463
Total CVEs
4
KEV Entries
53
Critical
175
High
163
Medium
37
Articles
CVE Feed
463 CVEs
CVE-2026-45336
CRITICAL
10.0
HireFlow is a web-based interview management system for managing candidates, scheduling interviews, and tracking hiring progress. In 1.2 and earlier, app.py assigns a hard-coded Flask secret_key used ...
CVE-2026-46339
CRITICAL
10.0
9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/* and /api/mcp/*, allowing unauthenticated registration of customPlugi...
CVE-2026-50148
CRITICAL
10.0
Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user with permission to add...
CVE-2026-52887
CRITICAL
10.0
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.0.61, NocoBase @nocobase/plugin-notification-in-app-message exposed GET /api...
CVE-2026-56699
CRITICAL
10.0
Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smu...
CVE-2026-45568
CRITICAL
9.9
zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to url...
CVE-2026-46512
CRITICAL
9.9
Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fm_dialplan_apply accepted template parameters including greeting, dest, url, extension, code, and file, and Tools/Dialp...
CVE-2026-44986
CRITICAL
9.9
Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams_invitations.clj invitation tokens from create-team-invitations, embedded an existing profi...
CVE-2026-52891
CRITICAL
9.9
Wekan is open source kanban built with Meteor. Prior to 9.07, Wekan avatar upload functionality embeds user-supplied filenames into paths later passed to child_process.exec() for MIME-type detection. ...
CVE-2026-54052
CRITICAL
9.9
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLE_MULTI_TENANT=...
CVE-2023-49899
CRITICAL
9.8
An unauthenticated remote attacker can execute any command on the affected device due to not correctly verifying the origin of a communication channel.
CVE-2023-49900
CRITICAL
9.8
An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command.
CVE-2026-15013
CRITICAL
9.8
The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability ex...
CVE-2026-45695
CRITICAL
9.8
Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP...
CVE-2026-46562
CRITICAL
9.8
Yamcs is a mission control framework. Prior to 5.12.7, the Nashorn ScriptEngine used to evaluate user-supplied JavaScript algorithm text in yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorith...
CVE-2026-49352
CRITICAL
9.8
9Router is an AI router & token saver. From 0.2.21 until 0.4.44, 9Router used the hardcoded fallback JWT secret 9router-default-secret-change-me in src/app/api/auth/login/route.js, src/middleware.js, ...
CVE-2026-55652
CRITICAL
9.8
Wekan is open source kanban built with Meteor. Prior to 9.46, header-login with HEADER_LOGIN_TRUSTED_IPS uses getRequestIp() in server/lib/headerLoginAuth.js to trust the client-supplied X-Forwarded-F...
CVE-2026-22752
CRITICAL
9.6
Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server.
This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1....
CVE-2026-53513
CRITICAL
9.6
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-con...
CVE-2026-54458
CRITICAL
9.6
WWBN AVideo is an open source video platform. Versions prior to 29.0 contain a stored DOM Cross-Site Scripting vulnerability in the YPTSocket plugin. Any unauthenticated remote attacker can execute ar...
CVE-2026-62948
CRITICAL
9.6
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefiles_writ...
CVE-2026-13385
CRITICAL
9.5
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute a...
CVE-2026-46684
CRITICAL
9.5
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilter#doFilter() pass X-DE-TOKEN values to TokenUtils.validate(), wh...
CVE-2026-61451
CRITICAL
9.4
The Grav API plugin (grav-plugin-api) before 1.0.4 does not validate the origin of the client-supplied admin_base_url field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl() fun...
CVE-2026-46515
CRITICAL
9.3
Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.3, PERM_READ access was sufficient to call fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup...
CVE-2026-54733
CRITICAL
9.3
The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration...
CVE-2026-59864
CRITICAL
9.3
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota plugin add` and `kiota plugin generate` (with `-t APIPlugin`) emitted attacker-controlled static_template.file values from...
CVE-2026-59865
CRITICAL
9.3
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota info` read x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand plus dependency name and version value...
CVE-2026-59866
CRITICAL
9.3
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clientNamespaceName values without identifier or path sanitization as both gene...
CVE-2026-63087
CRITICAL
9.3
Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install ...
CVE-2026-46421
CRITICAL
9.3
The SAP Cloud Application Programming Model is a tool for building enterprise-grade cloud applications, and cap-js/cds-dbs is the monorepo for SQL database services for that tool. On April 29, 2026, c...
CVE-2026-50562
CRITICAL
9.3
FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs...
CVE-2026-52842
CRITICAL
9.3
Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page or...
CVE-2026-52843
CRITICAL
9.3
Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest unconditionally attached session cookies to every HTTP request, ignoring credenti...
CVE-2026-55445
CRITICAL
9.3
Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not ...
CVE-2026-61736
CRITICAL
9.3
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORS_ORIGINS=* combined with allow_credentials=True in lightrag/api/lightrag_server.py, causing...
CVE-2026-61740
CRITICAL
9.3
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAG_API_KEY set but AUTH_ACCOUNTS unset, X-API-Key protection can be bypassed beca...
CVE-2026-15925
CRITICAL
9.2
Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connectio...
CVE-2026-63304
CRITICAL
9.2
AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses() function interpolates unsanitized keyword parameters inside si...
CVE-2026-63305
CRITICAL
9.2
AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php endpoint where notifyCode and callback parameters are concatenated into a shell command without escaping. Atta...
CVE-2026-63306
CRITICAL
9.2
stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private ...
CVE-2026-42533
CRITICAL
9.2
A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map outp...
CVE-2026-49445
CRITICAL
9.2
Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-a...
CVE-2026-52893
CRITICAL
9.2
Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan Accounts.onCreateUser hook in server/models/users.js merges OIDC logins into existing accounts when the OIDC email or username m...
CVE-2026-15422
CRITICAL
9.1
The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classifica...
CVE-2026-44632
CRITICAL
9.1
Yamcs is a mission control framework. Prior to 5.12.7, a server-side code injection vulnerability existed in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactor...
CVE-2026-46621
CRITICAL
9.1
Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through t...
CVE-2026-53512
CRITICAL
9.1
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the legacy oidcProvider and mcp plugins expose OAuth token endpoints whose refresh_token grant authenticates...
CVE-2026-11386
CRITICAL
9.0
An input validation and injection vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client constructs APT source files (such as /etc/apt/sources.list.d/ubuntu-...
CVE-2026-63089
CRITICAL
9.0
WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuar...
CVE-2026-45534
CRITICAL
9.0
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getPropert...
CVE-2026-56400
CRITICAL
9.0
open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with allow_origins=* and authenticated requests to the /api/v1/functions endpoint. Attacke...
CVE-2026-62378
CRITICAL
9.0
RustFS Console is a web management console for the RustFS distributed file system. From 0.1.7 until 0.1.10, the RustFS Console components/object/preview-modal.tsx and components/object/pdf-viewer.tsx ...
CVE-2026-54526
HIGH
8.9
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 3.7.15 and 4.0.6, the allow-list fix for CVE-2026-31892 is incomplete because ...
CVE-2026-13741
HIGH
8.8
The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.1.0.5. This is due to missing authorization and ...
CVE-2026-14371
HIGH
8.8
The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell comm...
CVE-2026-15005
HIGH
8.8
The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplat...
CVE-2026-15103
HIGH
8.8
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and includ...
CVE-2026-5674
HIGH
8.8
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An ...
CVE-2026-20150
HIGH
8.8
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-43637
HIGH
8.8
Cornac before 2.6.0 contains a path traversal (Tar Slip) vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing...
CVE-2026-45805
HIGH
8.8
Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/server/src/ReplServer.ts bound the ReplServer to 0.0.0.0:4403 and exposed an unauthen...
CVE-2026-55242
HIGH
8.8
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection th...
CVE-2026-55576
HIGH
8.8
MaaAssistantArknights is a one-click tool for daily Arknights tasks. In the current dev-v2 workflow, .github/workflows/release-preparation.yml inlined attacker-controlled github.event.pull_request.tit...
CVE-2026-58658
HIGH
8.8
GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify wo...
CVE-2026-60005
HIGH
8.8
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens,...
CVE-2026-61435
HIGH
8.8
PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints (src/praisonai/praisonai/api/agent_invoke.py) when PRAISONAI_CALL_AUTH=disabled is configured. The ...
CVE-2026-61436
HIGH
8.8
PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads...
CVE-2026-61684
HIGH
8.8
FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/* authenticate only by verifying a JWT signed with INVOKE_TOKEN_SE...
CVE-2026-62312
HIGH
8.8
9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass...
CVE-2025-71377
HIGH
8.7
stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit...
CVE-2026-53597
HIGH
8.7
Prompty is a markdown file format (.prompty) for LLM prompts. From 2.0.0-alpha.1 until 2.0.0-beta.3, the @prompty/core TypeScript loader in runtime/typescript/packages/core/src/core/loader.ts used gra...
CVE-2026-55629
HIGH
8.7
Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMP_FILES_PATH only...
CVE-2026-58078
HIGH
8.7
The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection.
CVE-2026-59859
HIGH
8.7
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.4, Kiota's PHP generator embedded OpenAPI description, default fields, property names, and other schema-derived strings into PHP dou...
CVE-2026-59860
HIGH
8.7
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C# XML documentation-comment sink (the description, externa...
CVE-2026-62963
HIGH
8.7
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.4, Centrifugo unidirectional WebSocket transport with uni_websocket.compression enabled enforced uni_websocket.message_si...
CVE-2026-63085
HIGH
8.7
Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-admin users to escalate privileges by exploiting unenforced field restrict...
CVE-2026-15804
HIGH
8.7
The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, an...
CVE-2026-33445
HIGH
8.7
CVE-2026-33445 is a memory management
vulnerability in Secure Access servers prior to 14.55. Attackers with an
intimate knowledge of and total control over the tunnel protocol can create a
persistent ...
CVE-2026-45320
HIGH
8.7
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch ...
CVE-2026-45417
HIGH
8.7
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema() into getTablesSql and execute the ...
CVE-2026-45535
HIGH
8.7
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as ${var} and SqlparserUt...
CVE-2026-55723
HIGH
8.7
When NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller...
CVE-2026-56339
HIGH
8.7
Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescind_invitation that allows unauthenticated atta...
CVE-2026-56679
HIGH
8.7
9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user ...
CVE-2026-57831
HIGH
8.7
The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection.
CVE-2026-57832
HIGH
8.7
The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection.
CVE-2026-57996
HIGH
8.7
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with...
CVE-2026-58077
HIGH
8.7
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances.
CVE-2026-58655
HIGH
8.7
The bundled Grav Flex Objects plugin (getgrav/grav-plugin-flex-objects) before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles,...
CVE-2026-59235
HIGH
8.7
Missing Authorization (CWE-862) in BankAccountListController (app/Http/Controllers/Api/BankAccount/BankAccountListController.php), exposed at GET /api/bank-account, in Prospero Flow CRM <5.5.3, which ...
CVE-2026-59762
HIGH
8.7
When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
Impact:
System performance can degrade until the TMM pro...
CVE-2026-60085
HIGH
8.7
PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and all...
CVE-2026-62389
HIGH
8.7
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by ...
CVE-2026-57206
HIGH
8.6
SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.206, several plugin validation routes in application/single_app...
CVE-2026-15583
HIGH
8.6
A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-...
CVE-2026-40501
HIGH
8.6
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by deliverin...
CVE-2026-48795
HIGH
8.6
AdonisJS is a TypeScript-first web framework. From 10.1.3 until 10.1.5 and 11.0.3, AdonisJS @adonisjs/bodyparser incompletely fixed CVE-2026-25754 because nested multipart field payloads such as user....
CVE-2026-57833
HIGH
8.6
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature.
CVE-2026-61443
HIGH
8.6
PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.run_skill_script() that executes scripts without path containment validation. Attackers can supply absolute file pa...
CVE-2026-61446
HIGH
8.6
PraisonAI (praisonaiagents) before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python (.py) files from project-level and user-home ....
CVE-2026-61836
HIGH
8.6
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes ...
CVE-2026-9770
HIGH
8.6
Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem
that is shared across devices. An
attacker with access to the firmware image can extract...
CVE-2026-46686
HIGH
8.5
Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped b...
CVE-2026-6423
HIGH
8.5
A local privilege escalation vulnerability in ESET Inspect Connector.
The vulnerability was caused by improper authentication in an IPC channel.
CVE-2026-40952
HIGH
8.5
CVE-2026-40952 is a privilege misconfiguration
in the Secure Access installer for the Windows client and server prior to
version 14.55. Attackers with local access to the client or server can use it
t...
CVE-2026-45419
HIGH
8.5
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageService#save, StaticResourceServer#saveFilesToServe, and the /de2api/templ...
CVE-2026-55234
HIGH
8.5
Wekan is open source kanban built with Meteor. Prior to 9.37, Wekan DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js authorize ag...
CVE-2026-56398
HIGH
8.5
Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-...
CVE-2026-61433
HIGH
8.5
PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy....
CVE-2026-61828
HIGH
8.5
Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and 26.05 channel fixes, the NixOS module for MySQL services.mysql initializes the M...
CVE-2026-8920
HIGH
8.5
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted...
CVE-2026-15029
HIGH
8.4
Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and w...
CVE-2026-15895
HIGH
8.4
OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might allow context-dependent attackers to execute arbitrary commands via crafted package specifiers passed to...
CVE-2026-42936
HIGH
8.4
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the priv...
CVE-2026-58659
HIGH
8.4
PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the _load_state function that imports and executes attacker-controlled module names from che...
CVE-2026-61430
HIGH
8.4
PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the web_crawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. At...
CVE-2026-14254
HIGH
8.3
A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were proces...
CVE-2026-45576
HIGH
8.3
zrok is software for sharing web services, files, and network resources. From 0.4.23 until 2.0.3, `zrok2 copy` stores attacker-controlled WebDAV or zrok drive paths such as /../outside.txt in the sour...
CVE-2026-10673
HIGH
8.3
The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver (drivers/ethernet/eth_adin2111.c) reassembles received Ethernet frames in OPEN Alliance (OA) SPI mode by copying device-supplied 64-byte dat...
CVE-2026-20296
HIGH
8.3
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker cou...
CVE-2026-45533
HIGH
8.3
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and p...
CVE-2026-47158
HIGH
8.3
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiat...
CVE-2026-53516
HIGH
8.3
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the...
CVE-2026-56434
HIGH
8.3
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directive...
CVE-2026-62349
HIGH
8.3
TDengine is an open source, time-series database optimized for Internet of Things devices. In 3.4.1.6 and earlier, source/libs/parser/src/parUtil.c trimString() checks space for only one byte before p...
CVE-2026-15352
HIGH
8.2
A vulnerability exists in the Health & Safety (HS) application of
NASA's Core Flight System (cFS). The flaw allows the application to
crash via segmentation fault when processing a routine Housekeep...
CVE-2026-35147
HIGH
8.2
HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access. The application fails to verify the user's authentication status when accessing specific API endpoints, allowi...
CVE-2026-35149
HIGH
8.2
HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering ...
CVE-2026-44981
HIGH
8.2
CrowdSec offers crowdsourced protection against malicious IPs. From 1.7.0 until 1.7.8, the LAPI router used gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controll...
CVE-2026-45325
HIGH
8.2
Gestor de Oferta is a web application for managing mobility service offerings. Prior to 20260509.0340.15, @tmlmobilidade/utils has a prototype pollution vulnerability in setValueAtPath() in packages/u...
CVE-2026-49998
HIGH
8.2
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.1, Centrifugo dynamic JWKS endpoint verification could reuse a key for one allowed issuer to verify a JWT for another all...
CVE-2026-12382
HIGH
8.2
A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining re...
CVE-2026-13585
HIGH
8.2
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local...
CVE-2026-46485
HIGH
8.2
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml thro...
CVE-2021-27137
HIGH
8.1
An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would ove...
CVE-2026-15008
HIGH
8.1
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the f...
CVE-2026-1609
HIGH
8.1
A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during ...
CVE-2026-46351
HIGH
8.1
BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web generated conference sessionToken values with insufficiently secure randomness in bbb-common-web/src/main/java/org/bigbluebu...
CVE-2026-46353
HIGH
8.1
BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web checksum validation could be bypassed when a presentationUploadExternalUrl parameter was supplied to API request handling in...
CVE-2026-20156
HIGH
8.1
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-53517
HIGH
8.1
Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refresh_token grant perfor...
CVE-2026-62685
HIGH
8.1
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser builds new user scopes from user...
CVE-2026-3842
HIGH
7.8
A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shor...
CVE-2026-15809
HIGH
7.8
A flaw was found in CRI-O. The fix for a previous vulnerability (CVE-2022-4318) was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can injec...
CVE-2026-40633
HIGH
7.8
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with l...
CVE-2026-46709
HIGH
7.8
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.234, Tabby inserts dropped file paths from tabby-electron/src/pathDrop.ts into the active shell without neutralizing ...
CVE-2026-56687
HIGH
7.8
Dell ThinOS 10, versions prior to 2605_10.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Un...
CVE-2026-58558
HIGH
7.8
Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-46687
HIGH
7.7
Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from api_controller.php without validation, and log_...
CVE-2026-63088
HIGH
7.7
stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomple...
CVE-2026-14251
HIGH
7.7
A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger...
CVE-2026-45313
HIGH
7.7
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. Prior to 1.17.6, GuiServer::WndHookRegisterSlave in Sandboxie/core/svc/GuiServer.cpp stores attacker-supplied hthread and...
CVE-2026-45806
HIGH
7.7
Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import passed the user-controlled url from frontend/src/app/main/data/workspace/media.clj...
CVE-2026-47164
HIGH
7.7
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP email_verified claim only for new-user creation and not when SSO_SIGNUPS_MAT...
CVE-2026-48799
HIGH
7.7
Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription...
CVE-2026-49279
HIGH
7.7
WWBN AVideo is an open source video platform. Versions 29.0 and below contain a Stored XSS vulnerability through the autoEvalCodeOnHTML parameter in the MessageSQLite WebSocket Handler. The MessageSQL...
CVE-2026-53514
HIGH
7.7
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVeri...
CVE-2026-61613
HIGH
7.7
Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from i...
CVE-2026-61644
HIGH
7.7
FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context...
CVE-2026-61835
HIGH
7.7
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, the SSRF protection on Directus's file-import-from-URL feature can be bypassed using the address 0.0.0...
CVE-2025-71388
HIGH
7.6
stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because t...
CVE-2026-45337
HIGH
7.6
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the deviceAuthorization plugin treats any authenticated session as the owner of any pending device c...
CVE-2026-50147
HIGH
7.6
Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection ...
CVE-2026-52870
HIGH
7.6
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enable_tasks() for t...
CVE-2026-53444
HIGH
7.6
Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan OIDC-related Meteor methods in packages/wekan-oidc/oidc_server.js, server/models/org.js, and server/models/team.js are globally call...
CVE-2026-53518
HIGH
7.6
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorization_code grant redeems...
CVE-2026-54560
HIGH
7.6
Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth client_id claim, so the JWT verifier does not load...
CVE-2026-59950
HIGH
7.6
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.28.1, the deprecated mcp.server.websocket.websocket_server transport accepted WebSock...
CVE-2026-12753
HIGH
7.5
The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4....
CVE-2026-21729
HIGH
7.5
Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.
CVE-2026-23538
HIGH
7.5
A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a lar...
CVE-2026-45367
HIGH
7.5
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.7, the FHIRPathEngine implementation passes user-controlled regular expressions fr...
CVE-2026-48863
HIGH
7.5
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A rem...
CVE-2026-53598
HIGH
7.5
Prompty is a markdown file format (.prompty) for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded ${file:...} references in .prompty frontmatter without enforcing that resolved paths staye...
CVE-2026-59861
HIGH
7.5
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Ruby generator embedded OpenAPI default fields, property names, and other schema-derived strings through CodeMethodWriter...
CVE-2026-59862
HIGH
7.5
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values[].description flow through KiotaBu...
CVE-2026-62309
HIGH
7.5
CoreDNS is a DNS server written in Go. Prior to 1.14.4, a single 28-byte UDP datagram can crash the CoreDNS process when the proxyproto plugin is enabled because plugin/pkg/proxyproto/proxyproto.go Pa...
CVE-2026-12997
HIGH
7.5
The Gravity Forms plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.10.4 via the 'gform_uploaded_files' parameter parameter. This makes it possible for ...
CVE-2026-20153
HIGH
7.5
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-20157
HIGH
7.5
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-20158
HIGH
7.5
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-20187
HIGH
7.5
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-45793
HIGH
7.5
Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration() validates GitHub OAuth tokens with the regex ^[.A-Za-z0-9_]+$ and in...
CVE-2026-45804
HIGH
7.5
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.from_pretrained flow can bypass the trust_remote_code guard because download() validates model...
CVE-2026-49353
HIGH
7.5
9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest() to protect /api/mcp/*, /api/tunnel...
CVE-2026-49987
HIGH
7.5
Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkou...
CVE-2026-59954
HIGH
7.5
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration d...
CVE-2026-59955
HIGH
7.5
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configurati...
CVE-2026-62351
HIGH
7.5
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, source/libs/transport/src/transComm.c transDecompressMsg() read STransCompMsg.contLen when pHead->comp =...
CVE-2026-46513
HIGH
7.4
Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, Frogman stored API tokens generated by Tools/CreateApiToken.php:33-36 as raw bin2hex(random_bytes(32)) strings in oc_api...
CVE-2026-60063
HIGH
7.3
An out-of-bounds write vulnerability in the Productivity Suite allows a
local attacker to trigger kernel memory corruption via a crafted IOCTL
request, potentially resulting in privilege escalation ...
CVE-2026-61389
HIGH
7.3
An out-of-bounds write vulnerability in the Productivity Suite allows a
local attacker to trigger kernel memory corruption via a crafted IOCTL
request, potentially resulting in privilege escalation ...
CVE-2026-62290
HIGH
7.3
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. From 1.18.0 until 1.19....
CVE-2026-9046
HIGH
7.3
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑sy...
CVE-2026-45738
HIGH
7.3
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/* annotations ...
CVE-2026-13042
HIGH
7.2
The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output e...
CVE-2026-44982
HIGH
7.2
CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from max(r.ContentLength, 0), s...
CVE-2026-7543
HIGH
7.2
The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fields' parameter in versions up to, and including, 2.7.1 due to insufficient input sanitization and output es...
CVE-2026-20297
HIGH
7.2
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a ro...
CVE-2026-58660
HIGH
7.2
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save() method (used by the kanban board drag-and-drop endpoint) validates the caller's role on the attacker-supplied project_id bu...
CVE-2026-59258
HIGH
7.2
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions....
CVE-2026-61873
HIGH
7.2
Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-val...
CVE-2026-62350
HIGH
7.2
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a user with create udf privilege could upload a crafted shared library and install it as a...
CVE-2026-8919
HIGH
7.2
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a r...
CVE-2026-46336
HIGH
7.1
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded ...
CVE-2026-59867
HIGH
7.1
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota resolved OpenAPI $ref values by fetching remote http(s) URLs and reading local absolute or out-of-tree file paths, allowing...
CVE-2026-63397
HIGH
7.1
remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is inje...
CVE-2026-33443
HIGH
7.1
CVE-2026-33443 is a memory management error in
Secure Access servers prior to 14.55. Attackers with an intimate knowledge of
and total control over the tunnel protocol can create a persistent DoS agai...
CVE-2026-46458
HIGH
7.1
ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plain...
CVE-2026-50030
HIGH
7.1
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accept...
CVE-2026-50124
HIGH
7.1
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 da...
CVE-2026-50144
HIGH
7.1
ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write...
CVE-2026-52865
HIGH
7.1
When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the N...
CVE-2026-52869
HIGH
7.1
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTranspo...
CVE-2026-52890
HIGH
7.1
Wekan is open source kanban built with Meteor. Prior to 9.31, Wekan allows a logged-in board member to insert an attachment document through the /attachments/insert DDP method with attacker-controlled...
CVE-2026-53445
HIGH
7.1
Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.us...
CVE-2026-53515
HIGH
7.1
Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new...
CVE-2026-54563
HIGH
7.1
Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPre...
CVE-2026-59255
HIGH
7.1
BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema...
CVE-2026-61440
HIGH
7.1
PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created is...
CVE-2026-61449
HIGH
7.1
Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory ...
CVE-2026-63175
HIGH
7.1
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within th...
CVE-2026-13103
HIGH
7.0
A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.
CVE-2026-13104
HIGH
7.0
A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privilege...
CVE-2026-59863
HIGH
7.0
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota honored a poisoned .kiota/workspace.json workspace configuration without validating per-client or per-plugin outputPath val...
CVE-2026-61438
HIGH
7.0
PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST validation of workflow script steps. Attackers can create ma...
CVE-2024-58360
MEDIUM
6.9
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts ...
CVE-2026-59237
MEDIUM
6.9
Authorization Bypass Through User-Controlled Key (CWE-639) in the Order and OrderItem REST API controllers in Roskus Prospero Flow CRM before 5.5.3 allows a remote, authenticated user to read, modify,...
CVE-2026-60140
MEDIUM
6.9
An out-of-bounds read vulnerability in the Productivity Suite allows a
local attacker to trigger kernel memory corruption by sending a crafted
IOCTL request. This can lead to exposing sensitive info...
CVE-2026-63086
MEDIUM
6.9
text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF) vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network at...
CVE-2026-15746
MEDIUM
6.9
Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearch_memory tool ...
CVE-2026-33444
MEDIUM
6.9
CVE-2026-33444 is a memory management
vulnerability in Secure Access servers prior to 14.55. Attackers with intimate
knowledge of and total control over the tunnel protocol can create a
non-persistent...
CVE-2026-47159
MEDIUM
6.9
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIden...
CVE-2026-55398
MEDIUM
6.9
CVE-2026-55398
is a memory management vulnerability in Secure Access clients and servers prior
to 14.55. Attackers with intimate knowledge of and total control over the
tunnel protocol can create a no...
CVE-2026-59236
MEDIUM
6.9
Authorization Bypass Through User-Controlled Key (CWE-639) in the Excel import handlers (CustomerImport, LeadImport, ProductImport) in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authentic...
CVE-2026-60087
MEDIUM
6.9
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obt...
CVE-2026-61427
MEDIUM
6.9
PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks whe...
CVE-2026-61452
MEDIUM
6.9
The Grav API plugin (getgrav/grav-plugin-api) before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti (JWT ID) claim and therefore cannot ...
CVE-2026-10587
MEDIUM
6.8
A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode.
CVE-2026-10589
MEDIUM
6.8
A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode.
CVE-2026-12379
MEDIUM
6.8
An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to t...
CVE-2026-46404
MEDIUM
6.8
BigBlueButton is an open-source virtual classroom. Prior to 3.0.23, the presentation URL validation did not properly restrict access to site local and link local addresses. The redirect following logi...
CVE-2026-6511
MEDIUM
6.8
During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files...
CVE-2026-49988
MEDIUM
6.8
Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, the Repomix MCP server attach_packed_output and read_repomix_output flow can register and read arbitrary local .json,...
CVE-2026-52888
MEDIUM
6.8
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL() fun...
CVE-2026-62843
MEDIUM
6.8
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses str...
CVE-2026-10588
MEDIUM
6.7
A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.
CVE-2026-10590
MEDIUM
6.7
A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.
CVE-2026-6424
MEDIUM
6.7
Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system
CVE-2026-40953
MEDIUM
6.7
CVE-2026-40953 is a heap overflow in the
certificate parsing function of Secure Access clients prior to 14.55. Attackers
with local access and administrator permissions can create a denial of service
...
CVE-2026-49501
MEDIUM
6.7
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and versions 9.11.0.0 through 9.13.0.2 contains an Improper Privilege Management vulnerability. A high privileged attacker with local access co...
CVE-2026-55410
MEDIUM
6.7
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by inter...
CVE-2026-58554
MEDIUM
6.6
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58555
MEDIUM
6.6
Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-12941
MEDIUM
6.5
The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in all versions up to, and includin...
CVE-2026-13754
MEDIUM
6.5
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 3.6.0.0 due to insufficient escaping ...
CVE-2026-13767
MEDIUM
6.5
The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied '...
CVE-2026-15022
MEDIUM
6.5
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insuffi...
CVE-2026-44596
MEDIUM
6.5
Yamcs is a mission control framework. Prior to 5.12.7, the authentication endpoint POST /auth/token in yamcs-core, handled by yamcs-core/src/main/java/org/yamcs/http/auth/AuthHandler.java, lacked any ...
CVE-2026-46514
MEDIUM
6.5
Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fm_reset_password in Tools/ResetPassword.php:48-53 returned a plaintext password and fm_add_extension in Tools/AddExtens...
CVE-2026-47084
MEDIUM
6.5
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP comma...
CVE-2026-47729
MEDIUM
6.5
Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bou...
CVE-2026-55440
MEDIUM
6.5
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Prior to 3.0.7, the COMMAND_RESULTS handler in ufo/server/ws/handler.py called get_or_create_session in ufo...
CVE-2025-32781
MEDIUM
6.5
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions w...
CVE-2026-52892
MEDIUM
6.5
Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan REST handlers in server/models/customFields.js use read-level Authentication.checkBoardAccess instead of write-level Authentication....
CVE-2026-53447
MEDIUM
6.5
Wekan is open source kanban built with Meteor. Prior to 9.35, the Wekan cloneBoard Meteor method in models/import.js uses caller-supplied sourceBoardId to build a board export through models/exporter....
CVE-2026-54562
MEDIUM
6.5
Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the...
CVE-2026-58559
MEDIUM
6.5
DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-13755
MEDIUM
6.4
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due t...
CVE-2026-14987
MEDIUM
6.4
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twitter_message' Sequoia Template Setting in all versions up to, and includ...
CVE-2026-15021
MEDIUM
6.4
The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and o...
CVE-2026-15099
MEDIUM
6.4
The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sani...
CVE-2026-15652
MEDIUM
6.4
The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, ...
CVE-2026-56678
MEDIUM
6.4
9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authen...
CVE-2026-35146
MEDIUM
6.3
HCL DFXServer is affected by an Unencrypted Communication vulnerability. The application permits users to establish connections over unencrypted channels via the HTTP protocol, which could allow a rem...
CVE-2026-35148
MEDIUM
6.3
HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states that certain endpoints are accessible without any form of authentication in another browser. This allows ...
CVE-2026-44968
MEDIUM
6.3
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, _run_dbt_command() in src/dbt_mcp/dbt_cli/tools.py appended unsanitized node_selection and resource_type values to...
CVE-2026-55407
MEDIUM
6.3
Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decode_unknown_field function in buffa's protobuf decoder allocated heap memory in ...
CVE-2026-59249
MEDIUM
6.3
Inconsistent interpretation of HTTP requests (HTTP response smuggling) vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on ...
CVE-2026-45150
MEDIUM
6.3
Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controll...
CVE-2026-45737
MEDIUM
6.3
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl...
CVE-2026-47703
MEDIUM
6.3
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by prod...
CVE-2026-49867
MEDIUM
6.3
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /...
CVE-2026-56349
MEDIUM
6.3
n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circu...
CVE-2026-56353
MEDIUM
6.3
n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth (a non-default configuration). In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, a...
CVE-2026-56764
MEDIUM
6.3
Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit...
CVE-2026-59254
MEDIUM
6.3
n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors...
CVE-2026-60065
MEDIUM
6.3
When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond th...
CVE-2026-61646
MEDIUM
6.3
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows r...
CVE-2026-61860
MEDIUM
6.3
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already ...
CVE-2026-61868
MEDIUM
6.3
ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion (denial...
CVE-2026-61871
MEDIUM
6.3
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leak...
CVE-2026-46377
MEDIUM
6.2
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the escape sequence handler in (*Tokenizer).parseCurRune in selector/lexer/...
CVE-2026-46378
MEDIUM
6.2
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the selector lexer matchRegexPattern closure in (*Tokenizer).parseCurRune i...
CVE-2026-53446
MEDIUM
6.2
Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js ...
CVE-2026-15306
MEDIUM
6.1
The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and inc...
CVE-2026-46341
MEDIUM
6.1
The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool ...
CVE-2026-54728
MEDIUM
6.1
bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API imprope...
CVE-2026-15779
MEDIUM
6.1
A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On ...
CVE-2026-33213
MEDIUM
6.1
Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the get_next_path() function in Redash's authentication module stripped the scheme and netloc from user-supplied next para...
CVE-2026-40957
MEDIUM
6.1
o
CVE-2026-40957 is a frameable content
vulnerability in the Secure Access server login page prior to 14.55. Attackers
with control of a malicious web site could use it to potentially steal
credenti...
CVE-2026-41580
MEDIUM
6.1
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata field...
CVE-2026-50182
MEDIUM
6.1
WWBN AVideo is an open source video platform. Versions prior to 29.0 contain an unauthenticated Reflected XSS vulnerability through AVideo YouTubeAPI Gallery Pagination. The $_GET['search'] query para...
CVE-2026-56087
MEDIUM
6.1
Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthori...
CVE-2026-59259
MEDIUM
6.0
n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expres...
CVE-2026-53535
MEDIUM
5.9
Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes f...
CVE-2026-55406
MEDIUM
5.9
Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.7.0, a soundness bug in the OwnedView<V> type allowed safe Rust code to trigger a use-after-...
CVE-2026-56454
MEDIUM
5.9
HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interc...
CVE-2026-11851
MEDIUM
5.9
Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection") in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confid...
CVE-2026-54443
MEDIUM
5.9
Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles...
CVE-2026-56742
MEDIUM
5.9
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPR...
CVE-2026-59838
MEDIUM
5.9
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 a...
CVE-2026-61643
MEDIUM
5.9
FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, an authenticated FastGPT user can save a workflow node that points to another user's private HTTP toolset by usin...
CVE-2026-15449
MEDIUM
5.8
A time-of-check to time-of-use (TOCTOU) flaw in the illumos data-link pseudo-driver (dld) affects handling of the DLDIOC_GETMACPROP and DLDIOC_SETMACPROP ioctls on /dev/dld. drv_ioc_prop_common() in u...
CVE-2026-47160
MEDIUM
5.8
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/{domain}/icon.png endpoint used src/http_client.rs checks including should_block_address() and post_...
CVE-2026-62314
MEDIUM
5.8
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check(...
CVE-2026-15737
MEDIUM
5.7
AWS Bedrock AgentCore Python SDK is an open-source Python library that provides client tools for building AI agents on the Amazon Bedrock AgentCore platform.
Unintended logging of sensitive user co...
CVE-2026-15030
MEDIUM
5.6
Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware bounda...
CVE-2026-15907
MEDIUM
5.5
A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=log_fw_nbc_mail_jsondata. Executing a manipulation of the argument subject can l...
CVE-2026-45612
MEDIUM
5.5
rz-libdemangle is a Rizin library for demangling symbols. Prior to 6bf56d3, the Rust demangler in src/rust/rust_v0.c can perform an out-of-bounds read when the demangler structure is not yet initializ...
CVE-2026-50012
MEDIUM
5.5
Squid is a caching proxy for the Web. Prior to 7.6, due to an improper input validation bug in cache digest reply handling (peerDigestSwapInMask in src/peer_digest.cc), Squid is vulnerable to a heap-b...
CVE-2026-56453
MEDIUM
5.5
HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the...
CVE-2026-9494
MEDIUM
5.5
An information disclosure vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client validates Ubuntu Pro APT credentials by executing /usr/lib/apt/apt-helper us...
CVE-2026-20146
MEDIUM
5.5
A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to perform path traversal attacks on the underl...
CVE-2026-62361
MEDIUM
5.5
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscr...
CVE-2026-9007
MEDIUM
5.5
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in HCL Notes from HCL Software allows reflected
Cross-Site Scripting (XSS).
Successful exploitati...
CVE-2026-47082
MEDIUM
5.4
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc (to save a copy of the s...
CVE-2026-61718
MEDIUM
5.4
bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefi...
CVE-2026-49997
MEDIUM
5.4
SurrealDB is a scalable, distributed, collaborative, document-graph database for the realtime web. Prior to 3.1.0, Document::purge_edges in surrealdb/core/src/doc/delete.rs automatically removed graph...
CVE-2026-56743
MEDIUM
5.4
Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors ...
CVE-2026-62348
MEDIUM
5.4
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE <id> against a...
CVE-2026-62353
MEDIUM
5.4
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken() incremented past a trailing backslash in a SQL string ...
CVE-2026-62355
MEDIUM
5.4
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader admin_user on a TDengine Cloud DB instance could run create udf even though ...
CVE-2026-15106
MEDIUM
5.3
The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin ...
CVE-2026-15909
MEDIUM
5.3
A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument ...
CVE-2026-45795
MEDIUM
5.3
The Janssen Project is an open-source identity and access management (IAM) platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner s...
CVE-2026-47751
MEDIUM
5.3
Claude Code Action is a general-purpose GitHub action that runs Claude Code on GitHub pull requests and issues. Prior to 1.0.74, because the action checked out attacker-controlled pull request head br...
CVE-2026-53536
MEDIUM
5.3
Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not che...
CVE-2026-56455
MEDIUM
5.3
HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service (DoS). The application fails to properly validate input sizes, allowing an attacker to pass an exce...
CVE-2026-56456
MEDIUM
5.3
HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory ...
CVE-2026-62299
MEDIUM
5.3
CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0Repl...
CVE-2026-63082
MEDIUM
5.3
Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Supp...
CVE-2026-13230
MEDIUM
5.3
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes
sensitive geolocation information without requiring authentic...
CVE-2026-20298
MEDIUM
5.3
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privilege...
CVE-2026-33684
MEDIUM
5.3
WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTC...
CVE-2026-46459
MEDIUM
5.3
ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write...
CVE-2026-56352
MEDIUM
5.3
n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by ...
CVE-2026-60062
MEDIUM
5.3
The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required for...
CVE-2026-61457
MEDIUM
5.3
The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension() inspects only the final fil...
CVE-2026-63081
MEDIUM
5.1
Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malici...
CVE-2026-55399
MEDIUM
5.1
CVE-2026-55399 is a resource exhaustion
vulnerability in the Secure Access publisher prior to 14.55. Attackers with
valid credentials to the Secure Access tunnel can create a non-persistent DoS
agains...
CVE-2026-58551
MEDIUM
5.1
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58552
MEDIUM
5.1
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58556
MEDIUM
5.1
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-61453
MEDIUM
5.1
Grav v2.0.0 contains a cross-site scripting vulnerability (fixed in 2.0.1). The XSS blueprint validator (Security::detectXss()) runs on raw page content before Twig processing. When Twig content proce...
CVE-2026-62294
MEDIUM
5.1
Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to...
CVE-2026-12391
MEDIUM
5.0
An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) within the pro collect-logs command framework. The utility creates or utilizes predi...
CVE-2026-15445
MEDIUM
4.9
The SEO Booster plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied...
CVE-2026-15458
MEDIUM
4.9
The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_field' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied...
CVE-2026-15651
MEDIUM
4.9
The WP TripAdvisor Review Slider plugin for WordPress is vulnerable to generic SQL Injection via the 'filtersource' parameter in all versions up to, and including, 14.6 due to insufficient escaping on...
CVE-2026-15727
MEDIUM
4.9
The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'delete_user_roles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the use...
CVE-2026-62947
MEDIUM
4.9
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before can...
CVE-2026-1563
MEDIUM
4.8
Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting (XSS) vulnerability in a user interface component. Requires a high privileged user with a developer role.
CVE-2026-56375
MEDIUM
4.8
ImageMagick through 7.1.2-18 contains a memory leak vulnerability in the ASHLAR coder when an action fails. Attackers can trigger failed actions to exhaust memory resources and cause denial of service...
CVE-2026-58557
MEDIUM
4.8
Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-61859
MEDIUM
4.8
ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths th...
CVE-2026-50183
MEDIUM
4.7
WWBN AVideo is an open source video platform. Versions 29.0 and below contain a stored Cross-Site Scripting vulnerability in the YouTubeAPI plugin. The plugin renders the snippet.title field returned ...
CVE-2026-1562
MEDIUM
4.6
Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting (XSS) vulnerability in a user interface component. Requires a high privileged user with a developer role.
CVE-2026-13005
MEDIUM
4.4
The MxChat – AI Chatbot & Content Generation for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.10 due to insu...
CVE-2026-15324
MEDIUM
4.4
The SysBasics Customize My Account for WooCommerce – Live My Account Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'row_type' parameter in all versions up to, an...
CVE-2026-12409
MEDIUM
4.3
The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,...
CVE-2026-12434
MEDIUM
4.3
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitize_status. This makes it possible for authentica...
CVE-2026-15336
MEDIUM
4.3
The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catch_themes_demo_import_activate_plugin() function, ...
CVE-2026-15350
MEDIUM
4.3
The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized...
CVE-2026-15407
MEDIUM
4.3
The Themify Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 7.7.7. This is due to the plugin not properly verifying that a user is authorized t...
CVE-2026-15610
MEDIUM
4.3
The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin ...
CVE-2026-15945
MEDIUM
4.3
A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access re...
CVE-2026-44595
MEDIUM
4.3
Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check...
CVE-2026-46338
MEDIUM
4.3
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. From 10.0.1 until 10.21.3, pymdownx.snippets uses a string-prefix containment check in SnippetPreprocessor.get_snipp...
CVE-2026-47083
MEDIUM
4.3
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder name...
CVE-2026-47089
MEDIUM
4.3
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they cou...
CVE-2026-54568
MEDIUM
4.3
Microsoft UFO open-source framework for intelligent automation across devices and platforms. From 3.0.0 until 3.0.6, a client connected to the UFO WebSocket server as a DEVICE could call DEVICE_INFO_R...
CVE-2026-55548
MEDIUM
4.3
Yamcs is a mission control framework. Prior to 5.12.8 and 5.13.2, the PacketsApi.exportPackets endpoint in yamcs-core/src/main/java/org/yamcs/http/api/PacketsApi.java failed to enforce object-level Re...
CVE-2026-57205
MEDIUM
4.3
SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.203, the authenticated GET /api/user/info/<user_id> and GET /ap...
CVE-2026-55608
MEDIUM
4.2
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLE_MULTI_TENANT=true could allow an ...
CVE-2026-47085
MEDIUM
4.0
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the vict...
CVE-2026-58549
MEDIUM
4.0
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58550
MEDIUM
4.0
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58553
MEDIUM
4.0
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-62994
LOW
3.7
CoreDNS is a DNS server written in Go. From 1.9.4 until 1.14.5, a network DNS client allowed to request AXFR for a CoreDNS zone can trigger a panic when CoreDNS is configured with k8s_external headles...
CVE-2026-47086
LOW
3.5
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token (via the GENURLAUTH command) for any ma...
CVE-2026-47087
LOW
3.5
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that...
CVE-2026-35145
LOW
3.1
HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security (HSTS) policy within its responses,...
CVE-2026-44970
LOW
3.1
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DefaultUsageTracker.emit_tool_called_event() in src/dbt_mcp/tracking/tracking.py serialized every MCP tool call's ...
CVE-2026-47081
LOW
3.1
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of ...
CVE-2026-47088
LOW
3.1
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 82...
CVE-2026-62683
LOW
3.1
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory sha...
CVE-2026-35140
LOW
3.0
HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The application fails to set the "secure" attribute on session cookies generated during auth...
CVE-2026-35143
LOW
3.0
HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow ...
CVE-2026-35141
LOW
2.6
HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unaut...
CVE-2026-35142
LOW
2.6
HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote ...
CVE-2026-44969
LOW
2.5
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DbtMCP.call_tool() in src/dbt_mcp/mcp/server.py logged the raw arguments dictionary at INFO level before each tool...
CVE-2026-40958
LOW
2.3
CVE-2026-40958
is a input validation error in Secure Access clients prior to 14.55. Attackers
with intimate knowledge of and total control over the tunnel protocol can
create a non-persistent DoS agai...
CVE-2026-15921
LOW
2.1
Node Version Manager (nvm) is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, `nvm ls-remote` (and other commands that refresh remote LTS al...
CVE-2026-40954
LOW
2.1
CVE-2026-40954
is an integer underflow vulnerability in the traffic parsing function of Secure
Access clients prior to 14.55. Attackers with intimate knowledge of and total
control over the tunnel pro...
CVE-2026-40955
LOW
2.1
CVE-2026-40955 is an integer underflow
vulnerability in the traffic parsing function of Secure Access clients prior to
14.55. Attackers with intimate knowledge of and total control over the tunnel
pro...
CVE-2026-40956
LOW
2.1
CVE-2026-40956
is a memory disclosure vulnerability in Secure Access client versions prior to 14.55.
Attackers with intimate knowledge of and total control over the tunnel protocol
can cause a small a...
CVE-2026-61862
LOW
2.1
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte ...
CVE-2026-61863
LOW
2.1
ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak.
CVE-2026-61864
LOW
2.1
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released.
CVE-2026-61865
LOW
2.1
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs.
CVE-2026-61866
LOW
2.1
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob ...
CVE-2026-61867
LOW
2.1
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memor...
CVE-2026-61869
LOW
2.1
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service.
CVE-2026-61872
LOW
2.0
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memo...
CVE-2026-61464
LOW
1.0
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corr...
CVE-2025-45868
UNKNOWN
LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to blind SQL injection in the ComparisonServlet component, allowing authenticated user to manipulate SQL queries via crafted input.
CVE-2025-45870
UNKNOWN
LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to Local File Inclusion (LFI) in the OnlyOfficeEditor servlet class, allowing authenticated user to exploit path traversal flaws in the fileExt...
CVE-2026-11371
UNKNOWN
The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated ...
CVE-2026-11866
UNKNOWN
The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform ...
CVE-2026-12395
UNKNOWN
The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level (self-registerab...
CVE-2026-12492
UNKNOWN
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allo...
CVE-2026-12510
UNKNOWN
The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read o...
CVE-2026-12525
UNKNOWN
The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate...
CVE-2026-12585
UNKNOWN
The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attack...
CVE-2026-12684
UNKNOWN
The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachme...
CVE-2026-12869
UNKNOWN
The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action (it allows any edit_posts user), so a Contr...
CVE-2026-12906
UNKNOWN
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contr...
CVE-2026-12907
UNKNOWN
The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide...
CVE-2026-12978
UNKNOWN
The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated ...
CVE-2026-12979
UNKNOWN
The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete...
CVE-2026-13397
UNKNOWN
HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes.
The parserc_parse function never advances the attribute-parse state cursor on certain malfor...
CVE-2026-13401
UNKNOWN
XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes.
The parserc_parse function never advances the attribute-parse state cursor on certain malform...
CVE-2026-14890
UNKNOWN
SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attack...
CVE-2026-3031
UNKNOWN
Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library.
Image::EPEG includes Epeg 0.9.0 that was last updated in 2004.
Epeg is a fast JPEG thumbnail library tha...
CVE-2026-53366
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
ipv4: account for fraggap on the paged allocation path
In __ip_append_data(), when the paged-allocation branch is taken,
alloclen ...
CVE-2026-57073
UNKNOWN
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead.
The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such...
CVE-2026-57074
UNKNOWN
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead.
The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such ...
CVE-2025-65720
UNKNOWN
An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page.
CVE-2026-11579
UNKNOWN
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is made against an existing form configured with a file-upload field, accepting ...
CVE-2026-11580
UNKNOWN
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor...
CVE-2026-12281
UNKNOWN
The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an a...
CVE-2026-12512
UNKNOWN
The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based...
CVE-2026-14960
UNKNOWN
Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WR...
CVE-2026-14961
UNKNOWN
Pegatron `Tdelo64.sys` exposes a privileged device interface, `\\.\TdeIo`, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate call...
CVE-2026-26032
UNKNOWN
The PackagerResolver of Apache Ivy is able to download online
artifacts and to (re)package them in a format defined by a
packager.xml file. This repackaging is done by an Ant script, which is
stored i...
CVE-2026-26718
UNKNOWN
A Cross-Site Request Forgery (CSRF) vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affec...
CVE-2026-26719
UNKNOWN
Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script
CVE-2026-30618
UNKNOWN
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management inte...
CVE-2026-30623
UNKNOWN
LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application allows users to add MCP servers via a JSON configuration specifying arbitrary c...
CVE-2026-35152
UNKNOWN
A SQL Injection vulnerability exists in Apache Fineract's Report Execution API (runreports endpoint) in versions up to and including 1.14.0. Report parameter values are incorporated into the generated...
CVE-2026-36590
UNKNOWN
An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to cause a denial of service via the nni_qos_db_set function in broker_tcp.c component
CVE-2026-38752
UNKNOWN
A stack overflow in the evaluate() function (editors/awk.c) of BusyBox commit 371fe9 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
CVE-2026-38753
UNKNOWN
A use-after-free in the awk_sub() function (editors/awk.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
CVE-2026-38754
UNKNOWN
A heap overflow in the ifsbreakup() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
CVE-2026-38755
UNKNOWN
A heap overflow in the evalcommand() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
CVE-2026-38974
UNKNOWN
Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramiko_vendor.py.
CVE-2026-51380
UNKNOWN
Buffer Overflow vulnerability in Tenda AC10 v3 (firmware V03.03.16.09) allows attackers to cause a permanent Denial of Service (DoS) or potentially execute remote code via the /cgi-bin/UploadCfg endpo...
CVE-2026-56287
UNKNOWN
A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API (GET /api/v1/clients) in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are...
CVE-2026-57821
UNKNOWN
A SQL Injection vulnerability exists in Apache Fineract's Office Search API (GET /api/v1/offices) in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query...
CVE-2026-61371
UNKNOWN
Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/overwrite of the symlink target. The destructive effect is performed at open-tim...
Latest Headlines
37 articles
RSS Feed Sources
The Register
Researcher poisons open-weight AI model for under $100
2026-07-16 20:25
Dark Reading
1M+ Emails Use Hidden Text to Dupe AI Security Filters
2026-07-16 19:41
BleepingComputer
Claude Chrome extension flaw lets malicious extensions trigger AI actions
2026-07-16 19:26
BleepingComputer
New OkoBot framework deploys 20 payloads to steal data, crypto
2026-07-16 19:09
The Hacker News
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
2026-07-16 17:09
The Record
UK investigates TikTok for alleged age-verification lapses, exposing kids to online harms
2026-07-16 16:15
The Record
Ukrainians rally against dismissal of tech-minded defense minister Fedorov
2026-07-16 16:00
The Hacker News
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories
2026-07-16 15:41
The Register
C'mon, just copy this text string and paste it into your macOS Terminal – it'll fix your computer, honest
2026-07-16 15:33
BleepingComputer
AI Agents Broke the Security Playbook. Here's What Replaces It.
2026-07-16 14:00
The Record
Sandworm hackers have a CAPTCHA trick for Ukrainians
2026-07-16 13:50
BleepingComputer
23andMe to pay $18 million in new genetics data breach settlement
2026-07-16 13:47
The Hacker News
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
2026-07-16 13:33
The Hacker News
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
2026-07-16 12:50
The Register
Brit Scattered Spider duo handed tickets to prison over Transport for London attack
2026-07-16 12:49
The Hacker News
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password
2026-07-16 12:33
BleepingComputer
Scattered Spider members behind TfL hack get five years in prison
2026-07-16 12:31
The Record
Scattered Spider hackers sentenced to 5.5 years over £29 million Transport for London hack
2026-07-16 12:00
BleepingComputer
Windows 11 24H2 Home and Pro reach end of support in 90 days
2026-07-16 11:59
The Hacker News
20+ Hijacked Government Websites Became an Attack Channel
2026-07-16 11:58
The Hacker News
New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands
2026-07-16 11:32
The Register
Windows 10 refuses to die, and the security bill is coming due
2026-07-16 11:25
The Hacker News
Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
2026-07-16 11:17
BleepingComputer
CISA orders feds to patch actively exploited Oracle flaw by Saturday
2026-07-16 10:56
BleepingComputer
Russian hackers trojanize WebEx, Zoom apps to push Starland malware
2026-07-16 10:19
The Hacker News
AI Can Find Bugs, But Human Knowledge Still Proves Them
2026-07-16 10:10
The Register
Telegram shortlinks knocked offline over sanctioned VPN connection
2026-07-16 10:07
BleepingComputer
New Spirals ransomware encrypts victim network in under 24 hours
2026-07-16 10:00
The Hacker News
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide
2026-07-16 09:23
The Hacker News
OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol
2026-07-16 08:42
The Hacker News
Zoom Patches Critical Windows Flaw That Could Enable Account Takeover
2026-07-16 07:22
Dark Reading
Police Disrupt a €140M Cyber Fraud Ring in Spain
2026-07-16 07:00
The Register
Law firm insisted on one password to rule them all
2026-07-16 07:00
The Register
Tech support scam caused massive data breach at Australian airline Qantas
2026-07-16 06:27
The Register
Cyberattack threatens utterly critical infrastructure in Japan: KFC
2026-07-16 02:01
BleepingComputer
Dutch police bust investment fraud ring stealing over €100 million
2026-07-15 21:55
Dark Reading
Forgotten Bootloaders Expose Secure Boot Blind Spot
2026-07-15 21:19