| CVE-2026-15143 |
Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:) |
10.07.2026 |
|
| CVE-2026-15373 |
Eleveo Call Recording Software userAddAction.do improper authorization |
10.07.2026 |
|
| CVE-2026-15374 |
Eleveo Call Recording Software Group roleAddAction.do improper authorization |
10.07.2026 |
|
| CVE-2026-15375 |
Eleveo Call Recording Software LDAP User users_ldap.jsp improper authorization |
10.07.2026 |
|
| CVE-2026-33382 |
Denial of service via unbounded request body size |
10.07.2026 |
7.5 |
| CVE-2026-46388 |
osquery: Unprivileged users can temporarily read file carve contents |
10.07.2026 |
4.4 |
| CVE-2026-54000 |
osquery: Heap buffer overflow in `getProcessCurrentDirectory()` via `processes` table (Windows) |
10.07.2026 |
|
| CVE-2026-54001 |
osquery: Heap buffer overflow via `authenticode` table (Windows) |
10.07.2026 |
|
| CVE-2026-54149 |
MaxKB MCP tool import validation bypass allows post-authentication remote code execution |
10.07.2026 |
8.8 |
| CVE-2026-55500 |
9router: Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database Takeover |
10.07.2026 |
9.9 |
| CVE-2026-55501 |
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header |
10.07.2026 |
7.3 |
| CVE-2026-56676 |
9router: Image prefetch DNS rebinding allows SSRF to internal services |
10.07.2026 |
7.4 |
| CVE-2026-8595 |
Stored XSS in the table panel (TableNG) |
10.07.2026 |
6.8 |
| CVE-2026-8609 |
Pre-authentication denial of service via the OAuth login route |
10.07.2026 |
5.3 |
| CVE-2026-29519 |
Lucee CFML Server Reflected XSS via URL Path Parsing |
10.07.2026 |
|
| CVE-2026-38057 |
ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery |
10.07.2026 |
|
| CVE-2026-38059 |
ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function |
10.07.2026 |
|
| CVE-2026-56254 |
capacitor-updater - End-to-End Encryption Bypass via Private Key Distribution |
10.07.2026 |
|
| CVE-2026-56261 |
Crawl4AI - Server-Side Request Forgery via Webhook URLs |
10.07.2026 |
|
| CVE-2026-56279 |
Capgo - Information Disclosure via get_orgs_v7 RPC Endpoint |
10.07.2026 |
|
| CVE-2026-56305 |
Capgo - Authentication Bypass in Password Change via Missing Current Password Validation |
10.07.2026 |
|
| CVE-2026-56309 |
Capgo - Plan Bypass via Unrestricted Attachment Upload Endpoint |
10.07.2026 |
|
| CVE-2026-56312 |
Capgo - Account Creation Before CAPTCHA Validation in accept_invitation Endpoint |
10.07.2026 |
|
| CVE-2026-56329 |
Capgo - Cross-Tenant Preview Namespace Collision via Non-Bijective Underscore Decoding |
10.07.2026 |
|
| CVE-2026-56335 |
Capgo - Channel Configuration Mutation via Write-Scoped API Keys |
10.07.2026 |
|
| CVE-2026-56354 |
n8n - Cross-Site Scripting and Open Redirect in Form Node |
10.07.2026 |
|
| CVE-2026-56366 |
ImageMagick - Memory Leak in META Reader APP1JPEG Error Path |
10.07.2026 |
|
| CVE-2026-56373 |
ImageMagick - Use-After-Free Write in PDB Decoder |
10.07.2026 |
|
| CVE-2026-56765 |
Vikunja - Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR |
10.07.2026 |
|
| CVE-2026-57961 |
phpMyFAQ - Authenticated Path Traversal in PDF Export via concatenatePaths Function |
10.07.2026 |
|
| CVE-2026-57994 |
phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints |
10.07.2026 |
|
| CVE-2026-58661 |
n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint |
10.07.2026 |
|
| CVE-2026-59791 |
|
10.07.2026 |
3.5 |
| CVE-2026-59792 |
|
10.07.2026 |
9.6 |
| CVE-2026-59793 |
|
10.07.2026 |
8.8 |
| CVE-2026-59794 |
|
10.07.2026 |
7.3 |
| CVE-2026-59795 |
|
10.07.2026 |
8.1 |
| CVE-2026-59796 |
|
10.07.2026 |
8.1 |
| CVE-2026-60086 |
PraisonAI before 4.6.78 Prompt Injection Defense Bypass |
10.07.2026 |
|
| CVE-2026-60089 |
PraisonAI before 1.6.78 Path Traversal via config.toml |
10.07.2026 |
|
| CVE-2026-60091 |
PraisonAI before 4.6.78 Unauthenticated SSRF via webhook_url |
10.07.2026 |
|
| CVE-2026-61431 |
PraisonAI before 4.6.78 Path Traversal via ContextGatherer |
10.07.2026 |
|
| CVE-2026-61432 |
PraisonAI FastContext before 1.6.78 Path Traversal |
10.07.2026 |
|
| CVE-2026-61434 |
PraisonAI before 4.6.78 Allowlist Bypass via find -exec |
10.07.2026 |
|
| CVE-2026-61437 |
PraisonAI before 1.6.78 Remote Code Execution via tools.py |
10.07.2026 |
|
| CVE-2026-61441 |
PraisonAI Platform before 0.1.9 Authorization Bypass via Dependencies |
10.07.2026 |
|
| CVE-2026-61444 |
PraisonAI before 4.6.78 Code Injection via f-string |
10.07.2026 |
|
| CVE-2026-61450 |
Grav before 2.0.2 Config Exfiltration via offsetGet Filter |
10.07.2026 |
|
| CVE-2026-61455 |
Grav before 2.0.1 Decompression Bomb via ZipArchiver |
10.07.2026 |
|
| CVE-2026-61456 |
Grav before 1.0.3 Stored XSS via SVG Upload API |
10.07.2026 |
|
| CVE-2026-61492 |
|
10.07.2026 |
3.5 |
| CVE-2025-12127 |
|
10.07.2026 |
|
| CVE-2026-22659 |
FlaskBB Authorization Bypass via Topic ID Manipulation |
10.07.2026 |
|
| CVE-2026-22660 |
FlaskBB Logic Flaw Authorization Group Deletion via Bulk AJAX Endpoint |
10.07.2026 |
|
| CVE-2026-54469 |
|
10.07.2026 |
8.8 |
| CVE-2026-54470 |
|
10.07.2026 |
5.3 |
| CVE-2026-56813 |
Cookie attribute injection in Plug.Conn.Cookies.encode/2 |
10.07.2026 |
|
| CVE-2026-53363 |
xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() |
10.07.2026 |
|
| CVE-2026-54468 |
|
10.07.2026 |
6.5 |
| CVE-2026-56688 |
|
10.07.2026 |
9.1 |
| CVE-2026-56689 |
|
10.07.2026 |
7.7 |
| CVE-2026-56690 |
|
10.07.2026 |
8.5 |
| CVE-2026-56814 |
Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service) |
10.07.2026 |
|
| CVE-2026-14461 |
Out-of-bound read in mtr |
10.07.2026 |
|
| CVE-2026-58225 |
SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service |
10.07.2026 |
|
| CVE-2026-11990 |
KiviCare <= 4.4.0 - Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation via /payment-success REST Endpoint |
10.07.2026 |
5.3 |
| CVE-2026-12918 |
Mail Mint <= 1.24.1 - Authenticated (Administrator+) SQL Injection via 'recipients' Parameter |
10.07.2026 |
4.9 |
| CVE-2026-13010 |
JoomSport <= 5.7.9 - Authenticated (Contributor+) SQL Injection via 'event' Shortcode Attribute |
10.07.2026 |
6.5 |
| CVE-2026-13247 |
Logo Slider <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lgx_tooltip_position' Parameter |
10.07.2026 |
6.4 |
| CVE-2026-13710 |
Jeg Kit for Elementor <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_body_description' Parameter via 'jkit_image_box' Shortcode/Widget |
10.07.2026 |
6.4 |
| CVE-2026-15028 |
Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header |
10.07.2026 |
|
| CVE-2026-15378 |
Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:) |
10.07.2026 |
|
| CVE-2026-41876 |
OS Command Injection in R-SOFT DMS |
10.07.2026 |
|
| CVE-2026-41877 |
Stored XSS in R-SOFT DMS |
10.07.2026 |
|
| CVE-2026-41878 |
Insecure Direct Object Reference in R-SOFT DMS |
10.07.2026 |
|
| CVE-2026-41879 |
Weak password hashing in R-SOFT DMS |
10.07.2026 |
|
| CVE-2026-41880 |
OS Command Injection in R-SOFT DMS |
10.07.2026 |
|
| CVE-2026-9857 |
Invoice123 <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Setting Modification via s123_submit_api_key & s123_submit_invoice_settings AJAX actions |
10.07.2026 |
4.3 |
| CVE-2025-11977 |
HappyForms <= 1.26.12 - Authenticated (Admin+) Local File Inclusion |
10.07.2026 |
6.6 |
| CVE-2026-11992 |
Easy Appointments <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation |
10.07.2026 |
4.3 |
| CVE-2026-12108 |
Highlighting Code Block <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'font_family' Setting |
10.07.2026 |
4.4 |
| CVE-2026-12400 |
FlowForms <= 1.1.1 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary Form Modification via REST API '/flowforms/v1/forms/{id}' Endpoints |
10.07.2026 |
4.3 |
| CVE-2026-12924 |
Eventin <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'etn_faq_content' Parameter |
10.07.2026 |
6.4 |
| CVE-2026-12955 |
Cookie Banner for GDPR / CCPA <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification via gcc_save_schedule_scan AJAX Action |
10.07.2026 |
4.3 |
| CVE-2026-14475 |
Cookie Banner for GDPR / CCPA <= 4.3.6 - Authenticated (Administrator+) SQL Injection via 'scan_id' Parameter |
10.07.2026 |
4.9 |
| CVE-2026-15026 |
Import and export users and customers <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via email_template_selected AJAX Action |
10.07.2026 |
4.3 |
| CVE-2026-15104 |
BetterDocs <= 4.6.0 - Authenticated (Custom+) SQL Injection via 'lang' Parameter |
10.07.2026 |
6.5 |
| CVE-2026-1946 |
GW AI Website Builder <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion |
10.07.2026 |
4.3 |
| CVE-2026-3907 |
Hostel <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wphostel-book' Shortcode |
10.07.2026 |
6.4 |
| CVE-2026-6440 |
GoodMeet <= 1.1.8 - Cross-Site Request Forgery to Google Meet Credential Reset via 'goodmeet_reset_google_meet_credential' |
10.07.2026 |
4.3 |
| CVE-2026-6802 |
Easy Upload Files During Checkout <= 3.0.1 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion via 'eufdc-delete' Parameter |
10.07.2026 |
5.3 |
| CVE-2026-9838 |
ICS Calendar <= 12.0.9 - Reflected Cross-Site Scripting via 'htmltagtitle' Parameter |
10.07.2026 |
6.1 |
| CVE-2026-13347 |
Hide My WP Lite <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'he_wrapper_js' Parameter |
10.07.2026 |
7.5 |
| CVE-2026-28564 |
Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials |
10.07.2026 |
|
| CVE-2026-40005 |
Apache IoTDB: Path Traversal in Pipe File Transfer Receiver |
10.07.2026 |
|
| CVE-2026-40006 |
Apache IoTDB: Unauthenticated heap-exhaustion DoS via unbounded allocation in IoTDB AirGap pipe receiver |
10.07.2026 |
|
| CVE-2026-40007 |
Apache IoTDB: Unauthenticated unbounded recursion in IoTDB AirGap receiver's E-language prefix parser causes per-connection StackOverflowError |
10.07.2026 |
|
| CVE-2026-40008 |
Apache IoTDB: Arbitrary Class Instantiation via Pipe Transfer RPC |
10.07.2026 |
|
| CVE-2026-40009 |
Apache IoTDB: Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor |
10.07.2026 |
|
| CVE-2026-40452 |
Apache IoTDB: Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users |
10.07.2026 |
|
| CVE-2026-40454 |
Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data |
10.07.2026 |
|
| CVE-2026-12123 |
All-in-One Video Gallery <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery via 'vdl' Parameter |
10.07.2026 |
6.4 |
| CVE-2026-12276 |
LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration |
10.07.2026 |
|
| CVE-2026-12685 |
EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor |
10.07.2026 |
|
| CVE-2026-15282 |
Instant Appointment <= 1.2 - Unauthenticated Arbitrary File Upload |
10.07.2026 |
9.8 |
| CVE-2026-15283 |
WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting |
10.07.2026 |
4.4 |
| CVE-2026-15284 |
King Addons for Elementor <= 51.1.62 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'form_page_id' Parameter |
10.07.2026 |
6.4 |
| CVE-2026-15285 |
The Plus Addons for Elementor <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes |
10.07.2026 |
6.4 |
| CVE-2026-15286 |
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication |
10.07.2026 |
4.3 |
| CVE-2026-15287 |
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Subscriber+) SQL Injection |
10.07.2026 |
6.5 |
| CVE-2026-15288 |
SureForms – Drag and Drop Form Builder for WordPress <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation |
10.07.2026 |
7.5 |
| CVE-2026-15289 |
Booking calendar, Appointment Booking System <= 3.2.17 - Unauthenticated Time-Based SQL Injection via 'wpdevart_id' |
10.07.2026 |
5.9 |
| CVE-2026-15290 |
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.10.1 - Unauthenticated Blind SQL Injection |
10.07.2026 |
7.5 |
| CVE-2026-15291 |
Chat Help – Click to Chat Button & Form <= 3.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
10.07.2026 |
7.5 |
| CVE-2026-15292 |
Sudoku Shortcode <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute |
10.07.2026 |
6.4 |
| CVE-2026-15293 |
WP Business Intelligence Lite <= 3.2.0 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary SQL Modification |
10.07.2026 |
8 |
| CVE-2026-15296 |
affiliate-toolkit – WP Affiliate Plugin with Amazon <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
10.07.2026 |
6.4 |
| CVE-2026-15297 |
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.77 - Reflected Cross-Site Scripting |
10.07.2026 |
6.1 |
| CVE-2026-15298 |
TelSender <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title |
10.07.2026 |
7.2 |
| CVE-2026-15299 |
Animation Addons for Elementor <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Weather Widget |
10.07.2026 |
6.4 |
| CVE-2026-15300 |
GEO my WP <= 4.5.4 - Unauthenticated SQL Injection via 'distance' / 'lat' / 'lng' Parameters |
10.07.2026 |
9.1 |
| CVE-2026-15301 |
BuddyHolis TableSearch <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
10.07.2026 |
6.4 |
| CVE-2026-15302 |
ARMember <= 4.0.27 - Directory Traversal via X-FILENAME |
10.07.2026 |
5.3 |
| CVE-2026-15330 |
zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery |
10.07.2026 |
|
| CVE-2026-15331 |
zhayujie CowAgent Skill Installation service.py _add_package path traversal |
10.07.2026 |
|
| CVE-2026-15332 |
zhayujie CowAgent Message Endpoint channel.py authorization |
10.07.2026 |
|
| CVE-2026-21039 |
|
10.07.2026 |
|
| CVE-2026-21040 |
|
10.07.2026 |
|
| CVE-2026-21041 |
|
10.07.2026 |
|
| CVE-2026-21042 |
|
10.07.2026 |
|
| CVE-2026-21043 |
|
10.07.2026 |
|
| CVE-2026-21044 |
|
10.07.2026 |
|
| CVE-2026-21045 |
|
10.07.2026 |
|
| CVE-2026-21046 |
|
10.07.2026 |
|
| CVE-2026-21048 |
|
10.07.2026 |
|
| CVE-2026-21049 |
|
10.07.2026 |
|
| CVE-2026-21050 |
|
10.07.2026 |
|
| CVE-2026-21051 |
|
10.07.2026 |
|
| CVE-2026-21052 |
|
10.07.2026 |
|
| CVE-2026-21053 |
|
10.07.2026 |
|
| CVE-2026-21054 |
|
10.07.2026 |
|
| CVE-2026-21055 |
|
10.07.2026 |
|
| CVE-2026-21056 |
|
10.07.2026 |
|
| CVE-2026-21057 |
|
10.07.2026 |
|
| CVE-2026-11392 |
WP Hotel Booking <= 2.3.1 - Reflected Cross-Site Scripting via 'check_in_date' and 'check_out_date' Parameters |
10.07.2026 |
6.1 |
| CVE-2026-11818 |
WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API |
10.07.2026 |
5.4 |
| CVE-2026-13430 |
Post Export Import with Media <= 1.13.1 - Authenticated (Administrator+) Arbitrary File Upload via Trailing-Dot Filename Bypass in ZIP Media Import |
10.07.2026 |
7.2 |
| CVE-2026-14894 |
Super Forms <= 6.3.313 - Unauthenticated Arbitrary File Upload via 'data' Parameter (datauristring / value) |
10.07.2026 |
9.8 |
| CVE-2026-15070 |
Salon Booking System <= 10.30.32 - Cross-Site Request Forgery to Remote Code Execution via 'value' Parameter |
10.07.2026 |
8.8 |
| CVE-2026-15321 |
MyEMS Admin Backend svg.py on_post cross site scripting |
10.07.2026 |
|
| CVE-2026-15326 |
halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal |
10.07.2026 |
|
| CVE-2026-15329 |
zhayujie CowAgent Browser Tool browser_tool.py BrowserTool._do_navigate information disclosure |
10.07.2026 |
|
| CVE-2026-44918 |
|
10.07.2026 |
5.5 |
| CVE-2026-54423 |
|
10.07.2026 |
8.2 |
| CVE-2026-5069 |
Fluent Forms <= 6.2.1 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Subscription Cancellation via 'subscription_id' |
10.07.2026 |
5.4 |
| CVE-2026-15319 |
Sipeed PicoClaw Launcher access_control.go IPAllowlist access control |
10.07.2026 |
|
| CVE-2026-15320 |
Sipeed PicoClaw pico.go rt.ReloadConfig authorization |
10.07.2026 |
|
| CVE-2026-15318 |
Sipeed PicoClaw MQTT Channel mqtt.go authorization |
10.07.2026 |
|
| CVE-2026-15311 |
NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting |
10.07.2026 |
|
| CVE-2026-15317 |
Sipeed PicoClaw Guarded Web Fetch Flow web.go WebFetchTool.Execute server-side request forgery |
10.07.2026 |
|
| CVE-2026-50180 |
Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read |
09.07.2026 |
|
| CVE-2026-50181 |
Langroid: Path traversal in the file tools allows read/write outside configured current directory |
09.07.2026 |
7.1 |
| CVE-2026-54760 |
Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls |
10.07.2026 |
|
| CVE-2026-54769 |
Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent |
10.07.2026 |
10 |
| CVE-2026-54771 |
Langroid: handle_message() executes user-supplied tool JSON without sender verification |
10.07.2026 |
8.1 |
| CVE-2026-55616 |
|
09.07.2026 |
|
| CVE-2026-12595 |
LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via Discord OAuth Callback |
10.07.2026 |
8.1 |
| CVE-2026-12597 |
LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via GitHub OAuth Callback |
10.07.2026 |
8.1 |
| CVE-2026-12598 |
LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback |
09.07.2026 |
8.1 |
| CVE-2026-55615 |
Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879 |
10.07.2026 |
|
| CVE-2026-33655 |
New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs |
10.07.2026 |
7.7 |
| CVE-2026-44342 |
New API CSRF in email and WeChat account binding endpoints |
10.07.2026 |
5.3 |
| CVE-2026-57501 |
Zen: Context-menu "Open link in glance" / "Split link in new tab" loads a page-controlled link with the System principal, bypassing the web-content scheme restriction |
09.07.2026 |
0 |
| CVE-2026-59831 |
GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace |
09.07.2026 |
4.4 |
| CVE-2026-59832 |
SiYuan: Authenticated path traversal in /snippets/ static handler (serveSnippets) leaks conf/conf.json secrets and siyuan.db |
10.07.2026 |
7.7 |
| CVE-2026-59833 |
SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href) |
10.07.2026 |
|
| CVE-2026-59834 |
SiYuan: SQL Query in Block Search Exposes Hidden Published Document Content |
10.07.2026 |
7.5 |
| CVE-2026-59853 |
SiYuan: Publish-mode Reader can exfiltrate private saved-search Criteria via /api/storage/getCriteria (missing publish-access filter) |
10.07.2026 |
6.5 |
| CVE-2026-59854 |
SiYuan: Incomplete IsSensitivePath denylist: globalCopyFiles reads home-dir credential dotfiles into the workspace |
09.07.2026 |
4.9 |
| CVE-2026-59855 |
SiYuan: Store XSS To Rce via Asset.render |
09.07.2026 |
|
| CVE-2026-59856 |
Vim: Arbitrary Code Execution via PHP Omni-Completion |
10.07.2026 |
|
| CVE-2026-59857 |
Vim: Out-of-bounds Write in SAL Soundfolding |
10.07.2026 |
|
| CVE-2026-59858 |
Vim: Arbitrary Code Execution via C Omni-Completion |
10.07.2026 |
|
| CVE-2026-15274 |
lo48576 fbxcel Node Header parser.rs denial of service |
10.07.2026 |
|
| CVE-2026-15276 |
pdeljanov Symphonia Metadata denial of service |
09.07.2026 |
|
| CVE-2026-38076 |
|
09.07.2026 |
|
| CVE-2026-44787 |
Discourse: Signup-time primary_group_id assignment grants whisperer access |
09.07.2026 |
8.2 |
| CVE-2026-45780 |
Discourse: Private event sample invitees are serialized to non-invited event viewers |
09.07.2026 |
5.3 |
| CVE-2026-45788 |
Discourse: Secure uploads exposed by hotlinked image copying |
10.07.2026 |
|
| CVE-2026-46413 |
Discourse: Regular users can route multipart uploads into the admin backup store |
10.07.2026 |
6.5 |
| CVE-2026-49256 |
Discourse: Hidden tag names leaked via category serializers |
10.07.2026 |
|
| CVE-2026-53961 |
Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding) |
10.07.2026 |
6.5 |
| CVE-2026-53962 |
Discourse: Insufficient SVG sanitization logic |
09.07.2026 |
5.4 |
| CVE-2026-53963 |
Discourse: Stored-XSS in 2FA delete confirmation modal |
09.07.2026 |
7.3 |
| CVE-2026-55424 |
Discourse: Topic featured link susceptible to stored XSS |
10.07.2026 |
|
| CVE-2026-58143 |
Cotonti Siena 0.9.26 CSRF via admin.php Config Update Endpoint |
10.07.2026 |
|
| CVE-2026-58144 |
Cotonti Siena 0.9.26 Stored XSS via PFS Module ntitle Parameter |
10.07.2026 |
|
| CVE-2026-59828 |
Discourse: Hidden post revisions leak through adjacent visible diffs |
10.07.2026 |
5.3 |
| CVE-2026-15271 |
TOTOLINK EX200 Web boa.conf least privilege violation |
10.07.2026 |
|
| CVE-2026-33802 |
Junos OS: EX Series: Unauthorized users can execute service-impacting CLI command |
10.07.2026 |
5.5 |
| CVE-2026-33803 |
Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker |
10.07.2026 |
6.5 |
| CVE-2026-39243 |
|
10.07.2026 |
|
| CVE-2026-39245 |
|
10.07.2026 |
|
| CVE-2026-39246 |
|
09.07.2026 |
|
| CVE-2026-55170 |
OpenFGA MySQL backend: case-insensitive collation on identifier columns causes incorrect authorization decisions |
10.07.2026 |
|
| CVE-2026-55604 |
@arikusi/deepseek-mcp-server has an Authorization Bypass Through User-Controlled Key |
10.07.2026 |
8.6 |
| CVE-2026-55605 |
@arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint |
10.07.2026 |
5.3 |
| CVE-2026-55689 |
OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset |
10.07.2026 |
6.8 |
| CVE-2026-57019 |
Junos OS: MX Series: Specific traffic causes an FPC to reset |
10.07.2026 |
6.5 |
| CVE-2026-57020 |
Junos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a multicast flood |
10.07.2026 |
6.5 |
| CVE-2026-57021 |
Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash |
10.07.2026 |
5.3 |
| CVE-2026-57022 |
Junos OS: MX Series with SPC3, SRX Series: Specific packet in response to a TCP connection establishment by the affected device can crash the PFE |
10.07.2026 |
5.9 |
| CVE-2026-57023 |
Junos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash |
10.07.2026 |
7.5 |
| CVE-2026-57024 |
Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously |
10.07.2026 |
5.3 |
| CVE-2026-57025 |
Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning' command causes l2ald crash |
10.07.2026 |
5.5 |
| CVE-2026-57026 |
Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash |
10.07.2026 |
7.5 |
| CVE-2026-57027 |
Junos OS: EX4100 Series, EX4400: With sFlow configured in a VC scenario multicast traffic leads to an FPC crash |
10.07.2026 |
6.5 |
| CVE-2026-57028 |
Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker |
10.07.2026 |
7.3 |
| CVE-2026-57029 |
Junos OS Evolved: QFX Series: When sFlow collector reachability changes evo-pfemand process can crash |
10.07.2026 |
5.3 |
| CVE-2026-57030 |
Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS |
10.07.2026 |
5.9 |
| CVE-2026-57031 |
Junos OS: MX Series: For subscribers configured on static interfaces, input filters are not in effect |
10.07.2026 |
4.7 |
| CVE-2026-57032 |
Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash |
10.07.2026 |
6.5 |
| CVE-2026-57054 |
Junos OS: MX Series: Web filtering doesn't block specifically formatted URLs |
10.07.2026 |
5.8 |
| CVE-2026-58122 |
Hermes WebUI < 0.51.307 Authentication Bypass via X-Forwarded-For Header Spoofing |
09.07.2026 |
|
| CVE-2026-58123 |
Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API |
09.07.2026 |
|
| CVE-2025-45422 |
|
09.07.2026 |
|
| CVE-2026-21901 |
Junos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash |
10.07.2026 |
4.4 |
| CVE-2026-31267 |
|
10.07.2026 |
|
| CVE-2026-33794 |
Junos OS Evolved: PTX Series: Receipt of repeated ECMP routing updates results in PFE crash |
10.07.2026 |
5.9 |
| CVE-2026-33799 |
Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash |
10.07.2026 |
4.3 |
| CVE-2026-33800 |
Junos OS: MX Series: In a VC scenario a high rate of micro-BFD session flaps will cause an FPC crash |
10.07.2026 |
6.5 |
| CVE-2026-33801 |
Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received RPD crashes |
10.07.2026 |
6.5 |
| CVE-2026-51923 |
|
10.07.2026 |
|
| CVE-2026-51924 |
|
10.07.2026 |
|
| CVE-2026-51925 |
|
10.07.2026 |
|
| CVE-2026-51926 |
|
09.07.2026 |
|
| CVE-2026-55207 |
Pimcore: Account Takeover via Password Reset URL Injection allows unauthenticated attacker to hijack any admin account with 2FA bypass |
10.07.2026 |
8.8 |
| CVE-2026-55208 |
Pimcore: SQL Injection via Column Name in DateFilter allows authenticated user to extract arbitrary database data including admin password hashes |
10.07.2026 |
7.7 |
| CVE-2026-55212 |
Pimcore: Insufficient Permission Check on Class Definition Creation Endpoint Allows Privilege Escalation |
09.07.2026 |
7.1 |
| CVE-2026-55865 |
Python Liquid: Infinite loop when parsing malformed `{% case %}` tags |
09.07.2026 |
|
| CVE-2026-60120 |
Bagisto < 2.4.4 Stored XSS via CSTI in create.blade.php |
10.07.2026 |
|
| CVE-2026-0275 |
Prisma Browser: Local Privilege Escalation on macOS |
10.07.2026 |
|
| CVE-2026-0276 |
Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability |
10.07.2026 |
|
| CVE-2026-0277 |
Prisma Access Agent: Improper Certificate Validation on iOS |
10.07.2026 |
|
| CVE-2026-0278 |
Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows |
10.07.2026 |
|
| CVE-2026-15270 |
D-link DIR-823G Web boa.conf least privilege violation |
09.07.2026 |
|
| CVE-2025-63579 |
|
09.07.2026 |
|
| CVE-2026-0279 |
PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities |
09.07.2026 |
|
| CVE-2026-0280 |
PAN-OS: IPv6 Firewall Policy Bypass |
09.07.2026 |
|
| CVE-2026-0281 |
PAN-OS: Information Disclosure Vulnerability in Management Web Interface |
09.07.2026 |
|
| CVE-2026-0282 |
PAN-OS: File Deletion Vulnerability in Management Web Interface |
09.07.2026 |
|
| CVE-2026-0283 |
PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) |
09.07.2026 |
|
| CVE-2026-0284 |
PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) |
09.07.2026 |
|
| CVE-2026-0285 |
PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface |
09.07.2026 |
|
| CVE-2026-0286 |
PAN-OS: Authenticated Command Injection in CLI |
09.07.2026 |
|
| CVE-2026-0287 |
PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing |
09.07.2026 |
|
| CVE-2026-13492 |
UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field |
09.07.2026 |
8.8 |
| CVE-2026-49274 |
Kirby: `pages.access` permission is not checked in the pages picker for parent pages |
09.07.2026 |
|
| CVE-2026-49276 |
Kirby: Self cross-site scripting (self-XSS) in the writer field |
10.07.2026 |
|
| CVE-2026-50188 |
Kirby: Request header injection in `Http\Remote` |
09.07.2026 |
|
| CVE-2026-54002 |
Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()` |
09.07.2026 |
|
| CVE-2026-54003 |
Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header |
09.07.2026 |
|
| CVE-2026-54004 |
Kirby: Access to files of top-level drafts is not protected by permissions |
09.07.2026 |
|
| CVE-2026-54005 |
Kirby: `pages.access` permission is not checked in the `site/find` REST API route |
09.07.2026 |
|
| CVE-2026-54695 |
Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID |
10.07.2026 |
7.5 |
| CVE-2026-55590 |
CakePHP: Open redirect weakness via backslash bypass |
09.07.2026 |
|
| CVE-2026-58198 |
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer |
09.07.2026 |
5.5 |
| CVE-2026-59148 |
Mockoon: Unauthenticated admin API + wildcard CORS allows mock-state hijack and secret theft |
09.07.2026 |
8.8 |
| CVE-2026-59149 |
Mockoon: Path traversal in templated `filePath` lets a request escape the served directory (prefix-only base check) |
09.07.2026 |
6.5 |
| CVE-2026-14278 |
|
09.07.2026 |
|
| CVE-2026-15195 |
apidevtools json-schema-ref-parser pointer.ts Pointer.set prototype pollution |
09.07.2026 |
|
| CVE-2026-15202 |
YzmCMS Header yzmphp.php get_url cross site scripting |
09.07.2026 |
|
| CVE-2026-15204 |
TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal |
09.07.2026 |
|
| CVE-2026-43752 |
|
09.07.2026 |
|
| CVE-2026-55420 |
Discourse: Remote code execution via pdf uploads |
09.07.2026 |
7.5 |
| CVE-2026-58378 |
Allwinner TV Box TV98 ADB exposed on network |
09.07.2026 |
8.8 |
| CVE-2026-59221 |
open-webui terminal proxy path traversal guard bypass via 9x encoded traversal |
09.07.2026 |
7.7 |
| CVE-2026-59720 |
Hoppscotch: Insecure Default Configuration Allows Public Exposure of Private Collection Data via Mock Server |
09.07.2026 |
7.5 |
| CVE-2026-59721 |
Hoppscotch: Admin RCE via MAILER_SMTP_URL nodemailer sendmail-transport injection |
09.07.2026 |
7.2 |
| CVE-2026-59726 |
Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment |
09.07.2026 |
10 |
| CVE-2026-59734 |
Coolify: OS Command Injection in Health Check Configuration Allows Remote Code Execution |
09.07.2026 |
8.8 |
| CVE-2026-59817 |
Ghost: Paid gift memberships obtainable at minimal cost via the donations feature |
09.07.2026 |
5.3 |
| CVE-2026-59826 |
Metabase: Arbitrary Code Execution via Database Connection Detail Bypass |
10.07.2026 |
9.1 |
| CVE-2026-59827 |
Metabase: Unsafe Deserialization of H2 Query Results |
09.07.2026 |
9.9 |
| CVE-2026-61343 |
LibreBooking path traversal |
09.07.2026 |
|
| CVE-2026-61344 |
Superior Court of California Hearing Reminder Service unauthenticated information disclosure |
09.07.2026 |
5.3 |
| CVE-2026-13461 |
PayRange version 7.0.7 contains a JavaScript injection vulnerability |
09.07.2026 |
|
| CVE-2026-13462 |
PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability |
09.07.2026 |
|
| CVE-2026-15194 |
Open5GS AMF context.c amf_context_final use after free |
09.07.2026 |
|
| CVE-2026-15308 |
Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations |
09.07.2026 |
|
| CVE-2026-59212 |
Open WebUI: Model meta.knowledge read-only file access can be upgraded to file write/delete |
09.07.2026 |
5.4 |
| CVE-2026-59213 |
Open WebUI: Cross-user model-list exposure via static cache key in get_all_models (aiocache key= vs key_builder= misuse) |
09.07.2026 |
3.5 |
| CVE-2026-59215 |
Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_id binding |
09.07.2026 |
3.1 |
| CVE-2026-59222 |
Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive credentials |
09.07.2026 |
|
| CVE-2026-59223 |
Open WebUI: `WEB_FETCH_FILTER_LIST` host allow/block filter bypassable via URL path and non-label-boundary matching |
09.07.2026 |
4.3 |
| CVE-2026-59224 |
Open WebUI: Terminal proxy forwards a spoofable, integrity-unbound user identity to the upstream (X-User-Id header and ws_terminal session_id query injection) |
10.07.2026 |
8 |
| CVE-2026-59225 |
Open WebUI: Arena task endpoints can bypass underlying model access controls |
09.07.2026 |
5.4 |