Export limit exceeded: 26233 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26233 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14382 1 Google 1 Chrome 2026-07-07 9.6 Critical
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14414 1 Google 1 Chrome 2026-07-07 5.3 Medium
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-53647 1 Fossbilling 1 Fossbilling 2026-07-07 N/A
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters (`custom_*` fields) stored in the key's database record. These custom fields are populated by billing administrators and can contain business-sensitive data such as pricing tiers, feature flags, rate limits, expiry overrides, or access scope data. Version 0.8.0 patches the issue. Some workarounds are available. Administrators can avoid storing sensitive data in `custom_*` API key configuration fields, monitor API logs for suspicious calls to `/api/guest/serviceapikey/get_info`, and/or disable the Serviceapikey module if not in active use.
CVE-2026-11781 2026-07-07 2.7 Low
The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role (Contributor) to disclose non-public content that WordPress would not otherwise expose to them, such as other authors' unpublished post titles, pending comment content, the site's Adminify WordPress plugin before 4.2.10 inventory, and user account names.
CVE-2026-53643 1 Fossbilling 1 Fossbilling 2026-07-07 N/A
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the `can_always_access` module flag (which grants all staff access to certain modules) and insufficient permission checks or unsafe parameter handling on individual endpoints. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive settings and/or use a reverse proxy or WAF to restrict access to the affected endpoints to trusted IP addresses or higher-privilege roles.
CVE-2026-53640 1 Fossbilling 1 Fossbilling 2026-07-07 N/A
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding read endpoints have no authorization guards. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive data and/or use a reverse proxy or WAF to restrict access to the affected endpoints.
CVE-2026-12408 2 Rilwis, Wordpress 2 Slim Seo – A Fast & Automated Seo Plugin For Wordpress, Wordpress 2026-07-06 4.3 Medium
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint's `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view — including private posts, drafts, pending, future, and password-protected content authored by other users — with the substance of the protected content disclosed via the HTTP response.
CVE-2026-53906 1 Mycomplianceoffice 1 Mco 2026-07-06 N/A
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
CVE-2026-53908 1 Mycomplianceoffice 1 Mco 2026-07-06 N/A
MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid users during username reminder and password reset operations. An attacker can leverage these differences to enumerate valid usernames and email addresses. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
CVE-2026-13706 1 Wikimedia 1 Urlshortener 2026-07-06 N/A
Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php.
CVE-2026-58033 1 Wikimedia 1 Mediawiki 2026-07-06 N/A
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
CVE-2026-58026 1 Wikimedia 1 Mediawiki 2026-07-06 N/A
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
CVE-2026-13211 1 Genua 1 Genucenter 2026-07-06 4.3 Medium
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
CVE-2025-69132 2 Wordpress, Zozothemes 2 Wordpress, Corpkit 2026-07-06 6.5 Medium
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
CVE-2026-13341 1 Konghq 1 Mcp-konnect 2026-07-06 7.4 High
A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.
CVE-2026-22547 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 N/A
Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values.
CVE-2026-24451 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 N/A
Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.
CVE-2026-25038 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 N/A
Gitea 1.26.2 allows unauthorized users to access labels of private organizations.
CVE-2026-58419 1 Gitea 1 Gitea Open Source Git Server 2026-07-06 7.5 High
Notification API leaks private issue metadata after access revocation
CVE-2026-46584 1 Apache 1 Camel Mail 2026-07-06 3.7 Low
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer (MailProducer.getSender) scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present, built a per-message JavaMail sender with those values applied as JavaMail session properties, overriding the endpoint configuration. This namespace is Camel-internal - only MailProducer interprets it - and was not blocked by any HeaderFilterStrategy, so the values could originate from any inbound protocol (for example platform-http query parameters or request headers, or JMS / Kafka messages from untrusted producers) that feeds a route ending in an smtp / smtps producer without an intervening removeHeaders. The maximal impact is version-dependent: on releases before 4.19.0, setting mail.smtp.host redirects the SMTP connection to a server under the attacker's control, and because the producer then authenticates with the endpoint's configured username and password those credentials are transmitted to the attacker; on 4.19.0 and later the producer connects to the endpoint's configured host explicitly, so the reachable impact is limited to weakening transport security (for example mail.smtp.ssl.trust, mail.smtp.starttls.enable or mail.smtp.socks.host) and interception of the outgoing message rather than host redirect. Exploitation requires a route that channels untrusted input into the mail producer without stripping the namespace. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, the per-message override is disabled by default; enable it only on trusted endpoints with useJavaMailSessionPropertiesFromHeaders=true. For deployments that cannot upgrade immediately, strip the namespace before the mail producer with removeHeaders('mail.smtp.*') and removeHeaders('mail.smtps.*') between any untrusted ingress and the smtp / smtps producer. Even with the opt-in enabled, route authors should still strip the namespace on any path that carries untrusted input.