Export limit exceeded: 85108 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85108 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47193 | 1 Opf | 1 Openproject | 2026-06-26 | 7.5 High |
| OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1. | ||||
| CVE-2026-47214 | 1 Docling-project | 1 Docling | 2026-06-26 | 7.1 High |
| Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0. | ||||
| CVE-2026-55677 | 1 Labstack | 1 Echo | 2026-06-26 | 7.5 High |
| Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path (preserving %2F as-is), while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an attacker to bypass route-level access controls and read static files without authorization. This vulnerability is fixed in 4.15.3 and 5.2.0. | ||||
| CVE-2026-55441 | 1 Jdx | 1 Mise | 2026-06-26 | 8.6 High |
| mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (mise-tasks/, .mise/tasks/, …) but no config file, mise falls back to the default includes and renders each task's tera fields — and that tera environment has exec() registered. A {{ exec(command='…') }} in any rendered field runs arbitrary commands the moment the tasks are merely listed. There's no config file to gate on, so no trust prompt ever appears. Read-only commands trigger it: mise tasks, mise task ls, mise run, mise tasks --usage (the query shell completion runs on Tab). The victim only has to cd into a cloned repo and list or tab-complete a task. This vulnerability is fixed in 2026.6.4. | ||||
| CVE-2026-57518 | 1 Pagekit | 1 Pagekit | 2026-06-26 | 8.8 High |
| Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction(). Attackers can assign themselves a custom role with the 'system: manage packages' permission and then upload and install a malicious PHP package through the admin package installer to achieve remote code execution. | ||||
| CVE-2026-56663 | 1 Significant-gravitas | 1 Autogpt | 2026-06-26 | 8.5 High |
| AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. _is_ip_blocked() in backend/backend/util/request.py does not normalize IPv4-mapped IPv6 addresses before checking resolved IPs against the blocked IPv4 ranges, and does not block special-use ranges such as 100.64.0.0/10 (CGNAT, RFC 6598). A hostname that resolves to an IPv4-mapped IPv6 address therefore passes validation and the request reaches the embedded internal IPv4 endpoint. This affects all AutoGPT Platform deployments. This vulnerability is fixed in 0.6.52. | ||||
| CVE-2026-54341 | 1 Dragonflydb | 1 Dragonfly | 2026-06-26 | 7.5 High |
| Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command — a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0. | ||||
| CVE-2026-48044 | 1 Envoyproxy | 1 Envoy | 2026-06-26 | 7.5 High |
| Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation (ZstdDecompressorImpl). When zstd decompression is enabled, processing a specially crafted, highly compressed zstd payload can lead to massive memory allocation. An attacker can exploit this to cause severe memory exhaustion, potentially resulting in an Out-Of-Memory (OOM) kill and Denial of Service (DoS) for the Envoy proxy. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1. | ||||
| CVE-2026-52784 | 1 Opf | 1 Openproject | 2026-06-26 | 8.8 High |
| OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This vulnerability is fixed in 17.3.3 and 17.4.1. | ||||
| CVE-2026-57643 | 2 Afthemes, Wordpress | 2 Wp Post Author, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in WP Post Author <= 3.9.1 versions. | ||||
| CVE-2026-57653 | 2 Wordpress, Wpjobportal | 2 Wordpress, Wp Job Portal | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in WP Job Portal <= 2.5.2 versions. | ||||
| CVE-2026-56031 | 2 Uncannyowl, Wordpress | 2 Uncanny Automator, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions. | ||||
| CVE-2026-56064 | 2 Themefic, Wordpress | 2 Tourfic, Wordpress | 2026-06-26 | 8.5 High |
| Subscriber SQL Injection in Tourfic <= 2.22.5 versions. | ||||
| CVE-2026-57631 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-06-26 | 7.6 High |
| Administrator SQL Injection in Popup box <= 6.0.1 versions. | ||||
| CVE-2026-57322 | 2 Wedevs, Wordpress | 2 Wemail, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions. | ||||
| CVE-2026-57636 | 2 Tomdever, Wordpress | 2 Wpforo Forum, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. | ||||
| CVE-2026-57662 | 2 Wasiliy Strecker, Wordpress | 2 Contest Gallery, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | ||||
| CVE-2026-30041 | 1 Faststone | 1 Image Viewer | 2026-06-26 | 7.5 High |
| An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file. | ||||
| CVE-2026-56010 | 2 Tychesoftwares, Wordpress | 2 Abandoned Cart Pro For Woocommerce, Wordpress | 2026-06-26 | 8.8 High |
| Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions. | ||||
| CVE-2026-56043 | 2 Cusrev, Wordpress | 2 Customer Reviews For Woocommerce, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions. | ||||