Export limit exceeded: 365085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365085 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4878 | 2 Libcap Project, Redhat | 18 Libcap, Ai Inference Server, Cost Management and 15 more | 2026-07-13 | 6.7 Medium |
| A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. | ||||
| CVE-2021-46416 | 1 Sma | 2 Sunny Tripower, Sunny Tripower Firmware | 2026-07-13 | 5.4 Medium |
| Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling. | ||||
| CVE-2026-15496 | 1 Soniccloudorg | 1 Sonic-agent | 2026-07-13 | 6.3 Medium |
| A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-55377 | 1 Logto-io | 1 Logto | 2026-07-13 | 8.1 High |
| Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new passkey could be created and verified with only an existing Account API bearer token, then sent in the logto-verification-id header and treated as identityVerified=true by Account Center routes, allowing MFA factor management without proving possession of an existing password, identifier, or MFA factor. This issue is fixed in version 1.41.0. | ||||
| CVE-2026-55229 | 1 Gotenberg | 1 Gotenberg | 2026-07-13 | 7.5 High |
| Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTP(S) resources and local file resources during document conversion, enabling blind SSRF and limited local file disclosure via linked image resource loading. This issue is fixed in version 8.34.0. | ||||
| CVE-2026-55879 | 1 Openreplay | 1 Openreplay | 2026-07-13 | 9.3 Critical |
| OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encoding, and later renders them in the authenticated dashboard through TextEllipsis and the event-details modal, allowing an unauthenticated attacker to store script that executes in the dashboard origin, reads the session JWT from localStorage, and takes over a dashboard account. This issue is fixed in version 1.25.0. | ||||
| CVE-2026-58499 | 1 Evermind-ai | 1 Everos | 2026-07-13 | 8.2 High |
| EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validated as a path-safe identifier, unlike app_id and project_id. During user-memory extraction, sender_id is used as owner_id and joined into the filesystem path where the extracted episode is persisted as a Markdown file, so a sender_id containing ../ sequences could direct writes outside the configured memory root and allow an unauthenticated caller to create or overwrite .md files at locations writable by the server process with partially attacker-influenced content. This issue is fixed in version 1.0.1. | ||||
| CVE-2026-49394 | 1 Frappe | 1 Frappe | 2026-07-13 | N/A |
| Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the update_page endpoint in Workspace because public workspaces did not receive the required Workspace Manager edit check. This issue is fixed in version 16.19.0. | ||||
| CVE-2026-49213 | 1 Baptistearno | 1 Typebot.io | 2026-07-13 | 8.1 High |
| TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. A workspace editor or creator can configure a server-side HTTP Request block or guarded script fetch to make the Typebot server connect to local HTTP services through safeKy, including flows triggered by POST /v1/typebots/{publicId}/startChat or POST /v1/sessions/{sessionId}/continueChat. This issue is fixed in version 3.17.2. | ||||
| CVE-2026-55476 | 1 Grokability | 1 Snipe-it | 2026-07-13 | N/A |
| Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?} accepts cancel_by_admin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that user’s pending asset requests. This issue is fixed in version 8.6.0. | ||||
| CVE-2026-55884 | 1 Tilt-dev | 1 Tilt | 2026-07-13 | N/A |
| Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined resources, tamper with Tiltfile arguments, read full engine state including the session token, and invoke apiserver resources through the token-attaching /proxy handler. This issue is fixed in version 0.37.4. | ||||
| CVE-2026-13873 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Out of bounds read in Layout in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13876 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. (Chromium security severity: Medium) | ||||
| CVE-2026-13882 | 1 Google | 1 Chrome | 2026-07-13 | 9.6 Critical |
| Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13889 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13900 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Inappropriate implementation in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13902 | 1 Google | 1 Chrome | 2026-07-13 | 4.3 Medium |
| Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13907 | 1 Google | 1 Chrome | 2026-07-13 | 4.2 Medium |
| Inappropriate implementation in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13909 | 1 Google | 1 Chrome | 2026-07-13 | 9.6 Critical |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13911 | 1 Google | 1 Chrome | 2026-07-13 | 5.3 Medium |
| Insufficient policy enforcement in Spellcheck in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||