CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-15143 Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:) 10.07.2026 9.3
CVE-2026-55500 9router: Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database Takeover 10.07.2026 9.9
CVE-2026-56261 Crawl4AI - Server-Side Request Forgery via Webhook URLs 10.07.2026 9.2
CVE-2026-56765 Vikunja - Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR 10.07.2026 9.3
CVE-2026-59792 10.07.2026 9.6
CVE-2026-61444 PraisonAI before 4.6.78 Code Injection via f-string 10.07.2026 9.4
CVE-2026-56688 10.07.2026 9.1
CVE-2026-15378 Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:) 10.07.2026 9.3
CVE-2026-41880 OS Command Injection in R-SOFT DMS 10.07.2026 9
CVE-2026-15282 Instant Appointment <= 1.2 - Unauthenticated Arbitrary File Upload 10.07.2026 9.8
CVE-2026-15300 GEO my WP <= 4.5.4 - Unauthenticated SQL Injection via 'distance' / 'lat' / 'lng' Parameters 10.07.2026 9.1
CVE-2026-14894 Super Forms <= 6.3.313 - Unauthenticated Arbitrary File Upload via 'data' Parameter (datauristring / value) 10.07.2026 9.8
CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls 10.07.2026 9.3
CVE-2026-54769 Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent 10.07.2026 10
CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879 10.07.2026 9.2
CVE-2026-58122 Hermes WebUI < 0.51.307 Authentication Bypass via X-Forwarded-For Header Spoofing 09.07.2026 9.3
CVE-2026-58123 Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API 09.07.2026 9.3
CVE-2026-54003 Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header 09.07.2026 9.1
CVE-2026-59726 Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment 09.07.2026 10
CVE-2026-59826 Metabase: Arbitrary Code Execution via Database Connection Detail Bypass 10.07.2026 9.1
CVE-2026-59827 Metabase: Unsafe Deserialization of H2 Query Results 09.07.2026 9.9
CVE-2025-27462 WinPVDrivers: Excessive permissions on user-exposed devices 09.07.2026 9.4
CVE-2025-27463 WinPVDrivers: Excessive permissions on user-exposed devices 09.07.2026 9.4
CVE-2025-27464 WinPVDrivers: Excessive permissions on user-exposed devices 09.07.2026 9.4
CVE-2025-58146 XAPI UTF-8 string handling 09.07.2026 9.4
CVE-2025-58151 varstored: TOCTOU issues with mapped guest memory 09.07.2026 9.4
CVE-2026-23556 oxenstored keeps quota related use counts across domain destruction 09.07.2026 9.4
CVE-2026-23559 Multiple RBAC issues in XAPI 09.07.2026 9.4
CVE-2026-23560 Multiple RBAC issues in XAPI 09.07.2026 9.4
CVE-2026-23561 Multiple RBAC issues in XAPI 10.07.2026 9.4
CVE-2026-23562 Multiple RBAC issues in XAPI 10.07.2026 9.4
CVE-2026-42486 Multiple RBAC issues in XAPI 10.07.2026 9.4
CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1 10.07.2026 9.2
CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1 09.07.2026 10
CVE-2026-15158 Blocksy Companion <= 2.1.46 - Unauthenticated Arbitrary File Upload via 'blc-review-images[]' Parameter 09.07.2026 9.8
CVE-2026-2342 XSS in Oceanicsoft's ValeApp 09.07.2026 9.3
CVE-2026-5955 SQLi in Inrove Software's BiEticaret 09.07.2026 9.8
CVE-2026-14245 miniOrange OTP Login, Verification and SMS Notifications <= 5.5.1 - Authentication Bypass to Administrator Account Takeover via 'username_b' Parameter 09.07.2026 9.8
CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability 09.07.2026 9.3
CVE-2026-54782 CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation 10.07.2026 10
CVE-2026-44024 Fluentd: Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder 10.07.2026 9.8
CVE-2026-54527 JupyterLab Git: Stored XSS leading to RCE 09.07.2026 9.3
CVE-2026-60104 Bitwarden Server < 2026.6.0 Authorization Bypass via Admin Auth Request 09.07.2026 9.3
CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack 08.07.2026 9.2
CVE-2026-59873 node-tar: Decompression/parse DoS via unlimited input 08.07.2026 9.2
CVE-2026-9074 IBM API Connect SQL Injection 09.07.2026 9.1
CVE-2026-15062 SQL Injection in Snowflake Snowpark Python SDK 08.07.2026 9.6
CVE-2026-54061 Dgraph Alpha group stores can be replaced via unauthenticated external snapshot import 08.07.2026 9.1
CVE-2026-58480 Blocksy Companion Pro < 2.1.47 Unauthenticated File Upload via save_attachments 08.07.2026 9.2
CVE-2026-8307 SQLi in Webbeyaz's Mediküm Web 09.07.2026 9.8
CVE-2026-56000 xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent() 08.07.2026 9
CVE-2026-9695 Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 08.07.2026 9.8
CVE-2026-12153 WP Learn Manager <= 1.1.8 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation and Activation via jslearnmanager_ajax AJAX Action 08.07.2026 9.8
CVE-2026-14487 Simple Coherent Form <= 2.4.13 - Unauthenticated Arbitrary File Deletion via 'id' Parameter 08.07.2026 9.1
CVE-2026-9701 Eventer <= 4.4.2 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation 08.07.2026 9.8
CVE-2026-56843 08.07.2026 9.9
CVE-2026-59705 mem0 - OpenMemory API Unauthenticated Access via Memory Endpoints 08.07.2026 9.3
CVE-2026-46354 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft 08.07.2026 9.1
CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url 09.07.2026 9.2
CVE-2026-58473 Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings 08.07.2026 9.3
CVE-2026-59707 LocalAI - Server-Side Request Forgery via POST /models/apply 09.07.2026 9.2
CVE-2026-59800 9Router < 0.4.44 - OS Command Injection via sudoPassword Parameter in Tailscale Install Endpoint 07.07.2026 9.2
CVE-2026-13019 Missing Authentication 08.07.2026 9.8
CVE-2026-53481 08.07.2026 9.8
CVE-2026-53483 08.07.2026 9.8
CVE-2026-14345 WPFunnels <= 3.12.7 - Unauthenticated Remote Code Execution via 'postData' Parameter 08.07.2026 9.8
CVE-2026-34037 Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo() 07.07.2026 9.9
CVE-2026-34047 Coolify: WebSocket Endpoint Access Control Flaw Leading to Remote Code Execution 07.07.2026 9.9
CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers 07.07.2026 9.9
CVE-2026-34038 Coolify authenticated remote command injection leading to RCE and secret exfiltration 07.07.2026 9.9
CVE-2026-42341 FOSSBilling has an unauthenticated payment bypass via IPN callback forgery 07.07.2026 9.2
CVE-2026-57571 Crawl4AI arbitrary file write via download filename path traversal 07.07.2026 9.6
CVE-2026-57572 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args 08.07.2026 10
CVE-2026-9181 Directory Traversal in ArcGIS Server 08.07.2026 9.8
CVE-2026-9182 Unvalidated File Upload vulnerability in ArcGIS Server. 08.07.2026 9.8
CVE-2026-48614 06.07.2026 9.9
CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access 07.07.2026 9.2
CVE-2026-40139 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access 07.07.2026 9.2
CVE-2026-48316 ColdFusion | Improper Input Validation (CWE-20) 07.07.2026 10
CVE-2025-53827 ownCloud Core: Updater has an exposed dangerous method or function 08.07.2026 9.1
CVE-2025-53830 Anti-Virus for ownCloud 10 is vulnerable to Server-Side Request Forgery (SSRF) 08.07.2026 9.1
CVE-2026-12686 Incorrect authorisation in Adiss’s Biloop 06.07.2026 9.3
CVE-2026-6900 Improper Certificate Validation 06.07.2026 9.1
CVE-2026-14807 PROG MIS|ERP App - Use of Hard-coded Credentials 06.07.2026 9.3
CVE-2026-14808 PROG MIS|Prog Management System - Exposure of Sensitive Information 06.07.2026 9.3
CVE-2026-59509 Unauthenticated arbitrary MongoDB collection read in cve-search 06.07.2026 9.2
CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write 06.07.2026 9.6
CVE-2026-20896 Gitea Docker image trusts spoofable reverse-proxy headers by default 07.07.2026 9.8
CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF 07.07.2026 9.6
CVE-2026-58289 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 08.07.2026 9

Latest Updates

CVE Title Updated Score
CVE-2026-15143 Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:) 10.07.2026
CVE-2026-15373 Eleveo Call Recording Software userAddAction.do improper authorization 10.07.2026
CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization 10.07.2026
CVE-2026-15375 Eleveo Call Recording Software LDAP User users_ldap.jsp improper authorization 10.07.2026
CVE-2026-33382 Denial of service via unbounded request body size 10.07.2026 7.5
CVE-2026-46388 osquery: Unprivileged users can temporarily read file carve contents 10.07.2026 4.4
CVE-2026-54000 osquery: Heap buffer overflow in `getProcessCurrentDirectory()` via `processes` table (Windows) 10.07.2026
CVE-2026-54001 osquery: Heap buffer overflow via `authenticode` table (Windows) 10.07.2026
CVE-2026-54149 MaxKB MCP tool import validation bypass allows post-authentication remote code execution 10.07.2026 8.8
CVE-2026-55500 9router: Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database Takeover 10.07.2026 9.9
CVE-2026-55501 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header 10.07.2026 7.3
CVE-2026-56676 9router: Image prefetch DNS rebinding allows SSRF to internal services 10.07.2026 7.4
CVE-2026-8595 Stored XSS in the table panel (TableNG) 10.07.2026 6.8
CVE-2026-8609 Pre-authentication denial of service via the OAuth login route 10.07.2026 5.3
CVE-2026-29519 Lucee CFML Server Reflected XSS via URL Path Parsing 10.07.2026
CVE-2026-38057 ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery 10.07.2026
CVE-2026-38059 ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function 10.07.2026
CVE-2026-56254 capacitor-updater - End-to-End Encryption Bypass via Private Key Distribution 10.07.2026
CVE-2026-56261 Crawl4AI - Server-Side Request Forgery via Webhook URLs 10.07.2026
CVE-2026-56279 Capgo - Information Disclosure via get_orgs_v7 RPC Endpoint 10.07.2026
CVE-2026-56305 Capgo - Authentication Bypass in Password Change via Missing Current Password Validation 10.07.2026
CVE-2026-56309 Capgo - Plan Bypass via Unrestricted Attachment Upload Endpoint 10.07.2026
CVE-2026-56312 Capgo - Account Creation Before CAPTCHA Validation in accept_invitation Endpoint 10.07.2026
CVE-2026-56329 Capgo - Cross-Tenant Preview Namespace Collision via Non-Bijective Underscore Decoding 10.07.2026
CVE-2026-56335 Capgo - Channel Configuration Mutation via Write-Scoped API Keys 10.07.2026
CVE-2026-56354 n8n - Cross-Site Scripting and Open Redirect in Form Node 10.07.2026
CVE-2026-56366 ImageMagick - Memory Leak in META Reader APP1JPEG Error Path 10.07.2026
CVE-2026-56373 ImageMagick - Use-After-Free Write in PDB Decoder 10.07.2026
CVE-2026-56765 Vikunja - Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR 10.07.2026
CVE-2026-57961 phpMyFAQ - Authenticated Path Traversal in PDF Export via concatenatePaths Function 10.07.2026
CVE-2026-57994 phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints 10.07.2026
CVE-2026-58661 n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint 10.07.2026
CVE-2026-59791 10.07.2026 3.5
CVE-2026-59792 10.07.2026 9.6
CVE-2026-59793 10.07.2026 8.8
CVE-2026-59794 10.07.2026 7.3
CVE-2026-59795 10.07.2026 8.1
CVE-2026-59796 10.07.2026 8.1
CVE-2026-60086 PraisonAI before 4.6.78 Prompt Injection Defense Bypass 10.07.2026
CVE-2026-60089 PraisonAI before 1.6.78 Path Traversal via config.toml 10.07.2026
CVE-2026-60091 PraisonAI before 4.6.78 Unauthenticated SSRF via webhook_url 10.07.2026
CVE-2026-61431 PraisonAI before 4.6.78 Path Traversal via ContextGatherer 10.07.2026
CVE-2026-61432 PraisonAI FastContext before 1.6.78 Path Traversal 10.07.2026
CVE-2026-61434 PraisonAI before 4.6.78 Allowlist Bypass via find -exec 10.07.2026
CVE-2026-61437 PraisonAI before 1.6.78 Remote Code Execution via tools.py 10.07.2026
CVE-2026-61441 PraisonAI Platform before 0.1.9 Authorization Bypass via Dependencies 10.07.2026
CVE-2026-61444 PraisonAI before 4.6.78 Code Injection via f-string 10.07.2026
CVE-2026-61450 Grav before 2.0.2 Config Exfiltration via offsetGet Filter 10.07.2026
CVE-2026-61455 Grav before 2.0.1 Decompression Bomb via ZipArchiver 10.07.2026
CVE-2026-61456 Grav before 1.0.3 Stored XSS via SVG Upload API 10.07.2026
CVE-2026-61492 10.07.2026 3.5
CVE-2025-12127 10.07.2026
CVE-2026-22659 FlaskBB Authorization Bypass via Topic ID Manipulation 10.07.2026
CVE-2026-22660 FlaskBB Logic Flaw Authorization Group Deletion via Bulk AJAX Endpoint 10.07.2026
CVE-2026-54469 10.07.2026 8.8
CVE-2026-54470 10.07.2026 5.3
CVE-2026-56813 Cookie attribute injection in Plug.Conn.Cookies.encode/2 10.07.2026
CVE-2026-53363 xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() 10.07.2026
CVE-2026-54468 10.07.2026 6.5
CVE-2026-56688 10.07.2026 9.1
CVE-2026-56689 10.07.2026 7.7
CVE-2026-56690 10.07.2026 8.5
CVE-2026-56814 Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service) 10.07.2026
CVE-2026-14461 Out-of-bound read in mtr 10.07.2026
CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service 10.07.2026
CVE-2026-11990 KiviCare <= 4.4.0 - Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation via /payment-success REST Endpoint 10.07.2026 5.3
CVE-2026-12918 Mail Mint <= 1.24.1 - Authenticated (Administrator+) SQL Injection via 'recipients' Parameter 10.07.2026 4.9
CVE-2026-13010 JoomSport <= 5.7.9 - Authenticated (Contributor+) SQL Injection via 'event' Shortcode Attribute 10.07.2026 6.5
CVE-2026-13247 Logo Slider <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lgx_tooltip_position' Parameter 10.07.2026 6.4
CVE-2026-13710 Jeg Kit for Elementor <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_body_description' Parameter via 'jkit_image_box' Shortcode/Widget 10.07.2026 6.4
CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header 10.07.2026
CVE-2026-15378 Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:) 10.07.2026
CVE-2026-41876 OS Command Injection in R-SOFT DMS 10.07.2026
CVE-2026-41877 Stored XSS in R-SOFT DMS 10.07.2026
CVE-2026-41878 Insecure Direct Object Reference in R-SOFT DMS 10.07.2026
CVE-2026-41879 Weak password hashing in R-SOFT DMS 10.07.2026
CVE-2026-41880 OS Command Injection in R-SOFT DMS 10.07.2026
CVE-2026-9857 Invoice123 <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Setting Modification via s123_submit_api_key & s123_submit_invoice_settings AJAX actions 10.07.2026 4.3
CVE-2025-11977 HappyForms <= 1.26.12 - Authenticated (Admin+) Local File Inclusion 10.07.2026 6.6
CVE-2026-11992 Easy Appointments <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation 10.07.2026 4.3
CVE-2026-12108 Highlighting Code Block <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'font_family' Setting 10.07.2026 4.4
CVE-2026-12400 FlowForms <= 1.1.1 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary Form Modification via REST API '/flowforms/v1/forms/{id}' Endpoints 10.07.2026 4.3
CVE-2026-12924 Eventin <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'etn_faq_content' Parameter 10.07.2026 6.4
CVE-2026-12955 Cookie Banner for GDPR / CCPA <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification via gcc_save_schedule_scan AJAX Action 10.07.2026 4.3
CVE-2026-14475 Cookie Banner for GDPR / CCPA <= 4.3.6 - Authenticated (Administrator+) SQL Injection via 'scan_id' Parameter 10.07.2026 4.9
CVE-2026-15026 Import and export users and customers <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via email_template_selected AJAX Action 10.07.2026 4.3
CVE-2026-15104 BetterDocs <= 4.6.0 - Authenticated (Custom+) SQL Injection via 'lang' Parameter 10.07.2026 6.5
CVE-2026-1946 GW AI Website Builder <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion 10.07.2026 4.3
CVE-2026-3907 Hostel <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wphostel-book' Shortcode 10.07.2026 6.4
CVE-2026-6440 GoodMeet <= 1.1.8 - Cross-Site Request Forgery to Google Meet Credential Reset via 'goodmeet_reset_google_meet_credential' 10.07.2026 4.3
CVE-2026-6802 Easy Upload Files During Checkout <= 3.0.1 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion via 'eufdc-delete' Parameter 10.07.2026 5.3
CVE-2026-9838 ICS Calendar <= 12.0.9 - Reflected Cross-Site Scripting via 'htmltagtitle' Parameter 10.07.2026 6.1
CVE-2026-13347 Hide My WP Lite <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'he_wrapper_js' Parameter 10.07.2026 7.5
CVE-2026-28564 Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials 10.07.2026
CVE-2026-40005 Apache IoTDB: Path Traversal in Pipe File Transfer Receiver 10.07.2026
CVE-2026-40006 Apache IoTDB: Unauthenticated heap-exhaustion DoS via unbounded allocation in IoTDB AirGap pipe receiver 10.07.2026
CVE-2026-40007 Apache IoTDB: Unauthenticated unbounded recursion in IoTDB AirGap receiver's E-language prefix parser causes per-connection StackOverflowError 10.07.2026
CVE-2026-40008 Apache IoTDB: Arbitrary Class Instantiation via Pipe Transfer RPC 10.07.2026
CVE-2026-40009 Apache IoTDB: Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor 10.07.2026
CVE-2026-40452 Apache IoTDB: Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users 10.07.2026
CVE-2026-40454 Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data 10.07.2026
CVE-2026-12123 All-in-One Video Gallery <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery via 'vdl' Parameter 10.07.2026 6.4
CVE-2026-12276 LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration 10.07.2026
CVE-2026-12685 EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor 10.07.2026
CVE-2026-15282 Instant Appointment <= 1.2 - Unauthenticated Arbitrary File Upload 10.07.2026 9.8
CVE-2026-15283 WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting 10.07.2026 4.4
CVE-2026-15284 King Addons for Elementor <= 51.1.62 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'form_page_id' Parameter 10.07.2026 6.4
CVE-2026-15285 The Plus Addons for Elementor <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes 10.07.2026 6.4
CVE-2026-15286 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication 10.07.2026 4.3
CVE-2026-15287 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Subscriber+) SQL Injection 10.07.2026 6.5
CVE-2026-15288 SureForms – Drag and Drop Form Builder for WordPress <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation 10.07.2026 7.5
CVE-2026-15289 Booking calendar, Appointment Booking System <= 3.2.17 - Unauthenticated Time-Based SQL Injection via 'wpdevart_id' 10.07.2026 5.9
CVE-2026-15290 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.10.1 - Unauthenticated Blind SQL Injection 10.07.2026 7.5
CVE-2026-15291 Chat Help – Click to Chat Button & Form <= 3.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure 10.07.2026 7.5
CVE-2026-15292 Sudoku Shortcode <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute 10.07.2026 6.4
CVE-2026-15293 WP Business Intelligence Lite <= 3.2.0 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary SQL Modification 10.07.2026 8
CVE-2026-15296 affiliate-toolkit – WP Affiliate Plugin with Amazon <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting 10.07.2026 6.4
CVE-2026-15297 Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.77 - Reflected Cross-Site Scripting 10.07.2026 6.1
CVE-2026-15298 TelSender <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title 10.07.2026 7.2
CVE-2026-15299 Animation Addons for Elementor <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Weather Widget 10.07.2026 6.4
CVE-2026-15300 GEO my WP <= 4.5.4 - Unauthenticated SQL Injection via 'distance' / 'lat' / 'lng' Parameters 10.07.2026 9.1
CVE-2026-15301 BuddyHolis TableSearch <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting 10.07.2026 6.4
CVE-2026-15302 ARMember <= 4.0.27 - Directory Traversal via X-FILENAME 10.07.2026 5.3
CVE-2026-15330 zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery 10.07.2026
CVE-2026-15331 zhayujie CowAgent Skill Installation service.py _add_package path traversal 10.07.2026
CVE-2026-15332 zhayujie CowAgent Message Endpoint channel.py authorization 10.07.2026
CVE-2026-21039 10.07.2026
CVE-2026-21040 10.07.2026
CVE-2026-21041 10.07.2026
CVE-2026-21042 10.07.2026
CVE-2026-21043 10.07.2026
CVE-2026-21044 10.07.2026
CVE-2026-21045 10.07.2026
CVE-2026-21046 10.07.2026
CVE-2026-21048 10.07.2026
CVE-2026-21049 10.07.2026
CVE-2026-21050 10.07.2026
CVE-2026-21051 10.07.2026
CVE-2026-21052 10.07.2026
CVE-2026-21053 10.07.2026
CVE-2026-21054 10.07.2026
CVE-2026-21055 10.07.2026
CVE-2026-21056 10.07.2026
CVE-2026-21057 10.07.2026
CVE-2026-11392 WP Hotel Booking <= 2.3.1 - Reflected Cross-Site Scripting via 'check_in_date' and 'check_out_date' Parameters 10.07.2026 6.1
CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API 10.07.2026 5.4
CVE-2026-13430 Post Export Import with Media <= 1.13.1 - Authenticated (Administrator+) Arbitrary File Upload via Trailing-Dot Filename Bypass in ZIP Media Import 10.07.2026 7.2
CVE-2026-14894 Super Forms <= 6.3.313 - Unauthenticated Arbitrary File Upload via 'data' Parameter (datauristring / value) 10.07.2026 9.8
CVE-2026-15070 Salon Booking System <= 10.30.32 - Cross-Site Request Forgery to Remote Code Execution via 'value' Parameter 10.07.2026 8.8
CVE-2026-15321 MyEMS Admin Backend svg.py on_post cross site scripting 10.07.2026
CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal 10.07.2026
CVE-2026-15329 zhayujie CowAgent Browser Tool browser_tool.py BrowserTool._do_navigate information disclosure 10.07.2026
CVE-2026-44918 10.07.2026 5.5
CVE-2026-54423 10.07.2026 8.2
CVE-2026-5069 Fluent Forms <= 6.2.1 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Subscription Cancellation via 'subscription_id' 10.07.2026 5.4
CVE-2026-15319 Sipeed PicoClaw Launcher access_control.go IPAllowlist access control 10.07.2026
CVE-2026-15320 Sipeed PicoClaw pico.go rt.ReloadConfig authorization 10.07.2026
CVE-2026-15318 Sipeed PicoClaw MQTT Channel mqtt.go authorization 10.07.2026
CVE-2026-15311 NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting 10.07.2026
CVE-2026-15317 Sipeed PicoClaw Guarded Web Fetch Flow web.go WebFetchTool.Execute server-side request forgery 10.07.2026
CVE-2026-50180 Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read 09.07.2026
CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory 09.07.2026 7.1
CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls 10.07.2026
CVE-2026-54769 Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent 10.07.2026 10
CVE-2026-54771 Langroid: handle_message() executes user-supplied tool JSON without sender verification 10.07.2026 8.1
CVE-2026-55616 09.07.2026
CVE-2026-12595 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via Discord OAuth Callback 10.07.2026 8.1
CVE-2026-12597 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via GitHub OAuth Callback 10.07.2026 8.1
CVE-2026-12598 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback 09.07.2026 8.1
CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879 10.07.2026
CVE-2026-33655 New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs 10.07.2026 7.7
CVE-2026-44342 New API CSRF in email and WeChat account binding endpoints 10.07.2026 5.3
CVE-2026-57501 Zen: Context-menu "Open link in glance" / "Split link in new tab" loads a page-controlled link with the System principal, bypassing the web-content scheme restriction 09.07.2026 0
CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace 09.07.2026 4.4
CVE-2026-59832 SiYuan: Authenticated path traversal in /snippets/ static handler (serveSnippets) leaks conf/conf.json secrets and siyuan.db 10.07.2026 7.7
CVE-2026-59833 SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href) 10.07.2026
CVE-2026-59834 SiYuan: SQL Query in Block Search Exposes Hidden Published Document Content 10.07.2026 7.5
CVE-2026-59853 SiYuan: Publish-mode Reader can exfiltrate private saved-search Criteria via /api/storage/getCriteria (missing publish-access filter) 10.07.2026 6.5
CVE-2026-59854 SiYuan: Incomplete IsSensitivePath denylist: globalCopyFiles reads home-dir credential dotfiles into the workspace 09.07.2026 4.9
CVE-2026-59855 SiYuan: Store XSS To Rce via Asset.render 09.07.2026
CVE-2026-59856 Vim: Arbitrary Code Execution via PHP Omni-Completion 10.07.2026
CVE-2026-59857 Vim: Out-of-bounds Write in SAL Soundfolding 10.07.2026
CVE-2026-59858 Vim: Arbitrary Code Execution via C Omni-Completion 10.07.2026
CVE-2026-15274 lo48576 fbxcel Node Header parser.rs denial of service 10.07.2026
CVE-2026-15276 pdeljanov Symphonia Metadata denial of service 09.07.2026
CVE-2026-38076 09.07.2026
CVE-2026-44787 Discourse: Signup-time primary_group_id assignment grants whisperer access 09.07.2026 8.2
CVE-2026-45780 Discourse: Private event sample invitees are serialized to non-invited event viewers 09.07.2026 5.3
CVE-2026-45788 Discourse: Secure uploads exposed by hotlinked image copying 10.07.2026
CVE-2026-46413 Discourse: Regular users can route multipart uploads into the admin backup store 10.07.2026 6.5
CVE-2026-49256 Discourse: Hidden tag names leaked via category serializers 10.07.2026
CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding) 10.07.2026 6.5
CVE-2026-53962 Discourse: Insufficient SVG sanitization logic 09.07.2026 5.4
CVE-2026-53963 Discourse: Stored-XSS in 2FA delete confirmation modal 09.07.2026 7.3
CVE-2026-55424 Discourse: Topic featured link susceptible to stored XSS 10.07.2026
CVE-2026-58143 Cotonti Siena 0.9.26 CSRF via admin.php Config Update Endpoint 10.07.2026
CVE-2026-58144 Cotonti Siena 0.9.26 Stored XSS via PFS Module ntitle Parameter 10.07.2026
CVE-2026-59828 Discourse: Hidden post revisions leak through adjacent visible diffs 10.07.2026 5.3
CVE-2026-15271 TOTOLINK EX200 Web boa.conf least privilege violation 10.07.2026
CVE-2026-33802 Junos OS: EX Series: Unauthorized users can execute service-impacting CLI command 10.07.2026 5.5
CVE-2026-33803 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker 10.07.2026 6.5
CVE-2026-39243 10.07.2026
CVE-2026-39245 10.07.2026
CVE-2026-39246 09.07.2026
CVE-2026-55170 OpenFGA MySQL backend: case-insensitive collation on identifier columns causes incorrect authorization decisions 10.07.2026
CVE-2026-55604 @arikusi/deepseek-mcp-server has an Authorization Bypass Through User-Controlled Key 10.07.2026 8.6
CVE-2026-55605 @arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint 10.07.2026 5.3
CVE-2026-55689 OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset 10.07.2026 6.8
CVE-2026-57019 Junos OS: MX Series: Specific traffic causes an FPC to reset 10.07.2026 6.5
CVE-2026-57020 Junos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a multicast flood 10.07.2026 6.5
CVE-2026-57021 Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash 10.07.2026 5.3
CVE-2026-57022 Junos OS: MX Series with SPC3, SRX Series: Specific packet in response to a TCP connection establishment by the affected device can crash the PFE 10.07.2026 5.9
CVE-2026-57023 Junos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash 10.07.2026 7.5
CVE-2026-57024 Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously 10.07.2026 5.3
CVE-2026-57025 Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning' command causes l2ald crash 10.07.2026 5.5
CVE-2026-57026 Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash 10.07.2026 7.5
CVE-2026-57027 Junos OS: EX4100 Series, EX4400: With sFlow configured in a VC scenario multicast traffic leads to an FPC crash 10.07.2026 6.5
CVE-2026-57028 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker 10.07.2026 7.3
CVE-2026-57029 Junos OS Evolved: QFX Series: When sFlow collector reachability changes evo-pfemand process can crash 10.07.2026 5.3
CVE-2026-57030 Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS 10.07.2026 5.9
CVE-2026-57031 Junos OS: MX Series: For subscribers configured on static interfaces, input filters are not in effect 10.07.2026 4.7
CVE-2026-57032 Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash 10.07.2026 6.5
CVE-2026-57054 Junos OS: MX Series: Web filtering doesn't block specifically formatted URLs 10.07.2026 5.8
CVE-2026-58122 Hermes WebUI < 0.51.307 Authentication Bypass via X-Forwarded-For Header Spoofing 09.07.2026
CVE-2026-58123 Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API 09.07.2026
CVE-2025-45422 09.07.2026
CVE-2026-21901 Junos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash 10.07.2026 4.4
CVE-2026-31267 10.07.2026
CVE-2026-33794 Junos OS Evolved: PTX Series: Receipt of repeated ECMP routing updates results in PFE crash 10.07.2026 5.9
CVE-2026-33799 Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash 10.07.2026 4.3
CVE-2026-33800 Junos OS: MX Series: In a VC scenario a high rate of micro-BFD session flaps will cause an FPC crash 10.07.2026 6.5
CVE-2026-33801 Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received RPD crashes 10.07.2026 6.5
CVE-2026-51923 10.07.2026
CVE-2026-51924 10.07.2026
CVE-2026-51925 10.07.2026
CVE-2026-51926 09.07.2026
CVE-2026-55207 Pimcore: Account Takeover via Password Reset URL Injection allows unauthenticated attacker to hijack any admin account with 2FA bypass 10.07.2026 8.8
CVE-2026-55208 Pimcore: SQL Injection via Column Name in DateFilter allows authenticated user to extract arbitrary database data including admin password hashes 10.07.2026 7.7
CVE-2026-55212 Pimcore: Insufficient Permission Check on Class Definition Creation Endpoint Allows Privilege Escalation 09.07.2026 7.1
CVE-2026-55865 Python Liquid: Infinite loop when parsing malformed `{% case %}` tags 09.07.2026
CVE-2026-60120 Bagisto < 2.4.4 Stored XSS via CSTI in create.blade.php 10.07.2026
CVE-2026-0275 Prisma Browser: Local Privilege Escalation on macOS 10.07.2026
CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability 10.07.2026
CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS 10.07.2026
CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows 10.07.2026
CVE-2026-15270 D-link DIR-823G Web boa.conf least privilege violation 09.07.2026
CVE-2025-63579 09.07.2026
CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities 09.07.2026
CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass 09.07.2026
CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface 09.07.2026
CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface 09.07.2026
CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) 09.07.2026
CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) 09.07.2026
CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface 09.07.2026
CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI 09.07.2026
CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing 09.07.2026
CVE-2026-13492 UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field 09.07.2026 8.8
CVE-2026-49274 Kirby: `pages.access` permission is not checked in the pages picker for parent pages 09.07.2026
CVE-2026-49276 Kirby: Self cross-site scripting (self-XSS) in the writer field 10.07.2026
CVE-2026-50188 Kirby: Request header injection in `Http\Remote` 09.07.2026
CVE-2026-54002 Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()` 09.07.2026
CVE-2026-54003 Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header 09.07.2026
CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions 09.07.2026
CVE-2026-54005 Kirby: `pages.access` permission is not checked in the `site/find` REST API route 09.07.2026
CVE-2026-54695 Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID 10.07.2026 7.5
CVE-2026-55590 CakePHP: Open redirect weakness via backslash bypass 09.07.2026
CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer 09.07.2026 5.5
CVE-2026-59148 Mockoon: Unauthenticated admin API + wildcard CORS allows mock-state hijack and secret theft 09.07.2026 8.8
CVE-2026-59149 Mockoon: Path traversal in templated `filePath` lets a request escape the served directory (prefix-only base check) 09.07.2026 6.5
CVE-2026-14278 09.07.2026
CVE-2026-15195 apidevtools json-schema-ref-parser pointer.ts Pointer.set prototype pollution 09.07.2026
CVE-2026-15202 YzmCMS Header yzmphp.php get_url cross site scripting 09.07.2026
CVE-2026-15204 TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal 09.07.2026
CVE-2026-43752 09.07.2026
CVE-2026-55420 Discourse: Remote code execution via pdf uploads 09.07.2026 7.5
CVE-2026-58378 Allwinner TV Box TV98 ADB exposed on network 09.07.2026 8.8
CVE-2026-59221 open-webui terminal proxy path traversal guard bypass via 9x encoded traversal 09.07.2026 7.7
CVE-2026-59720 Hoppscotch: Insecure Default Configuration Allows Public Exposure of Private Collection Data via Mock Server 09.07.2026 7.5
CVE-2026-59721 Hoppscotch: Admin RCE via MAILER_SMTP_URL nodemailer sendmail-transport injection 09.07.2026 7.2
CVE-2026-59726 Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment 09.07.2026 10
CVE-2026-59734 Coolify: OS Command Injection in Health Check Configuration Allows Remote Code Execution 09.07.2026 8.8
CVE-2026-59817 Ghost: Paid gift memberships obtainable at minimal cost via the donations feature 09.07.2026 5.3
CVE-2026-59826 Metabase: Arbitrary Code Execution via Database Connection Detail Bypass 10.07.2026 9.1
CVE-2026-59827 Metabase: Unsafe Deserialization of H2 Query Results 09.07.2026 9.9
CVE-2026-61343 LibreBooking path traversal 09.07.2026
CVE-2026-61344 Superior Court of California Hearing Reminder Service unauthenticated information disclosure 09.07.2026 5.3
CVE-2026-13461 PayRange version 7.0.7 contains a JavaScript injection vulnerability 09.07.2026
CVE-2026-13462 PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability 09.07.2026
CVE-2026-15194 Open5GS AMF context.c amf_context_final use after free 09.07.2026
CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations 09.07.2026
CVE-2026-59212 Open WebUI: Model meta.knowledge read-only file access can be upgraded to file write/delete 09.07.2026 5.4
CVE-2026-59213 Open WebUI: Cross-user model-list exposure via static cache key in get_all_models (aiocache key= vs key_builder= misuse) 09.07.2026 3.5
CVE-2026-59215 Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_id binding 09.07.2026 3.1
CVE-2026-59222 Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive credentials 09.07.2026
CVE-2026-59223 Open WebUI: `WEB_FETCH_FILTER_LIST` host allow/block filter bypassable via URL path and non-label-boundary matching 09.07.2026 4.3
CVE-2026-59224 Open WebUI: Terminal proxy forwards a spoofable, integrity-unbound user identity to the upstream (X-User-Id header and ws_terminal session_id query injection) 10.07.2026 8
CVE-2026-59225 Open WebUI: Arena task endpoints can bypass underlying model access controls 09.07.2026 5.4