CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write 03.07.2026 9.6
CVE-2026-20896 Gitea Docker image trusts spoofable reverse-proxy headers by default 03.07.2026 9.8
CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF 03.07.2026 9.6
CVE-2026-58289 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 9
CVE-2026-4321 SQLi in Raera's Destekz 03.07.2026 9.8
CVE-2026-14544 Hplip: incomplete fix for cve-2026-8631 03.07.2026 9.8
CVE-2026-9725 Printcart Web to Print Product Designer for WooCommerce <= 2.5.2 - Unauthenticated Arbitrary File Deletion 03.07.2026 9.1
CVE-2026-13768 Gardyn IoT Hub Use of Hard-coded Credentials 02.07.2026 9.5
CVE-2026-13368 WatchGuard Firebox Race Condition and Use-After-Free in Mobile VPN with IKEv2 LDAP Authentication 02.07.2026 9.2
CVE-2026-41106 Microsoft 365 Copilot Elevation of Privilege Vulnerability 03.07.2026 9.3
CVE-2026-45499 Azure OpenAI Elevation of Privilege Vulnerability 03.07.2026 9.9
CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability 03.07.2026 9.9
CVE-2026-52830 fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection 02.07.2026 9.4
CVE-2026-58466 AutoBangumi < 3.2.8 - Hard-coded Default Credentials via add_default_user() 02.07.2026 9.3
CVE-2026-59099 Apereo CAS 7.3.0 < 8.0.0-RC6 - AES-GCM Nonce Reuse Information Disclosure 02.07.2026 9.3
CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet 02.07.2026 9.3
CVE-2024-14037 Redsea Cloud eHR Unauthenticated File Upload RCE via PtFjk.mob 02.07.2026 9.3
CVE-2026-44935 Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer 03.07.2026 9.9
CVE-2026-58455 Dockwatch 0.6.567 Unauthenticated OS Command Injection via ajax/compose.php 02.07.2026 9.2
CVE-2026-50746 02.07.2026 10
CVE-2026-50747 02.07.2026 9.9
CVE-2026-50748 02.07.2026 9.9
CVE-2026-54400 02.07.2026 9.1
CVE-2026-54402 02.07.2026 9.9
CVE-2026-55115 02.07.2026 9.9
CVE-2026-55116 02.07.2026 9
CVE-2026-56004 obs-service-tar_scm: command injection via mercurial handler 02.07.2026 10
CVE-2026-4767 Improper Access Control in TR7's WAF-ASP 02.07.2026 9.8
CVE-2026-5524 Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter 02.07.2026 9.8
CVE-2026-27419 WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability 02.07.2026 9.9
CVE-2026-27436 WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerability 02.07.2026 9.1
CVE-2026-57621 WordPress Booktics plugin <= 1.0.21 - PHP Object Injection vulnerability 02.07.2026 9.8
CVE-2026-57623 WordPress W3 Total Cache plugin <= 2.9.4 - Arbitrary Code Execution vulnerability 02.07.2026 9
CVE-2026-57624 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Remote Code Execution (RCE) vulnerability 02.07.2026 10
CVE-2026-57625 WordPress Admin and Site Enhancements (ASE) Pro plugin <= 8.8.5 - Cross Site Scripting (XSS) vulnerability 02.07.2026 9.6
CVE-2026-57677 WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability 02.07.2026 9.8
CVE-2026-57679 WordPress GeekyBot plugin <= 1.2.5 - SQL Injection vulnerability 02.07.2026 9.3
CVE-2026-57683 WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability 02.07.2026 9.3
CVE-2026-14439 Path Traversal in Altium Git Service Allows Remote Code Execution 02.07.2026 9.4
CVE-2026-58457 Shenzhen Aitemi M300 MT02 Unauthenticated OS Command Injection via protocol.csp 01.07.2026 9.3
CVE-2026-50160 Mass Assignment via Onboarding Endpoint Allows Unauthenticated JWT_SECRET Overwrite 02.07.2026 10
CVE-2026-34108 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text.php 02.07.2026 9.3
CVE-2026-34109 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech.php 01.07.2026 9.3
CVE-2026-34110 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in complex_start.php 01.07.2026 9.3
CVE-2026-34111 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac_text.php 01.07.2026 9.3
CVE-2026-34112 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac.php 01.07.2026 9.3
CVE-2026-34113 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech_text.php 01.07.2026 9.3
CVE-2026-34114 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate_text.php 02.07.2026 9.3
CVE-2026-34115 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in transcribe_amazon.php 01.07.2026 9.3
CVE-2026-34116 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in transcribe.php 01.07.2026 9.3
CVE-2026-34117 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text_to_subtitles.php 01.07.2026 9.3
CVE-2026-34099 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info.php 02.07.2026 9.3
CVE-2026-34100 Guardian Language-System Unauthenticated SQL Injection via id Parameter in media.php 01.07.2026 9.3
CVE-2026-34101 Guardian Language-System Unauthenticated SQL Injection via id Parameter in text_file.php 01.07.2026 9.3
CVE-2026-34102 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info_get.php 01.07.2026 9.3
CVE-2026-34103 Guardian Language-System Unauthenticated SQL Injection via id Parameter in subtitles.php 01.07.2026 9.3
CVE-2026-34104 Guardian Language-System Unauthenticated SQL Injection via name Parameter in designer.php 01.07.2026 9.3
CVE-2026-34105 Guardian Language-System Unauthenticated SQL Injection via id Parameter in translate_text.php 02.07.2026 9.3
CVE-2026-34106 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in subtitles.php 01.07.2026 9.3
CVE-2026-34107 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate.php 01.07.2026 9.3
CVE-2026-58453 JAIOTlink C492A-W6 4.8.30.57701411 Hard-coded Credentials via anyka_ipc 01.07.2026 9.3
CVE-2025-23350 01.07.2026 9
CVE-2025-23351 01.07.2026 9
CVE-2026-24270 01.07.2026 9.8
CVE-2026-57517 Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter 02.07.2026 9.3
CVE-2026-58126 PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service 01.07.2026 9.3
CVE-2026-58127 PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service 01.07.2026 9.3
CVE-2026-23537 Feast: unauthenticated arbitrary file write 02.07.2026 9.1
CVE-2026-13603 SSRF with API key leak in pretix-oppwa 01.07.2026 9
CVE-2026-57692 WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability 01.07.2026 9.8
CVE-2026-14198 @fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values 01.07.2026 9.1
CVE-2026-10539 Unauthenticated command injection in Control-M/Server communication command 01.07.2026 9.5
CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset 01.07.2026 9.8
CVE-2026-6070 WP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' Parameter 01.07.2026 9.1
CVE-2026-7839 UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access 01.07.2026 9.1
CVE-2026-7840 UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE) 01.07.2026 9.3
CVE-2026-53488 containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull 03.07.2026 9.4
CVE-2026-50110 Use of Hard-coded Credentials in StoneFly Storage Concentrator 01.07.2026 9.3
CVE-2026-55721 SQL Injection in StoneFly Storage Concentrator 01.07.2026 9.2
CVE-2026-56413 OS Command Injection in StoneFly Storage Concentrator 01.07.2026 10
CVE-2026-56415 OS Command Injection in StoneFly Storage Concentrator 01.07.2026 10
CVE-2026-56264 Crawl4AI - Arbitrary JavaScript Execution via /execute_js Endpoint 01.07.2026 9.2
CVE-2026-56278 Flowise - Session Hijacking via Weak Default Express Session Secret 01.07.2026 9.3
CVE-2026-56700 Grav - Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection 01.07.2026 9.3
CVE-2026-50003 OFFIS DCMTK Toolkit Path Traversal 01.07.2026 9.3
CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter 01.07.2026 9.3
CVE-2026-10109 IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling 01.07.2026 9.8
CVE-2026-10134 Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows 01.07.2026 10
CVE-2026-10140 Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem 02.07.2026 9.6
CVE-2026-11708 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability 01.07.2026 9.3
CVE-2026-11712 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability 01.07.2026 9.3
CVE-2026-7663 Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass 01.07.2026 9.1
CVE-2026-7803 Flow Validation Bypass via Empty Component Type Field 01.07.2026 9.8
CVE-2026-7871 Insecure Deserialization in Redis Cache Backend 01.07.2026 9.8
CVE-2026-7873 Code Injection Vulnerability in Code Validation Endpoint 01.07.2026 9.9
CVE-2026-7874 Weak Cryptographic Key Derivation Exposed All Stored Credentials 02.07.2026 9.1
CVE-2026-58138 Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators 01.07.2026 9.3
CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests 02.07.2026 9.3
CVE-2026-58370 Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name 02.07.2026 9.2
CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434) 01.07.2026 10
CVE-2026-48277 ColdFusion | Improper Input Validation (CWE-20) 01.07.2026 10
CVE-2026-48281 ColdFusion | Improper Input Validation (CWE-20) 01.07.2026 10
CVE-2026-48282 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) 01.07.2026 10
CVE-2026-48283 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434) 01.07.2026 10
CVE-2026-48286 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863) 01.07.2026 10
CVE-2026-48313 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) 30.06.2026 9.3
CVE-2026-48315 ColdFusion | Improper Input Validation (CWE-20) 01.07.2026 9.3
CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path 30.06.2026 9.3
CVE-2026-6556 @fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins 30.06.2026 9.1
CVE-2026-44946 SAML Authentication Replay in Rancher 01.07.2026 9.5
CVE-2026-14162 Advantech|Hospital Quering Management - Missing Authentication 30.06.2026 9.3
CVE-2026-53690 SQL Injection in Redeight CMS 30.06.2026 9.3
CVE-2026-8402 SQLi in Exagate's SYSGUARD 6001 30.06.2026 9.8
CVE-2026-12076 SQL Injection in Raytha CMS 30.06.2026 9.3
CVE-2026-9711 EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter 30.06.2026 9.8
CVE-2026-12818 DVP-12SE Exposure of Sensitive Information Vulnerability 30.06.2026 9.3
CVE-2026-12819 DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability 30.06.2026 9.3
CVE-2026-12073 ProfileGrid - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation via Email Overwrite 30.06.2026 9.8
CVE-2026-57498 Coolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams' Servers 30.06.2026 9.6
CVE-2026-11720 Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder 29.06.2026 9.3
CVE-2026-56782 Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints 30.06.2026 9.3
CVE-2026-41052 Rancher Privilege Escalation from Project Owner to Host 30.06.2026 9.4
CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0 01.07.2026 10
CVE-2026-57331 WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerability 29.06.2026 9.9
CVE-2026-58053 Gitea act_runner - Container Hardening Bypass via Workflow Container Options 30.06.2026 9.4

Latest Updates

CVE Title Updated Score
CVE-2026-14632 kirilkirkov Ecommerce-CodeIgniter-Bootstrap Trusted Backend MY_Controller.php setReferrer redirect 04.07.2026
CVE-2026-14630 ForceInjection AI-fundermentals Memory Recall smart_customer_service.py get_conversation_history weak hash 04.07.2026
CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit) 04.07.2026 8.8
CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code() 04.07.2026 8.8
CVE-2026-14629 RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero 04.07.2026
CVE-2025-13475 Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure 04.07.2026 3.5
CVE-2026-14627 NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication 04.07.2026
CVE-2026-14628 NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal 04.07.2026
CVE-2026-12196 HestiaCP Admin Takeover 04.07.2026
CVE-2026-14626 NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service 04.07.2026
CVE-2026-53359 KVM: x86: Fix shadow paging use-after-free due to unexpected role 04.07.2026
CVE-2026-53360 KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use 04.07.2026
CVE-2026-53361 af_unix: Set gc_in_progress to true in unix_gc(). 04.07.2026
CVE-2026-53362 ipv6: account for fraggap on the paged allocation path 04.07.2026
CVE-2026-12195 04.07.2026
CVE-2026-14625 NousResearch hermes-agent server.py shell.exec protection mechanism 04.07.2026
CVE-2026-14624 omec-project amf NGSetupRequest handler.go denial of service 04.07.2026
CVE-2026-14623 omec-project amf NGAP Message RRCInactiveTransitionReport denial of service 04.07.2026
CVE-2026-14622 jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication 04.07.2026
CVE-2026-14621 FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session 04.07.2026
CVE-2026-12194 PHPIPAM Authenticated LFI 04.07.2026
CVE-2026-14619 itsourcecode Hospital Management System medicine.php sql injection 04.07.2026
CVE-2026-14618 Open5GS AMF nnrf-handler.c amf_nnrf_handle_nf_discover denial of service 04.07.2026
CVE-2025-71342 picklescan - Undetected Remote Code Execution via idlelib.run.Executive.runcode 04.07.2026
CVE-2025-71343 picklescan - Arbitrary Code Execution via lib2to3.pgen2.pgen.ParserGenerator.make_label Detection Bypass 04.07.2026
CVE-2025-71345 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_autograd_prof 04.07.2026
CVE-2025-71347 picklescan - Undetected Remote Code Execution via numpy.f2py.crackfortran.param_eval 04.07.2026
CVE-2025-71353 picklescan - Remote Code Execution via torch._dynamo.guards.GuardBuilder.get 04.07.2026
CVE-2025-71356 picklescan - Arbitrary Code Execution via torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression 04.07.2026
CVE-2025-71359 picklescan - Unsafe Deserialization via lib2to3.pgen2.grammar.Grammar.loads 04.07.2026
CVE-2025-71360 picklescan - Remote Code Execution via Undetected idlelib.calltip.get_entity 04.07.2026
CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran 04.07.2026
CVE-2025-71364 picklescan - Arbitrary Code Execution via Undetected asyncio.unix_events._UnixSubprocessTransport._start 04.07.2026
CVE-2025-71366 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile 04.07.2026
CVE-2025-71367 picklescan - Remote Code Execution via _operator.attrgetter Detection Bypass 04.07.2026
CVE-2025-71369 picklescan - Unsafe Deserialization via torch.utils.data.datapipes.utils.decoder.basichandlers 04.07.2026
CVE-2025-71372 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.getlincoef Gadget 04.07.2026
CVE-2025-71373 picklescan - Remote Code Execution via operator.methodcaller Detection Bypass 04.07.2026
CVE-2025-71375 picklescan - Undetected Remote Code Execution via _operator.methodcaller 04.07.2026
CVE-2025-71380 n8n - Arbitrary Command Execution via Execute Command Node 04.07.2026
CVE-2026-12252 Untrusted JAR Code Execution in Multiple Stanford Interface Classes in nltk/nltk 04.07.2026
CVE-2026-54424 04.07.2026 8.4
CVE-2026-14617 NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity 03.07.2026
CVE-2026-58523 Microsoft Edge for Android Security Feature Bypass Vulnerability 03.07.2026 6.5
CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD 04.07.2026 5.6
CVE-2026-14610 Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile heap-based overflow 03.07.2026
CVE-2026-14611 DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of resource 03.07.2026
CVE-2026-58418 SSRF via HTTP Redirect in Repository Migration 03.07.2026 6.5
CVE-2026-58419 Notification API leaks private issue metadata after access revocation 03.07.2026
CVE-2026-58421 Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service 03.07.2026
CVE-2026-58422 Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts 03.07.2026
CVE-2026-58423 LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories 03.07.2026 7.7
CVE-2026-58424 Permanent Fork PR Workflow Approval Gate Bypass 03.07.2026 8.9
CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write 03.07.2026 9.6
CVE-2026-12481 Deserialization of Untrusted Data in keras-team/keras 03.07.2026
CVE-2026-14609 SourceCodester CET Automated Grading System with AI Predictive Analytics session fixiation 03.07.2026
CVE-2026-20706 Gitea repository archive downloads bypass token scope checks 03.07.2026
CVE-2026-20779 Gitea TOTP single-use enforcement defect allows OTP replay 03.07.2026 7.1
CVE-2026-20896 Gitea Docker image trusts spoofable reverse-proxy headers by default 03.07.2026 9.8
CVE-2026-20909 Gitea tracked-time list endpoint has insufficient permission checks 03.07.2026
CVE-2026-22547 Gitea repository creation accepts invalid field values 03.07.2026
CVE-2026-22555 Gitea organization forks can expose organization secrets without create permission 03.07.2026 8.1
CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF 03.07.2026 9.6
CVE-2026-24451 Gitea fork synchronization can expose private parent repository data 03.07.2026
CVE-2026-24690 Gitea pull-request branch updates use insufficient permission checks 03.07.2026
CVE-2026-25038 Gitea private organization labels are visible to unauthorized users 03.07.2026
CVE-2026-25712 Gitea organization permission APIs expose private visibility information 03.07.2026
CVE-2026-25714 Gitea user organization API bypasses public-only token filtering 03.07.2026 4.3
CVE-2026-25718 Gitea template repository generation mishandles symlinked paths 03.07.2026
CVE-2026-25779 Gitea redirect handling permits open redirects through backslash paths 03.07.2026
CVE-2026-25782 Gitea tracked-time deletion can target entries from another issue 03.07.2026
CVE-2026-26231 Gitea maintainer-edit permissions allow unauthorized commits to readable repositories 03.07.2026 8.5
CVE-2026-26232 Gitea OAuth2 authorization codes lack expiry and reuse enforcement 03.07.2026
CVE-2026-26247 Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange 03.07.2026
CVE-2026-26292 Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions 03.07.2026
CVE-2026-26307 Gitea git grep search lacks a timeout 03.07.2026
CVE-2026-27657 Gitea email settings allow changing another user's primary email address 03.07.2026
CVE-2026-27660 Gitea draft releases use insufficient permission checks 03.07.2026
CVE-2026-27761 Gitea repository feeds bypass API token scope enforcement 03.07.2026 4.3
CVE-2026-27771 Gitea Composer package source links use insufficient permission checks 03.07.2026
CVE-2026-27775 Gitea pre-receive hook permission cache allows full repository write access 03.07.2026
CVE-2026-27779 Gitea forwarded-proto handling allows public URL spoofing 03.07.2026
CVE-2026-27780 Gitea pre-receive hook can miss branch-protection checks after scanner errors 03.07.2026
CVE-2026-27783 Gitea issue-template APIs bypass repository unit authorization 03.07.2026 4.3
CVE-2026-28699 Gitea Basic Auth bypasses OAuth2 access token scopes 03.07.2026 8.1
CVE-2026-28705 Gitea repository dumps write release assets using unsafe path names 03.07.2026
CVE-2026-28737 Gitea 3D file viewer allows stored XSS through glTF extensionsRequired 03.07.2026 8.7
CVE-2026-28740 Gitea LFS object reuse bypasses Code-unit authorization 03.07.2026 7.1
CVE-2026-28744 Gitea Git smart HTTP bypasses repository token scopes for bearer tokens 03.07.2026 8.1
CVE-2026-45488 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 5.4
CVE-2026-45489 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 6.5
CVE-2026-55945 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability 03.07.2026 4.2
CVE-2026-56645 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 8.8
CVE-2026-56646 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 6.5
CVE-2026-57974 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 8.8
CVE-2026-57975 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.5
CVE-2026-57977 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 7.1
CVE-2026-57981 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 8.8
CVE-2026-57983 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 03.07.2026 8.7
CVE-2026-57984 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.5
CVE-2026-57985 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.6
CVE-2026-57986 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.5
CVE-2026-57987 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 6.5
CVE-2026-57988 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.1
CVE-2026-57991 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability 03.07.2026 7.4
CVE-2026-57992 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.5
CVE-2026-57993 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 7.4
CVE-2026-58276 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.5
CVE-2026-58278 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 5.4
CVE-2026-58282 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 8.1
CVE-2026-58283 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 8.1
CVE-2026-58284 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 8.3
CVE-2026-58285 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 8.3
CVE-2026-58286 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 8.1
CVE-2026-58287 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 8.3
CVE-2026-58288 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 8.3
CVE-2026-58289 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 9
CVE-2026-58290 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.5
CVE-2026-58291 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability 03.07.2026 6.1
CVE-2026-58292 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.5
CVE-2026-58293 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 8.1
CVE-2026-58294 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 7.5
CVE-2026-58295 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 03.07.2026 8.3
CVE-2026-58296 Microsoft Edge for Android Information Disclosure Vulnerability 03.07.2026 7.1
CVE-2026-58297 Microsoft Edge for Android Information Disclosure Vulnerability 03.07.2026 7.1
CVE-2026-58298 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 7.2
CVE-2026-58299 Microsoft Edge for Android Remote Code Execution Vulnerability 03.07.2026 7.5
CVE-2026-58300 Microsoft Edge for Android Information Disclosure Vulnerability 03.07.2026 6.2
CVE-2026-58522 Microsoft Edge for Android Information Disclosure Vulnerability 03.07.2026 6.8
CVE-2026-58524 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 5.4
CVE-2026-58597 Microsoft Edge (Chromium-based) Spoofing Vulnerability 03.07.2026 4.3
CVE-2026-14608 SourceCodester CET Automated Grading System with AI Predictive Analytics POST index.php view_student authorization 03.07.2026
CVE-2026-14605 RT-Thread ls1c CAN ls1c_can.h recvmsg stack-based overflow 03.07.2026
CVE-2026-14606 RT-Thread SWM341 CAN SWM341.h CAN_Receive stack-based overflow 03.07.2026
CVE-2026-14607 RT-Thread lwp_syscall.c sys_getaddrinfo memory corruption 03.07.2026
CVE-2026-14604 Open Asset Import Library Assimp PLY Model PlyLoader.cpp ExportToBlob double free 03.07.2026
CVE-2026-58379 Gimp: gimp: heap buffer overflow in read_channel_data() 03.07.2026
CVE-2026-14631 webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header 03.07.2026 5.3