Export limit exceeded: 364126 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364126 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364126 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12879 | 1 Google | 1 Cloud Apigee | 2026-07-09 | N/A |
| An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed. | ||||
| CVE-2026-60094 | 2026-07-09 | 6.5 Medium | ||
| Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked body_len field to the agentlink_server service. Attackers can craft a malicious packet that passes an attacker-controlled length directly to recv(), triggering a heap overflow of up to approximately 4 GiB and resulting in process crash or potential memory corruption. | ||||
| CVE-2026-59876 | 2026-07-09 | 4.8 Medium | ||
| protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key __proto__ to change the prototype of the returned map object instead of creating an own map entry in protobufjs/ext/textformat. This issue is fixed in version 8.6.5. | ||||
| CVE-2026-4298 | 2 Mlfactory, Wordpress | 2 Dsgvo All In One For Wp, Wordpress | 2026-07-09 | 4.3 Medium |
| The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin options. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset all customized privacy policy content including cookie notices, Google Analytics policies, Facebook policies, and YouTube policies to their default values. | ||||
| CVE-2026-56292 | 2026-07-09 | N/A | ||
| A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. | ||||
| CVE-2026-59731 | 1 Withastro | 1 Astro | 2026-07-09 | 8.2 High |
| Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI() operation and can resolve the request to a protected route. This issue is fixed in version 6.4.8. | ||||
| CVE-2026-59821 | 1 Berriai | 1 Litellm | 2026-07-09 | N/A |
| LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to create or update guardrails to submit custom Python code that executed in the LiteLLM proxy environment and could expose secrets available to the process. This issue is fixed in version 1.82.0-stable. | ||||
| CVE-2026-55418 | 1 Labring | 1 Fastgpt | 2026-07-09 | 8.6 High |
| FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object keys are global within the bucket and carry the tenant id only as a path segment, an attacker can supply another team's key and obtain its file contents through the chat-file presign endpoint or dataset preview endpoint. This issue is fixed in version v4.15.0-beta5. | ||||
| CVE-2026-59937 | 1 Py-pdf | 1 Pypdf | 2026-07-09 | N/A |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0. | ||||
| CVE-2026-9240 | 2026-07-09 | 4.3 Medium | ||
| The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod() function (registered to the wp_ajax_lpc_order_affect AJAX action) in versions up to, and including, 2.9.0. This is due to the handler performing no current_user_can() capability check and no nonce verification before reading an attacker-supplied order_id and modifying that order's shipping method, pickup-point meta, and shipping address. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create or modify the shipment information (shipping method, pickup relay data, and shipping address) of arbitrary WooCommerce orders, including orders placed by other users. | ||||
| CVE-2026-37270 | 2026-07-09 | 9.8 Critical | ||
| Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware. | ||||
| CVE-2026-55760 | 2026-07-09 | 7.5 High | ||
| Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template names derived from URL path parameters, request parameters, or other user-controlled sources. This issue is fixed in version 4.5.2. | ||||
| CVE-2026-12433 | 2026-07-09 | 4.3 Medium | ||
| The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/{id} REST endpoint. This is due to the getBookingDetails() callback only enforcing the tfhb_manage_options capability via tfhb_manage_options_permission(), without verifying that the requested booking belongs to the currently authenticated host (the lookup in getBookingDetailsData() filters solely on the booking id supplied in the URL). This makes it possible for authenticated attackers, with Hydra Host-level access and above (a role created by the plugin which grants tfhb_manage_options), to view sensitive booking records belonging to other hosts, including attendee names, emails, phone numbers, addresses, meeting details, payment method and status, transaction history, and internal notes by iterating booking IDs. | ||||
| CVE-2026-59820 | 1 Berriai | 1 Litellm | 2026-07-09 | 8.1 High |
| LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whose allowed_routes includes /v1/skills, anthropic_routes, or llm_api_routes to upload a crafted skill archive containing path traversal entries that could be written outside the intended extraction or staging directory. This issue is fixed in version 1.83.7-stable. | ||||
| CVE-2026-5005 | 2026-07-09 | 5.4 Medium | ||
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS. This issue affects OKRs & Goals: from 28220 before 28398. | ||||
| CVE-2026-13334 | 2026-07-09 | 6.1 Medium | ||
| The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-27464 | 2026-07-09 | N/A | ||
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464 | ||||
| CVE-2026-58125 | 2026-07-09 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-34152 | 1 Coollabsio | 1 Coolify | 2026-07-09 | 8.8 High |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to inject additional shell statements that execute on the remote server during deployment. This issue is fixed in version 4.0.0-beta.471. | ||||
| CVE-2026-55077 | 1 Coder | 1 Coder | 2026-07-09 | 7.2 High |
| Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `PUT /api/v2/users/{user}/password` endpoint authorized only `ActionUpdatePersonal` and did not prevent a `user-admin` from resetting an `owner` account's password. It also did not require the current password when an admin reset another user's password. Exploitation requires the privileged `user-admin` role so practical risk is limited to deployments that grant `user-admin` to less trusted operators. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 prevents non-owner users from resetting the password of an account that holds the `owner` role. As a workaround, restrict the `user-admin` role to trusted administrators. | ||||