| CVE-2026-14632 |
kirilkirkov Ecommerce-CodeIgniter-Bootstrap Trusted Backend MY_Controller.php setReferrer redirect |
04.07.2026 |
|
| CVE-2026-14630 |
ForceInjection AI-fundermentals Memory Recall smart_customer_service.py get_conversation_history weak hash |
04.07.2026 |
|
| CVE-2026-14534 |
Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit) |
04.07.2026 |
8.8 |
| CVE-2026-14535 |
Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code() |
04.07.2026 |
8.8 |
| CVE-2026-14629 |
RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero |
04.07.2026 |
|
| CVE-2025-13475 |
Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure |
04.07.2026 |
3.5 |
| CVE-2026-14627 |
NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication |
04.07.2026 |
|
| CVE-2026-14628 |
NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal |
04.07.2026 |
|
| CVE-2026-12196 |
HestiaCP Admin Takeover |
04.07.2026 |
|
| CVE-2026-14626 |
NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service |
04.07.2026 |
|
| CVE-2026-53359 |
KVM: x86: Fix shadow paging use-after-free due to unexpected role |
04.07.2026 |
|
| CVE-2026-53360 |
KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use |
04.07.2026 |
|
| CVE-2026-53361 |
af_unix: Set gc_in_progress to true in unix_gc(). |
04.07.2026 |
|
| CVE-2026-53362 |
ipv6: account for fraggap on the paged allocation path |
04.07.2026 |
|
| CVE-2026-12195 |
|
04.07.2026 |
|
| CVE-2026-14625 |
NousResearch hermes-agent server.py shell.exec protection mechanism |
04.07.2026 |
|
| CVE-2026-14624 |
omec-project amf NGSetupRequest handler.go denial of service |
04.07.2026 |
|
| CVE-2026-14623 |
omec-project amf NGAP Message RRCInactiveTransitionReport denial of service |
04.07.2026 |
|
| CVE-2026-14622 |
jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication |
04.07.2026 |
|
| CVE-2026-14621 |
FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session |
04.07.2026 |
|
| CVE-2026-12194 |
PHPIPAM Authenticated LFI |
04.07.2026 |
|
| CVE-2026-14619 |
itsourcecode Hospital Management System medicine.php sql injection |
04.07.2026 |
|
| CVE-2026-14618 |
Open5GS AMF nnrf-handler.c amf_nnrf_handle_nf_discover denial of service |
04.07.2026 |
|
| CVE-2025-71342 |
picklescan - Undetected Remote Code Execution via idlelib.run.Executive.runcode |
04.07.2026 |
|
| CVE-2025-71343 |
picklescan - Arbitrary Code Execution via lib2to3.pgen2.pgen.ParserGenerator.make_label Detection Bypass |
04.07.2026 |
|
| CVE-2025-71345 |
picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_autograd_prof |
04.07.2026 |
|
| CVE-2025-71347 |
picklescan - Undetected Remote Code Execution via numpy.f2py.crackfortran.param_eval |
04.07.2026 |
|
| CVE-2025-71353 |
picklescan - Remote Code Execution via torch._dynamo.guards.GuardBuilder.get |
04.07.2026 |
|
| CVE-2025-71356 |
picklescan - Arbitrary Code Execution via torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression |
04.07.2026 |
|
| CVE-2025-71359 |
picklescan - Unsafe Deserialization via lib2to3.pgen2.grammar.Grammar.loads |
04.07.2026 |
|
| CVE-2025-71360 |
picklescan - Remote Code Execution via Undetected idlelib.calltip.get_entity |
04.07.2026 |
|
| CVE-2025-71362 |
picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran |
04.07.2026 |
|
| CVE-2025-71364 |
picklescan - Arbitrary Code Execution via Undetected asyncio.unix_events._UnixSubprocessTransport._start |
04.07.2026 |
|
| CVE-2025-71366 |
picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile |
04.07.2026 |
|
| CVE-2025-71367 |
picklescan - Remote Code Execution via _operator.attrgetter Detection Bypass |
04.07.2026 |
|
| CVE-2025-71369 |
picklescan - Unsafe Deserialization via torch.utils.data.datapipes.utils.decoder.basichandlers |
04.07.2026 |
|
| CVE-2025-71372 |
Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.getlincoef Gadget |
04.07.2026 |
|
| CVE-2025-71373 |
picklescan - Remote Code Execution via operator.methodcaller Detection Bypass |
04.07.2026 |
|
| CVE-2025-71375 |
picklescan - Undetected Remote Code Execution via _operator.methodcaller |
04.07.2026 |
|
| CVE-2025-71380 |
n8n - Arbitrary Command Execution via Execute Command Node |
04.07.2026 |
|
| CVE-2026-12252 |
Untrusted JAR Code Execution in Multiple Stanford Interface Classes in nltk/nltk |
04.07.2026 |
|
| CVE-2026-54424 |
|
04.07.2026 |
8.4 |
| CVE-2026-14617 |
NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity |
03.07.2026 |
|
| CVE-2026-58523 |
Microsoft Edge for Android Security Feature Bypass Vulnerability |
03.07.2026 |
6.5 |
| CVE-2026-14355 |
ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD |
04.07.2026 |
5.6 |
| CVE-2026-14610 |
Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile heap-based overflow |
03.07.2026 |
|
| CVE-2026-14611 |
DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of resource |
03.07.2026 |
|
| CVE-2026-58418 |
SSRF via HTTP Redirect in Repository Migration |
03.07.2026 |
6.5 |
| CVE-2026-58419 |
Notification API leaks private issue metadata after access revocation |
03.07.2026 |
|
| CVE-2026-58421 |
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service |
03.07.2026 |
|
| CVE-2026-58422 |
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts |
03.07.2026 |
|
| CVE-2026-58423 |
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories |
03.07.2026 |
7.7 |
| CVE-2026-58424 |
Permanent Fork PR Workflow Approval Gate Bypass |
03.07.2026 |
8.9 |
| CVE-2026-58426 |
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write |
03.07.2026 |
9.6 |
| CVE-2026-12481 |
Deserialization of Untrusted Data in keras-team/keras |
03.07.2026 |
|
| CVE-2026-14609 |
SourceCodester CET Automated Grading System with AI Predictive Analytics session fixiation |
03.07.2026 |
|
| CVE-2026-20706 |
Gitea repository archive downloads bypass token scope checks |
03.07.2026 |
|
| CVE-2026-20779 |
Gitea TOTP single-use enforcement defect allows OTP replay |
03.07.2026 |
7.1 |
| CVE-2026-20896 |
Gitea Docker image trusts spoofable reverse-proxy headers by default |
03.07.2026 |
9.8 |
| CVE-2026-20909 |
Gitea tracked-time list endpoint has insufficient permission checks |
03.07.2026 |
|
| CVE-2026-22547 |
Gitea repository creation accepts invalid field values |
03.07.2026 |
|
| CVE-2026-22555 |
Gitea organization forks can expose organization secrets without create permission |
03.07.2026 |
8.1 |
| CVE-2026-22874 |
Gitea webhook and migration allow-list filtering permits SSRF |
03.07.2026 |
9.6 |
| CVE-2026-24451 |
Gitea fork synchronization can expose private parent repository data |
03.07.2026 |
|
| CVE-2026-24690 |
Gitea pull-request branch updates use insufficient permission checks |
03.07.2026 |
|
| CVE-2026-25038 |
Gitea private organization labels are visible to unauthorized users |
03.07.2026 |
|
| CVE-2026-25712 |
Gitea organization permission APIs expose private visibility information |
03.07.2026 |
|
| CVE-2026-25714 |
Gitea user organization API bypasses public-only token filtering |
03.07.2026 |
4.3 |
| CVE-2026-25718 |
Gitea template repository generation mishandles symlinked paths |
03.07.2026 |
|
| CVE-2026-25779 |
Gitea redirect handling permits open redirects through backslash paths |
03.07.2026 |
|
| CVE-2026-25782 |
Gitea tracked-time deletion can target entries from another issue |
03.07.2026 |
|
| CVE-2026-26231 |
Gitea maintainer-edit permissions allow unauthorized commits to readable repositories |
03.07.2026 |
8.5 |
| CVE-2026-26232 |
Gitea OAuth2 authorization codes lack expiry and reuse enforcement |
03.07.2026 |
|
| CVE-2026-26247 |
Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange |
03.07.2026 |
|
| CVE-2026-26292 |
Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions |
03.07.2026 |
|
| CVE-2026-26307 |
Gitea git grep search lacks a timeout |
03.07.2026 |
|
| CVE-2026-27657 |
Gitea email settings allow changing another user's primary email address |
03.07.2026 |
|
| CVE-2026-27660 |
Gitea draft releases use insufficient permission checks |
03.07.2026 |
|
| CVE-2026-27761 |
Gitea repository feeds bypass API token scope enforcement |
03.07.2026 |
4.3 |
| CVE-2026-27771 |
Gitea Composer package source links use insufficient permission checks |
03.07.2026 |
|
| CVE-2026-27775 |
Gitea pre-receive hook permission cache allows full repository write access |
03.07.2026 |
|
| CVE-2026-27779 |
Gitea forwarded-proto handling allows public URL spoofing |
03.07.2026 |
|
| CVE-2026-27780 |
Gitea pre-receive hook can miss branch-protection checks after scanner errors |
03.07.2026 |
|
| CVE-2026-27783 |
Gitea issue-template APIs bypass repository unit authorization |
03.07.2026 |
4.3 |
| CVE-2026-28699 |
Gitea Basic Auth bypasses OAuth2 access token scopes |
03.07.2026 |
8.1 |
| CVE-2026-28705 |
Gitea repository dumps write release assets using unsafe path names |
03.07.2026 |
|
| CVE-2026-28737 |
Gitea 3D file viewer allows stored XSS through glTF extensionsRequired |
03.07.2026 |
8.7 |
| CVE-2026-28740 |
Gitea LFS object reuse bypasses Code-unit authorization |
03.07.2026 |
7.1 |
| CVE-2026-28744 |
Gitea Git smart HTTP bypasses repository token scopes for bearer tokens |
03.07.2026 |
8.1 |
| CVE-2026-45488 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
5.4 |
| CVE-2026-45489 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
6.5 |
| CVE-2026-55945 |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
03.07.2026 |
4.2 |
| CVE-2026-56645 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
8.8 |
| CVE-2026-56646 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
6.5 |
| CVE-2026-57974 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
8.8 |
| CVE-2026-57975 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.5 |
| CVE-2026-57977 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
7.1 |
| CVE-2026-57981 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
8.8 |
| CVE-2026-57983 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
03.07.2026 |
8.7 |
| CVE-2026-57984 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.5 |
| CVE-2026-57985 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.6 |
| CVE-2026-57986 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.5 |
| CVE-2026-57987 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
6.5 |
| CVE-2026-57988 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.1 |
| CVE-2026-57991 |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
03.07.2026 |
7.4 |
| CVE-2026-57992 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.5 |
| CVE-2026-57993 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
7.4 |
| CVE-2026-58276 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.5 |
| CVE-2026-58278 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
5.4 |
| CVE-2026-58282 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
8.1 |
| CVE-2026-58283 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
8.1 |
| CVE-2026-58284 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
8.3 |
| CVE-2026-58285 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
8.3 |
| CVE-2026-58286 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
8.1 |
| CVE-2026-58287 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
8.3 |
| CVE-2026-58288 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
8.3 |
| CVE-2026-58289 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
9 |
| CVE-2026-58290 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.5 |
| CVE-2026-58291 |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
03.07.2026 |
6.1 |
| CVE-2026-58292 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.5 |
| CVE-2026-58293 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
8.1 |
| CVE-2026-58294 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
03.07.2026 |
7.5 |
| CVE-2026-58295 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
03.07.2026 |
8.3 |
| CVE-2026-58296 |
Microsoft Edge for Android Information Disclosure Vulnerability |
03.07.2026 |
7.1 |
| CVE-2026-58297 |
Microsoft Edge for Android Information Disclosure Vulnerability |
03.07.2026 |
7.1 |
| CVE-2026-58298 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
7.2 |
| CVE-2026-58299 |
Microsoft Edge for Android Remote Code Execution Vulnerability |
03.07.2026 |
7.5 |
| CVE-2026-58300 |
Microsoft Edge for Android Information Disclosure Vulnerability |
03.07.2026 |
6.2 |
| CVE-2026-58522 |
Microsoft Edge for Android Information Disclosure Vulnerability |
03.07.2026 |
6.8 |
| CVE-2026-58524 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
5.4 |
| CVE-2026-58597 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
03.07.2026 |
4.3 |
| CVE-2026-14608 |
SourceCodester CET Automated Grading System with AI Predictive Analytics POST index.php view_student authorization |
03.07.2026 |
|
| CVE-2026-14605 |
RT-Thread ls1c CAN ls1c_can.h recvmsg stack-based overflow |
03.07.2026 |
|
| CVE-2026-14606 |
RT-Thread SWM341 CAN SWM341.h CAN_Receive stack-based overflow |
03.07.2026 |
|
| CVE-2026-14607 |
RT-Thread lwp_syscall.c sys_getaddrinfo memory corruption |
03.07.2026 |
|
| CVE-2026-14604 |
Open Asset Import Library Assimp PLY Model PlyLoader.cpp ExportToBlob double free |
03.07.2026 |
|
| CVE-2026-58379 |
Gimp: gimp: heap buffer overflow in read_channel_data() |
03.07.2026 |
|
| CVE-2026-14631 |
webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header |
03.07.2026 |
5.3 |