Export limit exceeded: 364126 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364126 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364126 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-59709 | 2 Ghostfol, Ghostfolio | 2 Ghostfolio, Ghostfolio | 2026-07-08 | 4.3 Medium |
| Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove tags on victim holdings, corrupting portfolio categorization and reports. | ||||
| CVE-2026-58468 | 1 Nocobase | 1 Nocobase | 2026-07-08 | 5.5 Medium |
| NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Attackers can target loopback addresses, RFC-1918 private ranges, and cloud instance metadata endpoints to perform internal network port enumeration, host discovery, and retrieval of IAM role credentials from the instance metadata service. v2.1.18 added a warning message for when SERVER_REQUEST_WHITELIST is not configured. | ||||
| CVE-2026-59707 | 2026-07-08 | 8.6 High | ||
| LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper validation, enabling attackers to force the server to issue HTTP GET requests to private and loopback ranges with partial response content leaked through error messages. | ||||
| CVE-2026-59261 | 1 Openclaw | 1 Openclaw | 2026-07-08 | 7.1 High |
| OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries. | ||||
| CVE-2026-59869 | 1 Nodeca | 1 Js-yaml | 2026-07-08 | 7.5 High |
| js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in versions 3.15.0 and 4.3.0. | ||||
| CVE-2026-10834 | 2026-07-08 | 4.6 Medium | ||
| The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This removes the targeted media from its original location and can break content across the site. | ||||
| CVE-2026-10698 | 1 Progress | 1 Moveit Transfer | 2026-07-08 | 7.2 High |
| Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1. | ||||
| CVE-2026-11903 | 1 Progress | 1 Moveit Transfer | 2026-07-08 | 8 High |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfer (Ad Hoc module). This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8. | ||||
| CVE-2026-59887 | 2026-07-08 | 7.5 High | ||
| linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test() and .match() can be invoked at every mailto: occurrence and scan the remaining input through src_email_name in lib/re.mjs, causing O(n^2) CPU consumption on crafted user text. This issue is fixed in version 5.0.2. | ||||
| CVE-2026-15063 | 1 Redhat | 1 Openshift Ai | 2026-07-08 | 6.3 Medium |
| A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the kube-rbac-proxy and its authentication mechanisms. This could lead to unauthorized access to the orchestrator and detector metrics. | ||||
| CVE-2026-9074 | 1 Ibm | 1 Api Connect | 2026-07-08 | 9.1 Critical |
| IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality. | ||||
| CVE-2026-14739 | 1 Hmbrand | 1 Dbi | 2026-07-08 | 9.8 Critical |
| DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders. | ||||
| CVE-2026-14740 | 1 Hmbrand | 1 Dbi | 2026-07-08 | 9.1 Critical |
| DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds. | ||||
| CVE-2026-56086 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-08 | 8.8 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. | ||||
| CVE-2026-56000 | 2026-07-08 | 6.5 Medium | ||
| Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory. | ||||
| CVE-2026-57239 | 2026-07-08 | 8.2 High | ||
| The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM. | ||||
| CVE-2026-55999 | 1 X.org | 2 Xorg-server, Xwayland | 2026-07-08 | 8.5 High |
| Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks. | ||||
| CVE-2026-56001 | 2026-07-08 | 8.5 High | ||
| A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont | ||||
| CVE-2026-44918 | 2026-07-08 | 8.7 High | ||
| A flaw was found in OpenStack Ironic. An authenticated project manager can change the node associated with Volume Connectors or Volume Target objects, potentially changing the project permitted to access the object. Volume Connectors contain secrets in environments configuring boot from volume with iSCSI volumes. Additionally, a project manager with the ability to create nodes can use the UUID of a node not owned by their project as a parent node when creating a new node. This mismatched child node can then be used to impact operations on the parent, such as forcing it to power on. | ||||
| CVE-2026-15044 | 1 Redhat | 1 Openshift Ai | 2026-07-08 | 6.3 Medium |
| A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models. | ||||