| CVE-2025-15646 |
HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion |
01.07.2026 |
|
| CVE-2025-23350 |
|
01.07.2026 |
9 |
| CVE-2025-23351 |
|
01.07.2026 |
9 |
| CVE-2026-13706 |
UrlShortener extension url validation can be bypassed due to difference between php url parsing and WHATWG |
01.07.2026 |
|
| CVE-2026-13707 |
Session fixation attacks on improperly configured OAuth 1.0a tools |
01.07.2026 |
|
| CVE-2026-24240 |
|
01.07.2026 |
7.8 |
| CVE-2026-24242 |
|
01.07.2026 |
7.8 |
| CVE-2026-24243 |
|
01.07.2026 |
7.8 |
| CVE-2026-24244 |
|
01.07.2026 |
7.8 |
| CVE-2026-24245 |
|
01.07.2026 |
7.8 |
| CVE-2026-24246 |
|
01.07.2026 |
7.8 |
| CVE-2026-24247 |
|
01.07.2026 |
7.8 |
| CVE-2026-24248 |
|
01.07.2026 |
7.8 |
| CVE-2026-24249 |
|
01.07.2026 |
7.8 |
| CVE-2026-24250 |
|
01.07.2026 |
7.8 |
| CVE-2026-24251 |
|
01.07.2026 |
7.8 |
| CVE-2026-24260 |
|
01.07.2026 |
8.5 |
| CVE-2026-24264 |
|
01.07.2026 |
7.5 |
| CVE-2026-24266 |
|
01.07.2026 |
5.9 |
| CVE-2026-24270 |
|
01.07.2026 |
9.8 |
| CVE-2026-57517 |
Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter |
01.07.2026 |
|
| CVE-2026-58024 |
API identification of users on private wikis |
01.07.2026 |
|
| CVE-2026-58025 |
Remote Code Execution via Unsafe Deserialization in LogItem Import |
01.07.2026 |
|
| CVE-2026-58026 |
$wgNonincludableNamespaces can be bypassed by embedding redirect in other namespaces |
01.07.2026 |
|
| CVE-2026-58027 |
QueryAbuseFilter API can be used to see the hit count of private filters, which is hidden in the UI |
01.07.2026 |
|
| CVE-2026-58028 |
Pretty-printed API output combined with centralauthtoken allows XSS with certain gadgets |
01.07.2026 |
|
| CVE-2026-58029 |
Full Account Takeover from BotPasswords and OAuth via action=changeauthenticationdata |
01.07.2026 |
|
| CVE-2026-58030 |
SyntaxHighlight stored XSS via unsanitized 'linelinks' attribute |
01.07.2026 |
|
| CVE-2026-58032 |
mw.Api.getErrorMessage() may return injected HTML if used without errorformat=html |
01.07.2026 |
|
| CVE-2026-58033 |
"Total number of distinct authors" statistic at action=info does not exclude revisions where the author name was deleted |
01.07.2026 |
|
| CVE-2026-58036 |
Users API leaks whether privileged users have their user groups disabled for lack of 2FA |
01.07.2026 |
|
| CVE-2026-58037 |
Core log entries for exceptions and XSS issues in log entry formatting code that may be caused by user-controlled input |
01.07.2026 |
|
| CVE-2026-58038 |
Stored XSS through javascript URLs in SVGs generated by EasyTimeline |
01.07.2026 |
|
| CVE-2026-58126 |
PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service |
01.07.2026 |
|
| CVE-2026-58127 |
PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service |
01.07.2026 |
|
| CVE-2026-8480 |
Connection possible to the Administration portal with a revoked certificate |
01.07.2026 |
4.3 |
| CVE-2026-8857 |
Full RCE using EasyTimeline Extension |
01.07.2026 |
|
| CVE-2026-12374 |
Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedHelperTool |
01.07.2026 |
|
| CVE-2026-13602 |
Session takeover vulnerability |
01.07.2026 |
|
| CVE-2026-14324 |
Pipewire: raop rtsp null deref |
01.07.2026 |
|
| CVE-2026-14330 |
Pipewire: pulse server alloca stack overflow |
01.07.2026 |
|
| CVE-2026-23537 |
Feast: unauthenticated arbitrary file write |
01.07.2026 |
|
| CVE-2026-2891 |
Poly Voice Devices (CCX, Trio, Edge E) – Potential Denial of Service |
01.07.2026 |
|
| CVE-2026-58031 |
Stored i18n XSS in Special:ApiSandbox when a deprecated module is selected |
01.07.2026 |
|
| CVE-2026-58034 |
Stored XSS through a system message when blocking a temporary account that's related to other temporary accounts |
01.07.2026 |
|
| CVE-2026-58035 |
Stored XSS through a system message in the codex version of Special:Block |
01.07.2026 |
|
| CVE-2026-58399 |
@acastellon/auth has an authentication bypass via spoofable headers in validateToken() |
01.07.2026 |
|
| CVE-2026-5135 |
Foreman: foreman: unauthorized modification of host configurations via broken access control |
01.07.2026 |
|
| CVE-2026-5138 |
Foreman: foreman: information disclosure via improper validation of nested request parameters |
01.07.2026 |
|
| CVE-2026-5142 |
Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass |
01.07.2026 |
|
| CVE-2026-5220 |
Stored XSS in DivvyDrive Information Technologies' DivvyDrive |
01.07.2026 |
6.4 |
| CVE-2026-6283 |
Stored XSS in DivvyDrive Information Technologies' DivvyDrive |
01.07.2026 |
5.4 |
| CVE-2026-6682 |
FatFs Integer Overflow in FAT32 Volume Mount |
01.07.2026 |
7.6 |
| CVE-2026-6683 |
FatFs Divide-by-Zero in exFAT Sync |
01.07.2026 |
4.6 |
| CVE-2026-6684 |
FatFs Infinite Loop in GPT Partition Scan |
01.07.2026 |
4.6 |
| CVE-2026-6685 |
FatFs Integer Underflow in Dirty-Sector Cache Flush |
01.07.2026 |
6.1 |
| CVE-2026-6686 |
FatFs Use of Uninitialized Clusters After Seek Past EOF |
01.07.2026 |
4.6 |
| CVE-2026-6687 |
FatFs Stack Buffer Overflow via Uncapped exFAT Label Length |
01.07.2026 |
7.6 |
| CVE-2026-6688 |
FatFs Buffer Overflow via Unbounded LFN Filename Copy |
01.07.2026 |
7.6 |
| CVE-2026-13603 |
SSRF with API key leak in pretix-oppwa |
01.07.2026 |
|
| CVE-2026-53326 |
debugobjects: Don't call fill_pool() in early boot hardirq context |
01.07.2026 |
|
| CVE-2026-53327 |
debugobjects: Do not fill_pool() if pi_blocked_on |
01.07.2026 |
|
| CVE-2026-53328 |
sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task() |
01.07.2026 |
|
| CVE-2026-53329 |
drm/amd/display: Use krealloc_array() in dal_vector_reserve() |
01.07.2026 |
|
| CVE-2026-53330 |
drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval() |
01.07.2026 |
|
| CVE-2026-53331 |
slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock |
01.07.2026 |
|
| CVE-2026-53332 |
slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd |
01.07.2026 |
|
| CVE-2026-53333 |
mm/mincore: handle non-swap entries before !CONFIG_SWAP guard |
01.07.2026 |
|
| CVE-2026-53334 |
mm/damon/reclaim: handle ctx allocation failure |
01.07.2026 |
|
| CVE-2026-53335 |
mm/damon/lru_sort: handle ctx allocation failure |
01.07.2026 |
|
| CVE-2026-53336 |
nvmem: layouts: onie-tlv: fix hang on unknown types |
01.07.2026 |
|
| CVE-2026-53337 |
net: bonding: fix NULL pointer dereference in bond_do_ioctl() |
01.07.2026 |
|
| CVE-2026-53338 |
net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues() |
01.07.2026 |
|
| CVE-2026-53339 |
i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() |
01.07.2026 |
|
| CVE-2026-53340 |
i2c: imx: fix clock and pinctrl state inconsistency in runtime PM |
01.07.2026 |
|
| CVE-2026-53341 |
fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh() |
01.07.2026 |
|
| CVE-2026-53342 |
arm64: mm: call pagetable dtor when freeing hot-removed page tables |
01.07.2026 |
|
| CVE-2026-53343 |
ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow |
01.07.2026 |
|
| CVE-2026-53344 |
pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init |
01.07.2026 |
|
| CVE-2026-53345 |
KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying |
01.07.2026 |
|
| CVE-2026-53346 |
rust: arm64: set uwtable llvm module flag for CONFIG_UNWIND_TABLES |
01.07.2026 |
|
| CVE-2026-53347 |
drm/virtio: Fix driver removal with disabled KMS |
01.07.2026 |
|
| CVE-2026-53348 |
ASoC: SDCA: fix NULL pointer dereference in sdca_dev_unregister_functions |
01.07.2026 |
|
| CVE-2026-53349 |
netfilter: nf_conntrack: destroy stale expectfn expectations on unregister |
01.07.2026 |
|
| CVE-2026-53350 |
ASoC: wm_adsp: Fix NULL dereference when removing firmware controls |
01.07.2026 |
|
| CVE-2026-53351 |
riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI |
01.07.2026 |
|
| CVE-2026-53352 |
signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads() |
01.07.2026 |
|
| CVE-2026-53353 |
hsr: Remove WARN_ONCE() in hsr_addr_is_self(). |
01.07.2026 |
|
| CVE-2026-53354 |
arm64: errata: Mitigate TLBI errata on various Arm CPUs |
01.07.2026 |
|
| CVE-2026-53355 |
net: rds: clear i_sends on setup unwind |
01.07.2026 |
|
| CVE-2026-53356 |
drm/i915/gem: Fix phys BO pread/pwrite with offset |
01.07.2026 |
|
| CVE-2026-57692 |
WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability |
01.07.2026 |
9.8 |
| CVE-2026-5136 |
Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation |
01.07.2026 |
|
| CVE-2026-53902 |
Privilege Escalation in MCO |
01.07.2026 |
|
| CVE-2026-53903 |
Insecure Direct Object Reference in MCO |
01.07.2026 |
|
| CVE-2026-53904 |
Account Denial of Service in MCO |
01.07.2026 |
|
| CVE-2026-53905 |
Unauthorized Access to Administrator ACL View in MCO |
01.07.2026 |
|
| CVE-2026-53906 |
Path Disclosure and Path Traversal in MCO |
01.07.2026 |
|
| CVE-2026-53907 |
Stored Cross‑Site Scripting in MCO |
01.07.2026 |
|
| CVE-2026-53908 |
User Enumeration in MCO |
01.07.2026 |
|
| CVE-2026-53909 |
Arbitrary File Upload in MCO |
01.07.2026 |
|
| CVE-2026-5120 |
Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 |
01.07.2026 |
8.1 |
| CVE-2026-8387 |
Relative Path Traversal in allegroai/clearml |
01.07.2026 |
|
| CVE-2026-13323 |
|
01.07.2026 |
4.1 |
| CVE-2026-14181 |
@fastify/middie standalone engine vulnerable to Denial of Service via malformed percent-encoded paths |
01.07.2026 |
7.5 |
| CVE-2026-14198 |
@fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values |
01.07.2026 |
9.1 |
| CVE-2026-10095 |
WP Photo Album Plus <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'subtext' Shortcode Attribute |
01.07.2026 |
6.4 |
| CVE-2026-12142 |
NEX-Forms <= 9.2.2 - Unauthenticated Stored Cross-Site Scripting via '_name[]' Array Parameter |
01.07.2026 |
7.2 |
| CVE-2026-13228 |
LatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' Parameter |
01.07.2026 |
8.8 |
| CVE-2026-14258 |
Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling |
01.07.2026 |
|
| CVE-2026-12754 |
VikBooking Hotel Booking Engine & PMS <= 1.8.12 - Reflected Cross-Site Scripting via 'layoutstyle' Parameter |
01.07.2026 |
6.1 |
| CVE-2026-13454 |
MotoPress Appointment Booking <= 2.4.5 - Authenticated (Staff+) SQL Injection via 's' Parameter |
01.07.2026 |
6.5 |
| CVE-2026-27435 |
WordPress Woffice theme < 5.4.33 - Broken Access Control vulnerability |
01.07.2026 |
5.3 |
| CVE-2026-10096 |
Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter |
01.07.2026 |
4.3 |
| CVE-2026-10538 |
Improper deserialization handling in Control-M Components |
01.07.2026 |
|
| CVE-2026-10539 |
Unauthenticated command injection in Control-M/Server communication command |
01.07.2026 |
|
| CVE-2026-10540 |
Weak password hash protection in Control-M/Entreprise Manager |
01.07.2026 |
|
| CVE-2026-11387 |
SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset |
01.07.2026 |
9.8 |
| CVE-2026-12158 |
RegistrationMagic <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation via 'rmc_assign_user_role_action' Parameter |
01.07.2026 |
8.8 |
| CVE-2026-12224 |
Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint |
01.07.2026 |
8.8 |
| CVE-2026-12408 |
Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter |
01.07.2026 |
4.3 |
| CVE-2026-12435 |
Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter |
01.07.2026 |
4.3 |
| CVE-2026-12575 |
DVP80ES3 Improper Resource Shutdown or Release Vulnerability |
01.07.2026 |
7.5 |
| CVE-2026-12576 |
DVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability |
01.07.2026 |
7.5 |
| CVE-2026-12577 |
DVP80ES3 Improperly Implemented Security Check for Standard vulnerability |
01.07.2026 |
|
| CVE-2026-12732 |
LearnPress <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_wrapper_form' Shortcode Attribute |
01.07.2026 |
6.4 |
| CVE-2026-13733 |
Download Manager <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute |
01.07.2026 |
6.4 |
| CVE-2026-50043 |
|
01.07.2026 |
|
| CVE-2026-56016 |
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources |
01.07.2026 |
|
| CVE-2025-15666 |
Open Asset Import Library Assimp Model File SceneCombiner.cpp Copy heap-based overflow |
01.07.2026 |
|
| CVE-2026-10750 |
Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools |
01.07.2026 |
|
| CVE-2026-11562 |
WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update |
01.07.2026 |
|
| CVE-2026-11568 |
Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data |
01.07.2026 |
|
| CVE-2026-11570 |
User Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author Name |
01.07.2026 |
|
| CVE-2026-11794 |
Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping |
01.07.2026 |
|
| CVE-2026-11823 |
BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter |
01.07.2026 |
7.5 |
| CVE-2026-11880 |
Fluent Forms < 6.2.1 - Subscriber+ Subscription Cancellation via IDOR |
01.07.2026 |
|
| CVE-2026-11883 |
WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass |
01.07.2026 |
|
| CVE-2026-11887 |
Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass |
01.07.2026 |
|
| CVE-2026-12579 |
AS228T - Authentication Bypass Vulnerability |
01.07.2026 |
7.4 |
| CVE-2026-14193 |
DVP80ES300T - Improper Validation of Array Index Vulnerability |
01.07.2026 |
7.5 |
| CVE-2026-1239 |
Ninja Forms <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via token/refresh REST Endpoint |
01.07.2026 |
7.5 |
| CVE-2026-11380 |
JetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' Setting |
01.07.2026 |
6.4 |
| CVE-2026-11981 |
GiveWP <= 4.15.3 - Cross-Site Request Forgery |
01.07.2026 |
4.3 |
| CVE-2026-11988 |
LearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' Parameter |
01.07.2026 |
6.5 |
| CVE-2026-12090 |
Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'wppm_proj_filter' Parameter |
01.07.2026 |
6.5 |
| CVE-2026-12110 |
Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'task_search' Parameter |
01.07.2026 |
6.5 |
| CVE-2026-12113 |
Appointment Booking Calendar <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure |
01.07.2026 |
4.3 |
| CVE-2026-12127 |
WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name |
01.07.2026 |
5.3 |
| CVE-2026-12133 |
JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion via season_groupdel AJAX action |
01.07.2026 |
4.3 |
| CVE-2026-12135 |
FV Flowplayer Video Player <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'video_player' Shortcode |
01.07.2026 |
6.4 |
| CVE-2026-12902 |
Kadence Blocks <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation via kadence_import_process_pattern/kadence_import_process_data AJAX Actions |
01.07.2026 |
4.3 |
| CVE-2026-12904 |
Kadence Blocks <= 3.7.7 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification via 'post_path' Parameter |
01.07.2026 |
4.3 |
| CVE-2026-12923 |
Video Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' Parameter |
01.07.2026 |
7.5 |
| CVE-2026-13015 |
WP Google Review Slider <= 18.1 - Reflected Cross-Site Scripting via 'place' Parameter |
01.07.2026 |
6.1 |
| CVE-2026-13246 |
GiveWP <= 4.16.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'block_id' Shortcode Attribute |
01.07.2026 |
6.4 |
| CVE-2026-13443 |
Tutor LMS <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting via Lesson Attachment Title |
01.07.2026 |
6.4 |
| CVE-2026-13468 |
Visualizer <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via /visualizer/v1/action/{chart}/{type}/ REST Endpoint |
01.07.2026 |
7.5 |
| CVE-2026-13731 |
WPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' Parameter |
01.07.2026 |
7.2 |
| CVE-2026-2387 |
Event Organiser <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via eo_events Shortcode |
01.07.2026 |
6.4 |
| CVE-2026-44040 |
UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes |
01.07.2026 |
4.8 |
| CVE-2026-44041 |
UltraVNC vncWc2Mb calls wcslen() before validating that the wide string is NUL-terminated |
01.07.2026 |
4.3 |
| CVE-2026-44042 |
UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check |
01.07.2026 |
3.7 |
| CVE-2026-58518 |
|
01.07.2026 |
|
| CVE-2026-58519 |
Stored XSS through Cargo's map format |
01.07.2026 |
|
| CVE-2026-6070 |
WP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' Parameter |
01.07.2026 |
9.1 |
| CVE-2026-7517 |
Custom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' Parameter |
01.07.2026 |
7.2 |
| CVE-2026-7828 |
UltraVNC repeater integer overflow in win_log malloc leading to heap overflow |
01.07.2026 |
5.3 |
| CVE-2026-7829 |
UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token |
01.07.2026 |
7.2 |
| CVE-2026-7830 |
UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception |
01.07.2026 |
7.4 |
| CVE-2026-7831 |
UltraVNC viewer off-by-one stack overflow in ServerInit desktop name parsing |
01.07.2026 |
7.5 |
| CVE-2026-7838 |
UltraVNC viewer heap buffer overflow via integer overflow in RFB connection-failure reason length |
01.07.2026 |
8.8 |
| CVE-2026-7839 |
UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access |
01.07.2026 |
9.1 |
| CVE-2026-7840 |
UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE) |
01.07.2026 |
9.8 |
| CVE-2026-9107 |
Kali Forms <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'kaliforms_field_components' Parameter |
01.07.2026 |
6.4 |
| CVE-2026-14191 |
WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader |
01.07.2026 |
7.8 |
| CVE-2026-20457 |
|
01.07.2026 |
|
| CVE-2026-20458 |
|
01.07.2026 |
|
| CVE-2026-20459 |
|
01.07.2026 |
|
| CVE-2026-20460 |
|
01.07.2026 |
|
| CVE-2026-20461 |
|
01.07.2026 |
|
| CVE-2026-20462 |
|
01.07.2026 |
|
| CVE-2026-20463 |
|
01.07.2026 |
|
| CVE-2026-41579 |
runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations |
01.07.2026 |
3.3 |
| CVE-2026-53488 |
containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull |
01.07.2026 |
|
| CVE-2026-57962 |
Denial-of-service via malicious LDAP address-book server |
01.07.2026 |
|
| CVE-2026-57963 |
Chat UI manipulation by injection |
01.07.2026 |
|
| CVE-2026-54901 |
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking |
01.07.2026 |
|
| CVE-2026-54902 |
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback |
01.07.2026 |
|
| CVE-2026-54903 |
Oj: Integer Overflow in Oj.load 2GB String Handling |
01.07.2026 |
|
| CVE-2026-54500 |
Oj: intern.c form_attr has an uninitialized stack read |
01.07.2026 |
5.3 |
| CVE-2026-54502 |
Oj: Stack Buffer Overflow in Oj.dump via Large Indent |
30.06.2026 |
|
| CVE-2026-54592 |
Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input |
01.07.2026 |
7.5 |
| CVE-2026-54896 |
Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent |
01.07.2026 |
|
| CVE-2026-54897 |
Oj : Use-After-Free in Oj::Doc Iterators via Reentrant Close |
01.07.2026 |
|
| CVE-2026-54898 |
Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation |
01.07.2026 |
|
| CVE-2026-54899 |
Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle |
01.07.2026 |
|
| CVE-2026-54900 |
Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling |
30.06.2026 |
|
| CVE-2026-13774 |
|
01.07.2026 |
|
| CVE-2026-13775 |
|
30.06.2026 |
|
| CVE-2026-13776 |
|
30.06.2026 |
|
| CVE-2026-13777 |
|
30.06.2026 |
|
| CVE-2026-13778 |
|
01.07.2026 |
|
| CVE-2026-13779 |
|
01.07.2026 |
|
| CVE-2026-13780 |
|
30.06.2026 |
|
| CVE-2026-13781 |
|
30.06.2026 |
|
| CVE-2026-13782 |
|
30.06.2026 |
|
| CVE-2026-13783 |
|
30.06.2026 |
|
| CVE-2026-13784 |
|
30.06.2026 |
|
| CVE-2026-13785 |
|
30.06.2026 |
|
| CVE-2026-13786 |
|
01.07.2026 |
|
| CVE-2026-13787 |
|
01.07.2026 |
|
| CVE-2026-13788 |
|
01.07.2026 |
|
| CVE-2026-13789 |
|
30.06.2026 |
|
| CVE-2026-13790 |
|
30.06.2026 |
|
| CVE-2026-13791 |
|
01.07.2026 |
|
| CVE-2026-13792 |
|
30.06.2026 |
|
| CVE-2026-13793 |
|
30.06.2026 |
|
| CVE-2026-13794 |
|
01.07.2026 |
|
| CVE-2026-13795 |
|
30.06.2026 |
|
| CVE-2026-13796 |
|
30.06.2026 |
|
| CVE-2026-13797 |
|
30.06.2026 |
|
| CVE-2026-13798 |
|
30.06.2026 |
|
| CVE-2026-13799 |
|
30.06.2026 |
|
| CVE-2026-13800 |
|
01.07.2026 |
|
| CVE-2026-13801 |
|
30.06.2026 |
|
| CVE-2026-13802 |
|
01.07.2026 |
|
| CVE-2026-13803 |
|
01.07.2026 |
|
| CVE-2026-13804 |
|
01.07.2026 |
|
| CVE-2026-13805 |
|
01.07.2026 |
|
| CVE-2026-13806 |
|
30.06.2026 |
|
| CVE-2026-13807 |
|
01.07.2026 |
|
| CVE-2026-13808 |
|
01.07.2026 |
|
| CVE-2026-13809 |
|
30.06.2026 |
|
| CVE-2026-13810 |
|
01.07.2026 |
|
| CVE-2026-13811 |
|
01.07.2026 |
|
| CVE-2026-13812 |
|
01.07.2026 |
|
| CVE-2026-13813 |
|
01.07.2026 |
|
| CVE-2026-13814 |
|
01.07.2026 |
|
| CVE-2026-13815 |
|
01.07.2026 |
|
| CVE-2026-13816 |
|
30.06.2026 |
|
| CVE-2026-13817 |
|
01.07.2026 |
|
| CVE-2026-13818 |
|
30.06.2026 |
|
| CVE-2026-13819 |
|
01.07.2026 |
|
| CVE-2026-13820 |
|
01.07.2026 |
|
| CVE-2026-13821 |
|
01.07.2026 |
|
| CVE-2026-13822 |
|
01.07.2026 |
|
| CVE-2026-13823 |
|
01.07.2026 |
|
| CVE-2026-13824 |
|
01.07.2026 |
|
| CVE-2026-13825 |
|
01.07.2026 |
|
| CVE-2026-13826 |
|
01.07.2026 |
|
| CVE-2026-13827 |
|
01.07.2026 |
|
| CVE-2026-13828 |
|
01.07.2026 |
|
| CVE-2026-13829 |
|
01.07.2026 |
|
| CVE-2026-13830 |
|
01.07.2026 |
|
| CVE-2026-13831 |
|
01.07.2026 |
|
| CVE-2026-13832 |
|
01.07.2026 |
|
| CVE-2026-13833 |
|
01.07.2026 |
|
| CVE-2026-13834 |
|
01.07.2026 |
|
| CVE-2026-13835 |
|
01.07.2026 |
|
| CVE-2026-13836 |
|
01.07.2026 |
|
| CVE-2026-13837 |
|
01.07.2026 |
|
| CVE-2026-13838 |
|
01.07.2026 |
|
| CVE-2026-13839 |
|
01.07.2026 |
|
| CVE-2026-13840 |
|
01.07.2026 |
|
| CVE-2026-13841 |
|
01.07.2026 |
|
| CVE-2026-13842 |
|
01.07.2026 |
|
| CVE-2026-13843 |
|
01.07.2026 |
|
| CVE-2026-13844 |
|
01.07.2026 |
|
| CVE-2026-13845 |
|
01.07.2026 |
|
| CVE-2026-13846 |
|
01.07.2026 |
|
| CVE-2026-13847 |
|
01.07.2026 |
|
| CVE-2026-13848 |
|
01.07.2026 |
|
| CVE-2026-13849 |
|
01.07.2026 |
|
| CVE-2026-13850 |
|
01.07.2026 |
|
| CVE-2026-13851 |
|
01.07.2026 |
|
| CVE-2026-13852 |
|
01.07.2026 |
|
| CVE-2026-13853 |
|
01.07.2026 |
|
| CVE-2026-13854 |
|
01.07.2026 |
|
| CVE-2026-13855 |
|
01.07.2026 |
|
| CVE-2026-13856 |
|
01.07.2026 |
|
| CVE-2026-13857 |
|
01.07.2026 |
|
| CVE-2026-13858 |
|
01.07.2026 |
|
| CVE-2026-13859 |
|
01.07.2026 |
|
| CVE-2026-13860 |
|
01.07.2026 |
|
| CVE-2026-13861 |
|
01.07.2026 |
|
| CVE-2026-13862 |
|
01.07.2026 |
|
| CVE-2026-13863 |
|
01.07.2026 |
|
| CVE-2026-13864 |
|
01.07.2026 |
|
| CVE-2026-13865 |
|
01.07.2026 |
|
| CVE-2026-13866 |
|
01.07.2026 |
|
| CVE-2026-13867 |
|
01.07.2026 |
|
| CVE-2026-13868 |
|
01.07.2026 |
|
| CVE-2026-13869 |
|
01.07.2026 |
|
| CVE-2026-13870 |
|
01.07.2026 |
|
| CVE-2026-13871 |
|
01.07.2026 |
|
| CVE-2026-13872 |
|
01.07.2026 |
|
| CVE-2026-13873 |
|
01.07.2026 |
|
| CVE-2026-13874 |
|
01.07.2026 |
|
| CVE-2026-13875 |
|
01.07.2026 |
|
| CVE-2026-13876 |
|
01.07.2026 |
|
| CVE-2026-13877 |
|
01.07.2026 |
|
| CVE-2026-13878 |
|
01.07.2026 |
|
| CVE-2026-13879 |
|
01.07.2026 |
|
| CVE-2026-13880 |
|
01.07.2026 |
|
| CVE-2026-13881 |
|
01.07.2026 |
|
| CVE-2026-13882 |
|
01.07.2026 |
|
| CVE-2026-13883 |
|
01.07.2026 |
|
| CVE-2026-13884 |
|
01.07.2026 |
|
| CVE-2026-13885 |
|
01.07.2026 |
|
| CVE-2026-13886 |
|
01.07.2026 |
|
| CVE-2026-13887 |
|
01.07.2026 |
|
| CVE-2026-13888 |
|
01.07.2026 |
|
| CVE-2026-13889 |
|
01.07.2026 |
|
| CVE-2026-13890 |
|
01.07.2026 |
|
| CVE-2026-13891 |
|
01.07.2026 |
|
| CVE-2026-13892 |
|
01.07.2026 |
|
| CVE-2026-13893 |
|
01.07.2026 |
|
| CVE-2026-13894 |
|
30.06.2026 |
|
| CVE-2026-13895 |
|
01.07.2026 |
|
| CVE-2026-13896 |
|
30.06.2026 |
|
| CVE-2026-13897 |
|
01.07.2026 |
|
| CVE-2026-13898 |
|
01.07.2026 |
|
| CVE-2026-13899 |
|
01.07.2026 |
|
| CVE-2026-13900 |
|
30.06.2026 |
|
| CVE-2026-13901 |
|
01.07.2026 |
|
| CVE-2026-13902 |
|
01.07.2026 |
|
| CVE-2026-13903 |
|
01.07.2026 |
|
| CVE-2026-13904 |
|
30.06.2026 |
|
| CVE-2026-13905 |
|
01.07.2026 |
|
| CVE-2026-13906 |
|
01.07.2026 |
|
| CVE-2026-13907 |
|
01.07.2026 |
|
| CVE-2026-13908 |
|
30.06.2026 |
|
| CVE-2026-13909 |
|
01.07.2026 |
|
| CVE-2026-13910 |
|
01.07.2026 |
|
| CVE-2026-13911 |
|
01.07.2026 |
|
| CVE-2026-13912 |
|
01.07.2026 |
|
| CVE-2026-13913 |
|
01.07.2026 |
|
| CVE-2026-13914 |
|
01.07.2026 |
|
| CVE-2026-13915 |
|
01.07.2026 |
|
| CVE-2026-13916 |
|
01.07.2026 |
|
| CVE-2026-13917 |
|
30.06.2026 |
|
| CVE-2026-13918 |
|
01.07.2026 |
|
| CVE-2026-13919 |
|
30.06.2026 |
|
| CVE-2026-13920 |
|
30.06.2026 |
|
| CVE-2026-13921 |
|
30.06.2026 |
|
| CVE-2026-13922 |
|
30.06.2026 |
|
| CVE-2026-13923 |
|
01.07.2026 |
|
| CVE-2026-13924 |
|
30.06.2026 |
|
| CVE-2026-13925 |
|
01.07.2026 |
|
| CVE-2026-13926 |
|
30.06.2026 |
|
| CVE-2026-13927 |
|
01.07.2026 |
|
| CVE-2026-13928 |
|
01.07.2026 |
|
| CVE-2026-13929 |
|
30.06.2026 |
|
| CVE-2026-13930 |
|
30.06.2026 |
|
| CVE-2026-13931 |
|
01.07.2026 |
|
| CVE-2026-13932 |
|
01.07.2026 |
|
| CVE-2026-13933 |
|
01.07.2026 |
|
| CVE-2026-13934 |
|
30.06.2026 |
|
| CVE-2026-13935 |
|
30.06.2026 |
|
| CVE-2026-13936 |
|
01.07.2026 |
|
| CVE-2026-13937 |
|
30.06.2026 |
|
| CVE-2026-13938 |
|
30.06.2026 |
|
| CVE-2026-13939 |
|
30.06.2026 |
|
| CVE-2026-13940 |
|
01.07.2026 |
|
| CVE-2026-13941 |
|
30.06.2026 |
|
| CVE-2026-13942 |
|
30.06.2026 |
|
| CVE-2026-13943 |
|
01.07.2026 |
|
| CVE-2026-13944 |
|
30.06.2026 |
|
| CVE-2026-13945 |
|
30.06.2026 |
|
| CVE-2026-13946 |
|
30.06.2026 |
|
| CVE-2026-13947 |
|
01.07.2026 |
|
| CVE-2026-13948 |
|
30.06.2026 |
|
| CVE-2026-13949 |
|
01.07.2026 |
|
| CVE-2026-13950 |
|
01.07.2026 |
|
| CVE-2026-13951 |
|
30.06.2026 |
|
| CVE-2026-13952 |
|
30.06.2026 |
|
| CVE-2026-13953 |
|
30.06.2026 |
|
| CVE-2026-13954 |
|
01.07.2026 |
|
| CVE-2026-13955 |
|
30.06.2026 |
|
| CVE-2026-13956 |
|
01.07.2026 |
|
| CVE-2026-13957 |
|
30.06.2026 |
|
| CVE-2026-13958 |
|
01.07.2026 |
|
| CVE-2026-13959 |
|
30.06.2026 |
|
| CVE-2026-13960 |
|
30.06.2026 |
|
| CVE-2026-13961 |
|
01.07.2026 |
|
| CVE-2026-13962 |
|
30.06.2026 |
|
| CVE-2026-13963 |
|
30.06.2026 |
|
| CVE-2026-13964 |
|
30.06.2026 |
|
| CVE-2026-13965 |
|
01.07.2026 |
|
| CVE-2026-13966 |
|
30.06.2026 |
|
| CVE-2026-13967 |
|
01.07.2026 |
|
| CVE-2026-13968 |
|
01.07.2026 |
|
| CVE-2026-13969 |
|
01.07.2026 |
|
| CVE-2026-13970 |
|
01.07.2026 |
|
| CVE-2026-13971 |
|
01.07.2026 |
|
| CVE-2026-13972 |
|
30.06.2026 |
|
| CVE-2026-13973 |
|
01.07.2026 |
|
| CVE-2026-13974 |
|
30.06.2026 |
|
| CVE-2026-13975 |
|
01.07.2026 |
|
| CVE-2026-13976 |
|
30.06.2026 |
|
| CVE-2026-13977 |
|
30.06.2026 |
|
| CVE-2026-13978 |
|
30.06.2026 |
|
| CVE-2026-13979 |
|
30.06.2026 |
|
| CVE-2026-13980 |
|
30.06.2026 |
|
| CVE-2026-13981 |
|
30.06.2026 |
|
| CVE-2026-13982 |
|
30.06.2026 |
|
| CVE-2026-13983 |
|
01.07.2026 |
|
| CVE-2026-13984 |
|
30.06.2026 |
|
| CVE-2026-13985 |
|
30.06.2026 |
|
| CVE-2026-13986 |
|
01.07.2026 |
|
| CVE-2026-13987 |
|
30.06.2026 |
|
| CVE-2026-13988 |
|
30.06.2026 |
|
| CVE-2026-13989 |
|
30.06.2026 |
|
| CVE-2026-13990 |
|
30.06.2026 |
|
| CVE-2026-13991 |
|
30.06.2026 |
|
| CVE-2026-13992 |
|
01.07.2026 |
|
| CVE-2026-13993 |
|
01.07.2026 |
|
| CVE-2026-13994 |
|
30.06.2026 |
|
| CVE-2026-13995 |
|
30.06.2026 |
|
| CVE-2026-13996 |
|
30.06.2026 |
|
| CVE-2026-13997 |
|
01.07.2026 |
|
| CVE-2026-13998 |
|
01.07.2026 |
|
| CVE-2026-13999 |
|
01.07.2026 |
|
| CVE-2026-14000 |
|
30.06.2026 |
|
| CVE-2026-14001 |
|
30.06.2026 |
|
| CVE-2026-14002 |
|
01.07.2026 |
|
| CVE-2026-14003 |
|
30.06.2026 |
|
| CVE-2026-14004 |
|
30.06.2026 |
|
| CVE-2026-14005 |
|
30.06.2026 |
|
| CVE-2026-14006 |
|
01.07.2026 |
|
| CVE-2026-14007 |
|
30.06.2026 |
|
| CVE-2026-14008 |
|
01.07.2026 |
|
| CVE-2026-14009 |
|
01.07.2026 |
|
| CVE-2026-14010 |
|
01.07.2026 |
|
| CVE-2026-14011 |
|
01.07.2026 |
|
| CVE-2026-14012 |
|
01.07.2026 |
|
| CVE-2026-14013 |
|
01.07.2026 |
|
| CVE-2026-14014 |
|
01.07.2026 |
|
| CVE-2026-14015 |
|
01.07.2026 |
|
| CVE-2026-14016 |
|
01.07.2026 |
|
| CVE-2026-14017 |
|
30.06.2026 |
|
| CVE-2026-14018 |
|
01.07.2026 |
|
| CVE-2026-14019 |
|
01.07.2026 |
|
| CVE-2026-14020 |
|
01.07.2026 |
|
| CVE-2026-14021 |
|
01.07.2026 |
|
| CVE-2026-14022 |
|
01.07.2026 |
|
| CVE-2026-14023 |
|
01.07.2026 |
|
| CVE-2026-14024 |
|
01.07.2026 |
|
| CVE-2026-14025 |
|
01.07.2026 |
|
| CVE-2026-14026 |
|
01.07.2026 |
|
| CVE-2026-14027 |
|
01.07.2026 |
|
| CVE-2026-14028 |
|
01.07.2026 |
|
| CVE-2026-14030 |
|
01.07.2026 |
|
| CVE-2026-14031 |
|
01.07.2026 |
|
| CVE-2026-14032 |
|
01.07.2026 |
|
| CVE-2026-14033 |
|
01.07.2026 |
|
| CVE-2026-14034 |
|
01.07.2026 |
|
| CVE-2026-14035 |
|
01.07.2026 |
|
| CVE-2026-14036 |
|
01.07.2026 |
|
| CVE-2026-14037 |
|
01.07.2026 |
|
| CVE-2026-14038 |
|
01.07.2026 |
|
| CVE-2026-14039 |
|
01.07.2026 |
|
| CVE-2026-14040 |
|
01.07.2026 |
|
| CVE-2026-14041 |
|
01.07.2026 |
|
| CVE-2026-14042 |
|
01.07.2026 |
|
| CVE-2026-14043 |
|
01.07.2026 |
|
| CVE-2026-14044 |
|
01.07.2026 |
|
| CVE-2026-14045 |
|
01.07.2026 |
|
| CVE-2026-14046 |
|
01.07.2026 |
|
| CVE-2026-14047 |
|
01.07.2026 |
|
| CVE-2026-14048 |
|
01.07.2026 |
|
| CVE-2026-14049 |
|
01.07.2026 |
|
| CVE-2026-14050 |
|
01.07.2026 |
|
| CVE-2026-14051 |
|
01.07.2026 |
|
| CVE-2026-14052 |
|
01.07.2026 |
|
| CVE-2026-14053 |
|
01.07.2026 |
|
| CVE-2026-14054 |
|
01.07.2026 |
|
| CVE-2026-14055 |
|
01.07.2026 |
|
| CVE-2026-14056 |
|
01.07.2026 |
|
| CVE-2026-14057 |
|
01.07.2026 |
|
| CVE-2026-14058 |
|
01.07.2026 |
|
| CVE-2026-14059 |
|
01.07.2026 |
|
| CVE-2026-14060 |
|
01.07.2026 |
|
| CVE-2026-14061 |
|
01.07.2026 |
|
| CVE-2026-14062 |
|
01.07.2026 |
|
| CVE-2026-14063 |
|
01.07.2026 |
|
| CVE-2026-14064 |
|
01.07.2026 |
|
| CVE-2026-14065 |
|
01.07.2026 |
|
| CVE-2026-14066 |
|
01.07.2026 |
|
| CVE-2026-14067 |
|
01.07.2026 |
|
| CVE-2026-14068 |
|
01.07.2026 |
|
| CVE-2026-14069 |
|
01.07.2026 |
|
| CVE-2026-14070 |
|
01.07.2026 |
|
| CVE-2026-14071 |
|
01.07.2026 |
|
| CVE-2026-14072 |
|
01.07.2026 |
|
| CVE-2026-14073 |
|
01.07.2026 |
|
| CVE-2026-14074 |
|
01.07.2026 |
|
| CVE-2026-14075 |
|
01.07.2026 |
|
| CVE-2026-14076 |
|
01.07.2026 |
|
| CVE-2026-14077 |
|
01.07.2026 |
|
| CVE-2026-14078 |
|
01.07.2026 |
|
| CVE-2026-14079 |
|
30.06.2026 |
|
| CVE-2026-14080 |
|
30.06.2026 |
|
| CVE-2026-14081 |
|
01.07.2026 |
|
| CVE-2026-14082 |
|
30.06.2026 |
|
| CVE-2026-14083 |
|
30.06.2026 |
|
| CVE-2026-14084 |
|
30.06.2026 |
|
| CVE-2026-14085 |
|
30.06.2026 |
|
| CVE-2026-14086 |
|
01.07.2026 |
|
| CVE-2026-14087 |
|
30.06.2026 |
|
| CVE-2026-14088 |
|
01.07.2026 |
|
| CVE-2026-14089 |
|
01.07.2026 |
|
| CVE-2026-14090 |
|
30.06.2026 |
|
| CVE-2026-14091 |
|
01.07.2026 |
|
| CVE-2026-14092 |
|
30.06.2026 |
|
| CVE-2026-14093 |
|
30.06.2026 |
|
| CVE-2026-14094 |
|
01.07.2026 |
|
| CVE-2026-14095 |
|
30.06.2026 |
|
| CVE-2026-14096 |
|
30.06.2026 |
|
| CVE-2026-14097 |
|
30.06.2026 |
|
| CVE-2026-14098 |
|
30.06.2026 |
|
| CVE-2026-14099 |
|
30.06.2026 |
|
| CVE-2026-14100 |
|
30.06.2026 |
|
| CVE-2026-14101 |
|
30.06.2026 |
|
| CVE-2026-14102 |
|
30.06.2026 |
|
| CVE-2026-14103 |
|
01.07.2026 |
|
| CVE-2026-14104 |
|
01.07.2026 |
|
| CVE-2026-14105 |
|
30.06.2026 |
|
| CVE-2026-14106 |
|
30.06.2026 |
|
| CVE-2026-14107 |
|
01.07.2026 |
|
| CVE-2026-14108 |
|
01.07.2026 |
|
| CVE-2026-14109 |
|
01.07.2026 |
|
| CVE-2026-14110 |
|
01.07.2026 |
|
| CVE-2026-14111 |
|
01.07.2026 |
|
| CVE-2026-14112 |
|
01.07.2026 |
|
| CVE-2026-14113 |
|
01.07.2026 |
|
| CVE-2026-14114 |
|
01.07.2026 |
|
| CVE-2026-14115 |
|
01.07.2026 |
|
| CVE-2026-14116 |
|
01.07.2026 |
|
| CVE-2026-14117 |
|
01.07.2026 |
|
| CVE-2026-14118 |
|
01.07.2026 |
|
| CVE-2026-14119 |
|
01.07.2026 |
|
| CVE-2026-14120 |
|
01.07.2026 |
|
| CVE-2026-14121 |
|
01.07.2026 |
|
| CVE-2026-14122 |
|
01.07.2026 |
|
| CVE-2026-14123 |
|
01.07.2026 |
|
| CVE-2026-14124 |
|
01.07.2026 |
|
| CVE-2026-14125 |
|
01.07.2026 |
|
| CVE-2026-14126 |
|
01.07.2026 |
|
| CVE-2026-14127 |
|
01.07.2026 |
|
| CVE-2026-14128 |
|
01.07.2026 |
|
| CVE-2026-14129 |
|
01.07.2026 |
|
| CVE-2026-14130 |
|
01.07.2026 |
|
| CVE-2026-14131 |
|
01.07.2026 |
|
| CVE-2026-14132 |
|
01.07.2026 |
|
| CVE-2026-14133 |
|
01.07.2026 |
|
| CVE-2026-14134 |
|
01.07.2026 |
|
| CVE-2026-14135 |
|
01.07.2026 |
|
| CVE-2026-14136 |
|
01.07.2026 |
|
| CVE-2026-14137 |
|
01.07.2026 |
|
| CVE-2026-14138 |
|
01.07.2026 |
|
| CVE-2026-14139 |
|
01.07.2026 |
|
| CVE-2026-14140 |
|
01.07.2026 |
|
| CVE-2026-14141 |
|
01.07.2026 |
|
| CVE-2026-14142 |
|
01.07.2026 |
|
| CVE-2026-14143 |
|
01.07.2026 |
|
| CVE-2026-14144 |
|
01.07.2026 |
|
| CVE-2026-14145 |
|
01.07.2026 |
|
| CVE-2026-14146 |
|
01.07.2026 |
|
| CVE-2026-14147 |
|
01.07.2026 |
|
| CVE-2026-14148 |
|
01.07.2026 |
|
| CVE-2026-14149 |
|
01.07.2026 |
|
| CVE-2026-14150 |
|
01.07.2026 |
|
| CVE-2026-14151 |
|
01.07.2026 |
|
| CVE-2026-14152 |
|
01.07.2026 |
|
| CVE-2026-14153 |
|
01.07.2026 |
|
| CVE-2026-14154 |
|
01.07.2026 |
|
| CVE-2026-14155 |
|
01.07.2026 |
|
| CVE-2026-14156 |
|
01.07.2026 |
|
| CVE-2026-50110 |
Use of Hard-coded Credentials in StoneFly Storage Concentrator |
01.07.2026 |
|
| CVE-2026-52193 |
|
30.06.2026 |
|
| CVE-2026-52198 |
|
30.06.2026 |
|
| CVE-2026-55223 |
c3p0 exposes a deserialization "sink" via JDBC DataSource bean properties |
01.07.2026 |
|
| CVE-2026-55721 |
SQL Injection in StoneFly Storage Concentrator |
30.06.2026 |
|
| CVE-2026-56413 |
OS Command Injection in StoneFly Storage Concentrator |
01.07.2026 |
|
| CVE-2026-56415 |
OS Command Injection in StoneFly Storage Concentrator |
01.07.2026 |
|
| CVE-2025-71349 |
picklescan - Arbitrary Code Execution via Undetected trace.Trace.run in Pickle Files |
01.07.2026 |
|
| CVE-2025-71350 |
picklescan - Undetected Remote Code Execution via torch.utils.collect_env.run |
01.07.2026 |
|
| CVE-2025-71352 |
picklescan - Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files |
01.07.2026 |
|
| CVE-2025-71355 |
Picklescan - Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass |
01.07.2026 |
|
| CVE-2025-71363 |
picklescan - Arbitrary Code Execution via Undetected cProfile.run in Pickle Deserialization |
01.07.2026 |
|
| CVE-2025-71368 |
picklescan - Arbitrary Code Execution via Undetected doctest.debug_script |
01.07.2026 |
|
| CVE-2025-71371 |
picklescan - Remote Code Execution via code.InteractiveInterpreter Detection Bypass |
01.07.2026 |
|
| CVE-2025-71374 |
picklescan - Arbitrary Code Execution via Undetected profile.Profile.run |
01.07.2026 |
|
| CVE-2025-71381 |
Hono - Vary Header Injection in CORS Middleware |
01.07.2026 |
|
| CVE-2026-28322 |
SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability |
30.06.2026 |
5.6 |
| CVE-2026-50040 |
Cross-site Scripting in StoneFly Storage Concentrator |
30.06.2026 |
|
| CVE-2026-52195 |
|
01.07.2026 |
|
| CVE-2026-52197 |
|
01.07.2026 |
|
| CVE-2026-54672 |
electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib` |
01.07.2026 |
7.8 |
| CVE-2026-54673 |
electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime` |
01.07.2026 |
|
| CVE-2026-54696 |
Ruby JSON: JSON generator heap buffer overflow when streaming to an IO |
01.07.2026 |
3.7 |
| CVE-2026-56219 |
Capgo - Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass |
01.07.2026 |
|
| CVE-2026-56224 |
Capgo - Login CSRF and Session Fixation via URL Query Parameters |
01.07.2026 |
|
| CVE-2026-56230 |
Capgo - Broken Object Level Authorization via x-limited-key-id Header |
01.07.2026 |
|
| CVE-2026-56233 |
Capgo - SSRF and Privilege Escalation via Path Traversal in Builder Upload Proxy |
01.07.2026 |
|
| CVE-2026-56247 |
Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment |
01.07.2026 |
|
| CVE-2026-56249 |
Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision |
01.07.2026 |
|
| CVE-2026-56264 |
Crawl4AI - Arbitrary JavaScript Execution via /execute_js Endpoint |
01.07.2026 |
|
| CVE-2026-56277 |
Flowise - Hardcoded CORS Wildcard in TTS Endpoint |
01.07.2026 |
|
| CVE-2026-56278 |
Flowise - Session Hijacking via Weak Default Express Session Secret |
01.07.2026 |
|
| CVE-2026-56286 |
Capgo - Account Deletion Without Password Confirmation |
01.07.2026 |
|
| CVE-2026-56300 |
Capgo - Unauthenticated API Key Validity and Permission Oracle via RPC Functions |
01.07.2026 |
|
| CVE-2026-56318 |
Capgo - Information Disclosure via /private/validate_password_compliance Endpoint |
01.07.2026 |
|
| CVE-2026-56320 |
Capgo - Org/App Scope Mismatch in Device Creation Endpoint |
01.07.2026 |
|
| CVE-2026-56327 |
Capgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC |
01.07.2026 |
|
| CVE-2026-56328 |
Capgo - Integrity Issue in Release Routing via Multiple Public Channels |
01.07.2026 |
|
| CVE-2026-56331 |
Capgo - Improper Error Handling in Accept Invitation Endpoint via Invalid Magic String |
01.07.2026 |
|
| CVE-2026-56333 |
Capgo - Server-Side Validation Bypass via Direct Browser-Side Organization Security Settings Updates |
01.07.2026 |
|
| CVE-2026-56334 |
Capgo - Missing UPDATE RLS Policy for Build Status Persistence |
01.07.2026 |
|
| CVE-2026-56350 |
n8n - SSO Enforcement Bypass via API |
01.07.2026 |
|
| CVE-2026-56356 |
n8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field |
01.07.2026 |
|
| CVE-2026-56361 |
ImageMagick - Heap Buffer Overflow via Off-by-One in Morphology Processing |
01.07.2026 |
|
| CVE-2026-56363 |
ImageMagick - Division by Zero in Binomial Kernel Processing |
01.07.2026 |
|
| CVE-2026-56364 |
ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML |
01.07.2026 |
|
| CVE-2026-56365 |
ImageMagick - Memory Leak in PNG Encoder via MNG Image Writing |
01.07.2026 |
|
| CVE-2026-56369 |
ImageMagick - Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage |
01.07.2026 |
|
| CVE-2026-56377 |
ImageMagick - Policy Bypass via Incorrect Path Validation |
01.07.2026 |
|
| CVE-2026-56399 |
Open WebUI - Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web |
01.07.2026 |
|
| CVE-2026-56700 |
Grav - Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection |
01.07.2026 |
|
| CVE-2026-56777 |
n8n - AST Validator Bypass in Python Code Node |
01.07.2026 |
|
| CVE-2026-57995 |
phpMyFAQ - Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions |
01.07.2026 |
|
| CVE-2026-10585 |
Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category |
01.07.2026 |
|
| CVE-2026-37106 |
|
01.07.2026 |
|
| CVE-2026-52196 |
|
01.07.2026 |
|
| CVE-2026-57204 |
pypdf: Missing stream length values ignore defined limits |
01.07.2026 |
|
| CVE-2026-57585 |
MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error |
01.07.2026 |
7.5 |
| CVE-2026-11541 |
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling |
01.07.2026 |
7.4 |
| CVE-2026-35505 |
OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime |
30.06.2026 |
|
| CVE-2026-50003 |
OFFIS DCMTK Toolkit Path Traversal |
30.06.2026 |
|
| CVE-2026-50254 |
OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime |
30.06.2026 |
|
| CVE-2026-52868 |
OFFIS DCMTK Toolkit Path Traversal |
30.06.2026 |
|
| CVE-2026-58446 |
Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint |
01.07.2026 |
6.5 |
| CVE-2026-58447 |
Invidious - Cross-User Playlist Video Deletion via Missing Ownership Check |
01.07.2026 |
6.5 |
| CVE-2026-58448 |
yudao-cloud < 2026.06 - BPM Module Broken Access Control via process-instance API |
01.07.2026 |
6.5 |
| CVE-2026-58449 |
txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter |
01.07.2026 |
9.8 |
| CVE-2026-58450 |
Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter |
01.07.2026 |
4.3 |
| CVE-2025-12530 |
Vulnerabilities found in Watson Data Intelligence |
01.07.2026 |
5.9 |
| CVE-2025-36319 |
Vulnerabilities found in Watson Data Intelligence |
30.06.2026 |
4.3 |
| CVE-2025-36320 |
Vulnerabilities found in Watson Data Intelligence |
01.07.2026 |
6.4 |
| CVE-2025-36321 |
Vulnerabilities found in Watson Data Intelligence |
01.07.2026 |
5.7 |
| CVE-2025-36323 |
Vulnerabilities found in Watson Data Intelligence |
01.07.2026 |
5.4 |
| CVE-2025-36324 |
Vulnerabilities found in Watson Data Intelligence |
01.07.2026 |
4.3 |
| CVE-2025-36327 |
Vulnerabilities found in Watson Data Intelligence |
01.07.2026 |
6.5 |
| CVE-2025-36328 |
Error Message Containing Sensitive Information found in Watson Data Intelligence |
30.06.2026 |
4.3 |
| CVE-2025-36333 |
Vulnerabilities found in Watson Data Intelligence |
01.07.2026 |
4.3 |
| CVE-2025-36336 |
Transmission of Sensitive Information found in Watson Data Intelligence |
01.07.2026 |
5.9 |
| CVE-2025-36359 |
IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. |
01.07.2026 |
8.1 |
| CVE-2026-10562 |
Unauthenticated Open Redirect Vulnerability on TP-Link Archer AX20 Web Interface |
30.06.2026 |
|
| CVE-2026-11594 |
IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities |
01.07.2026 |
8.5 |
| CVE-2026-13207 |
Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing |
30.06.2026 |
|
| CVE-2026-44628 |
OFFIS DCMTK Toolkit Type Confusion |
30.06.2026 |
|
| CVE-2026-9106 |
UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen |
01.07.2026 |
|
| CVE-2026-9132 |
Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint |
30.06.2026 |
|
| CVE-2025-36372 |
IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables |
01.07.2026 |
5.5 |
| CVE-2026-10109 |
IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling |
01.07.2026 |
9.8 |
| CVE-2026-10129 |
SSRF via HTTP Redirect Following in Langflow API Request Component |
30.06.2026 |
8.5 |
| CVE-2026-10134 |
Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows |
01.07.2026 |
10 |
| CVE-2026-10140 |
Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem |
01.07.2026 |
9.6 |
| CVE-2026-10546 |
DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component |
01.07.2026 |
7.1 |
| CVE-2026-10560 |
Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS |
01.07.2026 |
8.2 |
| CVE-2026-10564 |
SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection |
01.07.2026 |
8.2 |
| CVE-2026-11546 |
IBM WebSphere Application Server Liberty is affected by a server-side request forgery vulnerability |
30.06.2026 |
7.1 |
| CVE-2026-11595 |
IBM WebSphere Application Server is affected by a Path Traversal vulnerability |
01.07.2026 |
4.3 |
| CVE-2026-11708 |
IBM WebSphere Application Server is affected by a cross-site scripting vulnerability |
01.07.2026 |
9.3 |
| CVE-2026-11712 |
IBM WebSphere Application Server is affected by a cross-site scripting vulnerability |
01.07.2026 |
9.3 |
| CVE-2026-11714 |
IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability |
01.07.2026 |
8.5 |
| CVE-2026-11806 |
IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability |
01.07.2026 |
7.2 |
| CVE-2026-11906 |
IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user |
30.06.2026 |
6.5 |
| CVE-2026-12084 |
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains |
01.07.2026 |
5.4 |
| CVE-2026-12085 |
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability |
01.07.2026 |
6.5 |
| CVE-2026-12086 |
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability |
01.07.2026 |
6.2 |
| CVE-2026-13449 |
XXE attack in IBM Business Automation Manager Open Editions |
01.07.2026 |
7.6 |
| CVE-2026-13759 |
IBM WebSphere eXtreme Scale is affected by Insecure Deserilization |
01.07.2026 |
7.5 |
| CVE-2026-13772 |
IBM WebSphere eXtreme Scale's OQL is affected by remote code execution |
30.06.2026 |
7.5 |
| CVE-2026-13773 |
IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol |
30.06.2026 |
6 |
| CVE-2026-3602 |
IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection |
30.06.2026 |
4.7 |
| CVE-2026-7663 |
Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass |
01.07.2026 |
9.1 |
| CVE-2026-7803 |
Flow Validation Bypass via Empty Component Type Field |
01.07.2026 |
9.8 |
| CVE-2026-7871 |
Insecure Deserialization in Redis Cache Backend |
01.07.2026 |
9.8 |
| CVE-2026-7873 |
Code Injection Vulnerability in Code Validation Endpoint |
01.07.2026 |
9.9 |
| CVE-2026-7874 |
Weak Cryptographic Key Derivation Exposed All Stored Credentials |
30.06.2026 |
9.1 |
| CVE-2026-9002 |
IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled |
30.06.2026 |
6.5 |
| CVE-2026-9836 |
IBM DataStage Flow Designer application is affected by an information disclosure vulnerability |
30.06.2026 |
3.5 |
| CVE-2026-10513 |
Webmention <= 5.8.0 - Unauthenticated Stored Cross-Site Scripting via MF2 'photo'/'url' Author Properties |
01.07.2026 |
7.2 |
| CVE-2026-58138 |
Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators |
01.07.2026 |
|