Export limit exceeded: 11570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11570 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-55428 | 1 Coder | 1 Coder | 2026-07-08 | 8.2 High |
| Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinator forwards agent-supplied `AllowedIPs` verbatim to tunnel peers which install them into the WireGuard peer configuration. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 validates each `AllowedIPs` prefix against the authenticating agent's UUID just like `Addresses`. As a workaround, monitor coordinator logs for agents advertising unexpected `AllowedIPs` prefixes. | ||||
| CVE-2024-23669 | 1 Fortinet | 2 Fortiweb Manager, Fortiwebmanager | 2026-07-08 | 6.4 Medium |
| An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. | ||||
| CVE-2026-54698 | 1 Hasura | 1 Graphql Engine | 2026-07-08 | N/A |
| Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field (returning SETOF some_table) to infer row values that ought to be filtered for their role based on some_table's row-level permissions. While such rows cannot be returned directly, like predicates on strings for instance allow values to be brute forced efficiently with the where clause as an oracle. This issue is fixed in versions 2.49.2 and 2.45.5. | ||||
| CVE-2026-59704 | 1 Capnproto | 1 Capnproto | 2026-07-08 | 7.1 High |
| Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent. | ||||
| CVE-2026-55433 | 1 Coder | 1 Coder | 2026-07-08 | 5.4 Medium |
| Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only `ActionRead` on the workspace and, unlike the sibling delete endpoint, performed no `ActionUpdate` check before triggering the destructive rebuild. Exploitation requires an existing low-privilege role with access to the target workspace. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 adds an explicit `ActionUpdate` authorization check before the agent is dialed like the delete endpoint. No known workarounds are available. | ||||
| CVE-2026-55432 | 1 Coder | 1 Coder | 2026-07-08 | 5.4 Medium |
| Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum. Exploitation requires the ability to register sub-agent apps in a workspace the attacker controls. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2clamps the sub-agent app sharing level to the template's `MaxPortSharingLevel`. As a workaround, disable wildcard app hostnames (`CODER_WILDCARD_ACCESS_URL`) to block subdomain-based app routing. | ||||
| CVE-2026-5356 | 2026-07-08 | 7.5 High | ||
| The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it possible for unauthenticated attackers to pay an arbitrary amount by supplying a previously succeeded PaymentIntent token. | ||||
| CVE-2026-57299 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-07-08 | 4.3 Medium |
| Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata. | ||||
| CVE-2026-41049 | 1 Presire | 1 Qsnapper | 2026-07-08 | N/A |
| Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them. | ||||
| CVE-2026-8458 | 1 Curl | 1 Curl | 2026-07-08 | 6.5 Medium |
| libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different services. | ||||
| CVE-2026-50007 | 1 Actualbudget | 1 Actual | 2026-07-07 | N/A |
| Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with user_access on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users, including /delete-user-file, /reset-user-file, and /user-create-key, because requireFileAccess treats ordinary shared access as sufficient for file-management operations that should be restricted to the file owner or an administrator. This issue is fixed in version 26.7.0. | ||||
| CVE-2026-57297 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-07-07 | 5.4 Medium |
| A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key. | ||||
| CVE-2026-25038 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | 7.5 High |
| Gitea 1.26.2 allows unauthorized users to access labels of private organizations. | ||||
| CVE-2026-25714 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | 4.3 Medium |
| Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941. | ||||
| CVE-2026-26231 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | 8.5 High |
| Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write. | ||||
| CVE-2026-27761 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | 4.3 Medium |
| Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope. | ||||
| CVE-2026-27771 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | N/A |
| Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information. | ||||
| CVE-2026-28740 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-07 | 7.1 High |
| Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access. | ||||
| CVE-2026-12352 | 2026-07-07 | 5.9 Medium | ||
| This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device. | ||||
| CVE-2026-34047 | 1 Coollabsio | 1 Coolify | 2026-07-07 | 9.9 Critical |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources outside the authorized scope and potentially execute commands. This issue is fixed in version 4.0.0-beta.471. | ||||