cyb3r.sh dashboard

This Week
Last updated: 2026-07-16 20:20:47
New KEVs
2306
Total CVEs
10
KEV Entries
176
Critical
1052
High
734
Medium
184
Articles
CVE Severity Distribution
176
1052
734
155

CVE Feed

2306 CVEs
CVE-2026-45336 CRITICAL 10.0
HireFlow is a web-based interview management system for managing candidates, scheduling interviews, and tracking hiring progress. In 1.2 and earlier, app.py assigns a hard-coded Flask secret_key used ...
CVE-2026-46339 CRITICAL 10.0
9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/* and /api/mcp/*, allowing unauthenticated registration of customPlugi...
CVE-2026-50148 CRITICAL 10.0
Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user with permission to add...
CVE-2026-52887 CRITICAL 10.0
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.0.61, NocoBase @nocobase/plugin-notification-in-app-message exposed GET /api...
CVE-2026-56699 CRITICAL 10.0
Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smu...
CVE-2026-10577 CRITICAL 10.0
A security issue exists within the 1715-AENTR EtherNet/IP Adapter. The affected product exposes a network-accessible debug port that does not enforce proper privilege controls, allowing unauthenticate...
CVE-2026-56451 CRITICAL 10.0
A vulnerability has been identified in Opcenter X (All versions < V2604). Affected applications do not properly validate the algorithm specified in the JSON Web Token (JWT) header. This could allow a...
CVE-2026-62422 CRITICAL 10.0
In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access w...
CVE-2026-57719 CRITICAL 10.0
Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through <= 2.8.3.
CVE-2026-57811 CRITICAL 10.0
Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyn...
CVE-2026-57827 CRITICAL 10.0
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVE-2026-61447 CRITICAL 10.0
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox en...
CVE-2026-54769 CRITICAL 10.0
Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `Tabl...
CVE-2026-45568 CRITICAL 9.9
zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to url...
CVE-2026-46512 CRITICAL 9.9
Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fm_dialplan_apply accepted template parameters including greeting, dest, url, extension, code, and file, and Tools/Dialp...
CVE-2026-44986 CRITICAL 9.9
Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams_invitations.clj invitation tokens from create-team-invitations, embedded an existing profi...
CVE-2026-52891 CRITICAL 9.9
Wekan is open source kanban built with Meteor. Prior to 9.07, Wekan avatar upload functionality embeds user-supplied filenames into paths later passed to child_process.exec() for MIME-type detection. ...
CVE-2026-54052 CRITICAL 9.9
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLE_MULTI_TENANT=...
CVE-2026-44747 CRITICAL 9.9
SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modific...
CVE-2026-48318 CRITICAL 9.9
ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this ...
CVE-2026-57092 CRITICAL 9.9
Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.
CVE-2026-57401 CRITICAL 9.9
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through <...
CVE-2026-57710 CRITICAL 9.9
Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through <= 14.1....
CVE-2026-55500 CRITICAL 9.9
9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full data...
CVE-2023-49899 CRITICAL 9.8
An unauthenticated remote attacker can execute any command on the affected device due to not correctly verifying the origin of a communication channel.
CVE-2023-49900 CRITICAL 9.8
An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command.
CVE-2026-15013 CRITICAL 9.8
The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability ex...
CVE-2026-45695 CRITICAL 9.8
Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP...
CVE-2026-46562 CRITICAL 9.8
Yamcs is a mission control framework. Prior to 5.12.7, the Nashorn ScriptEngine used to evaluate user-supplied JavaScript algorithm text in yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorith...
CVE-2026-49352 CRITICAL 9.8
9Router is an AI router & token saver. From 0.2.21 until 0.4.44, 9Router used the hardcoded fallback JWT secret 9router-default-secret-change-me in src/app/api/auth/login/route.js, src/middleware.js, ...
CVE-2026-55652 CRITICAL 9.8
Wekan is open source kanban built with Meteor. Prior to 9.46, header-login with HEADER_LOGIN_TRUSTED_IPS uses getRequestIp() in server/lib/headerLoginAuth.js to trust the client-supplied X-Forwarded-F...
CVE-2026-13001 CRITICAL 9.8
The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'podlove_handle_cache_files' function in all versions up to, and i...
CVE-2026-42990 CRITICAL 9.8
Heap-based buffer overflow in SQL Server ODBC driver allows an unauthorized attacker to execute code over a network.
CVE-2026-47429 CRITICAL 9.8
Vitest is a testing framework powered by Vite. Prior to 3.2.5 and 4.1.0, the Vitest UI/API server on Windows used isFileServingAllowed incorrectly for /__vitest_attachment__, allowing \\?\\..\\ path t...
CVE-2026-49172 CRITICAL 9.8
Heap-based buffer overflow in Windows FTP Service allows an unauthorized attacker to execute code over a network.
CVE-2026-50447 CRITICAL 9.8
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
CVE-2026-50518 CRITICAL 9.8
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.
CVE-2026-50522 CRITICAL 9.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
CVE-2026-53633 CRITICAL 9.8
Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp() API that forwarded raw Chrome DevTools Protocol methods without bein...
CVE-2026-54990 CRITICAL 9.8
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-55010 CRITICAL 9.8
Heap-based buffer overflow in Minecraft Bedrock Dedicated Server allows an unauthorized attacker to execute code over a network.
CVE-2026-55944 CRITICAL 9.8
Deserialization of untrusted data in Microsoft Dynamics NAV allows an unauthorized attacker to execute code over a network.
CVE-2026-56159 CRITICAL 9.8
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.
CVE-2026-56188 CRITICAL 9.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.
CVE-2026-56190 CRITICAL 9.8
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to execute code over a network.
CVE-2026-58644 CRITICAL 9.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
CVE-2026-57724 CRITICAL 9.8
Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through <= 6.0.12.
CVE-2026-57738 CRITICAL 9.8
Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through <= 1.13.0.
CVE-2026-57744 CRITICAL 9.8
Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
CVE-2026-57770 CRITICAL 9.8
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through <= 5.7.8.
CVE-2026-57813 CRITICAL 9.8
Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through <= 1.2.77.3.
CVE-2026-59518 CRITICAL 9.8
Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through <= 8.8.2.
CVE-2026-12761 CRITICAL 9.8
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7....
CVE-2026-14894 CRITICAL 9.8
The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missin...
CVE-2026-15282 CRITICAL 9.8
The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp_upload_image_as_attachment' function in all versions up to, and ...
CVE-2026-2397 CRITICAL 9.8
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: f...
CVE-2026-57807 CRITICAL 9.8
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This i...
CVE-2026-5801 CRITICAL 9.8
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution throug...
CVE-2026-22752 CRITICAL 9.6
Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1....
CVE-2026-53513 CRITICAL 9.6
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-con...
CVE-2026-54458 CRITICAL 9.6
WWBN AVideo is an open source video platform. Versions prior to 29.0 contain a stored DOM Cross-Site Scripting vulnerability in the YPTSocket plugin. Any unauthenticated remote attacker can execute ar...
CVE-2026-62948 CRITICAL 9.6
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefiles_writ...
CVE-2026-15773 CRITICAL 9.6
Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-47428 CRITICAL 9.6
Vitest is a testing framework powered by Vite. From 4.0.17 until 4.1.6 and 5.0.0-beta.3, Vitest Browser Mode served /__vitest_test__/ with the otelCarrier query parameter inserted directly into an inl...
CVE-2026-48259 CRITICAL 9.6
Adobe Experience Manager is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker c...
CVE-2026-48284 CRITICAL 9.6
ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user ...
CVE-2026-48322 CRITICAL 9.6
ColdFusion is affected by an Improper Control of Generation of Code ('Code Injection') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t...
CVE-2026-48356 CRITICAL 9.6
Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could explo...
CVE-2026-48359 CRITICAL 9.6
Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution in the context of the current user....
CVE-2026-48561 CRITICAL 9.6
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to execute code over a network.
CVE-2026-50380 CRITICAL 9.6
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2026-55008 CRITICAL 9.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-59891 CRITICAL 9.6
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials() reads credentials from the Docker config file and selects an entry by checkin...
CVE-2026-14453 CRITICAL 9.6
This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without sanit...
CVE-2026-59151 CRITICAL 9.6
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token,...
CVE-2026-59792 CRITICAL 9.6
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
CVE-2026-13385 CRITICAL 9.5
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute a...
CVE-2026-46684 CRITICAL 9.5
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilter#doFilter() pass X-DE-TOKEN values to TokenUtils.validate(), wh...
CVE-2026-22093 CRITICAL 9.5
The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EV...
CVE-2026-6875 CRITICAL 9.5
ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to ...
CVE-2026-61451 CRITICAL 9.4
The Grav API plugin (grav-plugin-api) before 1.0.4 does not validate the origin of the client-supplied admin_base_url field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl() fun...
CVE-2026-15265 CRITICAL 9.4
A path traversal vulnerability in Tenable Agent 11.2.0 and 11.1.3 and lower allows a privileged attacker to write arbitrary files outside the intended plugin directory, potentially leading to remote c...
CVE-2026-14934 CRITICAL 9.4
A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Goog...
CVE-2026-61876 CRITICAL 9.4
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN conta...
CVE-2026-61445 CRITICAL 9.4
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attacker...
CVE-2026-61444 CRITICAL 9.4
PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can i...
CVE-2026-46515 CRITICAL 9.3
Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.3, PERM_READ access was sufficient to call fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup...
CVE-2026-54733 CRITICAL 9.3
The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration...
CVE-2026-59864 CRITICAL 9.3
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota plugin add` and `kiota plugin generate` (with `-t APIPlugin`) emitted attacker-controlled static_template.file values from...
CVE-2026-59865 CRITICAL 9.3
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota info` read x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand plus dependency name and version value...
CVE-2026-59866 CRITICAL 9.3
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clientNamespaceName values without identifier or path sanitization as both gene...
CVE-2026-63087 CRITICAL 9.3
Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install ...
CVE-2026-46421 CRITICAL 9.3
The SAP Cloud Application Programming Model is a tool for building enterprise-grade cloud applications, and cap-js/cds-dbs is the monorepo for SQL database services for that tool. On April 29, 2026, c...
CVE-2026-50562 CRITICAL 9.3
FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs...
CVE-2026-52842 CRITICAL 9.3
Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page or...
CVE-2026-52843 CRITICAL 9.3
Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest unconditionally attached session cookies to every HTTP request, ignoring credenti...
CVE-2026-55445 CRITICAL 9.3
Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not ...
CVE-2026-61736 CRITICAL 9.3
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORS_ORIGINS=* combined with allow_credentials=True in lightrag/api/lightrag_server.py, causing...
CVE-2026-61740 CRITICAL 9.3
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAG_API_KEY set but AUTH_ACCOUNTS unset, X-API-Key protection can be bypassed beca...
CVE-2026-48321 CRITICAL 9.3
ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. ...
CVE-2026-48325 CRITICAL 9.3
ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does...
CVE-2026-48334 CRITICAL 9.3
Illustrator is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac...
CVE-2026-49798 CRITICAL 9.3
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-22095 CRITICAL 9.3
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection.
CVE-2026-22096 CRITICAL 9.3
The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.
CVE-2026-22097 CRITICAL 9.3
The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arb...
CVE-2026-22102 CRITICAL 9.3
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verificatio...
CVE-2026-22103 CRITICAL 9.3
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection.
CVE-2026-4769 CRITICAL 9.3
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible...
CVE-2026-57702 CRITICAL 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Melograno Venture Studio Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia...
CVE-2026-57707 CRITICAL 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This...
CVE-2026-57714 CRITICAL 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a th...
CVE-2026-57726 CRITICAL 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through <= 6.0.1...
CVE-2026-57739 CRITICAL 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This i...
CVE-2026-59515 CRITICAL 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from ...
CVE-2026-59801 CRITICAL 9.3
9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credenti...
CVE-2026-60121 CRITICAL 9.3
Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/ping.php endpoint that allows remote attackers to execute arbitrary commands by exploiting a doub...
CVE-2026-61498 CRITICAL 9.3
Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gen_graphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary command...
CVE-2026-61500 CRITICAL 9.3
Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and discloses outputs of the same generator to unauthenticated clients during ...
CVE-2026-62327 CRITICAL 9.3
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sen...
CVE-2026-6847 CRITICAL 9.3
Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attacker...
CVE-2026-56271 CRITICAL 9.3
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in the...
CVE-2026-60090 CRITICAL 9.3
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection...
CVE-2026-15143 CRITICAL 9.3
A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed wi...
CVE-2026-15378 CRITICAL 9.3
A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema...
CVE-2026-20744 CRITICAL 9.3
The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.
CVE-2026-54760 CRITICAL 9.3
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, c...
CVE-2026-55879 CRITICAL 9.3
OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, ...
CVE-2026-56765 CRITICAL 9.3
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The Get...
CVE-2026-61459 CRITICAL 9.3
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerou...
CVE-2026-15925 CRITICAL 9.2
Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connectio...
CVE-2026-63304 CRITICAL 9.2
AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses() function interpolates unsanitized keyword parameters inside si...
CVE-2026-63305 CRITICAL 9.2
AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php endpoint where notifyCode and callback parameters are concatenated into a shell command without escaping. Atta...
CVE-2026-63306 CRITICAL 9.2
stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private ...
CVE-2026-42533 CRITICAL 9.2
A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map outp...
CVE-2026-49445 CRITICAL 9.2
Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-a...
CVE-2026-52893 CRITICAL 9.2
Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan Accounts.onCreateUser hook in server/models/users.js merges OIDC logins into existing accounts when the OIDC email or username m...
CVE-2025-11698 CRITICAL 9.2
A denial-of-service issue exists in 5380/5480/5580 controllers boot firmware lower than version 1.072. This vulnerability could potentially allow a malicious user to write invalid file data to the con...
CVE-2025-12011 CRITICAL 9.2
A denial-of-service issue exists in  5370/5570 controllers. This vulnerability could potentially allow a remote user to load an invalid project, causing the device to enter a major non-recoverable fau...
CVE-2025-12012 CRITICAL 9.2
A denial-of-service issue exists in 5380/5480/5580 controllers. This vulnerability could potentially allow a malicious user to write invalid file data to the controller, causing the device to enter a ...
CVE-2026-15183 CRITICAL 9.2
Multiple input validation vulnerabilities in the Snowflake Spark Connector (spark-snowflake) versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL w...
CVE-2026-15643 CRITICAL 9.2
AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) is a Model Context Protocol server that enables AI assistants to interact with AWS HealthLake FHIR datastores. A server-side request forgery i...
CVE-2026-58479 CRITICAL 9.2
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a command injection vulnerability in the optional cli_control plugin that allows unauthenticated or cross-site request forgery att...
CVE-2026-13014 CRITICAL 9.2
A vulnerability in Thales CERT "Suspicious" application =< 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including P...
CVE-2026-22098 CRITICAL 9.2
Various sensitive information such as passwords and charging card UIDs are written to log files.
CVE-2026-61462 CRITICAL 9.2
mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted ...
CVE-2026-55615 CRITICAL 9.2
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validat...
CVE-2026-55884 CRITICAL 9.2
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middle...
CVE-2026-56261 CRITICAL 9.2
Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation...
CVE-2026-58492 CRITICAL 9.2
grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escapin...
CVE-2026-15422 CRITICAL 9.1
The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classifica...
CVE-2026-44632 CRITICAL 9.1
Yamcs is a mission control framework. Prior to 5.12.7, a server-side code injection vulnerability existed in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactor...
CVE-2026-46621 CRITICAL 9.1
Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through t...
CVE-2026-53512 CRITICAL 9.1
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the legacy oidcProvider and mcp plugins expose OAuth token endpoints whose refresh_token grant authenticates...
CVE-2026-27690 CRITICAL 9.1
Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could re...
CVE-2026-44761 CRITICAL 9.1
SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, a...
CVE-2026-45063 CRITICAL 9.1
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $_SER...
CVE-2026-45363 CRITICAL 9.1
ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT.decode(token, '', true, algorithm: 'HS256') accepts an attacker-forged token because Ope...
CVE-2026-48319 CRITICAL 9.1
ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current us...
CVE-2026-48324 CRITICAL 9.1
ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the curr...
CVE-2026-48358 CRITICAL 9.1
Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does...
CVE-2026-53486 CRITICAL 9.1
The decompress package for Node.js extracts archives. Prior to 10.2.1 and 11.1.3, archive extraction can create files and links outside the target directory. When extracting an archive to a directory,...
CVE-2026-55040 CRITICAL 9.1
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-55954 CRITICAL 9.1
Authentication Bypass by Spoofing vulnerability in ueberauth ueberauth_apple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies th...
CVE-2026-58409 CRITICAL 9.1
ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution (RCE) on the server by installing a malicious plugin ZIP ...
CVE-2026-15300 CRITICAL 9.1
The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $_SERVER['QUERY_ST...
CVE-2026-56688 CRITICAL 9.1
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker wit...
CVE-2026-11386 CRITICAL 9.0
An input validation and injection vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client constructs APT source files (such as /etc/apt/sources.list.d/ubuntu-...
CVE-2026-63089 CRITICAL 9.0
WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuar...
CVE-2026-45534 CRITICAL 9.0
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getPropert...
CVE-2026-56400 CRITICAL 9.0
open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with allow_origins=* and authenticated requests to the /api/v1/functions endpoint. Attacke...
CVE-2026-62378 CRITICAL 9.0
RustFS Console is a web management console for the RustFS distributed file system. From 0.1.7 until 0.1.10, the RustFS Console components/object/preview-modal.tsx and components/object/pdf-viewer.tsx ...
CVE-2026-48327 CRITICAL 9.0
ColdFusion is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user in...
CVE-2026-57898 CRITICAL 9.0
In Eclipse BaSyx Java Server SDK versions 2.0.0-milestone-05 to 2.0.0-milestone-12, deployments using the MongoDB backend are vulnerable to an unauthenticated arbitrary file write through the AAS thum...
CVE-2026-57828 CRITICAL 9.0
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
CVE-2026-41880 CRITICAL 9.0
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization...
CVE-2026-54526 HIGH 8.9
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 3.7.15 and 4.0.6, the allow-list fix for CVE-2026-31892 is incomplete because ...
CVE-2026-15416 HIGH 8.9
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code...
CVE-2026-15701 HIGH 8.9
A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. Affected by this issue is the function Form_Logout of the file /formLogout.htm of the component lighttpd. This manipulation of...
CVE-2026-15511 HIGH 8.9
A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function system_wl_upload_pic_file of the file /usr/bin/webmgnt of the component FastCGI Ba...
CVE-2026-13741 HIGH 8.8
The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.1.0.5. This is due to missing authorization and ...
CVE-2026-14371 HIGH 8.8
The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell comm...
CVE-2026-15005 HIGH 8.8
The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplat...
CVE-2026-15103 HIGH 8.8
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and includ...
CVE-2026-5674 HIGH 8.8
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An ...
CVE-2026-20150 HIGH 8.8
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-43637 HIGH 8.8
Cornac before 2.6.0 contains a path traversal (Tar Slip) vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing...
CVE-2026-45805 HIGH 8.8
Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/server/src/ReplServer.ts bound the ReplServer to 0.0.0.0:4403 and exposed an unauthen...
CVE-2026-55242 HIGH 8.8
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection th...
CVE-2026-55576 HIGH 8.8
MaaAssistantArknights is a one-click tool for daily Arknights tasks. In the current dev-v2 workflow, .github/workflows/release-preparation.yml inlined attacker-controlled github.event.pull_request.tit...
CVE-2026-58658 HIGH 8.8
GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify wo...
CVE-2026-60005 HIGH 8.8
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens,...
CVE-2026-61435 HIGH 8.8
PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints (src/praisonai/praisonai/api/agent_invoke.py) when PRAISONAI_CALL_AUTH=disabled is configured. The ...
CVE-2026-61436 HIGH 8.8
PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads...
CVE-2026-61684 HIGH 8.8
FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/* authenticate only by verifying a JWT signed with INVOKE_TOKEN_SE...
CVE-2026-62312 HIGH 8.8
9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass...
CVE-2026-10714 HIGH 8.8
A security issue exists within FactoryTalk® Services Platform (FTSP), allowing an attacker to bypass JWT signature validation during Okta Web Authentication. The vulnerability stems from the applicati...
CVE-2026-15767 HIGH 8.8
Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security sev...
CVE-2026-15776 HIGH 8.8
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H...
CVE-2026-45069 HIGH 8.8
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims() registered audience (aud), issue...
CVE-2026-47295 HIGH 8.8
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-47300 HIGH 8.8
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-47301 HIGH 8.8
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-47303 HIGH 8.8
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-47632 HIGH 8.8
Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-48564 HIGH 8.8
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network.
CVE-2026-49178 HIGH 8.8
Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
CVE-2026-49795 HIGH 8.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50130 HIGH 8.8
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can esc...
CVE-2026-50342 HIGH 8.8
Improper access control in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.
CVE-2026-50360 HIGH 8.8
Incorrect implementation of authentication algorithm in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-50369 HIGH 8.8
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges over a network.
CVE-2026-50370 HIGH 8.8
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-50382 HIGH 8.8
Untrusted pointer dereference in Windows DirectX allows an authorized attacker to execute code locally.
CVE-2026-50385 HIGH 8.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50398 HIGH 8.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.
CVE-2026-50413 HIGH 8.8
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50438 HIGH 8.8
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50444 HIGH 8.8
Missing authentication for critical function in Windows Server Update Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-50474 HIGH 8.8
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-50477 HIGH 8.8
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50489 HIGH 8.8
Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-50663 HIGH 8.8
Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network.
CVE-2026-50666 HIGH 8.8
Use after free in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-50670 HIGH 8.8
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50687 HIGH 8.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50692 HIGH 8.8
Heap-based buffer overflow in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-54107 HIGH 8.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-54117 HIGH 8.8
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-54118 HIGH 8.8
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-54121 HIGH 8.8
Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network.
CVE-2026-54982 HIGH 8.8
Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-54999 HIGH 8.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-55005 HIGH 8.8
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
CVE-2026-55052 HIGH 8.8
Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2026-56194 HIGH 8.8
Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network.
CVE-2026-56196 HIGH 8.8
Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network.
CVE-2026-56197 HIGH 8.8
Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network.
CVE-2026-56642 HIGH 8.8
Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network.
CVE-2026-56647 HIGH 8.8
Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network.
CVE-2026-57087 HIGH 8.8
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
CVE-2026-57090 HIGH 8.8
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
CVE-2026-57094 HIGH 8.8
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
CVE-2026-57102 HIGH 8.8
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-57969 HIGH 8.8
Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
CVE-2026-58277 HIGH 8.8
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2026-58477 HIGH 8.8
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying a...
CVE-2026-58534 HIGH 8.8
Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
CVE-2026-58594 HIGH 8.8
Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.
CVE-2026-58608 HIGH 8.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to execute code over a network.
CVE-2026-58626 HIGH 8.8
Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.
CVE-2026-59733 HIGH 8.8
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the rout...
CVE-2026-9561 HIGH 8.8
Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 (Web Con...
CVE-2026-55771 HIGH 8.8
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals() has inverted null...
CVE-2026-55772 HIGH 8.8
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, i...
CVE-2026-55773 HIGH 8.8
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, i...
CVE-2026-57371 HIGH 8.8
Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through <= 7.0.
CVE-2026-57386 HIGH 8.8
Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through < 2.9.1.
CVE-2026-57410 HIGH 8.8
Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through <= 2.0.2.
CVE-2026-57713 HIGH 8.8
Deserialization of Untrusted Data vulnerability in Marcus (aka @msykes) Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through <= 7.3.6.
CVE-2026-57786 HIGH 8.8
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through <= 1.7.08.
CVE-2026-57830 HIGH 8.8
The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion.
CVE-2026-56259 HIGH 8.8
Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary envir...
CVE-2026-56260 HIGH 8.8
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without val...
CVE-2025-6784 HIGH 8.8
The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting acces...
CVE-2026-13353 HIGH 8.8
The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFie...
CVE-2026-1359 HIGH 8.8
The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up...
CVE-2026-13756 HIGH 8.8
The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update(...
CVE-2026-14262 HIGH 8.8
The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the ...
CVE-2026-15155 HIGH 8.8
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and in...
CVE-2026-2354 HIGH 8.8
The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and i...
CVE-2026-61426 HIGH 8.8
PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read...
CVE-2026-15070 HIGH 8.8
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce valid...
CVE-2026-2398 HIGH 8.8
Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE...
CVE-2026-44795 HIGH 8.8
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormati...
CVE-2026-54149 HIGH 8.8
MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat_pipeline/s...
CVE-2026-54469 HIGH 8.8
Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vu...
CVE-2026-59793 HIGH 8.8
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
CVE-2026-6212 HIGH 8.8
Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026.
CVE-2025-71377 HIGH 8.7
stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit...
CVE-2026-53597 HIGH 8.7
Prompty is a markdown file format (.prompty) for LLM prompts. From 2.0.0-alpha.1 until 2.0.0-beta.3, the @prompty/core TypeScript loader in runtime/typescript/packages/core/src/core/loader.ts used gra...
CVE-2026-55629 HIGH 8.7
Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMP_FILES_PATH only...
CVE-2026-58078 HIGH 8.7
The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection.
CVE-2026-59859 HIGH 8.7
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.4, Kiota's PHP generator embedded OpenAPI description, default fields, property names, and other schema-derived strings into PHP dou...
CVE-2026-59860 HIGH 8.7
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C# XML documentation-comment sink (the description, externa...
CVE-2026-62963 HIGH 8.7
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.4, Centrifugo unidirectional WebSocket transport with uni_websocket.compression enabled enforced uni_websocket.message_si...
CVE-2026-63085 HIGH 8.7
Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-admin users to escalate privileges by exploiting unenforced field restrict...
CVE-2026-15804 HIGH 8.7
The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, an...
CVE-2026-33445 HIGH 8.7
CVE-2026-33445 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent ...
CVE-2026-45320 HIGH 8.7
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch ...
CVE-2026-45417 HIGH 8.7
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema() into getTablesSql and execute the ...
CVE-2026-45535 HIGH 8.7
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as ${var} and SqlparserUt...
CVE-2026-55723 HIGH 8.7
When NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller...
CVE-2026-56339 HIGH 8.7
Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescind_invitation that allows unauthenticated atta...
CVE-2026-56679 HIGH 8.7
9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user ...
CVE-2026-57831 HIGH 8.7
The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection.
CVE-2026-57832 HIGH 8.7
The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection.
CVE-2026-57996 HIGH 8.7
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with...
CVE-2026-58077 HIGH 8.7
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances.
CVE-2026-58655 HIGH 8.7
The bundled Grav Flex Objects plugin (getgrav/grav-plugin-flex-objects) before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles,...
CVE-2026-59235 HIGH 8.7
Missing Authorization (CWE-862) in BankAccountListController (app/Http/Controllers/Api/BankAccount/BankAccountListController.php), exposed at GET /api/bank-account, in Prospero Flow CRM <5.5.3, which ...
CVE-2026-59762 HIGH 8.7
When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.   Impact: System performance can degrade until the TMM pro...
CVE-2026-60085 HIGH 8.7
PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and all...
CVE-2026-62389 HIGH 8.7
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by ...
CVE-2026-10573 HIGH 8.7
A denial-of-service security issue exists in 1734 POINT I/O™ module. The security issue stems from improper handling of crafted CIP messages, which can cause the module to enter a faulted state. A res...
CVE-2026-11403 HIGH 8.7
A vulnerability in Sonatype Nexus Repository Manager's format-specific API key generation may allow a remote attacker to gain unauthorized access to repository operations as a targeted user. A format-...
CVE-2026-12659 HIGH 8.7
A denial-of-service security issue exists in the affected products. The security issue stems from improper handling of exceptional conditions when processing crafted CIP packets sent to the adapter. A...
CVE-2026-15389 HIGH 8.7
A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system ...
CVE-2026-45068 HIGH 8.7
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses...
CVE-2026-45071 HIGH 8.7
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent() set DOMDocument::$validateOnPars...
CVE-2026-45304 HIGH 8.7
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection al...
CVE-2026-45305 HIGH 8.7
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup() used regular exp...
CVE-2026-46633 HIGH 8.7
Twig is a template language for PHP. Prior to 3.26.0, Compiler::string() does not escape single quotes when a template name from a {% use %} tag is placed inside a PHP single-quoted string literal, al...
CVE-2026-46640 HIGH 8.7
Twig is a template language for PHP. From 3.15.0 until 3.26.0, _self.(<string>) and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression ...
CVE-2026-47994 HIGH 8.7
Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious Jav...
CVE-2026-48489 HIGH 8.7
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, DefaultAuthenticationFailureHandler honored the request-s...
CVE-2026-48801 HIGH 8.7
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has O(N²) algorithmic complexity for inputs containing...
CVE-2026-59204 HIGH 8.7
Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile,...
CVE-2026-60114 HIGH 8.7
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary location...
CVE-2026-8590 HIGH 8.7
Vulnerability in Spotfire Spotfire Enterprise (Spotfire Server modules), Spotfire Spotfire Enterprise with External Consumers (Spotfire Server modules), Spotfire Spotfire on Kubernetes (Spotfire Serve...
CVE-2026-9140 HIGH 8.7
A denial-of-service security issue exists in the 1719-AENTR. The security issue stems from improper handling of a UDP unicast network storm, which causes the device to become overloaded and lose commu...
CVE-2026-9653 HIGH 8.7
A denial-of-service security issue exists across all the 1756-EN2, EN3, and ENBT communication module due to improper validation of CIP Implicit Connection packets. An attacker on the network can expl...
CVE-2026-22099 HIGH 8.7
The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmw...
CVE-2026-49970 HIGH 8.7
Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded files to arbitrary locations by controlling the direc...
CVE-2026-57829 HIGH 8.7
The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS.
CVE-2026-57855 HIGH 8.7
Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php executes bucket commands (ls,...
CVE-2026-57856 HIGH 8.7
Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php sanitizes the bucket name with preg_...
CVE-2026-61458 HIGH 8.7
PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a pus...
CVE-2026-61463 HIGH 8.7
Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to ad...
CVE-2026-62184 HIGH 8.7
luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs v...
CVE-2026-62190 HIGH 8.7
OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. ...
CVE-2026-62194 HIGH 8.7
OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended ...
CVE-2026-62195 HIGH 8.7
OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass ...
CVE-2026-62196 HIGH 8.7
OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform...
CVE-2026-62199 HIGH 8.7
OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust calle...
CVE-2026-62200 HIGH 8.7
OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust c...
CVE-2026-62328 HIGH 8.7
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoin...
CVE-2026-15483 HIGH 8.7
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argument...
CVE-2026-15484 HIGH 8.7
A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffer...
CVE-2026-56238 HIGH 8.7
Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational...
CVE-2026-59260 HIGH 8.7
OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attack...
CVE-2026-61875 HIGH 8.7
luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious ...
CVE-2026-56303 HIGH 8.7
Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attacker...
CVE-2026-61439 HIGH 8.7
PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Att...
CVE-2026-61454 HIGH 8.7
The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ in the Admin2 SPA bootstrap page at /grav/admin (and its subroutes). This ob...
CVE-2025-30007 HIGH 8.7
HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote chara...
CVE-2026-14480 HIGH 8.7
OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directl...
CVE-2026-38059 HIGH 8.7
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the...
CVE-2026-41876 HIGH 8.7
R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authen...
CVE-2026-42952 HIGH 8.7
Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack.
CVE-2026-44383 HIGH 8.7
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.
CVE-2026-50180 HIGH 8.7
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, `SQLChatAgent` in `langroid` ships a `_validate_query` defense-in-depth layer whose `_DANGEROUS...
CVE-2026-53653 HIGH 8.7
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions thr...
CVE-2026-56279 HIGH 8.7
Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated...
CVE-2026-56305 HIGH 8.7
Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. At...
CVE-2026-57219 HIGH 8.7
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configur...
CVE-2026-57584 HIGH 8.7
Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the ...
CVE-2026-57850 HIGH 8.7
RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can sen...
CVE-2026-59161 HIGH 8.7
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on...
CVE-2026-59190 HIGH 8.7
grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change ...
CVE-2026-61434 HIGH 8.7
PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -del...
CVE-2026-61460 HIGH 8.7
Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows aut...
CVE-2026-61461 HIGH 8.7
Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the searc...
CVE-2026-57206 HIGH 8.6
SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.206, several plugin validation routes in application/single_app...
CVE-2026-15583 HIGH 8.6
A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-...
CVE-2026-40501 HIGH 8.6
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by deliverin...
CVE-2026-48795 HIGH 8.6
AdonisJS is a TypeScript-first web framework. From 10.1.3 until 10.1.5 and 11.0.3, AdonisJS @adonisjs/bodyparser incompletely fixed CVE-2026-25754 because nested multipart field payloads such as user....
CVE-2026-57833 HIGH 8.6
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature.
CVE-2026-61443 HIGH 8.6
PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.run_skill_script() that executes scripts without path containment validation. Attackers can supply absolute file pa...
CVE-2026-61446 HIGH 8.6
PraisonAI (praisonaiagents) before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python (.py) files from project-level and user-home ....
CVE-2026-61836 HIGH 8.6
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes ...
CVE-2026-9770 HIGH 8.6
Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices.  An attacker with access to the firmware image can extract...
CVE-2026-15427 HIGH 8.6
An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input ...
CVE-2026-15720 HIGH 8.6
In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service.
CVE-2026-47988 HIGH 8.6
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gai...
CVE-2026-48252 HIGH 8.6
Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to by...
CVE-2026-48275 HIGH 8.6
Illustrator is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction...
CVE-2026-48310 HIGH 8.6
Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could...
CVE-2026-48350 HIGH 8.6
Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user....
CVE-2026-59835 HIGH 8.6
A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VM...
CVE-2026-22100 HIGH 8.6
The OCPP DataTransfer message `ReserveLogin` is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root.
CVE-2026-57389 HIGH 8.6
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Adrian Tobey Groundhogg groundhogg allows Path Traversal.This issue affects Groundhogg: from n/a through...
CVE-2026-57709 HIGH 8.6
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects...
CVE-2026-62185 HIGH 8.6
Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network ...
CVE-2026-62187 HIGH 8.6
OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should hav...
CVE-2026-62188 HIGH 8.6
OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the af...
CVE-2026-22660 HIGH 8.6
FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch i...
CVE-2026-52747 HIGH 8.6
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently r...
CVE-2026-55638 HIGH 8.6
9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /ap...
CVE-2026-55852 HIGH 8.6
Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members were not sufficiently checked before extraction. Thi...
CVE-2026-57156 HIGH 8.6
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update_read_delta_points in libfreerdp/core/orders.c w...
CVE-2026-46686 HIGH 8.5
Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped b...
CVE-2026-6423 HIGH 8.5
A local privilege escalation vulnerability in ESET Inspect Connector.  The vulnerability was caused by improper authentication in an IPC channel.
CVE-2026-40952 HIGH 8.5
CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it t...
CVE-2026-45419 HIGH 8.5
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageService#save, StaticResourceServer#saveFilesToServe, and the /de2api/templ...
CVE-2026-55234 HIGH 8.5
Wekan is open source kanban built with Meteor. Prior to 9.37, Wekan DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js authorize ag...
CVE-2026-56398 HIGH 8.5
Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-...
CVE-2026-61433 HIGH 8.5
PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy....
CVE-2026-61828 HIGH 8.5
Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and 26.05 channel fixes, the NixOS module for MySQL services.mysql initializes the M...
CVE-2026-8920 HIGH 8.5
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted...
CVE-2025-40945 HIGH 8.5
A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512...
CVE-2026-15428 HIGH 8.5
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface ca...
CVE-2026-48320 HIGH 8.5
ColdFusion is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated a...
CVE-2026-50340 HIGH 8.5
Use after free in Windows Runtime allows an authorized attacker to elevate privileges over a network.
CVE-2026-53565 HIGH 8.5
Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows. This issue affects Secure Access Client for Windows: before...
CVE-2026-57385 HIGH 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a throug...
CVE-2026-57771 HIGH 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD ...
CVE-2026-57772 HIGH 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affec...
CVE-2026-57787 HIGH 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: f...
CVE-2026-57810 HIGH 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affec...
CVE-2026-9492 HIGH 8.5
The MBStorage DRAM lighting control module within Gigabyte Control Center (GCC) developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send sp...
CVE-2026-21055 HIGH 8.5
Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege.
CVE-2026-54329 HIGH 8.5
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing ...
CVE-2026-55665 HIGH 8.5
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a link's href w...
CVE-2026-55789 HIGH 8.5
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting...
CVE-2026-56690 HIGH 8.5
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remot...
CVE-2026-61437 HIGH 8.5
PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workf...
CVE-2026-15029 HIGH 8.4
Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and w...
CVE-2026-15895 HIGH 8.4
OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might allow context-dependent attackers to execute arbitrary commands via crafted package specifiers passed to...
CVE-2026-42936 HIGH 8.4
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the priv...
CVE-2026-58659 HIGH 8.4
PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the _load_state function that imports and executes attacker-controlled module names from che...
CVE-2026-61430 HIGH 8.4
PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the web_crawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. At...
CVE-2026-0487 HIGH 8.4
SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the a...
CVE-2026-24233 HIGH 8.4
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrust...
CVE-2026-42049 HIGH 8.4
jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization whe...
CVE-2026-49184 HIGH 8.4
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50520 HIGH 8.4
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code allows an unauthorized attacker to execute code locally.
CVE-2026-54122 HIGH 8.4
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.
CVE-2026-54128 HIGH 8.4
Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally.
CVE-2026-54992 HIGH 8.4
Heap-based buffer overflow in Windows Message Queuing Queue Manager allows an unauthorized attacker to execute code locally.
CVE-2026-55045 HIGH 8.4
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-9292 HIGH 8.4
A Stored Cross-Site Scripting security issue exists within FactoryTalk® DataMosaix™ Private Cloud. The vulnerability stems from improper neutralization of user-supplied input within the Workflows conf...
CVE-2026-56308 HIGH 8.4
Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie...
CVE-2026-61429 HIGH 8.4
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HT...
CVE-2026-21042 HIGH 8.4
Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
CVE-2026-21046 HIGH 8.4
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2026-21049 HIGH 8.4
Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
CVE-2026-14254 HIGH 8.3
A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were proces...
CVE-2026-45576 HIGH 8.3
zrok is software for sharing web services, files, and network resources. From 0.4.23 until 2.0.3, `zrok2 copy` stores attacker-controlled WebDAV or zrok drive paths such as /../outside.txt in the sour...
CVE-2026-10673 HIGH 8.3
The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver (drivers/ethernet/eth_adin2111.c) reassembles received Ethernet frames in OPEN Alliance (OA) SPI mode by copying device-supplied 64-byte dat...
CVE-2026-20296 HIGH 8.3
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker cou...
CVE-2026-45533 HIGH 8.3
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and p...
CVE-2026-47158 HIGH 8.3
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiat...
CVE-2026-53516 HIGH 8.3
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the...
CVE-2026-56434 HIGH 8.3
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directive...
CVE-2026-62349 HIGH 8.3
TDengine is an open source, time-series database optimized for Internet of Things devices. In 3.4.1.6 and earlier, source/libs/parser/src/parUtil.c trimString() checks space for only one byte before p...
CVE-2026-15736 HIGH 8.3
Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection t...
CVE-2026-15769 HIGH 8.3
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially ...
CVE-2026-15772 HIGH 8.3
Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML ...
CVE-2026-15774 HIGH 8.3
Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr...
CVE-2026-45075 HIGH 8.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped #[IsGranted], #[IsSignatureValid], and #[IsCsrfTokenValid] a...
CVE-2026-45077 HIGH 8.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\S...
CVE-2026-47767 HIGH 8.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the CVE-2024-50340 fix gated runtime argv parsin...
CVE-2026-54058 HIGH 8.3
Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row...
CVE-2026-56181 HIGH 8.3
Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2026-58486 HIGH 8.3
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter...
CVE-2026-62143 HIGH 8.3
A Server-Side Request Forgery (SSRF) protection bypass existed in the html_to_markdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and ...
CVE-2026-62240 HIGH 8.3
CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validate_url function that performs one-shot DNS resolution and blocklist checks before returning the original URL unch...
CVE-2026-58596 HIGH 8.3
Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-58281 HIGH 8.3
Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-21045 HIGH 8.3
Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
CVE-2026-21048 HIGH 8.3
Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
CVE-2026-55882 HIGH 8.3
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When t...
CVE-2026-55883 HIGH 8.3
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unaut...
CVE-2026-56254 HIGH 8.3
In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived fr...
CVE-2026-56675 HIGH 8.3
9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic...
CVE-2026-15352 HIGH 8.2
A vulnerability exists in the Health & Safety (HS) application of NASA's Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeep...
CVE-2026-35147 HIGH 8.2
HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access. The application fails to verify the user's authentication status when accessing specific API endpoints, allowi...
CVE-2026-35149 HIGH 8.2
HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering ...
CVE-2026-44981 HIGH 8.2
CrowdSec offers crowdsourced protection against malicious IPs. From 1.7.0 until 1.7.8, the LAPI router used gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controll...
CVE-2026-45325 HIGH 8.2
Gestor de Oferta is a web application for managing mobility service offerings. Prior to 20260509.0340.15, @tmlmobilidade/utils has a prototype pollution vulnerability in setValueAtPath() in packages/u...
CVE-2026-49998 HIGH 8.2
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.1, Centrifugo dynamic JWKS endpoint verification could reuse a key for one allowed issuer to verify a JWT for another all...
CVE-2026-12382 HIGH 8.2
A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining re...
CVE-2026-13585 HIGH 8.2
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local...
CVE-2026-46485 HIGH 8.2
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml thro...
CVE-2026-10672 HIGH 8.2
subsys/net/lib/lwm2m/lwm2m_pull_context.c copied the firmware-update Package URI into a fixed static buffer (context.uri, size CONFIG_LWM2M_SWMGMT_PACKAGE_URI_LEN, default 128) with memcpy(context.uri...
CVE-2026-14504 HIGH 8.2
An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted repository to upload arbitrary artifacts, by...
CVE-2026-15075 HIGH 8.2
In Eclipse Vert.x versions up to and including 4.5.29 (4.x branch) and 5.1.4 (5.x branch), DefaultRedirectHandler (vertx-core) propagates all request headers as-is across cross-origin HTTP 30x redirec...
CVE-2026-15076 HIGH 8.2
In versions up to and including 4.5.29 (4.x branch) and 5.1.4 (5.x branch), the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie resp...
CVE-2026-44752 HIGH 8.2
SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's brows...
CVE-2026-45133 HIGH 8.2
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, ...
CVE-2026-45756 HIGH 8.2
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() ...
CVE-2026-47423 HIGH 8.2
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. In 3.4.4, DOMPurify allowed selectedcontent by default, allowing browsers to re-clone an XSS payload after sanitizatio...
CVE-2026-47984 HIGH 8.2
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gai...
CVE-2026-48290 HIGH 8.2
CAI Content Credentials is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit th...
CVE-2026-48345 HIGH 8.2
Animate is affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the c...
CVE-2026-50338 HIGH 8.2
Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-50429 HIGH 8.2
Out-of-bounds read in Windows Kernel allows an unauthorized attacker to disclose information over a network.
CVE-2026-50528 HIGH 8.2
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50680 HIGH 8.2
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2026-58229 HIGH 8.2
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decode_headers/...
CVE-2026-59197 HIGH 8.2
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilte...
CVE-2026-9636 HIGH 8.2
A security issue exists within CompactLogix® 5380, ControlLogix® 5580, and EN4 communication modules related to CIP Security certificate revocation handling. The security issue stems from the controll...
CVE-2026-48363 HIGH 8.2
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Expl...
CVE-2026-48364 HIGH 8.2
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Expl...
CVE-2026-57768 HIGH 8.2
Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through <= 3.3.3.
CVE-2026-58500 HIGH 8.2
MCP Appium is an MCP server that provides AI assistants with tools to automate mobile app testing on Android and iOS. In versions prior to 1.85.10, the createLocatorGeneratorUI function interpolates a...
CVE-2026-41879 HIGH 8.2
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be chan...
CVE-2026-53657 HIGH 8.2
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lim...
CVE-2026-54423 HIGH 8.2
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, ...
CVE-2026-54736 HIGH 8.2
Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir i...
CVE-2026-55641 HIGH 8.2
9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attac...
CVE-2026-58499 HIGH 8.2
EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validate...
CVE-2021-27137 HIGH 8.1
An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would ove...
CVE-2026-15008 HIGH 8.1
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the f...
CVE-2026-1609 HIGH 8.1
A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during ...
CVE-2026-46351 HIGH 8.1
BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web generated conference sessionToken values with insufficiently secure randomness in bbb-common-web/src/main/java/org/bigbluebu...
CVE-2026-46353 HIGH 8.1
BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web checksum validation could be bypassed when a presentationUploadExternalUrl parameter was supplied to API request handling in...
CVE-2026-20156 HIGH 8.1
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-53517 HIGH 8.1
Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refresh_token grant perfor...
CVE-2026-62685 HIGH 8.1
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser builds new user scopes from user...
CVE-2026-42900 HIGH 8.1
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Store allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-44745 HIGH 8.1
SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link wh...
CVE-2026-47304 HIGH 8.1
Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-47995 HIGH 8.1
Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious Ja...
CVE-2026-48349 HIGH 8.1
Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's co...
CVE-2026-49164 HIGH 8.1
Heap-based buffer overflow in Active Directory Domain Services allows an unauthorized attacker to execute code over a network.
CVE-2026-50439 HIGH 8.1
Use after free in Microsoft Message Queuing Queue Manager allows an unauthorized attacker to execute code over a network.
CVE-2026-50460 HIGH 8.1
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50487 HIGH 8.1
Use after free in Microsoft Windows DNS allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50686 HIGH 8.1
Access of resource using incompatible type ('type confusion') in Windows OLE allows an unauthorized attacker to execute code over a network.
CVE-2026-50694 HIGH 8.1
Use after free in Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized attacker to execute code over a network.
CVE-2026-54995 HIGH 8.1
Use after free in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over a network.
CVE-2026-56169 HIGH 8.1
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-56186 HIGH 8.1
Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network.
CVE-2026-58595 HIGH 8.1
Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58617 HIGH 8.1
Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-57743 HIGH 8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion...
CVE-2026-10666 HIGH 8.1
parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the port substring into a fixed 17-byte stack buffer (char ipaddr[NET_IPV4_ADDR_LEN...
CVE-2026-7655 HIGH 8.1
The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identit...
CVE-2026-12595 HIGH 8.1
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_disco...
CVE-2026-12597 HIGH 8.1
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_gith...
CVE-2026-12598 HIGH 8.1
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpress_on_spotify_login(...
CVE-2026-49213 HIGH 8.1
TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validate...
CVE-2026-54771 HIGH 8.1
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invoc...
CVE-2026-55377 HIGH 8.1
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current us...
CVE-2026-56668 HIGH 8.1
ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject t...
CVE-2026-59795 HIGH 8.1
In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
CVE-2026-59796 HIGH 8.1
In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
CVE-2026-40400 HIGH 8.0
Relative path traversal in Windows PowerShell allows an authorized attacker to execute code over a network.
CVE-2026-42975 HIGH 8.0
Heap-based buffer overflow in Windows Bluetooth Port Driver allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-49169 HIGH 8.0
Use after free in DNS Server allows an authorized attacker to execute code over a network.
CVE-2026-50365 HIGH 8.0
Improper authentication in Windows RPC API allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-50502 HIGH 8.0
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network.
CVE-2026-50683 HIGH 8.0
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-58647 HIGH 8.0
Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacker to perform spoofing over a network.
CVE-2026-15293 HIGH 8.0
The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user i...
CVE-2026-48346 HIGH 7.9
Animate is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in ...
CVE-2026-3842 HIGH 7.8
A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shor...
CVE-2026-15809 HIGH 7.8
A flaw was found in CRI-O. The fix for a previous vulnerability (CVE-2022-4318) was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can injec...
CVE-2026-40633 HIGH 7.8
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with l...
CVE-2026-46709 HIGH 7.8
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.234, Tabby inserts dropped file paths from tabby-electron/src/pathDrop.ts into the active shell without neutralizing ...
CVE-2026-56687 HIGH 7.8
Dell ThinOS 10, versions prior to 2605_10.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Un...
CVE-2026-58558 HIGH 7.8
Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-10669 HIGH 7.8
On Xtensa SoCs built with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, arch_buffer_validate() in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to th...
CVE-2026-24238 HIGH 7.8
NVIDIA TensorRT for contains a vulnerability where an attacker might cause an improper validation of array index. A successful exploit of this vulnerability might lead to code execution.
CVE-2026-24268 HIGH 7.8
NVIDIA TensorRT contains a vulnerability where an attacker might cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution.
CVE-2026-24272 HIGH 7.8
NVIDIA TensorRT contains a vulnerability where an attacker might cause an overflow to a heap-based buffer. A successful exploit of this vulnerability might lead to code execution.
CVE-2026-42982 HIGH 7.8
Improper validation of consistency within input in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVE-2026-44800 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-47290 HIGH 7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-47296 HIGH 7.8
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-47305 HIGH 7.8
Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2026-47472 HIGH 7.8
NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerabil...
CVE-2026-47642 HIGH 7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-47967 HIGH 7.8
Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t...
CVE-2026-47968 HIGH 7.8
Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t...
CVE-2026-47971 HIGH 7.8
Media Encoder is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte...
CVE-2026-47976 HIGH 7.8
Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction...
CVE-2026-48269 HIGH 7.8
Premiere Pro is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera...
CVE-2026-48270 HIGH 7.8
Premiere Pro is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction ...
CVE-2026-48272 HIGH 7.8
Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions ...
CVE-2026-48274 HIGH 7.8
After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction...
CVE-2026-48309 HIGH 7.8
Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t...
CVE-2026-48311 HIGH 7.8
Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha...
CVE-2026-48335 HIGH 7.8
Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i...
CVE-2026-48336 HIGH 7.8
Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i...
CVE-2026-48337 HIGH 7.8
Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i...
CVE-2026-48339 HIGH 7.8
Bridge is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction ...
CVE-2026-48340 HIGH 7.8
Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact...
CVE-2026-48341 HIGH 7.8
Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha...
CVE-2026-48342 HIGH 7.8
Bridge is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac...
CVE-2026-48343 HIGH 7.8
Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha...
CVE-2026-48344 HIGH 7.8
Creative Cloud Desktop is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depend...
CVE-2026-48365 HIGH 7.8
Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t...
CVE-2026-48366 HIGH 7.8
Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction...
CVE-2026-48367 HIGH 7.8
After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction...
CVE-2026-48368 HIGH 7.8
Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t...
CVE-2026-48369 HIGH 7.8
Premiere Pro is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction ...
CVE-2026-48370 HIGH 7.8
Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction...
CVE-2026-48581 HIGH 7.8
Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally.
CVE-2026-49166 HIGH 7.8
Use after free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-49170 HIGH 7.8
Insufficient granularity of access control in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
CVE-2026-49173 HIGH 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-49175 HIGH 7.8
Heap-based buffer overflow in Windows DNS allows an authorized attacker to elevate privileges locally.
CVE-2026-49176 HIGH 7.8
Improper privilege management in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-49783 HIGH 7.8
Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-49792 HIGH 7.8
Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
CVE-2026-49793 HIGH 7.8
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
CVE-2026-49796 HIGH 7.8
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.
CVE-2026-49797 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-49800 HIGH 7.8
Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.
CVE-2026-49808 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50293 HIGH 7.8
Use after free in Windows Internal Task Bar allows an authorized attacker to elevate privileges locally.
CVE-2026-50301 HIGH 7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-50305 HIGH 7.8
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50306 HIGH 7.8
Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-50308 HIGH 7.8
Integer underflow (wrap or wraparound) in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50309 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-50311 HIGH 7.8
Improper access control in Windows Server allows an authorized attacker to elevate privileges locally.
CVE-2026-50313 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50314 HIGH 7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-50315 HIGH 7.8
Null pointer dereference in Windows Image Acquisition allows an authorized attacker to elevate privileges locally.
CVE-2026-50317 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally.
CVE-2026-50318 HIGH 7.8
Stack-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50321 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-50326 HIGH 7.8
Use after free in Windows Unified Consent System allows an authorized attacker to elevate privileges locally.
CVE-2026-50327 HIGH 7.8
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
CVE-2026-50329 HIGH 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50331 HIGH 7.8
Use after free in Windows Application Model allows an authorized attacker to elevate privileges locally.
CVE-2026-50332 HIGH 7.8
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50333 HIGH 7.8
Missing authentication for critical function in Windows Spaceport.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-50335 HIGH 7.8
Improper access control in Windows Operating Systems allows an authorized attacker to elevate privileges locally.
CVE-2026-50336 HIGH 7.8
Heap-based buffer overflow in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50337 HIGH 7.8
Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally.
CVE-2026-50343 HIGH 7.8
Improper privilege management in Microsoft Install Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50344 HIGH 7.8
Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-50346 HIGH 7.8
Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50347 HIGH 7.8
Heap-based buffer overflow in Windows Data dll allows an unauthorized attacker to execute code locally.
CVE-2026-50351 HIGH 7.8
Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.
CVE-2026-50353 HIGH 7.8
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2026-50357 HIGH 7.8
Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
CVE-2026-50361 HIGH 7.8
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50362 HIGH 7.8
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.
CVE-2026-50363 HIGH 7.8
Heap-based buffer overflow in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-50367 HIGH 7.8
Incorrect access of indexable resource ('range error') in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50373 HIGH 7.8
Improper access control in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-50378 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Key Guard allows an authorized attacker to elevate privileges locally.
CVE-2026-50386 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50387 HIGH 7.8
Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.
CVE-2026-50388 HIGH 7.8
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50391 HIGH 7.8
Improper privilege management in Windows Group Policy allows an authorized attacker to elevate privileges locally.
CVE-2026-50399 HIGH 7.8
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50400 HIGH 7.8
Stack-based buffer overflow in Windows App Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-50402 HIGH 7.8
Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50405 HIGH 7.8
Insufficient granularity of access control in Windows Filtering Platform (WFP) allows an authorized attacker to elevate privileges locally.
CVE-2026-50407 HIGH 7.8
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50412 HIGH 7.8
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50417 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-50421 HIGH 7.8
Access of resource using incompatible type ('type confusion') in Windows Connected User Experiences and Telemetry allows an authorized attacker to elevate privileges locally.
CVE-2026-50422 HIGH 7.8
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50423 HIGH 7.8
Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50425 HIGH 7.8
Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally.
CVE-2026-50427 HIGH 7.8
Use after free in Content Delivery Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50433 HIGH 7.8
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50435 HIGH 7.8
Buffer over-read in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.
CVE-2026-50436 HIGH 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50440 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Audio Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50441 HIGH 7.8
Untrusted pointer dereference in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50448 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50450 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Wide Area Network Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50454 HIGH 7.8
Relative path traversal in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-50457 HIGH 7.8
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50458 HIGH 7.8
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50461 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50462 HIGH 7.8
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-50466 HIGH 7.8
Use after free in Windows Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50467 HIGH 7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-50469 HIGH 7.8
Improper link resolution before file access ('link following') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50471 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50476 HIGH 7.8
Use after free in Microsoft Windows allows an authorized attacker to elevate privileges locally.
CVE-2026-50478 HIGH 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50479 HIGH 7.8
Untrusted pointer dereference in Windows USB Hub Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-50480 HIGH 7.8
Heap-based buffer overflow in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.
CVE-2026-50484 HIGH 7.8
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50486 HIGH 7.8
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50488 HIGH 7.8
Improper neutralization of special elements used in a command ('command injection') in Windows Clipboard User Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50493 HIGH 7.8
Use after free in Windows Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50494 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-50498 HIGH 7.8
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVE-2026-50499 HIGH 7.8
Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-50501 HIGH 7.8
Stack-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.
CVE-2026-50509 HIGH 7.8
Deserialization of untrusted data in Windows Wireless Wide Area Network Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50510 HIGH 7.8
Improper restriction of names for files and other resources in Github Copilot allows an unauthorized attacker to execute code locally.
CVE-2026-50646 HIGH 7.8
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
CVE-2026-50649 HIGH 7.8
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
CVE-2026-50650 HIGH 7.8
Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
CVE-2026-50655 HIGH 7.8
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-50665 HIGH 7.8
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-50667 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50673 HIGH 7.8
Null pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50675 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-50676 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50677 HIGH 7.8
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50679 HIGH 7.8
Heap-based buffer overflow in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-50688 HIGH 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50689 HIGH 7.8
Use after free in Windows Clipboard Server allows an authorized attacker to elevate privileges locally.
CVE-2026-50697 HIGH 7.8
Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-54109 HIGH 7.8
Integer overflow or wraparound in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
CVE-2026-54112 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-54114 HIGH 7.8
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-54115 HIGH 7.8
Integer overflow or wraparound in Windows Active Directory allows an authorized attacker to elevate privileges locally.
CVE-2026-54124 HIGH 7.8
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally.
CVE-2026-54125 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-54131 HIGH 7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-54986 HIGH 7.8
Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-54987 HIGH 7.8
Heap-based buffer overflow in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.
CVE-2026-54991 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-54993 HIGH 7.8
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
CVE-2026-55001 HIGH 7.8
Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally.
CVE-2026-55002 HIGH 7.8
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-55004 HIGH 7.8
Double free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-55006 HIGH 7.8
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
CVE-2026-55009 HIGH 7.8
Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
CVE-2026-55011 HIGH 7.8
Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally.
CVE-2026-55012 HIGH 7.8
Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.
CVE-2026-55014 HIGH 7.8
Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally.
CVE-2026-55017 HIGH 7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55018 HIGH 7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55022 HIGH 7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55024 HIGH 7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55025 HIGH 7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55029 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55031 HIGH 7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55032 HIGH 7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55033 HIGH 7.8
Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55036 HIGH 7.8
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55037 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55038 HIGH 7.8
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55039 HIGH 7.8
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55041 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55043 HIGH 7.8
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-55044 HIGH 7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55048 HIGH 7.8
Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55049 HIGH 7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55053 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55055 HIGH 7.8
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55056 HIGH 7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55058 HIGH 7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55120 HIGH 7.8
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-55123 HIGH 7.8
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-55125 HIGH 7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55127 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55128 HIGH 7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55129 HIGH 7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55130 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55131 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55132 HIGH 7.8
Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55133 HIGH 7.8
Heap-based buffer overflow in Microsoft Office OneNote allows an unauthorized attacker to execute code locally.
CVE-2026-55134 HIGH 7.8
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55136 HIGH 7.8
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55137 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55140 HIGH 7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55141 HIGH 7.8
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55899 HIGH 7.8
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55947 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55948 HIGH 7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55949 HIGH 7.8
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-56155 HIGH 7.8
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
CVE-2026-56156 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-56175 HIGH 7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-56176 HIGH 7.8
Out-of-bounds read in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-56182 HIGH 7.8
Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-56189 HIGH 7.8
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
CVE-2026-56643 HIGH 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-56644 HIGH 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-56650 HIGH 7.8
Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally.
CVE-2026-57088 HIGH 7.8
Improper access control in Extensible Storage Engine (ESENT) allows an authorized attacker to elevate privileges locally.
CVE-2026-57091 HIGH 7.8
Stack-based buffer overflow in Windows File History Service allows an authorized attacker to elevate privileges locally.
CVE-2026-57096 HIGH 7.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-57107 HIGH 7.8
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-57968 HIGH 7.8
Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-58527 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-58530 HIGH 7.8
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.
CVE-2026-58532 HIGH 7.8
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-58536 HIGH 7.8
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58537 HIGH 7.8
Use after free in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-58538 HIGH 7.8
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2026-58540 HIGH 7.8
Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-58541 HIGH 7.8
Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2026-58542 HIGH 7.8
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-58601 HIGH 7.8
Heap-based buffer overflow in Virtual Hard Disk (VHD) Miniport Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58602 HIGH 7.8
Use after free in Windows Kernel Mode Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58609 HIGH 7.8
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2026-58610 HIGH 7.8
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
CVE-2026-58613 HIGH 7.8
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58618 HIGH 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-58628 HIGH 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.
CVE-2026-58631 HIGH 7.8
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally.
CVE-2026-58632 HIGH 7.8
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-58633 HIGH 7.8
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-58634 HIGH 7.8
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-58635 HIGH 7.8
Improper neutralization of special elements used in a command ('command injection') in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
CVE-2026-58636 HIGH 7.8
Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-7162 HIGH 7.8
Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software.
CVE-2026-10667 HIGH 7.8
Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-linked list (obj_list) of dynamically allocated kernel objects. Iteration over th...
CVE-2026-46687 HIGH 7.7
Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from api_controller.php without validation, and log_...
CVE-2026-63088 HIGH 7.7
stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomple...
CVE-2026-14251 HIGH 7.7
A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger...
CVE-2026-45313 HIGH 7.7
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. Prior to 1.17.6, GuiServer::WndHookRegisterSlave in Sandboxie/core/svc/GuiServer.cpp stores attacker-supplied hthread and...
CVE-2026-45806 HIGH 7.7
Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import passed the user-controlled url from frontend/src/app/main/data/workspace/media.clj...
CVE-2026-47164 HIGH 7.7
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP email_verified claim only for new-user creation and not when SSO_SIGNUPS_MAT...
CVE-2026-48799 HIGH 7.7
Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription...
CVE-2026-49279 HIGH 7.7
WWBN AVideo is an open source video platform. Versions 29.0 and below contain a Stored XSS vulnerability through the autoEvalCodeOnHTML parameter in the MessageSQLite WebSocket Handler. The MessageSQL...
CVE-2026-53514 HIGH 7.7
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVeri...
CVE-2026-61613 HIGH 7.7
Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from i...
CVE-2026-61644 HIGH 7.7
FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context...
CVE-2026-61835 HIGH 7.7
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, the SSRF protection on Directus's file-import-from-URL feature can be bypassed using the address 0.0.0...
CVE-2026-14903 HIGH 7.7
Path traversal in Ivanti  Xtraction before version 2026.2.1 allows a remote authenticated attacker to read arbitrary files outside the web root.
CVE-2026-46634 HIGH 7.7
Twig is a template language for PHP. From 3.9.0 until 3.26.0, template_from_string() compiles an inner template under a synthesized __string_template__<hash> name that can fall outside a SourcePolicyI...
CVE-2026-48328 HIGH 7.7
ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security meas...
CVE-2026-48332 HIGH 7.7
ColdFusion is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass secur...
CVE-2026-48347 HIGH 7.7
Animate is affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the c...
CVE-2026-48348 HIGH 7.7
Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's co...
CVE-2026-49853 HIGH 7.7
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, SimpleAsyncHTTPClient shallow-copied redirected requests and removed only the Host header, leaving Authorization,...
CVE-2026-49972 HIGH 7.7
Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised w...
CVE-2026-62242 HIGH 7.7
Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and management...
CVE-2026-55516 HIGH 7.7
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-...
CVE-2026-55659 HIGH 7.7
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without f...
CVE-2026-56689 HIGH 7.7
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remot...
CVE-2025-71388 HIGH 7.6
stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because t...
CVE-2026-45337 HIGH 7.6
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the deviceAuthorization plugin treats any authenticated session as the owner of any pending device c...
CVE-2026-50147 HIGH 7.6
Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection ...
CVE-2026-52870 HIGH 7.6
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enable_tasks() for t...
CVE-2026-53444 HIGH 7.6
Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan OIDC-related Meteor methods in packages/wekan-oidc/oidc_server.js, server/models/org.js, and server/models/team.js are globally call...
CVE-2026-53518 HIGH 7.6
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorization_code grant redeems...
CVE-2026-54560 HIGH 7.6
Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth client_id claim, so the JWT verifier does not load...
CVE-2026-59950 HIGH 7.6
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.28.1, the deprecated mcp.server.websocket.websocket_server transport accepted WebSock...
CVE-2026-45074 HIGH 7.6
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSche...
CVE-2026-47996 HIGH 7.6
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security m...
CVE-2026-58233 HIGH 7.6
SAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application�s library, can trigger inse...
CVE-2026-57773 HIGH 7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL I...
CVE-2026-61955 HIGH 7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی...
CVE-2026-62189 HIGH 7.6
OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers ca...
CVE-2026-55405 HIGH 7.6
LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build m...
CVE-2026-12753 HIGH 7.5
The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4....
CVE-2026-21729 HIGH 7.5
Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.
CVE-2026-23538 HIGH 7.5
A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a lar...
CVE-2026-45367 HIGH 7.5
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.7, the FHIRPathEngine implementation passes user-controlled regular expressions fr...
CVE-2026-48863 HIGH 7.5
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A rem...
CVE-2026-53598 HIGH 7.5
Prompty is a markdown file format (.prompty) for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded ${file:...} references in .prompty frontmatter without enforcing that resolved paths staye...
CVE-2026-59861 HIGH 7.5
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Ruby generator embedded OpenAPI default fields, property names, and other schema-derived strings through CodeMethodWriter...
CVE-2026-59862 HIGH 7.5
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values[].description flow through KiotaBu...
CVE-2026-62309 HIGH 7.5
CoreDNS is a DNS server written in Go. Prior to 1.14.4, a single 28-byte UDP datagram can crash the CoreDNS process when the proxyproto plugin is enabled because plugin/pkg/proxyproto/proxyproto.go Pa...
CVE-2026-12997 HIGH 7.5
The Gravity Forms plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.10.4 via the 'gform_uploaded_files' parameter parameter. This makes it possible for ...
CVE-2026-20153 HIGH 7.5
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-20157 HIGH 7.5
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-20158 HIGH 7.5
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-20187 HIGH 7.5
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a sof...
CVE-2026-45793 HIGH 7.5
Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration() validates GitHub OAuth tokens with the regex ^[.A-Za-z0-9_]+$ and in...
CVE-2026-45804 HIGH 7.5
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.from_pretrained flow can bypass the trust_remote_code guard because download() validates model...
CVE-2026-49353 HIGH 7.5
9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest() to protect /api/mcp/*, /api/tunnel...
CVE-2026-49987 HIGH 7.5
Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkou...
CVE-2026-59954 HIGH 7.5
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration d...
CVE-2026-59955 HIGH 7.5
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configurati...
CVE-2026-62351 HIGH 7.5
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, source/libs/transport/src/transComm.c transDecompressMsg() read STransCompMsg.contLen when pHead->comp =...
CVE-2024-7708 HIGH 7.5
For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can...
CVE-2025-53379 HIGH 7.5
A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information...
CVE-2026-12523 HIGH 7.5
Summary Cloudflare quiche's HTTP/3 layer was discovered to be vulnerable to resource exhaustion (i.e., memory) by means of specially crafted HTTP/3 frames. Impact HTTP/3 defines multiple fra...
CVE-2026-12707 HIGH 7.5
Summary Cloudflare quiche was discovered to be vulnerable to memory resource exhaustion due to unbounded queuing of post-handshake client migration events. Impact quiche supports the connecti...
CVE-2026-15709 HIGH 7.5
A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop (inflate()) processes data in chunks without enforcing an upper b...
CVE-2026-15711 HIGH 7.5
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames (...
CVE-2026-15764 HIGH 7.5
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a ...
CVE-2026-15765 HIGH 7.5
Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted H...
CVE-2026-15777 HIGH 7.5
Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a cra...
CVE-2026-40378 HIGH 7.5
Memory allocation with excessive size value in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-45646 HIGH 7.5
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-47302 HIGH 7.5
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-47471 HIGH 7.5
NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might le...
CVE-2026-47476 HIGH 7.5
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of serv...
CVE-2026-47477 HIGH 7.5
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a stack-based buffer overflow. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-47478 HIGH 7.5
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause the use of an expired file descriptor. A successful exploit of this vulnerability might lead to denial of ...
CVE-2026-47479 HIGH 7.5
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of serv...
CVE-2026-47480 HIGH 7.5
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-47482 HIGH 7.5
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause missing release of memory after effective lifetime. A successful exploit of this vulnerability might lead ...
CVE-2026-47736 HIGH 7.5
Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, when PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer while waiting for C...
CVE-2026-47737 HIGH 7.5
Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent c...
CVE-2026-48068 HIGH 7.5
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming HTTP/2 stream initi...
CVE-2026-48069 HIGH 7.5
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message ...
CVE-2026-48295 HIGH 7.5
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to ...
CVE-2026-48351 HIGH 7.5
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the appli...
CVE-2026-48352 HIGH 7.5
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the appli...
CVE-2026-48815 HIGH 7.5
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarded...
CVE-2026-49171 HIGH 7.5
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-49181 HIGH 7.5
Integer underflow (wrap or wraparound) in Windows DHCP Client allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-49476 HIGH 7.5
Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated sel...
CVE-2026-49477 HIGH 7.5
Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve contains a regular expression vulnerable to catastrophic backtracki...
CVE-2026-49787 HIGH 7.5
Allocation of resources without limits or throttling in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CVE-2026-49788 HIGH 7.5
Allocation of resources without limits or throttling in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVE-2026-49855 HIGH 7.5
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumul...
CVE-2026-50304 HIGH 7.5
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50328 HIGH 7.5
Uncaught exception in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
CVE-2026-50330 HIGH 7.5
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50355 HIGH 7.5
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50368 HIGH 7.5
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50379 HIGH 7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.
CVE-2026-50411 HIGH 7.5
Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-50414 HIGH 7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.
CVE-2026-50424 HIGH 7.5
Untrusted pointer dereference in Windows Domain Controller allows an unauthorized attacker to deny service over a network.
CVE-2026-50463 HIGH 7.5
Out-of-bounds read in Windows Kernel allows an unauthorized attacker to disclose information over a network.
CVE-2026-50470 HIGH 7.5
Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50496 HIGH 7.5
Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50500 HIGH 7.5
Use after free in Windows Netlogon allows an authorized attacker to elevate privileges over a network.
CVE-2026-50505 HIGH 7.5
Use after free in Windows Message Queuing allows an authorized attacker to execute code over a network.
CVE-2026-50506 HIGH 7.5
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-50524 HIGH 7.5
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50525 HIGH 7.5
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-50527 HIGH 7.5
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50647 HIGH 7.5
Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-50648 HIGH 7.5
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50651 HIGH 7.5
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-50652 HIGH 7.5
Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-50653 HIGH 7.5
Loop with unreachable exit condition ('infinite loop') in Azure Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-50685 HIGH 7.5
Double free in Windows DHCP Server allows an authorized attacker to execute code over a network.
CVE-2026-50695 HIGH 7.5
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50696 HIGH 7.5
Heap-based buffer overflow in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-54119 HIGH 7.5
Loop with unreachable exit condition ('infinite loop') in Windows Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-54572 HIGH 7.5
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects a...
CVE-2026-54983 HIGH 7.5
Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-56170 HIGH 7.5
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-56648 HIGH 7.5
Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network.
CVE-2026-57089 HIGH 7.5
Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.
CVE-2026-57108 HIGH 7.5
Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-58531 HIGH 7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVE-2026-58627 HIGH 7.5
Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2026-59199 HIGH 7.5
Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in I...
CVE-2026-59200 HIGH 7.5
Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding t...
CVE-2026-59205 HIGH 7.5
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image who...
CVE-2026-59836 HIGH 7.5
A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information di...
CVE-2026-59841 HIGH 7.5
A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert atta...
CVE-2026-59884 HIGH 7.5
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the t...
CVE-2026-59885 HIGH 7.5
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a sm...
CVE-2026-59886 HIGH 7.5
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, ...
CVE-2026-14165 HIGH 7.5
An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...
CVE-2026-15574 HIGH 7.5
A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable in...
CVE-2026-15584 HIGH 7.5
A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any...
CVE-2026-15680 HIGH 7.5
Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected inst...
CVE-2026-15683 HIGH 7.5
Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected...
CVE-2026-15685 HIGH 7.5
Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ...
CVE-2026-57378 HIGH 7.5
Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a thro...
CVE-2026-57697 HIGH 7.5
Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affec...
CVE-2026-57705 HIGH 7.5
Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through <=...
CVE-2026-57727 HIGH 7.5
Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13.
CVE-2026-57729 HIGH 7.5
Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.20.5.
CVE-2026-57788 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Aalto aalto allows PHP Local File Inclusion.This issue affects Aalt...
CVE-2026-57789 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Aqua aqua allows PHP Local File Inclusion.This issue affects Aqua: fr...
CVE-2026-57790 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Bill...
CVE-2026-57791 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook:...
CVE-2026-57792 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: f...
CVE-2026-57793 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow...
CVE-2026-57794 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo Framework golo-framework allows PHP Local File Inclusion.This issue ...
CVE-2026-57795 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects K...
CVE-2026-57796 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: ...
CVE-2026-57798 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inc...
CVE-2026-57799 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n...
CVE-2026-57800 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affe...
CVE-2026-57801 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affect...
CVE-2026-57802 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affe...
CVE-2026-57803 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur Core struktur-core allows PHP Local File Inclusion.This ...
CVE-2026-57804 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor all...
CVE-2026-57805 HIGH 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Tonda tonda allows PHP Local File Inclusion.This issue affects To...
CVE-2026-57815 HIGH 7.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue aff...
CVE-2026-15335 HIGH 7.5
The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form<N>) in all versions up to, and including, 1.7.20 due to insufficient escaping on the us...
CVE-2026-15338 HIGH 7.5
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get_type_template function. This makes it possibl...
CVE-2026-4661 HIGH 7.5
The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2...
CVE-2026-9282 HIGH 7.5
The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attac...
CVE-2026-13347 HIGH 7.5
The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and he_wrapper_css query parameters processed by the elementor_a...
CVE-2026-15288 HIGH 7.5
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin acceptin...
CVE-2026-15290 HIGH 7.5
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in...
CVE-2026-15291 HIGH 7.5
The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-he...
CVE-2026-33382 HIGH 7.5
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory alloca...
CVE-2026-54063 HIGH 7.5
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row r="N"...
CVE-2026-55175 HIGH 7.5
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow u...
CVE-2026-55213 HIGH 7.5
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib...
CVE-2026-55229 HIGH 7.5
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically re...
CVE-2026-55233 HIGH 7.5
OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configur...
CVE-2026-55687 HIGH 7.5
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components...
CVE-2026-55827 HIGH 7.5
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decod...
CVE-2026-57220 HIGH 7.5
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and bef...
CVE-2026-46513 HIGH 7.4
Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, Frogman stored API tokens generated by Tools/CreateApiToken.php:33-36 as raw bin2hex(random_bytes(32)) strings in oc_api...
CVE-2026-15691 HIGH 7.4
A security flaw has been discovered in Tenda BE12 Pro 16.03.66.23. This affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page r...
CVE-2026-15692 HIGH 7.4
A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page...
CVE-2026-15693 HIGH 7.4
A security vulnerability has been detected in Tenda BE12 Pro 16.03.66.23. This issue affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page lea...
CVE-2026-15694 HIGH 7.4
A vulnerability was detected in Tenda BE12 Pro 16.03.66.23. Impacted is the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in stack-based buffer ov...
CVE-2026-15695 HIGH 7.4
A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-bas...
CVE-2026-15696 HIGH 7.4
A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-...
CVE-2026-4017 HIGH 7.4
Buffer Overflow in the entry handler of the TraceEvent() system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
CVE-2026-47473 HIGH 7.4
NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and...
CVE-2026-48287 HIGH 7.4
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the...
CVE-2026-54127 HIGH 7.4
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-15543 HIGH 7.4
A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The atta...
CVE-2026-15544 HIGH 7.4
A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument F...
CVE-2026-15545 HIGH 7.4
A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation ...
CVE-2026-15548 HIGH 7.4
A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The man...
CVE-2026-10665 HIGH 7.4
In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), wg_process_data_message() in wg_crypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIG_WIREGUARD_BUF_LEN b...
CVE-2026-15480 HIGH 7.4
A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_n...
CVE-2026-15481 HIGH 7.4
A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing ...
CVE-2026-53450 HIGH 7.4
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard ca...
CVE-2026-54919 HIGH 7.4
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46...
CVE-2026-55672 HIGH 7.4
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting clie...
CVE-2026-56676 HIGH 7.4
9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side imag...
CVE-2026-57574 HIGH 7.4
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where insuffici...
CVE-2026-60063 HIGH 7.3
An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation ...
CVE-2026-61389 HIGH 7.3
An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation ...
CVE-2026-62290 HIGH 7.3
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. From 1.18.0 until 1.19....
CVE-2026-9046 HIGH 7.3
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑sy...
CVE-2026-45738 HIGH 7.3
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/* annotations ...
CVE-2026-24229 HIGH 7.3
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the Fas...
CVE-2026-49789 HIGH 7.3
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-49790 HIGH 7.3
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVE-2026-50364 HIGH 7.3
Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally.
CVE-2026-50482 HIGH 7.3
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-55021 HIGH 7.3
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55034 HIGH 7.3
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55126 HIGH 7.3
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-58640 HIGH 7.3
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-9127 HIGH 7.3
A remote code execution security issue exists within Studio 5000 Logix Designer® due to incorrect authorization on a configuration file. This can allow any authenticated user to modify the paths of ex...
CVE-2026-9128 HIGH 7.3
A code execution security issue exists within Studio 5000 Logix Designer® due to an unquoted search path in the External Tools configuration. The executable paths specified in the external tools confi...
CVE-2026-15684 HIGH 7.3
Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utiliti...
CVE-2026-55501 HIGH 7.3
9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP h...
CVE-2026-56667 HIGH 7.3
ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without ap...
CVE-2026-59794 HIGH 7.3
In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
CVE-2026-13042 HIGH 7.2
The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output e...
CVE-2026-44982 HIGH 7.2
CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from max(r.ContentLength, 0), s...
CVE-2026-7543 HIGH 7.2
The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fields' parameter in versions up to, and including, 2.7.1 due to insufficient input sanitization and output es...
CVE-2026-20297 HIGH 7.2
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a ro...
CVE-2026-58660 HIGH 7.2
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save() method (used by the kanban board drag-and-drop endpoint) validates the caller's role on the attacker-supplied project_id bu...
CVE-2026-59258 HIGH 7.2
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions....
CVE-2026-61873 HIGH 7.2
Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-val...
CVE-2026-62350 HIGH 7.2
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a user with create udf privilege could upload a crafted shared library and install it as a...
CVE-2026-8919 HIGH 7.2
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a r...
CVE-2026-11917 HIGH 7.2
A path traversal security issue exists within Rockwell Automation ThinManager® software due to improper limitation of file save operations within the API. An authenticated attacker could exploit this ...
CVE-2026-47992 HIGH 7.2
Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the ...
CVE-2026-54433 HIGH 7.2
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting (XSS) via a crafted plain-text email message. The attacker-controlled JavaScript executes within the vic...
CVE-2026-62643 HIGH 7.2
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if styleshee...
CVE-2026-57372 HIGH 7.2
Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0.
CVE-2026-57407 HIGH 7.2
Server-Side Request Forgery (SSRF) vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n...
CVE-2026-59521 HIGH 7.2
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through <= 3.1.15.
CVE-2026-62186 HIGH 7.2
OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authoriz...
CVE-2026-62192 HIGH 7.2
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization ch...
CVE-2026-56241 HIGH 7.2
Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_...
CVE-2026-56313 HIGH 7.2
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign...
CVE-2026-13114 HIGH 7.2
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and inc...
CVE-2026-13378 HIGH 7.2
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insuffici...
CVE-2026-3576 HIGH 7.2
The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and including, 3.0. The ulap.php file acts...
CVE-2026-6939 HIGH 7.2
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval_code' parameter in all versions up to, and including, 2.7.4 due to insuffi...
CVE-2026-13430 HIGH 7.2
The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the import_media_file_secure function. This is due to ins...
CVE-2026-15298 HIGH 7.2
The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegra...
CVE-2026-1667 HIGH 7.2
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token ...
CVE-2026-22659 HIGH 7.2
FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not cont...
CVE-2026-53448 HIGH 7.2
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolat...
CVE-2026-46336 HIGH 7.1
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded ...
CVE-2026-59867 HIGH 7.1
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota resolved OpenAPI $ref values by fetching remote http(s) URLs and reading local absolute or out-of-tree file paths, allowing...
CVE-2026-63397 HIGH 7.1
remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is inje...
CVE-2026-33443 HIGH 7.1
CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS agai...
CVE-2026-46458 HIGH 7.1
ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plain...
CVE-2026-50030 HIGH 7.1
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accept...
CVE-2026-50124 HIGH 7.1
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 da...
CVE-2026-50144 HIGH 7.1
ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write...
CVE-2026-52865 HIGH 7.1
When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the N...
CVE-2026-52869 HIGH 7.1
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTranspo...
CVE-2026-52890 HIGH 7.1
Wekan is open source kanban built with Meteor. Prior to 9.31, Wekan allows a logged-in board member to insert an attachment document through the /attachments/insert DDP method with attacker-controlled...
CVE-2026-53445 HIGH 7.1
Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.us...
CVE-2026-53515 HIGH 7.1
Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new...
CVE-2026-54563 HIGH 7.1
Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPre...
CVE-2026-59255 HIGH 7.1
BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema...
CVE-2026-61440 HIGH 7.1
PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created is...
CVE-2026-61449 HIGH 7.1
Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory ...
CVE-2026-63175 HIGH 7.1
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within th...
CVE-2026-10671 HIGH 7.1
In Zephyr's kernel pipe implementation, the userspace syscall verifier z_vrfy_k_pipe_init() in kernel/pipe.c used K_SYSCALL_OBJ() (which requires the kernel object to already be initialized) instead o...
CVE-2026-46627 HIGH 7.1
Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrust...
CVE-2026-46639 HIGH 7.1
Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute() with the sandbox argument hardcoded to false, disabling property a...
CVE-2026-47732 HIGH 7.1
Twig is a template language for PHP. Prior to 3.26.0, several Twig language constructs trigger PHP string coercion on a Stringable operand without consulting SecurityPolicy::checkMethodAllowed(), allo...
CVE-2026-48806 HIGH 7.1
Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke __toString() on a Stringable object used a...
CVE-2026-48807 HIGH 7.1
Twig is a template language for PHP. Prior to 3.27.0, the sandbox __toString() checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not i...
CVE-2026-49165 HIGH 7.1
Use of uninitialized resource in Microsoft Windows App Store allows an authorized attacker to disclose information locally.
CVE-2026-49791 HIGH 7.1
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50354 HIGH 7.1
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-5040 HIGH 7.1
TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force...
CVE-2026-50428 HIGH 7.1
Out-of-bounds read in Windows Container Isolation FS Filter Driver (unionfs.sys) allows an authorized attacker to disclose information locally.
CVE-2026-50451 HIGH 7.1
Missing authentication for critical function in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50465 HIGH 7.1
Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.
CVE-2026-50682 HIGH 7.1
Out-of-bounds read in Windows Active Directory allows an authorized attacker to deny service over a network.
CVE-2026-55122 HIGH 7.1
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55144 HIGH 7.1
Missing cryptographic step in Windows CryptoAPI allows an authorized attacker to perform tampering locally.
CVE-2026-55651 HIGH 7.1
Easy!Appointments is a self hosted appointment scheduler. In version 1.5.2, an Excessive Data Exposure vulnerability in the customers search endpoint allows an authenticated user to obtain appointment...
CVE-2026-56193 HIGH 7.1
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-57101 HIGH 7.1
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-58529 HIGH 7.1
Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network.
CVE-2026-59674 HIGH 7.1
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed suricata package allows the suricata user to escalate to root. This issue affects openSUSE Tumbleweed: from ? before...
CVE-2026-57363 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3...
CVE-2026-57368 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a th...
CVE-2026-57369 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder:...
CVE-2026-57376 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM...
CVE-2026-57379 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a thro...
CVE-2026-57380 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects E...
CVE-2026-57381 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from...
CVE-2026-57382 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple F...
CVE-2026-57383 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Stored XSS.This issue affects JobSearch: from n/a through <= ...
CVE-2026-57387 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in picu picu picu allows Stored XSS.This issue affects picu: from n/a through <= 3.5.1.
CVE-2026-57388 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a ...
CVE-2026-57394 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletter...
CVE-2026-57396 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects...
CVE-2026-57398 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue aff...
CVE-2026-57399 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proxy &amp; VPN Blocker Proxy &amp; VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue aff...
CVE-2026-57403 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Security Headers gd-security-headers allows Reflected XSS.This issue affects GD ...
CVE-2026-57405 HIGH 7.1
Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through <= 1.7.1.
CVE-2026-57409 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DO...
CVE-2026-57411 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman CF7 Views &#8211; Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS...
CVE-2026-57415 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codemenschen Gift Vouchers gift-voucher allows Stored XSS.This issue affects Gift Vouchers: from n...
CVE-2026-57416 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affe...
CVE-2026-57417 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through <= 3...
CVE-2026-57421 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms crm-perks-forms allows Reflected XSS.This issue affects CRM Perks Forms:...
CVE-2026-57422 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflec...
CVE-2026-57423 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue a...
CVE-2026-57668 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: ...
CVE-2026-57695 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Ga...
CVE-2026-57706 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan, Inc. Dokan dokan-lite allows Reflected XSS.This issue affects Dokan: from n/a through <= 5....
CVE-2026-57708 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contac...
CVE-2026-57712 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Portfolio wpzoom-portfolio allows Reflected XSS.This issue affects WPZOOM Portfolio:...
CVE-2026-57715 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a t...
CVE-2026-57718 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-el...
CVE-2026-57725 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through <= 6.0.11.
CVE-2026-57728 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through <= ...
CVE-2026-57732 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In...
CVE-2026-57733 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud ...
CVE-2026-57734 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n...
CVE-2026-57740 HIGH 7.1
Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMa...
CVE-2026-57741 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affe...
CVE-2026-57745 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 1...
CVE-2026-57814 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issu...
CVE-2026-57816 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows Reflected XSS.This issue affects Funne...
CVE-2026-58410 HIGH 7.1
ChurchCRM is an open-source church management system. Prior to version 7.4.0, there was an authorization flaw in the family-scoped endpoints which allowed low-privileged users to read and modify other...
CVE-2026-59516 HIGH 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects I...
CVE-2026-61956 HIGH 7.1
Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام &#8211; همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام &#8211; همگام سازی ووکام...
CVE-2026-62191 HIGH 7.1
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorizatio...
CVE-2026-15506 HIGH 7.1
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation lead...
CVE-2026-61442 HIGH 7.1
PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A worksp...
CVE-2026-11321 HIGH 7.1
The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in au...
CVE-2026-39903 HIGH 7.1
Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error ca...
CVE-2026-41482 HIGH 7.1
Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. Thi...
CVE-2026-41878 HIGH 7.1
R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever request...
CVE-2026-49394 HIGH 7.1
Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the update_page endpoint in Workspace because public workspaces did not receive the required W...
CVE-2026-50181 HIGH 7.1
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended workin...
CVE-2026-55460 HIGH 7.1
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with del...
CVE-2026-55474 HIGH 7.1
Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, ...
CVE-2026-55880 HIGH 7.1
OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit func...
CVE-2026-55881 HIGH 7.1
OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session ...
CVE-2026-56335 HIGH 7.1
Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authe...
CVE-2026-57212 HIGH 7.1
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_management HTTP API accepts oversized valid JSON bodies on with_decode and direct_request paths ...
CVE-2026-57214 HIGH 7.1
RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping ...
CVE-2026-61441 HIGH 7.1
PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete pe...
CVE-2026-61450 HIGH 7.1
Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user, or anyone able to write to user/pages) to exfiltrate configuration secrets. Although the sandbox repla...
CVE-2026-61455 HIGH 7.1
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archiv...
CVE-2026-13103 HIGH 7.0
A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.
CVE-2026-13104 HIGH 7.0
A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privilege...
CVE-2026-59863 HIGH 7.0
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota honored a poisoned .kiota/workspace.json workspace configuration without validating per-client or per-plugin outputPath val...
CVE-2026-61438 HIGH 7.0
PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST validation of workflow script steps. Attackers can create ma...
CVE-2026-48571 HIGH 7.0
Use after free in Windows App Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-48572 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-49162 HIGH 7.0
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-49183 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clipboard Server allows an authorized attacker to elevate privileges locally.
CVE-2026-49784 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.
CVE-2026-49802 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-49803 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
CVE-2026-49805 HIGH 7.0
Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-49806 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-50296 HIGH 7.0
Use after free in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50297 HIGH 7.0
Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-50307 HIGH 7.0
Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-50322 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50323 HIGH 7.0
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50325 HIGH 7.0
Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-50345 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50348 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50356 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.
CVE-2026-50358 HIGH 7.0
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50359 HIGH 7.0
Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally.
CVE-2026-50371 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows LUAFV allows an authorized attacker to elevate privileges locally.
CVE-2026-50372 HIGH 7.0
Buffer over-read in Windows Redirected Drive Buffering allows an authorized attacker to elevate privileges locally.
CVE-2026-50384 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50390 HIGH 7.0
Access of resource using incompatible type ('type confusion') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50392 HIGH 7.0
Use after free in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVE-2026-50393 HIGH 7.0
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-50396 HIGH 7.0
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-50397 HIGH 7.0
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50403 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50404 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50406 HIGH 7.0
Use after free in Windows Backup Engine allows an authorized attacker to elevate privileges locally.
CVE-2026-50410 HIGH 7.0
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50449 HIGH 7.0
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50452 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50459 HIGH 7.0
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-50490 HIGH 7.0
Use after free in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-50491 HIGH 7.0
Out-of-bounds read in Code Integrity DLL (ci.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-50503 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50526 HIGH 7.0
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
CVE-2026-50658 HIGH 7.0
Time-of-check time-of-use (toctou) race condition in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2026-50669 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50672 HIGH 7.0
Use after free in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50674 HIGH 7.0
Use after free in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-54111 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-54129 HIGH 7.0
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2026-54684 HIGH 7.0
jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a malicious .xapk file can cause jadx to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack direc...
CVE-2026-54989 HIGH 7.0
Use after free in Quality Windows Audio/Video Experience (QWAVE) service allows an authorized attacker to elevate privileges locally.
CVE-2026-54996 HIGH 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-56173 HIGH 7.0
Use after free in Windows WebView allows an authorized attacker to elevate privileges locally.
CVE-2026-56183 HIGH 7.0
Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.
CVE-2026-56187 HIGH 7.0
Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.
CVE-2026-57093 HIGH 7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-58476 HIGH 7.0
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring...
CVE-2026-58526 HIGH 7.0
Use after free in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-58544 HIGH 7.0
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-58619 HIGH 7.0
Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-58629 HIGH 7.0
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2026-58637 HIGH 7.0
Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
CVE-2026-6851 HIGH 7.0
An Improper link resolution before file access ('link following') vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privile...
CVE-2026-8085 HIGH 7.0
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the model.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, wh...
CVE-2026-8312 HIGH 7.0
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the expmt.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, wh...
CVE-2026-8313 HIGH 7.0
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the linker.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, w...
CVE-2026-8314 HIGH 7.0
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the siman.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, wh...
CVE-2026-58411 HIGH 7.0
ChurchCRM is an open-source church management system. Prior to version 7.4.0, Cross-Site Scripting (XSS) vulnerabilities were identified due to insufficient output encoding of user-controlled request ...
CVE-2026-38057 HIGH 7.0
The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks...
CVE-2026-54000 HIGH 7.0
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write i...
CVE-2026-54001 HIGH 7.0
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write i...
CVE-2026-55843 HIGH 7.0
Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorize...
CVE-2026-57215 HIGH 7.0
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queue...
CVE-2026-57217 HIGH 7.0
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures becau...
CVE-2024-58360 MEDIUM 6.9
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts ...
CVE-2026-59237 MEDIUM 6.9
Authorization Bypass Through User-Controlled Key (CWE-639) in the Order and OrderItem REST API controllers in Roskus Prospero Flow CRM before 5.5.3 allows a remote, authenticated user to read, modify,...
CVE-2026-60140 MEDIUM 6.9
An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This can lead to exposing sensitive info...
CVE-2026-63086 MEDIUM 6.9
text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF) vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network at...
CVE-2026-15746 MEDIUM 6.9
Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearch_memory tool ...
CVE-2026-33444 MEDIUM 6.9
CVE-2026-33444 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent...
CVE-2026-47159 MEDIUM 6.9
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIden...
CVE-2026-55398 MEDIUM 6.9
CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a no...
CVE-2026-59236 MEDIUM 6.9
Authorization Bypass Through User-Controlled Key (CWE-639) in the Excel import handlers (CustomerImport, LeadImport, ProductImport) in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authentic...
CVE-2026-60087 MEDIUM 6.9
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obt...
CVE-2026-61427 MEDIUM 6.9
PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks whe...
CVE-2026-61452 MEDIUM 6.9
The Grav API plugin (getgrav/grav-plugin-api) before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti (JWT ID) claim and therefore cannot ...
CVE-2026-10051 MEDIUM 6.9
In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailer...
CVE-2026-45754 MEDIUM 6.9
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parse...
CVE-2026-45755 MEDIUM 6.9
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse() received the configured webhook secret bu...
CVE-2026-46644 MEDIUM 6.9
Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload i...
CVE-2026-47212 MEDIUM 6.9
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse() received the configured webhook se...
CVE-2026-48736 MEDIUM 6.9
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATE_SUBN...
CVE-2026-52837 MEDIUM 6.9
Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at `/index.php/booking/reschedule/{appointment_hash}` (handled by `Booking:...
CVE-2026-60118 MEDIUM 6.9
Hi.Events through v1.10.0-beta contains a missing server-side visibility enforcement vulnerability that allows unauthenticated attackers to purchase hidden tickets by referencing hidden product and pr...
CVE-2026-15541 MEDIUM 6.9
A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing ...
CVE-2026-15542 MEDIUM 6.9
A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads t...
CVE-2026-15553 MEDIUM 6.9
Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to downloa...
CVE-2026-58488 MEDIUM 6.9
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Versions prior to 1.11.0 allowed attackers to circumvent the rate-limiting of the /login and /register routes by spoof...
CVE-2026-61503 MEDIUM 6.9
Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to con...
CVE-2026-61505 MEDIUM 6.9
Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation...
CVE-2026-62193 MEDIUM 6.9
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy (authorization) check. When the affected feature is enabled and rea...
CVE-2026-15491 MEDIUM 6.9
A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is ...
CVE-2026-15498 MEDIUM 6.9
A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipul...
CVE-2026-56336 MEDIUM 6.9
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enum...
CVE-2026-56296 MEDIUM 6.9
Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthent...
CVE-2026-61428 MEDIUM 6.9
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted ...
CVE-2026-21039 MEDIUM 6.9
Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings.
CVE-2026-21040 MEDIUM 6.9
Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs.
CVE-2026-21041 MEDIUM 6.9
Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-21054 MEDIUM 6.9
Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
CVE-2026-42219 MEDIUM 6.9
Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via download_backups was possible due to lack of hardening. This issue is fixed in versions 16.19.0 and ...
CVE-2026-56312 MEDIUM 6.9
Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha pro...
CVE-2026-56814 MEDIUM 6.9
Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticat...
CVE-2026-57474 MEDIUM 6.9
Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconna...
CVE-2026-57475 MEDIUM 6.9
Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These addition...
CVE-2026-57575 MEDIUM 6.9
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery (SSRF) vulnerability in URL preview functionality in UrlPreviewService. Du...
CVE-2026-57994 MEDIUM 6.9
phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive (draft or review-only)...
CVE-2026-58503 MEDIUM 6.9
Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the reset_password endpoint. This issue is fixed in versions 16.16.0 and 15.106...
CVE-2026-59155 MEDIUM 6.9
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects...
CVE-2026-59162 MEDIUM 6.9
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound bef...
CVE-2026-59193 MEDIUM 6.9
Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool becaus...
CVE-2026-60086 MEDIUM 6.9
PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to ma...
CVE-2026-60089 MEDIUM 6.9
PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.out...
CVE-2026-60091 MEDIUM 6.9
PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhook_url parameter is validated at request time but re-resol...
CVE-2026-61432 MEDIUM 6.9
PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastContext feature (praisonaiagents.context.fast). FastContextAgent.execute_tool() prepends the configured wor...
CVE-2026-10587 MEDIUM 6.8
A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode.
CVE-2026-10589 MEDIUM 6.8
A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode.
CVE-2026-12379 MEDIUM 6.8
An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to t...
CVE-2026-46404 MEDIUM 6.8
BigBlueButton is an open-source virtual classroom. Prior to 3.0.23, the presentation URL validation did not properly restrict access to site local and link local addresses. The redirect following logi...
CVE-2026-6511 MEDIUM 6.8
During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files...
CVE-2026-49988 MEDIUM 6.8
Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, the Repomix MCP server attach_packed_output and read_repomix_output flow can register and read arbitrary local .json,...
CVE-2026-52888 MEDIUM 6.8
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL() fun...
CVE-2026-62843 MEDIUM 6.8
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses str...
CVE-2026-24234 MEDIUM 6.8
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of ...
CVE-2026-48312 MEDIUM 6.8
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measu...
CVE-2026-48338 MEDIUM 6.8
ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this ...
CVE-2026-49168 MEDIUM 6.8
Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-50298 MEDIUM 6.8
Integer overflow or wraparound in Windows Spaceport.sys allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-50299 MEDIUM 6.8
Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-50426 MEDIUM 6.8
Relative path traversal in DNS Server allows an authorized attacker to execute code over an adjacent network.
CVE-2026-50492 MEDIUM 6.8
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-50668 MEDIUM 6.8
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-53566 MEDIUM 6.8
Out-of-bounds read vulnerability in Citrix Citrix Secure Access Client for Windows. This issue affects Citrix Secure Access Client for Windows: before 26.6.1.20.
CVE-2026-54132 MEDIUM 6.8
Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-58528 MEDIUM 6.8
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
CVE-2026-58489 MEDIUM 6.8
HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export flow created an OAuth2  state  value but only checked that it was present rather...
CVE-2026-60103 MEDIUM 6.8
Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signe...
CVE-2026-60088 MEDIUM 6.8
PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like ...
CVE-2026-21052 MEDIUM 6.8
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
CVE-2026-21057 MEDIUM 6.8
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
CVE-2026-55885 MEDIUM 6.8
Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/account...
CVE-2026-57216 MEDIUM 6.8
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest t...
CVE-2026-61431 MEDIUM 6.8
PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute path...
CVE-2026-8595 MEDIUM 6.8
A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cr...
CVE-2026-10588 MEDIUM 6.7
A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.
CVE-2026-10590 MEDIUM 6.7
A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.
CVE-2026-6424 MEDIUM 6.7
Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system
CVE-2026-40953 MEDIUM 6.7
CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service ...
CVE-2026-49501 MEDIUM 6.7
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and versions 9.11.0.0 through 9.13.0.2 contains an Improper Privilege Management vulnerability. A high privileged attacker with local access co...
CVE-2026-55410 MEDIUM 6.7
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by inter...
CVE-2026-21043 MEDIUM 6.7
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.
CVE-2026-58554 MEDIUM 6.6
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58555 MEDIUM 6.6
Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-49804 MEDIUM 6.6
Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-50678 MEDIUM 6.6
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-59837 MEDIUM 6.6
A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, Forti...
CVE-2025-11977 MEDIUM 6.6
The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and inc...
CVE-2026-12941 MEDIUM 6.5
The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in all versions up to, and includin...
CVE-2026-13754 MEDIUM 6.5
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 3.6.0.0 due to insufficient escaping ...
CVE-2026-13767 MEDIUM 6.5
The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied '...
CVE-2026-15022 MEDIUM 6.5
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insuffi...
CVE-2026-44596 MEDIUM 6.5
Yamcs is a mission control framework. Prior to 5.12.7, the authentication endpoint POST /auth/token in yamcs-core, handled by yamcs-core/src/main/java/org/yamcs/http/auth/AuthHandler.java, lacked any ...
CVE-2026-46514 MEDIUM 6.5
Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fm_reset_password in Tools/ResetPassword.php:48-53 returned a plaintext password and fm_add_extension in Tools/AddExtens...
CVE-2026-47084 MEDIUM 6.5
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP comma...
CVE-2026-47729 MEDIUM 6.5
Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bou...
CVE-2026-55440 MEDIUM 6.5
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Prior to 3.0.7, the COMMAND_RESULTS handler in ufo/server/ws/handler.py called get_or_create_session in ufo...
CVE-2025-32781 MEDIUM 6.5
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions w...
CVE-2026-52892 MEDIUM 6.5
Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan REST handlers in server/models/customFields.js use read-level Authentication.checkBoardAccess instead of write-level Authentication....
CVE-2026-53447 MEDIUM 6.5
Wekan is open source kanban built with Meteor. Prior to 9.35, the Wekan cloneBoard Meteor method in models/import.js uses caller-supplied sourceBoardId to build a board export through models/exporter....
CVE-2026-54562 MEDIUM 6.5
Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the...
CVE-2026-58559 MEDIUM 6.5
DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-15714 MEDIUM 6.5
An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream...
CVE-2026-15766 MEDIUM 6.5
Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security...
CVE-2026-15770 MEDIUM 6.5
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security s...
CVE-2026-34348 MEDIUM 6.5
Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network.
CVE-2026-47282 MEDIUM 6.5
Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
CVE-2026-47481 MEDIUM 6.5
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerabilit...
CVE-2026-48816 MEDIUM 6.5
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries[].integratedTime for bundle v0....
CVE-2026-49799 MEDIUM 6.5
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
CVE-2026-50366 MEDIUM 6.5
Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.
CVE-2026-50376 MEDIUM 6.5
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50445 MEDIUM 6.5
Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50468 MEDIUM 6.5
Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network.
CVE-2026-50497 MEDIUM 6.5
Off-by-one error in Windows Remote Desktop Protocol allows an unauthorized attacker to disclose information over a network.
CVE-2026-50504 MEDIUM 6.5
Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-50659 MEDIUM 6.5
Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.
CVE-2026-54108 MEDIUM 6.5
External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-54116 MEDIUM 6.5
Access of resource using incompatible type ('type confusion') in SQL Server allows an authorized attacker to disclose information over a network.
CVE-2026-54126 MEDIUM 6.5
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-55003 MEDIUM 6.5
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-55051 MEDIUM 6.5
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
CVE-2026-55054 MEDIUM 6.5
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-56168 MEDIUM 6.5
Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.
CVE-2026-56185 MEDIUM 6.5
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.
CVE-2026-57976 MEDIUM 6.5
Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.
CVE-2026-57979 MEDIUM 6.5
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-57982 MEDIUM 6.5
Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.
CVE-2026-58279 MEDIUM 6.5
Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
CVE-2026-58533 MEDIUM 6.5
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-58535 MEDIUM 6.5
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-58539 MEDIUM 6.5
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-58546 MEDIUM 6.5
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-59198 MEDIUM 6.5
Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process he...
CVE-2026-59888 MEDIUM 6.5
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStra...
CVE-2026-59889 MEDIUM 6.5
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler...
CVE-2026-10106 MEDIUM 6.5
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authe...
CVE-2026-57364 MEDIUM 6.5
Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More better-payment allows Accessing ...
CVE-2026-57365 MEDIUM 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 &amp; v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-...
CVE-2026-57375 MEDIUM 6.5
Missing Authorization vulnerability in FluxBuilder MStore API mstore-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MStore API: from n/a through <= 4.18...
CVE-2026-57377 MEDIUM 6.5
Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through <= 1.6.8.
CVE-2026-57390 MEDIUM 6.5
Missing Authorization vulnerability in EDGARROJAS Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Securi...
CVE-2026-57391 MEDIUM 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic...
CVE-2026-57392 MEDIUM 6.5
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.22.5.
CVE-2026-57393 MEDIUM 6.5
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.T...
CVE-2026-57395 MEDIUM 6.5
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.22.5.
CVE-2026-57400 MEDIUM 6.5
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi...
CVE-2026-57402 MEDIUM 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-wooco...
CVE-2026-57404 MEDIUM 6.5
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This...
CVE-2026-57406 MEDIUM 6.5
Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through...
CVE-2026-57408 MEDIUM 6.5
Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach P...
CVE-2026-57412 MEDIUM 6.5
Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a throug...
CVE-2026-57414 MEDIUM 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot for eCommerce &#8211; WoowBot woowbot-woocommerce-chatbot allows Stored XSS.T...
CVE-2026-57418 MEDIUM 6.5
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client In...
CVE-2026-57419 MEDIUM 6.5
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ...
CVE-2026-57420 MEDIUM 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Netrr Author Box WP Lens author-box-for-divi allows Stored XSS.This issue affects Author Box WP Le...
CVE-2026-57424 MEDIUM 6.5
Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpa...
CVE-2026-57693 MEDIUM 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security...
CVE-2026-57694 MEDIUM 6.5
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a...
CVE-2026-57698 MEDIUM 6.5
Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects ...
CVE-2026-57711 MEDIUM 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a ...
CVE-2026-57780 MEDIUM 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affect...
CVE-2026-57783 MEDIUM 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in merkulove Speaker speaker allows Stored XSS.This issue affects Speaker: from n/a through <= 4.1.13...
CVE-2026-57812 MEDIUM 6.5
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sim...
CVE-2026-58408 MEDIUM 6.5
ChurchCRM is an open-source church management system. Prior to version 7.4.0, a low-privileged user can bypass the /admin/export UI and exfiltrate the entire member directory. The POST /CSVCreateFile....
CVE-2026-59523 MEDIUM 6.5
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sim...
CVE-2026-62147 MEDIUM 6.5
The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span...
CVE-2026-6850 MEDIUM 6.5
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause ...
CVE-2026-11426 MEDIUM 6.5
The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in th...
CVE-2026-13262 MEDIUM 6.5
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1....
CVE-2026-15072 MEDIUM 6.5
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insuf...
CVE-2026-15073 MEDIUM 6.5
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insuf...
CVE-2026-13010 MEDIUM 6.5
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, ...
CVE-2026-15104 MEDIUM 6.5
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and includi...
CVE-2026-15287 MEDIUM 6.5
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the order_by parameter in all versions up to, and including, 4.6.18 due to insuffic...
CVE-2026-54468 MEDIUM 6.5
Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read...
CVE-2026-55469 MEDIUM 6.5
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV...
CVE-2026-57157 MEDIUM 6.5
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied Dev...
CVE-2026-57211 MEDIUM 6.5
RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_pri...
CVE-2026-13755 MEDIUM 6.4
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due t...
CVE-2026-14987 MEDIUM 6.4
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twitter_message' Sequoia Template Setting in all versions up to, and includ...
CVE-2026-15021 MEDIUM 6.4
The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and o...
CVE-2026-15099 MEDIUM 6.4
The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sani...
CVE-2026-15652 MEDIUM 6.4
The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, ...
CVE-2026-56678 MEDIUM 6.4
9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authen...
CVE-2026-11390 MEDIUM 6.4
The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to...
CVE-2026-24220 MEDIUM 6.4
NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit...
CVE-2026-24259 MEDIUM 6.4
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execu...
CVE-2026-3014 MEDIUM 6.4
Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API.  The vulnerability causes users with edit permiss...
CVE-2026-4018 MEDIUM 6.4
TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data...
CVE-2026-55000 MEDIUM 6.4
Use after free in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-57097 MEDIUM 6.4
Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-62644 MEDIUM 6.4
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.
CVE-2026-7640 MEDIUM 6.4
The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the `customer-area-protected-content` shortcode in all versions up to, and including,...
CVE-2026-12536 MEDIUM 6.4
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Module Title’ parameter in all versions up to, and including, 3.15.5 due to insufficient input san...
CVE-2026-15515 MEDIUM 6.4
A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulati...
CVE-2026-57413 MEDIUM 6.4
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through <= 2.1.4.
CVE-2025-13968 MEDIUM 6.4
The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up to, ...
CVE-2026-10660 MEDIUM 6.4
The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assistant.c reassembled remote Broadcast Receive State data into a single file-static net_buf_simple (att_buf,...
CVE-2026-12126 MEDIUM 6.4
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'post_title' in all versions up to, and including, 3.7.3...
CVE-2026-1382 MEDIUM 6.4
The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitizat...
CVE-2026-15010 MEDIUM 6.4
The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient i...
CVE-2026-15096 MEDIUM 6.4
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b_width_map' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitizat...
CVE-2026-15097 MEDIUM 6.4
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'height_slider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sani...
CVE-2026-5743 MEDIUM 6.4
The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient in...
CVE-2026-12123 MEDIUM 6.4
The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authentic...
CVE-2026-12924 MEDIUM 6.4
The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etn_faq_content' parameter in all versions u...
CVE-2026-13247 MEDIUM 6.4
The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgx_tooltip_position' parameter in all ver...
CVE-2026-13710 MEDIUM 6.4
The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sg_body_descr...
CVE-2026-15284 MEDIUM 6.4
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_page_id' parameter in versions up to, and including, 51.1.62 This is due to insufficient i...
CVE-2026-15285 MEDIUM 6.4
The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+) Stored Cross-Site Scripting via the Button widget's `custom_attributes` setting in versions up to and ...
CVE-2026-15292 MEDIUM 6.4
The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to in...
CVE-2026-15296 MEDIUM 6.4
The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkp_product' shortcode in all versions up to, and including...
CVE-2026-15299 MEDIUM 6.4
The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weather_style' and 'move_direction' parameters of the Weather widget in all versions up to...
CVE-2026-15301 MEDIUM 6.4
The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanit...
CVE-2026-3251 MEDIUM 6.4
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum Sat...
CVE-2026-3907 MEDIUM 6.4
The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization...
CVE-2026-55370 MEDIUM 6.4
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained insi...
CVE-2026-35146 MEDIUM 6.3
HCL DFXServer is affected by an Unencrypted Communication vulnerability. The application permits users to establish connections over unencrypted channels via the HTTP protocol, which could allow a rem...
CVE-2026-35148 MEDIUM 6.3
HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states that certain endpoints are accessible without any form of authentication in another browser. This allows ...
CVE-2026-44968 MEDIUM 6.3
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, _run_dbt_command() in src/dbt_mcp/dbt_cli/tools.py appended unsanitized node_selection and resource_type values to...
CVE-2026-55407 MEDIUM 6.3
Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decode_unknown_field function in buffa's protobuf decoder allocated heap memory in ...
CVE-2026-59249 MEDIUM 6.3
Inconsistent interpretation of HTTP requests (HTTP response smuggling) vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on ...
CVE-2026-45150 MEDIUM 6.3
Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controll...
CVE-2026-45737 MEDIUM 6.3
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl...
CVE-2026-47703 MEDIUM 6.3
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by prod...
CVE-2026-49867 MEDIUM 6.3
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /...
CVE-2026-56349 MEDIUM 6.3
n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circu...
CVE-2026-56353 MEDIUM 6.3
n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth (a non-default configuration). In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, a...
CVE-2026-56764 MEDIUM 6.3
Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit...
CVE-2026-59254 MEDIUM 6.3
n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors...
CVE-2026-60065 MEDIUM 6.3
When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond th...
CVE-2026-61646 MEDIUM 6.3
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows r...
CVE-2026-61860 MEDIUM 6.3
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already ...
CVE-2026-61868 MEDIUM 6.3
ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion (denial...
CVE-2026-61871 MEDIUM 6.3
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leak...
CVE-2026-12606 MEDIUM 6.3
Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling.
CVE-2026-15305 MEDIUM 6.3
Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the M...
CVE-2026-15757 MEDIUM 6.3
A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the device. This issue was identified through testi...
CVE-2026-24226 MEDIUM 6.3
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data ...
CVE-2026-45067 MEDIUM 6.3
### Description `Symfony\Component\Mime\Address` is the value-object every Symfony Mailer address (to/cc/bcc/from/reply-to) flows through; its constructor is documented as validating the address and ...
CVE-2026-45070 MEDIUM 6.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Mime\Header\ParameterizedHeader validat...
CVE-2026-45073 MEDIUM 6.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear() builds a DELETE statement using a n...
CVE-2026-48747 MEDIUM 6.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature() parsed X-MOM-Webhook-Signature ...
CVE-2026-49978 MEDIUM 6.3
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.7, DOMPurify IN_PLACE sanitization could skip shadow contents attached to an element inside <template>.co...
CVE-2026-50374 MEDIUM 6.3
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges with a physical attack.
CVE-2026-50375 MEDIUM 6.3
Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2026-55145 MEDIUM 6.3
Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network.
CVE-2026-57973 MEDIUM 6.3
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally.
CVE-2026-58478 MEDIUM 6.3
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP r...
CVE-2026-58543 MEDIUM 6.3
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.
CVE-2026-59246 MEDIUM 6.3
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handle_contin...
CVE-2026-61520 MEDIUM 6.3
Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger...
CVE-2026-56877 MEDIUM 6.3
The SCORM lab launch endpoint in Skillable (scorm.skillable.com) through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticat...
CVE-2026-62197 MEDIUM 6.3
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that shou...
CVE-2026-56763 MEDIUM 6.3
Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with __proto__ properties. When parsed results are merged ...
CVE-2026-61857 MEDIUM 6.3
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP da...
CVE-2026-61861 MEDIUM 6.3
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling...
CVE-2026-49844 MEDIUM 6.3
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13...
CVE-2026-56373 MEDIUM 6.3
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing ma...
CVE-2026-57476 MEDIUM 6.3
Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented gener...
CVE-2026-46377 MEDIUM 6.2
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the escape sequence handler in (*Tokenizer).parseCurRune in selector/lexer/...
CVE-2026-46378 MEDIUM 6.2
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the selector lexer matchRegexPattern closure in (*Tokenizer).parseCurRune i...
CVE-2026-53446 MEDIUM 6.2
Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js ...
CVE-2026-0515 MEDIUM 6.2
Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.
CVE-2026-24271 MEDIUM 6.2
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of thi...
CVE-2026-47470 MEDIUM 6.2
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability mig...
CVE-2026-47475 MEDIUM 6.2
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerabil...
CVE-2026-48296 MEDIUM 6.2
CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to cr...
CVE-2026-48298 MEDIUM 6.2
CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to cr...
CVE-2026-48302 MEDIUM 6.2
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the appli...
CVE-2026-48354 MEDIUM 6.2
CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the ...
CVE-2026-48357 MEDIUM 6.2
CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust syst...
CVE-2026-49807 MEDIUM 6.2
Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally.
CVE-2026-50294 MEDIUM 6.2
Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally.
CVE-2026-50420 MEDIUM 6.2
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.
CVE-2026-55026 MEDIUM 6.2
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-57095 MEDIUM 6.2
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.
CVE-2026-29519 MEDIUM 6.2
Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attacke...
CVE-2026-55466 MEDIUM 6.2
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inli...
CVE-2026-55481 MEDIUM 6.2
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders header_color and related branding color settings inside a CSS style block with HTML escaping that is insuff...
CVE-2026-15306 MEDIUM 6.1
The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and inc...
CVE-2026-46341 MEDIUM 6.1
The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool ...
CVE-2026-54728 MEDIUM 6.1
bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API imprope...
CVE-2026-15779 MEDIUM 6.1
A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On ...
CVE-2026-33213 MEDIUM 6.1
Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the get_next_path() function in Redash's authentication module stripped the scheme and netloc from user-supplied next para...
CVE-2026-40957 MEDIUM 6.1
o   CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credenti...
CVE-2026-41580 MEDIUM 6.1
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata field...
CVE-2026-50182 MEDIUM 6.1
WWBN AVideo is an open source video platform. Versions prior to 29.0 contain an unauthenticated Reflected XSS vulnerability through AVideo YouTubeAPI Gallery Pagination. The $_GET['search'] query para...
CVE-2026-56087 MEDIUM 6.1
Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthori...
CVE-2026-23573 MEDIUM 6.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS ...
CVE-2026-44759 MEDIUM 6.1
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser w...
CVE-2026-44767 MEDIUM 6.1
setThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a <link rel=stylesheet> elemen...
CVE-2026-49174 MEDIUM 6.1
Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.
CVE-2026-49458 MEDIUM 6.1
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitize(node, { IN_PLACE: true }) accepted same-origin foreign-realm DOM nodes while follow...
CVE-2026-49459 MEDIUM 6.1
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitize(root, { IN_PLACE: true }) could preserve event-handler attributes on an attacker-co...
CVE-2026-50383 MEDIUM 6.1
Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
CVE-2026-50453 MEDIUM 6.1
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
CVE-2026-50495 MEDIUM 6.1
Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.
CVE-2026-50661 MEDIUM 6.1
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-54988 MEDIUM 6.1
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55898 MEDIUM 6.1
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-10663 MEDIUM 6.1
In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c) freed the root usb_device slab object without clearing the cached pointer ctx-...
CVE-2026-11392 MEDIUM 6.1
The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' and 'check_out_date' parameters in all versions up to, and including, 2.3.1 due to ins...
CVE-2026-15297 MEDIUM 6.1
The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up t...
CVE-2026-54714 MEDIUM 6.1
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML ...
CVE-2026-55461 MEDIUM 6.1
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url()->previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and...
CVE-2026-9838 MEDIUM 6.1
The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitizati...
CVE-2026-59259 MEDIUM 6.0
n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expres...
CVE-2026-12588 MEDIUM 6.0
An attacker with access to an HX 10.0.0  and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger decompression of a large file that consume...
CVE-2026-46638 MEDIUM 6.0
Twig is a template language for PHP. Prior to 3.26.0, {% sandbox %}{% include %} can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity(), allowing the...
CVE-2026-48808 MEDIUM 6.0
Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed()...
CVE-2026-49981 MEDIUM 6.0
Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sand...
CVE-2026-54429 MEDIUM 6.0
A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory reso...
CVE-2026-58638 MEDIUM 6.0
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-53449 MEDIUM 6.0
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with n...
CVE-2026-53535 MEDIUM 5.9
Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes f...
CVE-2026-55406 MEDIUM 5.9
Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.7.0, a soundness bug in the OwnedView<V> type allowed safe Rust code to trigger a use-after-...
CVE-2026-56454 MEDIUM 5.9
HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interc...
CVE-2026-11851 MEDIUM 5.9
Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection") in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confid...
CVE-2026-54443 MEDIUM 5.9
Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles...
CVE-2026-56742 MEDIUM 5.9
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPR...
CVE-2026-59838 MEDIUM 5.9
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 a...
CVE-2026-61643 MEDIUM 5.9
FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, an authenticated FastGPT user can save a workflow node that points to another user's private HTTP toolset by usin...
CVE-2026-15712 MEDIUM 5.9
A heap buffer over-read vulnerability was discovered in libsoup's HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug D...
CVE-2026-15713 MEDIUM 5.9
A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2...
CVE-2026-47997 MEDIUM 5.9
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gai...
CVE-2026-47998 MEDIUM 5.9
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gai...
CVE-2026-48308 MEDIUM 5.9
Premiere Pro is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gai...
CVE-2026-50324 MEDIUM 5.9
Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-56649 MEDIUM 5.9
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.
CVE-2026-9571 MEDIUM 5.9
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in po...
CVE-2026-15289 MEDIUM 5.9
The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevart_id’ parameter in all versions up to, and including, 3.2.17 due to insu...
CVE-2026-15449 MEDIUM 5.8
A time-of-check to time-of-use (TOCTOU) flaw in the illumos data-link pseudo-driver (dld) affects handling of the DLDIOC_GETMACPROP and DLDIOC_SETMACPROP ioctls on /dev/dld. drv_ioc_prop_common() in u...
CVE-2026-47160 MEDIUM 5.8
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/{domain}/icon.png endpoint used src/http_client.rs checks including should_block_address() and post_...
CVE-2026-62314 MEDIUM 5.8
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check(...
CVE-2026-15738 MEDIUM 5.8
Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another n...
CVE-2026-57691 MEDIUM 5.8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects ...
CVE-2026-21044 MEDIUM 5.8
Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
CVE-2026-52761 MEDIUM 5.8
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformati...
CVE-2026-55187 MEDIUM 5.8
Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go rel...
CVE-2026-15737 MEDIUM 5.7
AWS Bedrock AgentCore Python SDK is an open-source Python library that provides client tools for building AI agents on the Amazon Bedrock AgentCore platform. Unintended logging of sensitive user co...
CVE-2026-62655 MEDIUM 5.7
A security flaw was found in certain NETGEAR Orbi models that could allow an unauthorized user to cause the device to stop responding or restart unexpectedly, disrupting network connectivity and makin...
CVE-2026-55475 MEDIUM 5.7
Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the created_by value of an impo...
CVE-2026-57213 MEDIUM 5.7
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_federation_management plugin renders the consumer_tag field on the Federation Status page withou...
CVE-2026-15030 MEDIUM 5.6
Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware bounda...
CVE-2026-15907 MEDIUM 5.5
A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=log_fw_nbc_mail_jsondata. Executing a manipulation of the argument subject can l...
CVE-2026-45612 MEDIUM 5.5
rz-libdemangle is a Rizin library for demangling symbols. Prior to 6bf56d3, the Rust demangler in src/rust/rust_v0.c can perform an out-of-bounds read when the demangler structure is not yet initializ...
CVE-2026-50012 MEDIUM 5.5
Squid is a caching proxy for the Web. Prior to 7.6, due to an improper input validation bug in cache digest reply handling (peerDigestSwapInMask in src/peer_digest.cc), Squid is vulnerable to a heap-b...
CVE-2026-56453 MEDIUM 5.5
HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the...
CVE-2026-9494 MEDIUM 5.5
An information disclosure vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client validates Ubuntu Pro APT credentials by executing /usr/lib/apt/apt-helper us...
CVE-2026-20146 MEDIUM 5.5
A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to perform path traversal attacks on the underl...
CVE-2026-62361 MEDIUM 5.5
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscr...
CVE-2026-9007 MEDIUM 5.5
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting (XSS).  Successful exploitati...
CVE-2026-10670 MEDIUM 5.5
The CONFIG_USERSPACE verification handler for the k_thread_name_copy() system call (z_vrfy_k_thread_name_copy() in kernel/thread.c) calls k_object_find() on the caller-supplied thread pointer and then...
CVE-2026-15622 MEDIUM 5.5
A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a man...
CVE-2026-15675 MEDIUM 5.5
A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sq...
CVE-2026-15676 MEDIUM 5.5
A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sq...
CVE-2026-15677 MEDIUM 5.5
A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to u...
CVE-2026-15703 MEDIUM 5.5
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulatio...
CVE-2026-15752 MEDIUM 5.5
A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endp...
CVE-2026-33842 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-34328 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Audio Service allows an authorized attacker to disclose information locally.
CVE-2026-34346 MEDIUM 5.5
Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.
CVE-2026-34349 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.
CVE-2026-40422 MEDIUM 5.5
Use of uninitialized resource in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-41087 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-44769 MEDIUM 5.5
SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confident...
CVE-2026-45496 MEDIUM 5.5
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-47969 MEDIUM 5.5
Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploita...
CVE-2026-47979 MEDIUM 5.5
Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exp...
CVE-2026-48353 MEDIUM 5.5
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files ...
CVE-2026-48580 MEDIUM 5.5
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-49177 MEDIUM 5.5
Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.
CVE-2026-49180 MEDIUM 5.5
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-49801 MEDIUM 5.5
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
CVE-2026-50295 MEDIUM 5.5
Improper privilege management in Microsoft Windows DNS allows an authorized attacker to bypass a security feature locally.
CVE-2026-50300 MEDIUM 5.5
Integer underflow (wrap or wraparound) in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-50303 MEDIUM 5.5
Use of a cryptographic primitive with a risky implementation in Windows Key Guard allows an authorized attacker to bypass a security feature locally.
CVE-2026-50316 MEDIUM 5.5
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-50334 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.
CVE-2026-50339 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-50341 MEDIUM 5.5
Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.
CVE-2026-50350 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
CVE-2026-50352 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2026-50377 MEDIUM 5.5
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50381 MEDIUM 5.5
Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.
CVE-2026-50389 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50394 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.
CVE-2026-50401 MEDIUM 5.5
Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
CVE-2026-50408 MEDIUM 5.5
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-50409 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.
CVE-2026-50430 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-50431 MEDIUM 5.5
Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability
CVE-2026-50434 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-50437 MEDIUM 5.5
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-50442 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50455 MEDIUM 5.5
Use of uninitialized resource in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-50456 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50473 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50475 MEDIUM 5.5
Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-50483 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally.
CVE-2026-50681 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2026-50690 MEDIUM 5.5
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
CVE-2026-54997 MEDIUM 5.5
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
CVE-2026-55023 MEDIUM 5.5
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55027 MEDIUM 5.5
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55028 MEDIUM 5.5
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55035 MEDIUM 5.5
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55042 MEDIUM 5.5
Use of uninitialized resource in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55046 MEDIUM 5.5
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55047 MEDIUM 5.5
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55050 MEDIUM 5.5
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55057 MEDIUM 5.5
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55121 MEDIUM 5.5
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55124 MEDIUM 5.5
Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55138 MEDIUM 5.5
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55139 MEDIUM 5.5
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55142 MEDIUM 5.5
Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-56178 MEDIUM 5.5
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2026-56184 MEDIUM 5.5
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.
CVE-2026-56192 MEDIUM 5.5
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-56195 MEDIUM 5.5
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-57083 MEDIUM 5.5
Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.
CVE-2026-57084 MEDIUM 5.5
Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.
CVE-2026-57085 MEDIUM 5.5
Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
CVE-2026-58545 MEDIUM 5.5
Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.
CVE-2026-58547 MEDIUM 5.5
Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-58614 MEDIUM 5.5
Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.
CVE-2026-59839 MEDIUM 5.5
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7...
CVE-2026-15514 MEDIUM 5.5
A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote...
CVE-2026-15517 MEDIUM 5.5
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql inje...
CVE-2026-15530 MEDIUM 5.5
A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Exe...
CVE-2026-15537 MEDIUM 5.5
A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username resul...
CVE-2026-15551 MEDIUM 5.5
Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects .
CVE-2026-15557 MEDIUM 5.5
A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAut...
CVE-2026-15597 MEDIUM 5.5
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/2.php. This affects an unknown function of the file /edit_exam2.php. Performing a manipulation of the argume...
CVE-2026-15479 MEDIUM 5.5
A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint...
CVE-2026-15482 MEDIUM 5.5
A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao_loja/sis.php?t=consultar of the component HTTP Handler. Executin...
CVE-2026-15488 MEDIUM 5.5
A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of th...
CVE-2026-15489 MEDIUM 5.5
A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The ...
CVE-2026-15490 MEDIUM 5.5
A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The man...
CVE-2026-15497 MEDIUM 5.5
A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/Exchan...
CVE-2026-15319 MEDIUM 5.5
A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. Such ma...
CVE-2026-15330 MEDIUM 5.5
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build_image_content/_download_to_data_url of the file agent/tools/vision/vision.py of the component Vision To...
CVE-2026-44918 MEDIUM 5.5
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
CVE-2026-47082 MEDIUM 5.4
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc (to save a copy of the s...
CVE-2026-61718 MEDIUM 5.4
bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefi...
CVE-2026-49997 MEDIUM 5.4
SurrealDB is a scalable, distributed, collaborative, document-graph database for the realtime web. Prior to 3.1.0, Document::purge_edges in surrealdb/core/src/doc/delete.rs automatically removed graph...
CVE-2026-56743 MEDIUM 5.4
Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors ...
CVE-2026-62348 MEDIUM 5.4
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE <id> against a...
CVE-2026-62353 MEDIUM 5.4
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken() incremented past a trailing backslash in a SQL string ...
CVE-2026-62355 MEDIUM 5.4
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader admin_user on a TDengine Cloud DB instance could run create udf even though ...
CVE-2026-48253 MEDIUM 5.4
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript w...
CVE-2026-48254 MEDIUM 5.4
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript w...
CVE-2026-48255 MEDIUM 5.4
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript w...
CVE-2026-48257 MEDIUM 5.4
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript w...
CVE-2026-48260 MEDIUM 5.4
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript w...
CVE-2026-48261 MEDIUM 5.4
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript w...
CVE-2026-48262 MEDIUM 5.4
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript w...
CVE-2026-48263 MEDIUM 5.4
Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Mal...
CVE-2026-48355 MEDIUM 5.4
Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Mal...
CVE-2026-48371 MEDIUM 5.4
Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious Jav...
CVE-2026-48758 MEDIUM 5.4
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE str...
CVE-2026-56157 MEDIUM 5.4
Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-62656 MEDIUM 5.4
A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to ...
CVE-2026-9108 MEDIUM 5.4
A path traversal security issue exists within Studio 5000 Logix Designer® due to improper limitation of file paths within ACD project files. The software does not sanitize or validate file names embed...
CVE-2026-10085 MEDIUM 5.4
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which...
CVE-2026-61958 MEDIUM 5.4
Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff...
CVE-2026-61968 MEDIUM 5.4
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 3.1.2.
CVE-2026-9597 MEDIUM 5.4
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated gu...
CVE-2026-11818 MEDIUM 5.4
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the pl...
CVE-2026-5069 MEDIUM 5.4
The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscription_id' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership author...
CVE-2026-57230 MEDIUM 5.4
OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user inp...
CVE-2026-15106 MEDIUM 5.3
The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin ...
CVE-2026-15909 MEDIUM 5.3
A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument ...
CVE-2026-45795 MEDIUM 5.3
The Janssen Project is an open-source identity and access management (IAM) platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner s...
CVE-2026-47751 MEDIUM 5.3
Claude Code Action is a general-purpose GitHub action that runs Claude Code on GitHub pull requests and issues. Prior to 1.0.74, because the action checked out attacker-controlled pull request head br...
CVE-2026-53536 MEDIUM 5.3
Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not che...
CVE-2026-56455 MEDIUM 5.3
HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service (DoS). The application fails to properly validate input sizes, allowing an attacker to pass an exce...
CVE-2026-56456 MEDIUM 5.3
HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory ...
CVE-2026-62299 MEDIUM 5.3
CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0Repl...
CVE-2026-63082 MEDIUM 5.3
Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Supp...
CVE-2026-13230 MEDIUM 5.3
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentic...
CVE-2026-20298 MEDIUM 5.3
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privilege...
CVE-2026-33684 MEDIUM 5.3
WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTC...
CVE-2026-46459 MEDIUM 5.3
ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write...
CVE-2026-56352 MEDIUM 5.3
n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by ...
CVE-2026-60062 MEDIUM 5.3
The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required for...
CVE-2026-61457 MEDIUM 5.3
The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension() inspects only the final fil...
CVE-2026-11802 MEDIUM 5.3
The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration() function, accessible via the...
CVE-2026-11944 MEDIUM 5.3
openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary f...
CVE-2026-15771 MEDIUM 5.3
Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensiti...
CVE-2026-24227 MEDIUM 5.3
NVIDIA TensorRT for contains a vulnerability where a user might cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution.
CVE-2026-44806 MEDIUM 5.3
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
CVE-2026-46629 MEDIUM 5.3
Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, p...
CVE-2026-46635 MEDIUM 5.3
Twig is a template language for PHP. Prior to 3.26.0, the column filter passes object arrays to PHP array_column(), which reads public and magic properties without reaching CoreExtension::getAttribute...
CVE-2026-48038 MEDIUM 5.3
joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON ...
CVE-2026-48125 MEDIUM 5.3
UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists ...
CVE-2026-48760 MEDIUM 5.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse() rejected raw BiDi formatting charac...
CVE-2026-48761 MEDIUM 5.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlAttributeSanitizer::getSupportedAttributes() omitted U...
CVE-2026-48805 MEDIUM 5.3
Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow(), arraySome(), and a...
CVE-2026-49854 MEDIUM 5.3
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocket_mask without validating that the mask argume...
CVE-2026-50415 MEDIUM 5.3
Exposure of sensitive information to an unauthorized actor in Windows Media allows an unauthorized attacker to disclose information over a network.
CVE-2026-50432 MEDIUM 5.3
Use after free in Windows Virtual Filtering Platform (VFP) allows an authorized attacker to deny service over a network.
CVE-2026-56164 MEDIUM 5.3
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-58475 MEDIUM 5.3
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying mali...
CVE-2026-59203 MEDIUM 5.3
Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file t...
CVE-2026-6790 MEDIUM 5.3
In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority (host and port) matches what provided in the Host header (if present). This was not en...
CVE-2026-7494 MEDIUM 5.3
Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to ini...
CVE-2026-8384 MEDIUM 5.3
In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/se...
CVE-2026-15529 MEDIUM 5.3
A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument p...
CVE-2026-15538 MEDIUM 5.3
A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes i...
CVE-2026-15552 MEDIUM 5.3
Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers...
CVE-2026-15598 MEDIUM 5.3
A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly co...
CVE-2026-49969 MEDIUM 5.3
Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-control...
CVE-2026-49971 MEDIUM 5.3
Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files conta...
CVE-2026-57774 MEDIUM 5.3
Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a throug...
CVE-2026-57776 MEDIUM 5.3
Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through <= 1.3.7.
CVE-2026-57778 MEDIUM 5.3
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects...
CVE-2026-57779 MEDIUM 5.3
Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through <= 1.1.5.
CVE-2026-57781 MEDIUM 5.3
Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through <= 1.25.10.
CVE-2026-57782 MEDIUM 5.3
Missing Authorization vulnerability in PressTigers Universal Clocks universal-clocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Clocks: from n...
CVE-2026-61501 MEDIUM 5.3
Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that i...
CVE-2026-61975 MEDIUM 5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: fro...
CVE-2026-61976 MEDIUM 5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects Jet...
CVE-2026-61977 MEDIUM 5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n...
CVE-2026-61983 MEDIUM 5.3
Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <=...
CVE-2026-61985 MEDIUM 5.3
Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manage...
CVE-2026-62198 MEDIUM 5.3
OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Atta...
CVE-2026-62239 MEDIUM 5.3
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the download_and_copy() function within hopper/setup.py that extracts NVIDIA toolchain archives ...
CVE-2026-15485 MEDIUM 5.3
A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub_43F2C4 of the file /goform/tools_nslookup of the component DNS Lookup Handler. This manipulation of the a...
CVE-2026-15486 MEDIUM 5.3
A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub_42026C of the file /goform/tools_ddns of the component Firmware Update Handler. Such manipulation of the ar...
CVE-2026-15487 MEDIUM 5.3
A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of the...
CVE-2026-15502 MEDIUM 5.3
A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument ite...
CVE-2026-56252 MEDIUM 5.3
Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped cr...
CVE-2026-10865 MEDIUM 5.3
The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the (template body). This makes it possible for unauth...
CVE-2026-11901 MEDIUM 5.3
The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the `web_hook_process_paypal_stand...
CVE-2026-12426 MEDIUM 5.3
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the members_filter_protected_po...
CVE-2026-12994 MEDIUM 5.3
The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying th...
CVE-2026-13250 MEDIUM 5.3
The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to p...
CVE-2026-56240 MEDIUM 5.3
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gat...
CVE-2026-6801 MEDIUM 5.3
The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes it possible for unauthenti...
CVE-2026-6803 MEDIUM 5.3
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonc...
CVE-2026-6804 MEDIUM 5.3
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying t...
CVE-2026-9017 MEDIUM 5.3
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verif...
CVE-2026-11990 MEDIUM 5.3
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly v...
CVE-2026-13039 MEDIUM 5.3
The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and includ...
CVE-2026-15302 MEDIUM 5.3
The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attacke...
CVE-2026-15331 MEDIUM 5.3
A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill Installation Hand...
CVE-2026-47422 MEDIUM 5.3
Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked appropriate permission checks and that has since been fixed. This vulnerability is fix...
CVE-2026-48127 MEDIUM 5.3
Frappe is a full-stack web application framework. Prior to 16.20.0 and 15.110.0, users without write access could attach files to any doctype through file-handling API endpoints such as add_attachment...
CVE-2026-54470 MEDIUM 5.3
Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potenti...
CVE-2026-55476 MEDIUM 5.3
Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?} accepts cancel_by_admin as a URL path segment without ...
CVE-2026-55478 MEDIUM 5.3
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/licenses checks whether the caller can edit kits but does not authorize access to the referenced license o...
CVE-2026-55479 MEDIUM 5.3
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, all...
CVE-2026-56309 MEDIUM 5.3
Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitr...
CVE-2026-56329 MEDIUM 5.3
Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can regist...
CVE-2026-57221 MEDIUM 5.3
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 opera...
CVE-2026-58661 MEDIUM 5.3
n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files ...
CVE-2026-6802 MEDIUM 5.3
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdc_cus...
CVE-2026-8609 MEDIUM 5.3
An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denia...
CVE-2026-14852 MEDIUM 5.2
Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 (EOL) allows a local unprivileged user to execute arbitrary commands as root by s...
CVE-2026-63081 MEDIUM 5.1
Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malici...
CVE-2026-55399 MEDIUM 5.1
CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS agains...
CVE-2026-58551 MEDIUM 5.1
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58552 MEDIUM 5.1
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58556 MEDIUM 5.1
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-61453 MEDIUM 5.1
Grav v2.0.0 contains a cross-site scripting vulnerability (fixed in 2.0.1). The XSS blueprint validator (Security::detectXss()) runs on raw page content before Twig processing. When Twig content proce...
CVE-2026-62294 MEDIUM 5.1
Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to...
CVE-2026-14645 MEDIUM 5.1
Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration ...
CVE-2026-15429 MEDIUM 5.1
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into inter...
CVE-2026-46628 MEDIUM 5.1
Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spacel...
CVE-2026-46637 MEDIUM 5.1
Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with is_safe => [all], causing Twig to treat plain text or HTML ou...
CVE-2026-47730 MEDIUM 5.1
Twig is a template language for PHP. From 3.0.0 until 3.26.0, Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate() and Profile::getName() into HTML output without escaping, allowing attacker-...
CVE-2026-48784 MEDIUM 5.1
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment encod...
CVE-2026-50418 MEDIUM 5.1
Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-60119 MEDIUM 5.1
Hi.Events through v1.10.0-beta contains a cross-site scripting vulnerability that allows authenticated attackers with event creation or edit permissions to inject arbitrary HTML and JavaScript by embe...
CVE-2026-12257 MEDIUM 5.1
Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution (RCE) vulnerability. The flaw is located in the endpoint “/index.cfm/_api/json/v1/default”, where the “method” parameter...
CVE-2026-40467 MEDIUM 5.1
Use After Free vulnerability has been found in "io.c" program file of gawk (do_getline_redir() routine). This issue may lead to a crash. It affects gawk in versions 5.4.0 and below.
CVE-2026-40469 MEDIUM 5.1
Integer overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue could be used to overwrite gawk heap metadata and objects causing the program to crash....
CVE-2026-40553 MEDIUM 5.1
Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk (ftype() routine). This issue could be used to crash the program and potentially to achieve code execution, a...
CVE-2026-4765 MEDIUM 5.1
Stored Cross-Site Scripting (XSS) vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’ parameter of the initialization process due to improper sanitization of user i...
CVE-2026-58228 MEDIUM 5.1
Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView....
CVE-2026-58487 MEDIUM 5.1
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerab...
CVE-2026-61502 MEDIUM 5.1
Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and exempts GET requests from its anti-CSRF header check. A remote attacker can perform administrative actions in...
CVE-2026-61504 MEDIUM 5.1
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permissio...
CVE-2026-15493 MEDIUM 5.1
A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a man...
CVE-2026-56281 MEDIUM 5.1
Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly...
CVE-2025-30008 MEDIUM 5.1
HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed ...
CVE-2026-14461 MEDIUM 5.1
mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response th...
CVE-2026-21050 MEDIUM 5.1
Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-21051 MEDIUM 5.1
Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.
CVE-2026-21053 MEDIUM 5.1
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.
CVE-2026-41877 MEDIUM 5.1
R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visit...
CVE-2026-56354 MEDIUM 5.1
n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields an...
CVE-2026-57158 MEDIUM 5.1
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_pla...
CVE-2026-57167 MEDIUM 5.1
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without esca...
CVE-2026-57961 MEDIUM 5.1
phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths() function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges ...
CVE-2026-58493 MEDIUM 5.1
grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbna...
CVE-2026-61456 MEDIUM 5.1
The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded through the POST /api/v1/media endpoint. The HandlesMediaUploads::processUploadedFile() method validates...
CVE-2026-12391 MEDIUM 5.0
An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) within the pro collect-logs command framework. The utility creates or utilizes predi...
CVE-2026-59732 MEDIUM 5.0
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selecte...
CVE-2026-10664 MEDIUM 5.0
The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src/wifi_mgmt.c copied TWT (Target Wake Time) flow entries from an nrf_wifi_umac_ev...
CVE-2026-55515 MEDIUM 5.0
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending()->find($acceptance...
CVE-2026-15445 MEDIUM 4.9
The SEO Booster plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied...
CVE-2026-15458 MEDIUM 4.9
The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_field' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied...
CVE-2026-15651 MEDIUM 4.9
The WP TripAdvisor Review Slider plugin for WordPress is vulnerable to generic SQL Injection via the 'filtersource' parameter in all versions up to, and including, 14.6 due to insufficient escaping on...
CVE-2026-15727 MEDIUM 4.9
The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'delete_user_roles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the use...
CVE-2026-62947 MEDIUM 4.9
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before can...
CVE-2026-14646 MEDIUM 4.9
Nexus Repository 3 did not apply its existing Server-Side Request Forgery (SSRF) protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a prox...
CVE-2026-62657 MEDIUM 4.9
A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely acces...
CVE-2026-61952 MEDIUM 4.9
Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This is...
CVE-2026-61970 MEDIUM 4.9
Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image (A...
CVE-2026-9708 MEDIUM 4.9
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester w...
CVE-2025-5017 MEDIUM 4.9
The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escap...
CVE-2026-12141 MEDIUM 4.9
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_tooltip_text' parameter in all versions up ...
CVE-2026-12918 MEDIUM 4.9
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and...
CVE-2026-14475 MEDIUM 4.9
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6 due to insuf...
CVE-2026-57218 MEDIUM 4.9
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.update_secret refresh to...
CVE-2026-1563 MEDIUM 4.8
Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting (XSS) vulnerability in a user interface component. Requires a high privileged user with a developer role.
CVE-2026-56375 MEDIUM 4.8
ImageMagick through 7.1.2-18 contains a memory leak vulnerability in the ASHLAR coder when an action fails. Attackers can trigger failed actions to exhaust memory resources and cause denial of service...
CVE-2026-58557 MEDIUM 4.8
Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-61859 MEDIUM 4.8
ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths th...
CVE-2026-12478 MEDIUM 4.8
The fix for CVE-2026-0716 (commit 6ff7ef0, libsoup 3.6.6) placed the integer overflow guard inside the if (masked) block, leaving unmasked server-to-client frames unprotected. A malicious WebSocket se...
CVE-2026-15621 MEDIUM 4.8
A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulatio...
CVE-2026-47999 MEDIUM 4.8
Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious Ja...
CVE-2026-50684 MEDIUM 4.8
Improper neutralization of input during web page generation ('cross-site scripting') in Active Directory Federation Services (AD FS) allows an authorized attacker to perform spoofing over a network.
CVE-2026-56372 MEDIUM 4.8
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an ...
CVE-2026-61465 MEDIUM 4.8
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes Imag...
CVE-2026-61858 MEDIUM 4.8
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassi...
CVE-2026-21056 MEDIUM 4.8
Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.
CVE-2026-55452 MEDIUM 4.8
Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores the request User-Agent header and ReportsController::postActivityReport() writes that value to the Acti...
CVE-2026-55464 MEDIUM 4.8
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permissio...
CVE-2026-55890 MEDIUM 4.8
Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action (CVE-2026-42841) leaves the sibling MediaObjectTrait::style met...
CVE-2026-56366 MEDIUM 4.8
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG...
CVE-2026-56666 MEDIUM 4.8
ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the extern...
CVE-2026-50183 MEDIUM 4.7
WWBN AVideo is an open source video platform. Versions 29.0 and below contain a stored Cross-Site Scripting vulnerability in the YouTubeAPI plugin. The plugin renders the snippet.title field returned ...
CVE-2026-44760 MEDIUM 4.7
Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response whic...
CVE-2026-49167 MEDIUM 4.7
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50310 MEDIUM 4.7
Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally.
CVE-2026-50312 MEDIUM 4.7
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-50657 MEDIUM 4.7
Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally.
CVE-2026-54432 MEDIUM 4.7
Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting (XSS). The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation ...
CVE-2026-62658 MEDIUM 4.7
A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to the device to run unauthorized commands or code on the router.
CVE-2026-15681 MEDIUM 4.7
AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An atta...
CVE-2026-15682 MEDIUM 4.7
AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An a...
CVE-2026-1562 MEDIUM 4.6
Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting (XSS) vulnerability in a user interface component. Requires a high privileged user with a developer role.
CVE-2026-49794 MEDIUM 4.6
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
CVE-2026-55016 MEDIUM 4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55019 MEDIUM 4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55020 MEDIUM 4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55030 MEDIUM 4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55135 MEDIUM 4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-50485 MEDIUM 4.5
Buffer over-read in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2026-14846 MEDIUM 4.5
In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ funct...
CVE-2026-13005 MEDIUM 4.4
The MxChat – AI Chatbot & Content Generation for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.10 due to insu...
CVE-2026-15324 MEDIUM 4.4
The SysBasics Customize My Account for WooCommerce – Live My Account Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'row_type' parameter in all versions up to, an...
CVE-2026-11591 MEDIUM 4.4
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization an...
CVE-2026-11898 MEDIUM 4.4
The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output ...
CVE-2026-3367 MEDIUM 4.4
The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insuffic...
CVE-2026-9738 MEDIUM 4.4
The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_position_css' parameter in all versions up to, and including, 5.5.10 due to in...
CVE-2026-12108 MEDIUM 4.4
The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and ...
CVE-2026-15283 MEDIUM 4.4
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization a...
CVE-2026-15295 MEDIUM 4.4
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient inpu...
CVE-2026-46388 MEDIUM 4.4
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve...
CVE-2026-12409 MEDIUM 4.3
The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,...
CVE-2026-12434 MEDIUM 4.3
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitize_status. This makes it possible for authentica...
CVE-2026-15336 MEDIUM 4.3
The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catch_themes_demo_import_activate_plugin() function, ...
CVE-2026-15350 MEDIUM 4.3
The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized...
CVE-2026-15407 MEDIUM 4.3
The Themify Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 7.7.7. This is due to the plugin not properly verifying that a user is authorized t...
CVE-2026-15610 MEDIUM 4.3
The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin ...
CVE-2026-15945 MEDIUM 4.3
A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access re...
CVE-2026-44595 MEDIUM 4.3
Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check...
CVE-2026-46338 MEDIUM 4.3
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. From 10.0.1 until 10.21.3, pymdownx.snippets uses a string-prefix containment check in SnippetPreprocessor.get_snipp...
CVE-2026-47083 MEDIUM 4.3
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder name...
CVE-2026-47089 MEDIUM 4.3
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they cou...
CVE-2026-54568 MEDIUM 4.3
Microsoft UFO open-source framework for intelligent automation across devices and platforms. From 3.0.0 until 3.0.6, a client connected to the UFO WebSocket server as a DEVICE could call DEVICE_INFO_R...
CVE-2026-55548 MEDIUM 4.3
Yamcs is a mission control framework. Prior to 5.12.8 and 5.13.2, the PacketsApi.exportPackets endpoint in yamcs-core/src/main/java/org/yamcs/http/api/PacketsApi.java failed to enforce object-level Re...
CVE-2026-57205 MEDIUM 4.3
SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.203, the authenticated GET /api/user/info/<user_id> and GET /ap...
CVE-2025-43892 MEDIUM 4.3
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions may allow an authenticated remote attacker to return a portion of device...
CVE-2026-13699 MEDIUM 4.3
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional data_point field in PublishValueRequest. When a request contai...
CVE-2026-44770 MEDIUM 4.3
SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. Thi...
CVE-2026-44771 MEDIUM 4.3
SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privilege...
CVE-2026-48000 MEDIUM 4.3
Adobe Commerce is affected by an Improper Redirect (Open Redirect) vulnerability that could result in a Security feature bypass. An attacker could construct a malicious URL that redirects a victim to ...
CVE-2026-59840 MEDIUM 4.3
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiP...
CVE-2026-62641 MEDIUM 4.3
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size.
CVE-2026-62642 MEDIUM 4.3
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.
CVE-2026-62659 MEDIUM 4.3
A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to make unauthorized changes to the device's settings
CVE-2026-9341 MEDIUM 4.3
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.0 via the 'save_...
CVE-2026-10103 MEDIUM 4.3
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to mo...
CVE-2026-12385 MEDIUM 4.3
The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authentic...
CVE-2026-57797 MEDIUM 4.3
Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through <= 4.5.1.
CVE-2026-6541 MEDIUM 4.3
Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team acce...
CVE-2026-9824 MEDIUM 4.3
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticate...
CVE-2026-10041 MEDIUM 4.3
The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfm_product_archive due to miss...
CVE-2026-10628 MEDIUM 4.3
The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a ...
CVE-2026-12103 MEDIUM 4.3
The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is autho...
CVE-2026-12738 MEDIUM 4.3
The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.5.0. This is due to the plugin not pro...
CVE-2026-13116 MEDIUM 4.3
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generate_document_shortcode...
CVE-2026-1832 MEDIUM 4.3
The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedesk_clear_cache' AJ...
CVE-2026-3552 MEDIUM 4.3
The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajax_import_410() function in all versions up to 2.6....
CVE-2026-7544 MEDIUM 4.3
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible...
CVE-2026-7559 MEDIUM 4.3
The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not p...
CVE-2026-7620 MEDIUM 4.3
The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is au...
CVE-2026-8678 MEDIUM 4.3
The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perf...
CVE-2026-11992 MEDIUM 4.3
The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authoriz...
CVE-2026-12400 MEDIUM 4.3
The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via the update_form due to missing valida...
CVE-2026-12955 MEDIUM 4.3
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdpr_cookie_consent_ajax_save_sc...
CVE-2026-15026 MEDIUM 4.3
The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the email_template_selected. This makes i...
CVE-2026-15286 MEDIUM 4.3
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigur...
CVE-2026-1946 MEDIUM 4.3
The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() function in all ve...
CVE-2026-55462 MEDIUM 4.3
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and printInventory() authorize only user viewing before loading and rendering assigned license, accessory, an...
CVE-2026-55472 MEDIUM 4.3
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid pare...
CVE-2026-55664 MEDIUM 4.3
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not che...
CVE-2026-59154 MEDIUM 4.3
Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates...
CVE-2026-6440 MEDIUM 4.3
The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a ...
CVE-2026-9857 MEDIUM 4.3
The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to per...
CVE-2026-55608 MEDIUM 4.2
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLE_MULTI_TENANT=true could allow an ...
CVE-2026-50302 MEDIUM 4.2
Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-55669 MEDIUM 4.2
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer (iss) but not the audience (aud) c...
CVE-2026-56664 MEDIUM 4.2
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token...
CVE-2026-56665 MEDIUM 4.2
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4...
CVE-2026-44768 MEDIUM 4.1
SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restri...
CVE-2026-47085 MEDIUM 4.0
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the vict...
CVE-2026-58549 MEDIUM 4.0
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58550 MEDIUM 4.0
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58553 MEDIUM 4.0
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-14902 MEDIUM 4.0
An open redirect in Ivanti Xtraction before version 2026.2.1 allows a remote unauthenticated attacker to redirect users to arbitrary external URLs.
CVE-2026-15028 LOW 3.9
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extend...
CVE-2026-9820 LOW 3.8
Mattermost versions 11.7.x <= 11.7.2, 10.11.x <= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for...
CVE-2026-62994 LOW 3.7
CoreDNS is a DNS server written in Go. From 1.9.4 until 1.14.5, a network DNS client allowed to request AXFR for a CoreDNS zone can trigger a panic when CoreDNS is configured with k8s_external headles...
CVE-2026-44753 LOW 3.7
SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and em...
CVE-2026-48001 LOW 3.7
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Explo...
CVE-2026-42447 LOW 3.6
jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is affected by an HTML injection vulnerability in the Summary tab because SummaryNode.java appends arches and perArchCount values derived fro...
CVE-2026-47086 LOW 3.5
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token (via the GENURLAUTH command) for any ma...
CVE-2026-47087 LOW 3.5
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that...
CVE-2026-59791 LOW 3.5
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
CVE-2026-61492 LOW 3.5
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
CVE-2025-62675 LOW 3.4
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiO...
CVE-2026-50416 LOW 3.3
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.
CVE-2026-50419 LOW 3.3
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-52839 LOW 3.3
Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the `appointments/search` response, proving that provider isolation i...
CVE-2026-35145 LOW 3.1
HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security (HSTS) policy within its responses,...
CVE-2026-44970 LOW 3.1
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DefaultUsageTracker.emit_tool_called_event() in src/dbt_mcp/tracking/tracking.py serialized every MCP tool call's ...
CVE-2026-47081 LOW 3.1
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of ...
CVE-2026-47088 LOW 3.1
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 82...
CVE-2026-62683 LOW 3.1
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory sha...
CVE-2025-62826 LOW 3.1
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiO...
CVE-2026-12482 LOW 3.1
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the `filter_safe_tarinfos` validation in `keras/src/utils/file_utils.py`. Specifica...
CVE-2026-21840 LOW 3.1
HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeratio...
CVE-2026-52841 LOW 3.1
Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, `Google::oauth` at `application/controllers/Google.php:278` stores its URL-supplied `provider_id` in the session, ...
CVE-2026-59180 LOW 3.1
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins an...
CVE-2026-35140 LOW 3.0
HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The application fails to set the "secure" attribute on session cookies generated during auth...
CVE-2026-35143 LOW 3.0
HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow ...
CVE-2026-15516 LOW 2.9
A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulat...
CVE-2026-15594 LOW 2.9
A vulnerability was found in waooAI waoowaoo up to 0.4.1. Impacted is the function stablePublicIdFromStorageKey in the library src/lib/media/hash.ts of the component Media Handler. The manipulation of...
CVE-2026-48329 LOW 2.7
ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass securi...
CVE-2026-52840 LOW 2.7
Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, `Caldav::connect_to_server` at `application/controllers/Caldav.php:60` hands the request's `caldav_url` to a Guzzl...
CVE-2026-61971 LOW 2.7
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This ...
CVE-2026-35141 LOW 2.6
HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unaut...
CVE-2026-35142 LOW 2.6
HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote ...
CVE-2026-52838 LOW 2.6
Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 allow administrators to define a custom "booking disabled" message through the booking settings page. That value is st...
CVE-2026-44969 LOW 2.5
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DbtMCP.call_tool() in src/dbt_mcp/mcp/server.py logged the raw arguments dictionary at INFO level before each tool...
CVE-2026-10668 LOW 2.4
The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage unconditionally (base->CEPTXCNT = len in numaker_hsusbd_ep_trigger). Because the...
CVE-2026-55780 LOW 2.4
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extr...
CVE-2026-55781 LOW 2.4
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block si...
CVE-2026-55782 LOW 2.4
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from ...
CVE-2026-55783 LOW 2.4
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-s...
CVE-2026-40958 LOW 2.3
CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS agai...
CVE-2026-45064 LOW 2.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlSanitizer::parse() passes Unicode explicit-direc...
CVE-2026-45065 LOW 2.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern...
CVE-2026-45066 LOW 2.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowl...
CVE-2026-15605 LOW 2.3
A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Va...
CVE-2026-61874 LOW 2.3
filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can del...
CVE-2026-47199 LOW 2.3
Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, check_safe_sql_query permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if databa...
CVE-2026-55670 LOW 2.3
ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user rec...
CVE-2026-55671 LOW 2.3
ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently...
CVE-2026-15921 LOW 2.1
Node Version Manager (nvm) is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, `nvm ls-remote` (and other commands that refresh remote LTS al...
CVE-2026-40954 LOW 2.1
CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel pro...
CVE-2026-40955 LOW 2.1
CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel pro...
CVE-2026-40956 LOW 2.1
CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a small a...
CVE-2026-61862 LOW 2.1
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte ...
CVE-2026-61863 LOW 2.1
ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak.
CVE-2026-61864 LOW 2.1
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released.
CVE-2026-61865 LOW 2.1
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs.
CVE-2026-61866 LOW 2.1
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob ...
CVE-2026-61867 LOW 2.1
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memor...
CVE-2026-61869 LOW 2.1
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service.
CVE-2026-15618 LOW 2.1
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipu...
CVE-2026-15619 LOW 2.1
A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of t...
CVE-2026-15620 LOW 2.1
A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request...
CVE-2026-15624 LOW 2.1
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/create_video_byteplus.go of the...
CVE-2026-15625 LOW 2.1
A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/exec_approval.go. The manipulation resul...
CVE-2026-15626 LOW 2.1
A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/tool_bridge.go of the component ACP ToolBridge Workspace...
CVE-2026-15627 LOW 2.1
A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument...
CVE-2026-15628 LOW 2.1
A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision._download_to_data_url of the file agent/tools/vision/vision.py of the com...
CVE-2026-15629 LOW 2.1
A weakness has been identified in louisho5 picobot up to 0.2.0. Impacted is the function CreateSkill/GetSkill of the file internal/agent/tools/filesystem.go of the component Workspace Handler. Executi...
CVE-2026-15668 LOW 2.1
A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulat...
CVE-2026-15672 LOW 2.1
A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/add_judges.php. This manipulation of the argument fname causes ...
CVE-2026-15697 LOW 2.1
A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in im...
CVE-2026-15698 LOW 2.1
A vulnerability was determined in kofrasa mingo up to 7.2.1. This impacts the function update/updateOne/updateMany of the component Update API. Executing a manipulation of the argument Set can lead to...
CVE-2026-15699 LOW 2.1
A vulnerability was identified in spencermountain compromise up to 14.15.1. Affected is the function nlp.extend of the file src/API/extend.js of the component Public Root API. The manipulation of the ...
CVE-2026-15702 LOW 2.1
A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modi...
CVE-2026-15715 LOW 2.1
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argum...
CVE-2026-15750 LOW 2.1
A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcp__getComponentLink. ...
CVE-2026-15753 LOW 2.1
A vulnerability was determined in zhinianboke xianyu-auto-reply on Server. Affected by this vulnerability is an unknown functionality of the file /api/v1/payment/withdraw/review?action=approve. Execut...
CVE-2026-45753 LOW 2.1
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes() omi...
CVE-2026-15512 LOW 2.1
A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\...
CVE-2026-15513 LOW 2.1
A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results i...
CVE-2026-15523 LOW 2.1
A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This man...
CVE-2026-15525 LOW 2.1
A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function _validate_urls of the file src/adloop/ads/write.py. Performing a manipulation of the argument final_ur...
CVE-2026-15535 LOW 2.1
A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserialize_from of the file retrieval_lm/src/index....
CVE-2026-15536 LOW 2.1
A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql in...
CVE-2026-15540 LOW 2.1
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Perform...
CVE-2026-15546 LOW 2.1
A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exe...
CVE-2026-15547 LOW 2.1
A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub_2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead ...
CVE-2026-15558 LOW 2.1
A security vulnerability has been detected in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/deletemp.ph...
CVE-2026-15559 LOW 2.1
A vulnerability was detected in CodeAstro Simple Online Leave Management System 1.0. This affects an unknown part of the file /SimpleOnlineLeave/admin/accept.php of the component POST Handler. Perform...
CVE-2026-15595 LOW 2.1
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /forsubject.php. This manipulation of the argument subje...
CVE-2026-15596 LOW 2.1
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject ...
CVE-2026-15607 LOW 2.1
A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the function select of the file src/query/compiler/select.ts of the component Alias Path Handler. The manipul...
CVE-2026-40468 LOW 2.1
Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap met...
CVE-2026-15470 LOW 2.1
A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authori...
CVE-2026-15471 LOW 2.1
A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_status.jsp. Performing a manipulation results in improper authorization. Re...
CVE-2026-15472 LOW 2.1
A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to imprope...
CVE-2026-15473 LOW 2.1
A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The m...
CVE-2026-15474 LOW 2.1
A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of...
CVE-2026-15477 LOW 2.1
A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a m...
CVE-2026-15478 LOW 2.1
A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a ...
CVE-2026-15492 LOW 2.1
A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. S...
CVE-2026-15495 LOW 2.1
A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The man...
CVE-2026-15496 LOW 2.1
A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScr...
CVE-2026-15499 LOW 2.1
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled Task Handl...
CVE-2026-15500 LOW 2.1
A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the component ma...
CVE-2026-15501 LOW 2.1
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of t...
CVE-2026-15507 LOW 2.1
A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation result...
CVE-2026-15508 LOW 2.1
A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Exe...
CVE-2026-15509 LOW 2.1
A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument role leads to improper authoriza...
CVE-2026-15510 LOW 2.1
A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The attack may be performed f...
CVE-2026-61448 LOW 2.1
Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions >= 9.0.0, < 9.10.0-alpha.2 and <= 8.6.83. When an uploaded file's extension is not recognized by the mime pack...
CVE-2026-61870 LOW 2.1
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images...
CVE-2026-15317 LOW 2.1
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarde...
CVE-2026-15318 LOW 2.1
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This ma...
CVE-2026-15320 LOW 2.1
A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument me...
CVE-2026-15329 LOW 2.1
A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool._do_navigate of the file agent/tools/browser/browser_tool.py of the component Browser Tool. Perf...
CVE-2026-15332 LOW 2.1
A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation res...
CVE-2026-15373 LOW 2.1
A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role ...
CVE-2026-15374 LOW 2.1
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lea...
CVE-2026-15375 LOW 2.1
A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User Interface. The manipulation lead...
CVE-2026-15376 LOW 2.1
A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. Th...
CVE-2026-15377 LOW 2.1
A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper a...
CVE-2026-56813 LOW 2.1
Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in ...
CVE-2026-58225 LOW 2.1
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notific...
CVE-2026-61872 LOW 2.0
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memo...
CVE-2025-8412 LOW 2.0
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the inte...
CVE-2026-15678 LOW 2.0
A security vulnerability has been detected in code-projects Online Job Portal 1.0. This impacts an unknown function of the file /Admin/DetailJob.php. The manipulation leads to cross site scripting. Th...
CVE-2026-15700 LOW 2.0
A security flaw has been discovered in DedeCMS 5.7.118. Affected by this vulnerability is the function ExtractFile of the file include/zip.class.php of the component Album Publishing Feature. The mani...
CVE-2026-45072 LOW 2.0
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.4.24 until 6.4.40, 7.4.12, and 8.0.12, the development profiler file_excerpt Twig filter escape...
CVE-2026-15518 LOW 2.0
A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php ...
CVE-2026-15533 LOW 2.0
A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Colum...
CVE-2026-15539 LOW 2.0
A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Fe...
CVE-2026-15494 LOW 2.0
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead ...
CVE-2026-15505 LOW 2.0
A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of th...
CVE-2026-15311 LOW 2.0
A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the com...
CVE-2026-15326 LOW 2.0
A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of th...
CVE-2026-15669 LOW 1.9
A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation result...
CVE-2026-15749 LOW 1.9
A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcp__C2d. Performing a ...
CVE-2026-15751 LOW 1.9
A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component m...
CVE-2026-15520 LOW 1.9
A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executing...
CVE-2026-15521 LOW 1.9
A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component update_node_from_file. The manipulation of t...
CVE-2026-15522 LOW 1.9
A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component run_project. The manipul...
CVE-2026-15524 LOW 1.9
A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argum...
CVE-2026-15526 LOW 1.9
A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan_project_deps. Executing a...
CVE-2026-15527 LOW 1.9
A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scan_project_icons/sync_icon. Such manipulation of the argument icons_f...
CVE-2026-15528 LOW 1.9
A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicad_mcp/utils/path_validator.py. Performing a manipulation of the argument proj...
CVE-2026-15531 LOW 1.9
A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file run_nerf.py of the componen...
CVE-2026-15532 LOW 1.9
A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Nam...
CVE-2026-15475 LOW 1.9
A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation ...
CVE-2026-15476 LOW 1.9
A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation lead...
CVE-2026-15321 LOW 1.9
A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument new_valu...
CVE-2026-15690 LOW 1.3
A vulnerability was identified in open62541 up to 1.5.5. Affected by this issue is the function responseReadNamespacesArray of the file src/client/ua_client_connect.c of the component Shared Client Li...
CVE-2026-15519 LOW 1.3
A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file system_prompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion ...
CVE-2026-61464 LOW 1.0
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corr...
CVE-2025-45868 UNKNOWN
LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to blind SQL injection in the ComparisonServlet component, allowing authenticated user to manipulate SQL queries via crafted input.
CVE-2025-45870 UNKNOWN
LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to Local File Inclusion (LFI) in the OnlyOfficeEditor servlet class, allowing authenticated user to exploit path traversal flaws in the fileExt...
CVE-2026-11371 UNKNOWN
The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated ...
CVE-2026-11866 UNKNOWN
The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform ...
CVE-2026-12395 UNKNOWN
The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level (self-registerab...
CVE-2026-12492 UNKNOWN
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allo...
CVE-2026-12510 UNKNOWN
The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read o...
CVE-2026-12525 UNKNOWN
The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate...
CVE-2026-12585 UNKNOWN
The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attack...
CVE-2026-12684 UNKNOWN
The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachme...
CVE-2026-12869 UNKNOWN
The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action (it allows any edit_posts user), so a Contr...
CVE-2026-12906 UNKNOWN
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contr...
CVE-2026-12907 UNKNOWN
The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide...
CVE-2026-12978 UNKNOWN
The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated ...
CVE-2026-12979 UNKNOWN
The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete...
CVE-2026-13397 UNKNOWN
HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malfor...
CVE-2026-13401 UNKNOWN
XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malform...
CVE-2026-14890 UNKNOWN
SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attack...
CVE-2026-3031 UNKNOWN
Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library. Image::EPEG includes Epeg 0.9.0 that was last updated in 2004. Epeg is a fast JPEG thumbnail library tha...
CVE-2026-53366 UNKNOWN
In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In __ip_append_data(), when the paged-allocation branch is taken, alloclen ...
CVE-2026-57073 UNKNOWN
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such...
CVE-2026-57074 UNKNOWN
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such ...
CVE-2025-65720 UNKNOWN
An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page.
CVE-2026-11579 UNKNOWN
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is made against an existing form configured with a file-upload field, accepting ...
CVE-2026-11580 UNKNOWN
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor...
CVE-2026-12281 UNKNOWN
The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an a...
CVE-2026-12512 UNKNOWN
The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based...
CVE-2026-14960 UNKNOWN
Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WR...
CVE-2026-14961 UNKNOWN
Pegatron `Tdelo64.sys` exposes a privileged device interface, `\\.\TdeIo`, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate call...
CVE-2026-26032 UNKNOWN
The PackagerResolver of Apache Ivy is able to download online artifacts and to (re)package them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored i...
CVE-2026-26718 UNKNOWN
A Cross-Site Request Forgery (CSRF) vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affec...
CVE-2026-26719 UNKNOWN
Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script
CVE-2026-30618 UNKNOWN
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management inte...
CVE-2026-30623 UNKNOWN
LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application allows users to add MCP servers via a JSON configuration specifying arbitrary c...
CVE-2026-35152 UNKNOWN
A SQL Injection vulnerability exists in Apache Fineract's Report Execution API (runreports endpoint) in versions up to and including 1.14.0. Report parameter values are incorporated into the generated...
CVE-2026-36590 UNKNOWN
An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to cause a denial of service via the nni_qos_db_set function in broker_tcp.c component
CVE-2026-38752 UNKNOWN
A stack overflow in the evaluate() function (editors/awk.c) of BusyBox commit 371fe9 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
CVE-2026-38753 UNKNOWN
A use-after-free in the awk_sub() function (editors/awk.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
CVE-2026-38754 UNKNOWN
A heap overflow in the ifsbreakup() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
CVE-2026-38755 UNKNOWN
A heap overflow in the evalcommand() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
CVE-2026-38974 UNKNOWN
Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramiko_vendor.py.
CVE-2026-51380 UNKNOWN
Buffer Overflow vulnerability in Tenda AC10 v3 (firmware V03.03.16.09) allows attackers to cause a permanent Denial of Service (DoS) or potentially execute remote code via the /cgi-bin/UploadCfg endpo...
CVE-2026-56287 UNKNOWN
A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API (GET /api/v1/clients) in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are...
CVE-2026-57821 UNKNOWN
A SQL Injection vulnerability exists in Apache Fineract's Office Search API (GET /api/v1/offices) in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query...
CVE-2026-61371 UNKNOWN
Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/overwrite of the symlink target. The destructive effect is performed at open-tim...
CVE-2025-15665 UNKNOWN
The Ultimate Before After Image Slider & Gallery WordPress plugin before 4.7.1 does not escape the value of the BEAF Slider widget's shortcode field before outputting it on the front end (the value i...
CVE-2025-56361 UNKNOWN
A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic (`emberAfLevelControlClusterServerTickCal...
CVE-2025-56362 UNKNOWN
A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is s...
CVE-2025-56363 UNKNOWN
A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters (Channel, Account Login, Target...
CVE-2025-56364 UNKNOWN
A use of uninitialized value vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, where the `GetDestinationGroupId().Value()` method is called without first checking whether a value ...
CVE-2025-56365 UNKNOWN
A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent en...
CVE-2026-11563 UNKNOWN
The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authentica...
CVE-2026-11567 UNKNOWN
The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to ...
CVE-2026-12511 UNKNOWN
The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attac...
CVE-2026-12583 UNKNOWN
The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, vi...
CVE-2026-12988 UNKNOWN
The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's c...
CVE-2026-15043 UNKNOWN
DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted <= and >= SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some c...
CVE-2026-15058 UNKNOWN
Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference ...
CVE-2026-15392 UNKNOWN
DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The complete_table_name method builds the absolute table file path without checking wh...
CVE-2026-15409 UNKNOWN
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make re...
CVE-2026-15410 UNKNOWN
Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could pot...
CVE-2026-15637 UNKNOWN
Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an...
CVE-2026-15641 UNKNOWN
Improper authorization in the access request status endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to approve their own pending access request via a di...
CVE-2026-15642 UNKNOWN
Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated respo...
CVE-2026-15718 UNKNOWN
We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6.
CVE-2026-15719 UNKNOWN
We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6.
CVE-2026-15747 UNKNOWN
Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token generates and caches one token per session and...
CVE-2026-15768 UNKNOWN
Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: ...
CVE-2026-15775 UNKNOWN
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15778 UNKNOWN
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions v...
CVE-2026-36035 UNKNOWN
Incorrect access control in the /api/License/deactivateOffline endpoint of CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows authenticated attackers with low-level privileges to cause a D...
CVE-2026-36214 UNKNOWN
osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote...
CVE-2026-38450 UNKNOWN
An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description parameter of the Add/Update Project function
CVE-2026-49488 UNKNOWN
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OpenMeetings. This issue affects Apache OpenMeetings: from 5.0.0 before 9.1.0. An attacker with ...
CVE-2026-51105 UNKNOWN
Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3 allows a remote attacker to cause a denial of service via the OP_SERVERMESSAGE Handler.
CVE-2026-51807 UNKNOWN
Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the j2k_precinct_subband::parse_packet_header() in source/core/coding/coding_units.cpp
CVE-2026-51808 UNKNOWN
Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the openhtj2k_decoder_impl::invoke, invoke_line_based, invoke_line_based_stream, and inv...
CVE-2026-52100 UNKNOWN
Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to execute arbitrary code via the uploadPutHandler function
CVE-2026-52101 UNKNOWN
An issue in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to obtain sensitive information via the function uploadRemote function in upload.go
CVE-2026-5269 UNKNOWN
In Ciena's Navigator Network Control Suite (NCS) and Manage Control Plan (MCP), there are hidden system accounts used for internal software operations. Some of these accounts have default passwords th...
CVE-2026-5270 UNKNOWN
An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet products. The issue is caused by improper h...
CVE-2026-58319 UNKNOWN
Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized a...
CVE-2026-59083 UNKNOWN
Improper Handling of URL Encoding (Hex Encoding) vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0...
CVE-2026-59084 UNKNOWN
Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat: ...
CVE-2026-60081 UNKNOWN
DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows...
CVE-2026-60082 UNKNOWN
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper w...
CVE-2026-62390 UNKNOWN
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Kylin. A backend API refreshing table catalog may cause the injection to the generated SQL....
CVE-2026-62392 UNKNOWN
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue ...
CVE-2026-62393 UNKNOWN
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in...
CVE-2025-45869 UNKNOWN
LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input p...
CVE-2026-10551 UNKNOWN
The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and ab...
CVE-2026-11963 UNKNOWN
The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifie...
CVE-2026-11964 UNKNOWN
The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated at...
CVE-2026-12081 UNKNOWN
The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing una...
CVE-2026-12271 UNKNOWN
The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify...
CVE-2026-12273 UNKNOWN
The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowi...
CVE-2026-12274 UNKNOWN
The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing t...
CVE-2026-12275 UNKNOWN
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core ...
CVE-2026-12396 UNKNOWN
The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level (self-regi...
CVE-2026-12397 UNKNOWN
The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level (self-regist...
CVE-2026-12582 UNKNOWN
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL...
CVE-2026-13221 UNKNOWN
Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such ...
CVE-2026-14906 UNKNOWN
Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox ...
CVE-2026-26396 UNKNOWN
OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter “filename” is user-controllable and...
CVE-2026-39042 UNKNOWN
An issue in MikroTIk (SIA Mikrotikls, Latvia) RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten() function in libumsg.s...
CVE-2026-41041 UNKNOWN
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to versio...
CVE-2026-49876 UNKNOWN
Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. Th...
CVE-2026-51536 UNKNOWN
In OpENer 2.3.0 (commit 76b95cf) when parsing incoming CIP (Common Industrial Protocol) network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream l...
CVE-2026-51537 UNKNOWN
EIPStackGroup OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid...
CVE-2026-51538 UNKNOWN
EIPStackGroup OpENer 2.3.0 (commit 76b95cf) suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands,...
CVE-2026-51539 UNKNOWN
A Denial of Service (DoS) vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations.
CVE-2026-51540 UNKNOWN
OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData).
CVE-2026-51541 UNKNOWN
OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData fr...
CVE-2026-51821 UNKNOWN
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint
CVE-2026-52533 UNKNOWN
An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component file
CVE-2026-53364 UNKNOWN
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate() hci_le_big_terminate() allocates iso_list_data via kzalloc_obj but ...
CVE-2026-53365 UNKNOWN
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix zerocopy completion for multi-skb sends When a large message is fragmented into multiple skbs, the zerocopy uarg...
CVE-2026-57432 UNKNOWN
Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a...
CVE-2026-57433 UNKNOWN
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and cal...
CVE-2026-58065 UNKNOWN
The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path between...
CVE-2026-58101 UNKNOWN
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5str...
CVE-2026-58102 UNKNOWN
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_...
CVE-2026-59245 UNKNOWN
In the Apache Airflow FAB auth manager, a DAG whose `dag_id` is `DAGs` collided with the global all-DAGs permission resource name produced by `resource_name()`, so a user granted per-DAG `access_contr...
CVE-2025-70796 UNKNOWN
An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft mal...
CVE-2026-10768 UNKNOWN
Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0.
CVE-2026-10769 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3...
CVE-2026-10770 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk vers...
CVE-2026-11908 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to 1.2.52.
CVE-2026-11909 UNKNOWN
Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6.
CVE-2026-11913 UNKNOWN
vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.
CVE-2026-11914 UNKNOWN
vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*.
CVE-2026-11915 UNKNOWN
vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*.
CVE-2026-12276 UNKNOWN
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX...
CVE-2026-12535 UNKNOWN
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 ...
CVE-2026-12685 UNKNOWN
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanent...
CVE-2026-13231 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Stored XSS. This issue affects Advanc...
CVE-2026-13232 UNKNOWN
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Forceful Browsing. This issue affects Advanced Content Feedback (aka admin_feedback) versions: fro...
CVE-2026-13233 UNKNOWN
Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2.
CVE-2026-13234 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS). This issue affects AI (Arti...
CVE-2026-13235 UNKNOWN
Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8...
CVE-2026-13236 UNKNOWN
Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.
CVE-2026-13237 UNKNOWN
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.
CVE-2026-13238 UNKNOWN
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2.
CVE-2026-13239 UNKNOWN
Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0.
CVE-2026-13240 UNKNOWN
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0.
CVE-2026-13241 UNKNOWN
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0.
CVE-2026-13242 UNKNOWN
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Geolocation Field allows SQL Injection. This issue affects Geolocation Field versions: from...
CVE-2026-13243 UNKNOWN
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3.
CVE-2026-13244 UNKNOWN
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management v...
CVE-2026-15079 UNKNOWN
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4.
CVE-2026-15080 UNKNOWN
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, fro...
CVE-2026-15081 UNKNOWN
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from...
CVE-2026-15082 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting (XSS). This issue affects Siteimprove Ana...
CVE-2026-15083 UNKNOWN
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Conditio...
CVE-2026-15084 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Patterns (SDC in Drupal UI) allows Stored XSS. This issue affects UI Patterns (SDC in Dr...
CVE-2026-15085 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: fro...
CVE-2026-15086 UNKNOWN
vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] versions: *.*.
CVE-2026-15087 UNKNOWN
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.
CVE-2026-15089 UNKNOWN
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*.
CVE-2026-15146 UNKNOWN
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this...
CVE-2026-28564 UNKNOWN
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: fr...
CVE-2026-34196 UNKNOWN
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these viru...
CVE-2026-39244 UNKNOWN
adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloc(_centralHeader.size) allocates ...
CVE-2026-40005 UNKNOWN
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions wit...
CVE-2026-40006 UNKNOWN
Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe_air_gap_receive...
CVE-2026-40007 UNKNOWN
Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively...
CVE-2026-40008 UNKNOWN
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using C...
CVE-2026-40009 UNKNOWN
Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This iss...
CVE-2026-40452 UNKNOWN
Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue...
CVE-2026-40454 UNKNOWN
Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. Th...
CVE-2026-41154 UNKNOWN
Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse me...
CVE-2026-45196 UNKNOWN
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation.
CVE-2026-45203 UNKNOWN
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU b...
CVE-2026-51119 UNKNOWN
An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components
CVE-2026-53363 UNKNOWN
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() iptfs_consume_frags() transfers paged fragments from one socket ...
CVE-2026-55803 UNKNOWN
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5....
CVE-2026-55804 UNKNOWN
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5....
CVE-2026-55806 UNKNOWN
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11,...
CVE-2026-55807 UNKNOWN
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from ...
CVE-2026-55808 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core versions: fro...
CVE-2026-55809 UNKNOWN
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions:...
CVE-2026-55810 UNKNOWN
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from ...
CVE-2026-58587 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions:...
CVE-2026-58588 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions:...
CVE-2026-58589 UNKNOWN
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0.
CVE-2026-58590 UNKNOWN
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0.
CVE-2026-58591 UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS). This issue affects Colorbox versions: from 0.0....
CVE-2026-7639 UNKNOWN
Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader cod...
CVE-2026-9726 UNKNOWN
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce (Basket) allows Object Injection. This issue affects Drupal Alternativ...

Latest Headlines

Dark Reading
1M+ Emails Use Hidden Text to Dupe AI Security Filters
2026-07-16 19:41
BleepingComputer
Claude Chrome extension flaw lets malicious extensions trigger AI actions
2026-07-16 19:26
BleepingComputer
New OkoBot framework deploys 20 payloads to steal data, crypto
2026-07-16 19:09
The Hacker News
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
2026-07-16 17:09
The Record
UK investigates TikTok for alleged age-verification lapses, exposing kids to online harms
2026-07-16 16:15
The Record
Ukrainians rally against dismissal of tech-minded defense minister Fedorov
2026-07-16 16:00
The Hacker News
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories
2026-07-16 15:41
The Register
C'mon, just copy this text string and paste it into your macOS Terminal – it'll fix your computer, honest
2026-07-16 15:33
BleepingComputer
AI Agents Broke the Security Playbook. Here's What Replaces It.
2026-07-16 14:00
The Record
Sandworm hackers have a CAPTCHA trick for Ukrainians
2026-07-16 13:50
BleepingComputer
23andMe to pay $18 million in new genetics data breach settlement
2026-07-16 13:47
The Hacker News
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
2026-07-16 13:33
The Hacker News
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
2026-07-16 12:50
The Register
Brit Scattered Spider duo handed tickets to prison over Transport for London attack
2026-07-16 12:49
The Hacker News
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password
2026-07-16 12:33
BleepingComputer
Scattered Spider members behind TfL hack get five years in prison
2026-07-16 12:31
The Record
Scattered Spider hackers sentenced to 5.5 years over £29 million Transport for London hack
2026-07-16 12:00
BleepingComputer
Windows 11 24H2 Home and Pro reach end of support in 90 days
2026-07-16 11:59
The Hacker News
20+ Hijacked Government Websites Became an Attack Channel
2026-07-16 11:58
The Hacker News
New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands
2026-07-16 11:32
The Register
Windows 10 refuses to die, and the security bill is coming due
2026-07-16 11:25
The Hacker News
Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
2026-07-16 11:17
BleepingComputer
CISA orders feds to patch actively exploited Oracle flaw by Saturday
2026-07-16 10:56
BleepingComputer
Russian hackers trojanize WebEx, Zoom apps to push Starland malware
2026-07-16 10:19
The Hacker News
AI Can Find Bugs, But Human Knowledge Still Proves Them
2026-07-16 10:10
The Register
Telegram shortlinks knocked offline over sanctioned VPN connection
2026-07-16 10:07
BleepingComputer
New Spirals ransomware encrypts victim network in under 24 hours
2026-07-16 10:00
The Hacker News
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide
2026-07-16 09:23
The Hacker News
OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol
2026-07-16 08:42
The Hacker News
Zoom Patches Critical Windows Flaw That Could Enable Account Takeover
2026-07-16 07:22
Dark Reading
Police Disrupt a €140M Cyber Fraud Ring in Spain
2026-07-16 07:00
The Register
Law firm insisted on one password to rule them all
2026-07-16 07:00
The Register
Tech support scam caused massive data breach at Australian airline Qantas
2026-07-16 06:27
The Register
Cyberattack threatens utterly critical infrastructure in Japan: KFC
2026-07-16 02:01
BleepingComputer
Dutch police bust investment fraud ring stealing over €100 million
2026-07-15 21:55
Dark Reading
Forgotten Bootloaders Expose Secure Boot Blind Spot
2026-07-15 21:19
BleepingComputer
Zoom warns of critical account takeover vulnerability
2026-07-15 20:16
Dark Reading
Identity Attacks Overtake Exploits as Top Ransomware Cause
2026-07-15 20:16
The Record
Trump administration unveils AI-supported clearinghouse for cyber vulnerabilities
2026-07-15 20:00
The Hacker News
TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development
2026-07-15 18:43
BleepingComputer
Google Gemini CLI abused as a hacking agent, malware botnet operator
2026-07-15 18:33
Dark Reading
Guten Tag, Bonjour, Hola to Our European Cyber Defenders!
2026-07-15 18:08
The Record
Trump’s DNI pick grilled about election security, voter fraud
2026-07-15 17:50
The Record
23andMe reaches $18 million settlement with states for massive breach
2026-07-15 17:45
Dark Reading
Is 'Tech-xit' Imminent? UK Steps Up Sovereignty Push Amid AI Strife
2026-07-15 17:03
BleepingComputer
​ ​AsyncAPI npm packages infected with credential-stealing malware
2026-07-15 15:37
The Hacker News
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps
2026-07-15 15:30
Dark Reading
Claude Flaw Automatically Sends Malicious Prompts to AI Agents
2026-07-15 15:27
The Register
CISA sounds alarm over trio of exploited SharePoint flaws
2026-07-15 15:21
The Record
Dutch police dismantle global crypto investment scam, arrest alleged mastermind
2026-07-15 14:14
BleepingComputer
We built a vulnerability vending machine: AI tokens in, zero-days out
2026-07-15 14:01
The Register
Microsoft cancels Patch Tuesday for some Dell users over surprise shutdowns, overheating devices
2026-07-15 13:44
The Hacker News
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
2026-07-15 13:18
Dark Reading
2-Click Cursor Exploit Enables Dev Environment Takeover
2026-07-15 13:00
The Record
LAPD sidelines relationship with license-plate reader company Flock Safety
2026-07-15 13:00
The Register
LegacyHive: 'Bone-shattering' zero-day from Microsoft's serial tormentor not the haymaker that was promised
2026-07-15 12:59
The Record
Microsoft smashes Patch Tuesday record for second successive month
2026-07-15 12:15
The Hacker News
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.
2026-07-15 11:50
The Hacker News
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday
2026-07-15 11:07
The Hacker News
New Webinar: Closing the Approval Gap in AI-Era Ad Tech
2026-07-15 11:06
The Hacker News
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
2026-07-15 10:55
BleepingComputer
CISA warns admins to patch actively exploited SharePoint flaws
2026-07-15 09:44
The Hacker News
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware
2026-07-15 09:16
BleepingComputer
Microsoft: Some Dell PCs shut down after recent Windows updates
2026-07-15 08:26
Dark Reading
Nigeria Deepens Cybersecurity Efforts as Cybercriminals See More Profits
2026-07-15 08:00
BleepingComputer
US charges alleged operators of Russian bulletproof hosting service
2026-07-15 07:45
The Hacker News
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands
2026-07-15 05:30
Dark Reading
Cribl Adds Agentic Detection Engineering &amp; Boosts SecOps With CardinalOps Deal
2026-07-15 00:05
Dark Reading
Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes
2026-07-14 21:50
BleepingComputer
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
2026-07-14 21:23
The Register
Patchpocalypse Now: Microsoft tops last month's record with 622 Patch Tuesday CVEs
2026-07-14 20:49
The Hacker News
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
2026-07-14 20:25
BleepingComputer
Spanish Police take down €140 million cyber fraud ring, arrest four
2026-07-14 20:23
Dark Reading
6 GHz Wi-Fi Flaws Could Disrupt Critical Systems
2026-07-14 19:58
The Record
US unseals indictment against alleged operators of Russian bulletproof hosting service
2026-07-14 19:26
Krebs on Security
Microsoft Patches a Record 570 Security Flaws
2026-07-14 19:22
BleepingComputer
Nearly 300 GitHub repos pose as legit software to push malware
2026-07-14 19:15
BleepingComputer
Microsoft releases Windows 10 KB5099539 extended security update
2026-07-14 18:49
The Hacker News
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
2026-07-14 18:17
BleepingComputer
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
2026-07-14 18:01
Dark Reading
Manage Vendor Risk in a Few Practical Steps
2026-07-14 17:44
BleepingComputer
Windows 11 KB5101650 & KB5099414 cumulative updates released
2026-07-14 17:41
The Record
Finland issues wanted notice for hacker behind massive psychotherapy data breach
2026-07-14 17:28
The Hacker News
Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads
2026-07-14 17:27
The Hacker News
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
2026-07-14 16:52
The Register
Welsh Doxbin admin jailed for egging on swatters from behind a screen
2026-07-14 16:09
BleepingComputer
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
2026-07-14 16:08
Dark Reading
Frontier AI: The Genie's Out of the Bottle, But Where's the Rulebook?
2026-07-14 16:02
Dark Reading
ClickFix's Mushrooming Ecosystem Demands New Defense Tactics
2026-07-14 15:53
BleepingComputer
LastPass, Bitwarden users targeted with fake security alerts
2026-07-14 15:31
BleepingComputer
You Don't Have to Run an Exploit to Know If You're Vulnerable
2026-07-14 14:00
The Record
NATO logistics, Ukrainian troops are top subjects of Russian camera hacks, advisory says
2026-07-14 13:55
The Hacker News
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata
2026-07-14 13:48
Dark Reading
Cursor IDE Auto-Executes Malicious Code in Poisoned Repos
2026-07-14 13:00
BleepingComputer
Microsoft Entra ID gets passkeys default authentication starting September
2026-07-14 12:49
BleepingComputer
New phishing kits target Microsoft 365 accounts, evade MFA
2026-07-14 12:49
The Hacker News
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot
2026-07-14 12:46
The Register
Musk promises purge after Grok Build caught sending entire repos to the cloud
2026-07-14 12:39
The Register
'The bots are alive!' Jailbroken Gemini spun up new C2 server for Russian fraudster in just 6 minutes
2026-07-14 12:15
The Hacker News
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks
2026-07-14 11:55
BleepingComputer
SAP warns of critical flaws in NetWeaver and Commerce Cloud
2026-07-14 11:42
The Hacker News
How Pentera Turns AI Security Workflows into Validation Engines
2026-07-14 11:30
The Hacker News
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials
2026-07-14 11:21
The Register
Baddies caught exploiting extensions bugs with perfect 10 scores on vulnerable Joomla websites
2026-07-14 11:06
BleepingComputer
Microsoft starts testing cleaner Windows Search without ads
2026-07-14 10:47
BleepingComputer
US sanctions VPN, malware providers for enabling ransomware attacks
2026-07-14 09:40
The Hacker News
Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads
2026-07-14 09:02
The Hacker News
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support
2026-07-14 08:02
The Hacker News
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
2026-07-14 07:08
The Hacker News
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths
2026-07-14 06:19
Dark Reading
Weak Security Continues to Fuel Russian Cyberattacks
2026-07-13 21:24
The Record
EU leaders eye social media ban for children under age 13
2026-07-13 20:50
BleepingComputer
Japan's largest taxi operator shuts systems after cyberattack
2026-07-13 20:18
BleepingComputer
Hackers backdoor Jscrambler npm package with infostealer malware
2026-07-13 19:44
BleepingComputer
New CrashStealer malware poses as Apple crash reporting tool
2026-07-13 19:04
The Record
VPN service favored by ransomware groups is sanctioned by US
2026-07-13 18:50
Dark Reading
'Yellow Teams' Are Defining the Future of AI Security
2026-07-13 18:18
The Hacker News
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
2026-07-13 17:36
The Hacker News
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
2026-07-13 17:17
The Record
Russian celebrity journalist Ksenia Sobchak says hackers accessed Telegram channels via email breach
2026-07-13 17:15
Dark Reading
GigaWiper Lets Threat Actors Choose Their Own Destructive Attack
2026-07-13 16:50
The Register
EU and UK officially blame Russian spies for cyberattack on Poland's power grid
2026-07-13 15:39
BleepingComputer
CISA warns of actively exploited RCE flaws in Joomla extensions
2026-07-13 15:20
The Hacker News
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
2026-07-13 15:05
Krebs on Security
Lessons Learned from CISA’s Recent GitHub Leak
2026-07-13 15:03
BleepingComputer
Lidl discloses online shop breach after service provider hack
2026-07-13 14:19
BleepingComputer
Breach at the Beach: Play the Ultimate Entra ID CTF
2026-07-13 14:01
The Hacker News
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email
2026-07-13 13:49
BleepingComputer
UK charges suspects linked to Russian Coms call spoofing platform
2026-07-13 13:23
The Hacker News
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
2026-07-13 13:03
Dark Reading
Turning the Tables on Email Scammers With 'ScamBuster'
2026-07-13 13:00
The Register
World Cup grudge attackers may have scored Argentine FA access via year-old infostealer infection
2026-07-13 12:02
The Hacker News
Meta Files Patent for AI That Can Listen All Day and Track How You're Feeling
2026-07-13 11:54
The Hacker News
Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots
2026-07-13 11:37
BleepingComputer
EU sanctions Russian GRU military hackers over cyberattacks
2026-07-13 11:19
The Hacker News
Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory
2026-07-13 11:02
The Register
Progress orders emergency ShareFile server shutdown over mystery security threat
2026-07-13 10:31
BleepingComputer
US and allies warn of Russian critical infrastructure attacks
2026-07-13 09:32
The Hacker News
Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365
2026-07-13 07:30
The Hacker News
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
2026-07-13 05:36
BleepingComputer
OpenAI temporarily relaxes GPT-5.6 Sol usage limits
2026-07-13 00:44
BleepingComputer
Claude Fable 5 stays free for paid users until July 19 as Anthropic buys more time
2026-07-12 19:39
BleepingComputer
RedHook Android malware now uses Wireless ADB for shell access
2026-07-12 14:27
The Hacker News
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
2026-07-11 17:59
The Hacker News
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
2026-07-11 17:49
BleepingComputer
Australia warns of global campaign targeting vulnerable CMS platforms
2026-07-11 14:18
BleepingComputer
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
2026-07-11 09:03
The Hacker News
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
2026-07-11 06:45
BleepingComputer
New U-Boot flaws could enable stealthy firmware attacks
2026-07-10 21:59
Dark Reading
Turning the Tables on Email Scammers With 'ScamBuster'
2026-07-10 19:43
The Record
Europe revives law allowing big tech to scan for CSAM
2026-07-10 19:30
Dark Reading
Jen Ellis: Connecting Cyber Community With Political Machinery
2026-07-10 19:08
BleepingComputer
Ryuk ransomware member pleads guilty in the US, faces 15 years in prison
2026-07-10 17:46
The Register
Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package
2026-07-10 17:35
The Hacker News
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
2026-07-10 17:29
The Record
Ryuk operator pleads guilty; Blackcat/AlphV conspirator gets nearly 6-year sentence
2026-07-10 17:01
Dark Reading
Cybercriminals Flock to Healthcare Businesses as Attacks Surge
2026-07-10 16:51
The Record
License plate cameras may be next target after Supreme Court reins in location tracking
2026-07-10 16:50
BleepingComputer
Police suspects Dutch hackers were involved in Odido breach
2026-07-10 16:37
The Hacker News
URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat
2026-07-10 16:30
BleepingComputer
Progress urges ShareFile customers to shut down servers over "credible" threat
2026-07-10 16:26
The Hacker News
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
2026-07-10 15:57
BleepingComputer
Hackers exploit critical auth bypass in Gitea Docker image
2026-07-10 15:48
BleepingComputer
Money launderer accused of stealing seized crypto while in prison
2026-07-10 15:30
The Hacker News
Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
2026-07-10 14:51
The Hacker News
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws
2026-07-10 14:19
BleepingComputer
The Replicant in Your Directory: AI Agents and the Identity Security Gap
2026-07-10 14:00
Dark Reading
Fresh ATM Crypto Software Bugs: Jackpot or Bust?
2026-07-10 14:00
Dark Reading
More Countries Jump on the Social Media Ban Wagon
2026-07-10 13:50
The Record
China, India ran separate spying campaigns against same Pakistani police force
2026-07-10 13:20
The Hacker News
New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic
2026-07-10 13:15
Dark Reading
AI Coding: Do Security Risks Outweigh Productivity Gains?
2026-07-10 13:00
The Register
Fashion mart Miinto unzips breach details, warns shoppers to watch for phisherfolk
2026-07-10 12:10
BleepingComputer
Zimbra urges customers to patch critical web client XSS flaw
2026-07-10 11:47
The Hacker News
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
2026-07-10 11:47
The Hacker News
From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale
2026-07-10 11:39
The Hacker News
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
2026-07-10 11:30
The Hacker News
Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking
2026-07-10 10:56
The Hacker News
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
2026-07-10 10:30
The Register
Scot NHS Trust probes email stuffup involving maternity patients' data
2026-07-10 09:17
The Hacker News
Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets
2026-07-10 09:00
BleepingComputer
Former ransomware negotiator gets 4 years for BlackCat attacks
2026-07-10 08:17
The Hacker News
Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks
2026-07-10 08:10
The Register
Microsoft warns customers AI will mean busier Patch Tuesdays
2026-07-10 01:56
Auto-scroll
or Mouse wheel: Scroll  |  Tab Switch panel  |  Space Auto-scroll