serv ...2026. 07. 09.2026. 07. 09.377132
CVE-2026-12270The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several R ...2026. 07. 09.2026. 07. 09.377126
CVE-2026-11875The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or ver ...2026. 07. 09.2026. 07. 09.377130
CVE-2026-11869The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check ...2026. 07. 09.2026. 07. 09.377129
CVE-2026-11571The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files ge ...2026. 07. 09.2026. 07. 09.377128
CVE-2026-5523The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up ...2026. 07. 09.2026. 07. 09.377119
CVE-2026-41857A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator&#0 ...2026. 07. 09.2026. 07. 09.377121
CVE-2026-15138A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affec ...2026. 07. 09.2026. 07. 09.376953
CVE-2026-15137A weakness has been identified in code-projects Interview Management System 1.0. This vulnerabil ...2026. 07. 09.2026. 07. 09.376952
CVE-2026-47646Improper neutralization of input during web page generation ('cross-site scripting') i ...2026. 07. 09.2026. 07. 09.372322
CVE-2026-15135A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects ...2026. 07. 09.2026. 07. 09.376951
CVE-2026-8472GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19. ...2026. 07. 09.2026. 07. 09.377103
CVE-2026-7492GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 1 ...2026. 07. 09.2026. 07. 09.377102
CVE-2026-6896GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19 ...2026. 07. 09.2026. 07. 09.377101
CVE-2026-6352GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19. ...2026. 07. 09.2026. 07. 09.377100
CVE-2026-60105Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemote ...2026. 07. 09.2026. 07. 09.377104
CVE-2026-59818etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and ...2026. 07. 09.2026. 07. 09.377099
CVE-2026-58525Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to by ...2026. 07. 09.2026. 07. 09.377108
CVE-2026-58192Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C W ...2026. 07. 09.2026. 07. 09.377094
CVE-2026-58191Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C W ...2026. 07. 09.2026. 07. 09.377097
CVE-2026-57481Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...2026. 07. 09.2026. 07. 09.377092
CVE-2026-57480Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...2026. 07. 09.2026. 07. 09.377090
CVE-2026-55778Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...2026. 07. 09.2026. 07. 09.377095
CVE-2026-5923Malicious use of a stolen cookie might allow modifications to the contents of the IP phone s web ...2026. 07. 09.2026. 07. 09.377098
CVE-2026-55878Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 befor ...2026. 07. 09.2026. 07. 09.372595
CVE-2026-59723Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, ...2026. 07. 09.2026. 07. 09.377096
CVE-2026-54784CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In ...2026. 07. 09.2026. 07. 09.377093
CVE-2026-54783CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377091
CVE-2026-54782CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377089
CVE-2026-54781CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377105
CVE-2026-15133Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attac ...2026. 07. 09.2026. 07. 09.377086
CVE-2026-15132Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...2026. 07. 09.2026. 07. 09.377085
CVE-2026-15131Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a re ...2026. 07. 09.2026. 07. 09.377084
CVE-2026-15130Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a ...2026. 07. 09.2026. 07. 09.377082
CVE-2026-15129Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to po ...2026. 07. 09.2026. 07. 09.377083
CVE-2026-15128Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote ...2026. 07. 09.2026. 07. 09.377088
CVE-2026-15127Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote ...2026. 07. 09.2026. 07. 09.377087
CVE-2026-15134A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected ...2026. 07. 09.2026. 07. 09.376949
CVE-2026-15126Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...2026. 07. 09.2026. 07. 09.377081
CVE-2026-15125Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote ...2026. 07. 09.2026. 07. 09.377080
CVE-2026-15124Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a ...2026. 07. 09.2026. 07. 09.377072
CVE-2026-15123Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote at ...2026. 07. 09.2026. 07. 09.377079
CVE-2026-15122Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0. ...2026. 07. 09.2026. 07. 09.377078
CVE-2026-15121Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to e ...2026. 07. 09.2026. 07. 09.377077
CVE-2026-15120Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote atta ...2026. 07. 09.2026. 07. 09.377076
CVE-2026-15119Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had ...2026. 07. 09.2026. 07. 09.377075
CVE-2026-15118Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...2026. 07. 09.2026. 07. 09.377074
CVE-2026-15117Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker wh ...2026. 07. 09.2026. 07. 09.377073
CVE-2026-15116Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...2026. 07. 09.2026. 07. 09.377069
CVE-2026-15115Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior t ...2026. 07. 09.2026. 07. 09.377063
CVE-2026-15114Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote ...2026. 07. 09.2026. 07. 09.377068
CVE-2026-15113Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote ...2026. 07. 09.2026. 07. 09.377062
CVE-2026-15112Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to po ...2026. 07. 09.2026. 07. 09.377067
CVE-2026-15111Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who c ...2026. 07. 09.2026. 07. 09.377066
CVE-2026-15110Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who co ...2026. 07. 09.2026. 07. 09.377071
CVE-2026-15109Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ...2026. 07. 09.2026. 07. 09.377065
CVE-2026-15108Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker ...2026. 07. 09.2026. 07. 09.377070
CVE-2026-15107Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker t ...2026. 07. 09.2026. 07. 09.377064
CVE-2026-54780CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377061
CVE-2026-54779CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377056
CVE-2026-54778CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377060
CVE-2026-54776CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377059
CVE-2026-54775CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377058
CVE-2026-54774CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377057
CVE-2026-54773CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377055
CVE-2026-54772CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377054
CVE-2026-54499Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsin ...2026. 07. 09.2026. 07. 09.377053
CVE-2026-15105A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::Pe ...2026. 07. 09.2026. 07. 09.376946
CVE-2026-55877Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 befor ...2026. 07. 09.2026. 07. 09.372593
CVE-2026-5922The IP phone might use malicious input stored in configuration parameters and render it as conte ...2026. 07. 09.2026. 07. 09.377051
CVE-2026-54777CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...2026. 07. 09.2026. 07. 09.377046
CVE-2026-52200An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbi ...2026. 07. 09.2026. 07. 09.377048
CVE-2026-51535In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists ...2026. 07. 09.2026. 07. 09.377047
CVE-2026-39179A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitr ...2026. 07. 09.2026. 07. 09.377050
CVE-2026-39178A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitr ...2026. 07. 09.2026. 07. 09.377049
CVE-2026-35552In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0 ...2026. 07. 09.2026. 07. 09.377045
CVE-2026-31309Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 a ...2026. 07. 09.2026. 07. 09.377107
CVE-2026-15168BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disc ...2026. 07. 09.2026. 07. 09.377044
CVE-2026-55849@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2. ...2026. 07. 08.2026. 07. 09.377106
CVE-2026-55830RestrictedPython is a tool that helps to define a subset of the Python language which allows to ...2026. 07. 08.2026. 07. 08.377036
CVE-2026-55471HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability ...2026. 07. 08.2026. 07. 09.377043
CVE-2026-55470HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability ...2026. 07. 08.2026. 07. 08.372591
CVE-2026-48492Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{obje ...2026. 07. 08.2026. 07. 09.377039
CVE-2026-44161Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...2026. 07. 08.2026. 07. 09.377042
CVE-2026-44160Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...2026. 07. 08.2026. 07. 09.377040
CVE-2026-44025Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...2026. 07. 08.2026. 07. 09.377041
CVE-2026-44024Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...2026. 07. 08.2026. 07. 09.377037
CVE-2026-10037A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME ...2026. 07. 08.2026. 07. 09.377038
CVE-2026-54528JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.f ...2026. 07. 08.2026. 07. 08.377030
CVE-2026-54527JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff ...2026. 07. 08.2026. 07. 08.377029
CVE-2026-49866libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossi ...2026. 07. 08.2026. 07. 08.377028
CVE-2026-35211OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observab ...2026. 07. 08.2026. 07. 08.377026
CVE-2026-35210OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observab ...2026. 07. 08.2026. 07. 08.377027
CVE-2026-15174Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows ...2026. 07. 08.2026. 07. 08.377035
CVE-2026-15173pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service2026. 07. 08.2026. 07. 08.377034
CVE-2026-15172FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denia ...2026. 07. 08.2026. 07. 08.377033
CVE-2026-15171SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of se ...2026. 07. 08.2026. 07. 08.377032
CVE-2026-15170Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of ...2026. 07. 08.2026. 07. 08.377031
CVE-2026-15169UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial o ...2026. 07. 08.2026. 07. 08.377025
CVE-2026-15167DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial o ...2026. 07. 08.2026. 07. 08.377024
CVE-2026-15166IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows deni ...2026. 07. 08.2026. 07. 08.377023
CVE-2026-15165TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service2026. 07. 08.2026. 07. 08.377022
CVE-2026-15164Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service2026. 07. 08.2026. 07. 08.377016
CVE-2026-15163Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow ...2026. 07. 08.2026. 07. 08.377021
CVE-2026-13320GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, ...2026. 07. 08.2026. 07. 08.377020
CVE-2026-13151GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19 ...2026. 07. 08.2026. 07. 08.377019
CVE-2026-11827GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 ...2026. 07. 08.2026. 07. 08.377018
CVE-2026-58494Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-w ...2026. 07. 08.2026. 07. 08.377012
CVE-2026-58211NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.377011
CVE-2026-58208NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.377014
CVE-2026-58207NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.377004
CVE-2026-56669Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, ...2026. 07. 08.2026. 07. 08.377005
CVE-2026-55596Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed ren ...2026. 07. 08.2026. 07. 08.377003
CVE-2026-55542Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature ...2026. 07. 08.2026. 07. 08.377006
CVE-2026-55206py7zr is a Python-based library and utility to support 7zip archive compression, decompression, ...2026. 07. 08.2026. 07. 08.377001
CVE-2026-55195py7zr is a Python-based library and utility to support 7zip archive compression, decompression, ...2026. 07. 08.2026. 07. 08.377000
CVE-2026-54591AsyncSSH is a Python package which provides an asynchronous client and server implementation of ...2026. 07. 08.2026. 07. 08.376999
CVE-2026-54590AsyncSSH is a Python package which provides an asynchronous client and server implementation of ...2026. 07. 08.2026. 07. 08.376998
CVE-2026-14896HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in ...2026. 07. 08.2026. 07. 08.377002
CVE-2026-0288Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of ...2026. 07. 08.2026. 07. 08.376997
CVE-2026-8801Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue af ...2026. 07. 08.2026. 07. 08.376996
CVE-2026-8800Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issu ...2026. 07. 08.2026. 07. 08.376995
CVE-2026-8651Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS modul ...2026. 07. 08.2026. 07. 08.376993
CVE-2026-8650Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This ...2026. 07. 08.2026. 07. 08.376994
CVE-2026-8649Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit ...2026. 07. 08.2026. 07. 08.377015
CVE-2026-60104Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-r ...2026. 07. 08.2026. 07. 08.377013
CVE-2026-59948Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously ...2026. 07. 08.2026. 07. 08.377009
CVE-2026-59947Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer ...2026. 07. 08.2026. 07. 08.377008
CVE-2026-59946Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer pa ...2026. 07. 08.2026. 07. 08.377007
CVE-2026-59939httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs u ...2026. 07. 08.2026. 07. 08.377010
CVE-2026-59936pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft ...2026. 07. 08.2026. 07. 08.376987
CVE-2026-59807Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows ...2026. 07. 08.2026. 07. 08.376991
CVE-2026-59806Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability tha ...2026. 07. 08.2026. 07. 08.376992
CVE-2026-59805Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesContr ...2026. 07. 08.2026. 07. 08.376990
CVE-2026-58254NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.376988
CVE-2026-58253NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.376989
CVE-2026-58252NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.376981
CVE-2026-58250NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.376986
CVE-2026-58214NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.376985
CVE-2026-58213NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.376980
CVE-2026-58212Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of ...2026. 07. 08.2026. 07. 08.
 
CVE-2026-58210NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.376984
CVE-2026-58209NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.376983
CVE-2026-15154A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerabil ...2026. 07. 08.2026. 07. 08.376978
CVE-2026-14891HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task drive ...2026. 07. 08.2026. 07. 08.376979
CVE-2026-14361The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in t ...2026. 07. 08.2026. 07. 08.376982
CVE-2026-59935pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft ...2026. 07. 08.2026. 07. 08.376970
CVE-2026-59822LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...2026. 07. 08.2026. 07. 08.376976
CVE-2026-59821LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...2026. 07. 08.2026. 07. 08.376969
CVE-2026-59820LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...2026. 07. 08.2026. 07. 08.376975
CVE-2026-59819LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...2026. 07. 08.2026. 07. 08.376977
CVE-2026-59804Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authenticatio ...2026. 07. 08.2026. 07. 08.376971
CVE-2026-59803rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in proto ...2026. 07. 08.2026. 07. 08.376972
CVE-2026-59802PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient va ...2026. 07. 08.2026. 07. 08.376974
CVE-2026-58501Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but n ...2026. 07. 08.2026. 07. 09.377052
CVE-2026-58251NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...2026. 07. 08.2026. 07. 08.376973
CVE-2026-55760Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, a ...2026. 07. 08.2026. 07. 08.376965
CVE-2026-55575LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10. ...2026. 07. 08.2026. 07. 08.376964
CVE-2026-55404yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-l ...2026. 07. 08.2026. 07. 08.376963
CVE-2026-53624Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware ...2026. 07. 08.2026. 07. 08.376966
CVE-2026-45045Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the Balanc ...2026. 07. 08.2026. 07. 08.376962
CVE-2026-44512Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. F ...2026. 07. 08.2026. 07. 08.376961
CVE-2026-44332Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer ...2026. 07. 08.2026. 07. 08.376433
CVE-2026-36028A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical acc ...2026. 07. 08.2026. 07. 08.376968
CVE-2026-36027An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to ex ...2026. 07. 08.2026. 07. 08.376967
CVE-2026-14373HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Do ...2026. 07. 08.2026. 07. 08.376960
CVE-2026-59938pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft ...2026. 07. 08.2026. 07. 08.376955
CVE-2026-59937pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft ...2026. 07. 08.2026. 07. 08.376954
CVE-2026-50813An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensiti ...2026. 07. 08.2026. 07. 08.376959
CVE-2026-50812A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk bui ...2026. 07. 08.2026. 07. 08.376958
CVE-2026-14362HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push ...2026. 07. 08.2026. 07. 08.376956
CVE-2026-60102Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability ...2026. 07. 08.2026. 07. 08.376950
CVE-2026-59928Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown docum ...2026. 07. 08.2026. 07. 08.376948
CVE-2026-59927Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include dire ...2026. 07. 08.2026. 07. 08.376947
CVE-2026-59924Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() ...2026. 07. 08.2026. 07. 08.376945
CVE-2026-59731Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decis ...2026. 07. 08.2026. 07. 08.376944
CVE-2026-9074IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthentica ...2026. 07. 08.2026. 07. 08.376935
CVE-2026-59880Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immut ...2026. 07. 08.2026. 07. 08.376943
CVE-2026-59877protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6. ...2026. 07. 08.2026. 07. 08.376934
CVE-2026-59876protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, ...2026. 07. 08.2026. 07. 08.376942
CVE-2026-59875node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not s ...2026. 07. 08.2026. 07. 08.376941
CVE-2026-59874node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts ...2026. 07. 08.2026. 07. 08.376940
CVE-2026-59930Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin a ...2026. 07. 08.2026. 07. 08.376931
CVE-2026-59929Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url fil ...2026. 07. 08.2026. 07. 08.376928
CVE-2026-59926Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonitio ...2026. 07. 08.2026. 07. 08.376939
CVE-2026-59925Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences o ...2026. 07. 08.2026. 07. 08.376930
CVE-2026-59923Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.saf ...2026. 07. 08.2026. 07. 08.376927
CVE-2026-59922Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed ...2026. 07. 08.2026. 07. 08.376929
CVE-2026-59897Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 ...2026. 07. 08.2026. 07. 08.376933
CVE-2026-59896Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11. ...2026. 07. 08.2026. 07. 08.376938
CVE-2026-59895Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 ...2026. 07. 08.2026. 07. 08.376937
CVE-2026-59892OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/ ...2026. 07. 08.2026. 07. 08.376932
CVE-2026-59890setuptools is a package that allows users to download, build, install, upgrade, and uninstall Py ...2026. 07. 08.2026. 07. 08.376926
CVE-2026-59887linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: ...2026. 07. 08.2026. 07. 08.376936
CVE-2026-59883Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies sco ...2026. 07. 08.2026. 07. 08.376917
CVE-2026-59882guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::ass ...2026. 07. 08.2026. 07. 08.376916
CVE-2026-59879Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List# ...2026. 07. 08.2026. 07. 08.376924
CVE-2026-59261OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv fi ...2026. 07. 08.2026. 07. 08.376923
CVE-2026-42505Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observe ...2026. 07. 08.2026. 07. 08.376925
CVE-2026-39822On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside o ...2026. 07. 08.2026. 07. 08.376920
CVE-2026-29009U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net ...2026. 07. 08.2026. 07. 08.376922
CVE-2026-29008U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machi ...2026. 07. 08.2026. 07. 08.376921
CVE-2026-29007U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine( ...2026. 07. 08.2026. 07. 08.376919
CVE-2026-59873node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not e ...2026. 07. 08.2026. 07. 08.376908
CVE-2026-59871node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces al ...2026. 07. 08.2026. 07. 08.376907
CVE-2026-59870js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support f ...2026. 07. 08.2026. 07. 08.376914
CVE-2026-59869js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4 ...2026. 07. 08.2026. 07. 08.376913
CVE-2026-59868js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are ena ...2026. 07. 08.2026. 07. 08.376912
CVE-2026-59725Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 bef ...2026. 07. 08.2026. 07. 08.376911
CVE-2026-59724Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 bef ...2026. 07. 08.2026. 07. 08.376910
CVE-2026-59702repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that ...2026. 07. 08.2026. 07. 08.376915
CVE-2026-59262AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing docu ...2026. 07. 08.2026. 07. 08.376909
CVE-2026-57439CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0 ...2026. 07. 08.2026. 07. 08.376906
CVE-2026-55761Portainer Community Edition is a lightweight service delivery platform for containerized applica ...2026. 07. 08.2026. 07. 08.376904
CVE-2026-54344ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, Tool ...2026. 07. 08.2026. 07. 08.376903
CVE-2026-53951Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15. ...2026. 07. 08.2026. 07. 08.376905
CVE-2026-49946This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026. 07. 08.2026. 07. 08.
 
CVE-2026-49945This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026. 07. 08.2026. 07. 08.
 
CVE-2026-49944This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026. 07. 08.2026. 07. 08.
 
CVE-2026-3144IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker ...2026. 07. 08.2026. 07. 08.376899
CVE-2026-15063A flaw was found in the gorch service template, which is part of the trustyai-service-operator. ...2026. 07. 08.2026. 07. 08.376902
CVE-2026-14967BBOT's `github_workflows` module could be induced to write a downloaded artifact outside it ...2026. 07. 08.2026. 07. 08.376901
CVE-2026-14966BBOT's unarchive module rejects archives containing symlink entries before extraction, but ...2026. 07. 08.2026. 07. 08.376900
CVE-2026-59703repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unau ...2026. 07. 08.2026. 07. 08.376896
CVE-2026-55874SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot ...2026. 07. 08.2026. 07. 08.376890
CVE-2026-55873SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with S ...2026. 07. 08.2026. 07. 08.376893
CVE-2026-55668File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the ne ...2026. 07. 08.2026. 07. 08.376892
CVE-2026-54652Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} ...2026. 07. 08.2026. 07. 08.376889
CVE-2026-49147App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filen ...2026. 07. 08.2026. 07. 08.376888
CVE-2026-49146App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value ...2026. 07. 08.2026. 07. 08.376887
CVE-2026-49145App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ac ...2026. 07. 08.2026. 07. 08.376885
CVE-2026-24700An OS command injection vulnerability exists in the start_lltd() function of the rc binary in ...2026. 07. 08.2026. 07. 08.376883
CVE-2026-24699An OS command injection vulnerability exists in the sub_34984() function of the rc binary in C ...2026. 07. 08.2026. 07. 08.376882
CVE-2026-24698An OS command injection vulnerability exists in the save_syslog_to_file() function of the httpd ...2026. 07. 08.2026. 07. 08.376881
CVE-2026-24697An OS command injection vulnerability exists in the start_bonjour() function of the rc binary ...2026. 07. 08.2026. 07. 08.376872
CVE-2026-15067Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, ...2026. 07. 08.2026. 07. 08.376875
CVE-2026-15062SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions pr ...2026. 07. 08.2026. 07. 08.376873
CVE-2026-15044A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGua ...2026. 07. 08.2026. 07. 08.376874
CVE-2026-15036A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function ...2026. 07. 08.2026. 07. 08.376787
CVE-2026-11903Improper neutralization of input during web page generation ('cross-site scripting') v ...2026. 07. 08.2026. 07. 08.376880
CVE-2026-10708This vulnerability enables large‑scale data harvesting without requiring app‑specific secret ...2026. 07. 08.2026. 07. 08.376876
CVE-2026-10706In Adalo s no-code app builder, (Versions 1 and 2) the attackers may extract full user records a ...2026. 07. 08.2026. 07. 08.376879
CVE-2026-10699Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Cu ...2026. 07. 08.2026. 07. 08.376878
CVE-2026-10698Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit ...2026. 07. 08.2026. 07. 08.376877
CVE-2026-60125MISP s importModule() path used getEnabledModule() to resolve a single import module by name, bu ...2026. 07. 08.2026. 07. 08.376897
CVE-2026-60124An authorization bypass in MISP s EventsController::importModule() allowed authenticated users o ...2026. 07. 08.2026. 07. 08.376895
CVE-2026-60092AVideo (Meet plugin) through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored c ...2026. 07. 08.2026. 07. 08.376886
CVE-2026-59257n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulner ...2026. 07. 08.2026. 07. 08.376884
CVE-2026-59253n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users ...2026. 07. 08.2026. 07. 08.376894
CVE-2026-58657Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injecti ...2026. 07. 08.2026. 07. 08.376891
CVE-2026-58656Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and r ...2026. 07. 08.2026. 07. 08.376898
CVE-2026-58654The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains an unrestricted file upload vulnera ...2026. 07. 08.2026. 07. 08.376862
CVE-2026-56778n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API ex ...2026. 07. 08.2026. 07. 08.376869
CVE-2026-56776n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/ ...2026. 07. 08.2026. 07. 08.376868
CVE-2026-56775n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutatin ...2026. 07. 08.2026. 07. 08.376867
CVE-2026-56401Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inv ...2026. 07. 08.2026. 07. 08.376864
CVE-2026-56374ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder du ...2026. 07. 08.2026. 07. 08.376863
CVE-2026-56362ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex ...2026. 07. 08.2026. 07. 08.376866
CVE-2026-56360n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhook ...2026. 07. 08.2026. 07. 08.376865
CVE-2026-56359n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow ...2026. 07. 08.2026. 07. 08.376871
CVE-2026-56298Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information ...2026. 07. 08.2026. 07. 08.376870
CVE-2026-56297FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman ...2026. 07. 08.2026. 07. 08.376853
CVE-2026-56293Capgo before 12.128.2 contains an authorization flaw in transfer_app() that fails to update depl ...2026. 07. 08.2026. 07. 08.376857
CVE-2026-56284Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Sup ...2026. 07. 08.2026. 07. 08.376856
CVE-2026-56283Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endp ...2026. 07. 08.2026. 07. 08.376861
CVE-2026-56273Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector sto ...2026. 07. 08.2026. 07. 08.376855
CVE-2026-56250Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable app_versions.r2_path f ...2026. 07. 08.2026. 07. 08.376860
CVE-2026-56246Capgo before 12.128.2 contains a broken access control vulnerability in the organization managem ...2026. 07. 08.2026. 07. 08.376852
CVE-2026-56226Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase PostgREST RPC function public.get_orgs ...2026. 07. 08.2026. 07. 08.376859
CVE-2026-56220Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSE ...2026. 07. 08.2026. 07. 08.376858
CVE-2026-56217Capgo before 12.128.2 contains a policy bypass vulnerability in app_versions update enforcement ...2026. 07. 08.2026. 07. 08.376854
CVE-2026-56086Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 thr ...2026. 07. 08.2026. 07. 08.376848
CVE-2026-54061Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exp ...2026. 07. 08.2026. 07. 08.376846
CVE-2026-53482Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...2026. 07. 08.2026. 07. 08.376847
CVE-2026-53480Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...2026. 07. 08.2026. 07. 08.376845
CVE-2026-44840Dgraph is an open source distributed GraphQL database. Prior to version 25.3.4, the `checkUserPa ...2026. 07. 08.2026. 07. 08.374768
CVE-2026-41122Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...2026. 07. 08.2026. 07. 08.376849
CVE-2026-22927Omnissa Workspace ONE Tunnel for Windows addresses a Local Privilege Escalation Vulnerability.2026. 07. 08.2026. 07. 08.376851
CVE-2026-15053Tanium addressed a denial of service vulnerability in Tanium Server.2026. 07. 08.2026. 07. 08.376850
CVE-2026-15035A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command ...2026. 07. 08.2026. 07. 08.376786
CVE-2026-15034A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affecte ...2026. 07. 08.2026. 07. 08.376785
CVE-2026-14476A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_component ...2026. 07. 08.2026. 07. 08.376626
CVE-2026-14474A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not ...2026. 07. 08.2026. 07. 08.376627
CVE-2026-14651A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the fu ...2026. 07. 08.2026. 07. 08.376164
CVE-2026-14650A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function gr ...2026. 07. 08.2026. 07. 08.376163
CVE-2026-14935A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() ...2026. 07. 08.2026. 07. 08.376648
CVE-2026-50811An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ec ...2026. 07. 08.2026. 07. 08.376734
CVE-2026-14969A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded sta ...2026. 07. 08.2026. 07. 08.376650
CVE-2026-14940A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a ...2026. 07. 08.2026. 07. 08.376641

2025

CVE설명제출모더레이션항목
CVE-2025-6784The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up t ...2026. 07. 11.2026. 07. 11.377755
CVE-2025-5017The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL ...2026. 07. 11.2026. 07. 11.377759
CVE-2025-13968The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Sit ...2026. 07. 11.2026. 07. 11.377741
CVE-2025-30008HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authentic ...2026. 07. 10.2026. 07. 10.377575
CVE-2025-30007HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows l ...2026. 07. 10.2026. 07. 10.377576
CVE-2025-70796An unauthenticated path traversal vulnerability exists in the web management interface of WTI (W ...2026. 07. 10.2026. 07. 10.377553
CVE-2025-12127** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes ...2026. 07. 10.2026. 07. 10.
 
CVE-2025-11977The Happyforms Form Builder for WordPress: Drag Drop Contact Forms, Surveys, Payments Mult ...2026. 07. 10.2026. 07. 10.377445
CVE-2025-45422Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass nor ...2026. 07. 09.2026. 07. 09.377316
CVE-2025-63579Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book ...2026. 07. 09.2026. 07. 09.377292
CVE-2025-58151varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a commu ...2026. 07. 09.2026. 07. 09.342998
CVE-2025-58146There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try ...2026. 07. 09.2026. 07. 09.323606
CVE-2025-27464[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026. 07. 09.2026. 07. 09.310613
CVE-2025-27463[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026. 07. 09.2026. 07. 09.310613
CVE-2025-27462[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...2026. 07. 09.2026. 07. 09.310613
CVE-2025-12506GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, ...2026. 07. 08.2026. 07. 08.377017
CVE-2025-3110OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header va ...2026. 07. 08.2026. 07. 08.376918

Do you want to use VulDB in your project?

Use the official API to access entries easily!