Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Common Vulnerability Scoring System17489
0
10
CVE-2026-16229
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 09:45
Updated-19 Jul, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Courier Management System index.php cross site scripting

A flaw has been found in itsourcecode Courier Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Executing a manipulation of the argument page can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-ITSourceCode
Product-Courier Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-16220
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 06:15
Updated-19 Jul, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Examination System account.php cross site scripting

A vulnerability has been found in code-projects Online Examination System 1.0. This vulnerability affects unknown code of the file /account.php?q=quiz. Such manipulation of the argument eid/n/t leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Examination System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-16216
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 05:00
Updated-19 Jul, 2026 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
geex-arts django-jet OAuth cross-site request forgery

A weakness has been identified in geex-arts django-jet up to 1.0.8. Affected is an unknown function of the component OAuth Handler. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-geex-arts
Product-django-jet
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2026-16208
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-Not Assigned
Published-19 Jul, 2026 | 02:45
Updated-19 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
django-tastypie throttle.py CacheDBThrottle race condition

A flaw has been found in django-tastypie up to 0.15.1. The affected element is the function CacheThrottle/CacheDBThrottle of the file tastypie/throttle.py. This manipulation causes race condition. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-n/a
Product-django-tastypie
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-16201
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 00:45
Updated-19 Jul, 2026 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zevorn rt-claw http_request net.c claw_net_post information disclosure

A vulnerability was found in zevorn rt-claw up to 0.2.0. Affected is the function claw_net_get/claw_net_post of the file claw/services/tools/net.c of the component http_request. The manipulation results in information disclosure. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-zevorn
Product-rt-claw
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2026-16133
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-Not Assigned
Published-18 Jul, 2026 | 19:00
Updated-18 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiuMengxuan04 MiniCode mcp.ts child_process.spawn command injection

A flaw has been found in LiuMengxuan04 MiniCode 0.1.0. Affected by this vulnerability is the function child_process.spawn of the file mcp.ts. Executing a manipulation can lead to command injection. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

Action-Not Available
Vendor-LiuMengxuan04
Product-MiniCode
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-16083
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.43% / 34.88%
||
7 Day CHG~0.00%
Published-18 Jul, 2026 | 08:30
Updated-18 Jul, 2026 | 09:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sipeed PicoClaw LINE Webhook line.go webhook.ParseRequest authentication replay

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically with the label "not planned" by a bot.

Action-Not Available
Vendor-Sipeed
Product-PicoClaw
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2026-16081
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 6.17%
||
7 Day CHG~0.00%
Published-18 Jul, 2026 | 07:45
Updated-18 Jul, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sipeed PicoClaw auth.go cross-site request forgery

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 4b0229351678f479429b8d8b19207757266f246b. Applying a patch is advised to resolve this issue.

Action-Not Available
Vendor-Sipeed
Product-PicoClaw
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2026-16013
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.71% / 49.40%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 11:45
Updated-17 Jul, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
liftoff-sr CIPster cipepath.cc deserialize_symbolic out-of-bounds

A vulnerability has been found in liftoff-sr CIPster up to 632336d414ef708a542377c1aa8d6fdb7c70a760. Affected by this issue is the function CipAppPath::deserialize_symbolic of the file source/src/cip/cipepath.cc. Such manipulation leads to out-of-bounds read. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The name of the patch is 886a4d090e1c5b0475f0b1c2fe0606a8f0d6a519. A patch should be applied to remediate this issue.

Action-Not Available
Vendor-liftoff-sr
Product-CIPster
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-62216
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.22% / 12.73%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 00:06
Updated-17 Jul, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.4.20 < 2026.5.28 Policy Bypass via Media Upload

OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or configured input path could cause the media upload to reach network destinations that should have been blocked by OpenClaw policy (server-side request forgery). The practical impact depends on the operator's configuration and whether lower-trust input can reach that path.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-62211
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-4.1||MEDIUM
EPSS-0.12% / 1.97%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 00:06
Updated-17 Jul, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.6.1 Credential Redaction Bypass via Trajectory Export

OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose sensitive credentials and data through the export mechanism.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-12391
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-5||MEDIUM
EPSS-0.15% / 5.10%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 12:17
Updated-16 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ubuntu-pro-client Local Privilege Escalation and Information Disclosure via Symlink Arbitrary File Read in collect-logs

An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic information without verifying the file type or ownership. An unprivileged local attacker can exploit this behavior by creating a symbolic link (symlink) at a predictable destination path pointing to an arbitrary, root-readable file (such as /etc/shadow or private files within /root). When a root administrator or operator subsequently executes the pro collect-logs command, the tool follows the user-controlled symlink, reads the target file, and compresses its contents into the resulting diagnostic support archive. Because the output archive remains readable by the unprivileged user, the attacker can extract and read the sensitive root-owned files, leading to a complete information disclosure of system secrets.

Action-Not Available
Vendor-Canonical Ltd.
Product-Ubuntu 18.04 LTSUbuntu 16.04 LTSUbuntu 22.04 LTSUbuntu 24.04 LTSUbuntu 20.04 LTSUbuntu 26.04 LTSubuntu-pro-client (ubuntu-advantage-tools)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-59732
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.16% / 5.62%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:36
Updated-17 Jul, 2026 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rclone archive extract allows S3 destination prefix escape via crafted archive paths

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as ../, allowing creation or overwrite of sibling objects in the same bucket or path scope. This issue is fixed in version 1.74.4.

Action-Not Available
Vendor-rclonerclone
Product-rclonerclone
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-15715
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 28.20%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:45
Updated-14 Jul, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Class and Exam Timetabling System exam.php cross site scripting

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodester
Product-Class and Exam Timetabling System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-59839
Assigner-Fortinet, Inc.
ShareView Details
Assigner-Fortinet, Inc.
CVSS Score-5||MEDIUM
EPSS-0.21% / 10.98%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 15:19
Updated-15 Jul, 2026 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortipamfortiosfortiproxyFortiPAMFortiOSFortiProxy
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-15622
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.35% / 27.54%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 01:15
Updated-14 Jul, 2026 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user_id can lead to authorization bypass. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. Upgrading the affected component is recommended.

Action-Not Available
Vendor-poco-ai
Product-poco-claw
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-15596
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 26.96%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Class and Exam Timetabling System subject.php cross site scripting

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodester
Product-Class and Exam Timetabling System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-15595
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 19.83%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 20:30
Updated-14 Jul, 2026 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Class and Exam Timetabling System forsubject.php cross site scripting

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /forsubject.php. This manipulation of the argument subject causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-SourceCodester
Product-Class and Exam Timetabling System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-12081
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5||MEDIUM
EPSS-0.14% / 3.68%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 06:00
Updated-13 Jul, 2026 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Database for Contact Form 7, WPforms, Elementor forms < 1.5.2 - Unauthenticated PHP Object Injection via Entry File Field

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator views the stored entry. This is an incomplete fix of CVE-2025-7384 and CVE-2026-2599, whose deserialization paths were hardened while the entry-editor file-field path was missed.

Action-Not Available
Vendor-Unknown
Product-Database for Contact Form 7, WPforms, Elementor forms
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-15530
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.17%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 04:00
Updated-13 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WuzhiCMS Attachment API index.php listimage information disclosure

A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-n/a
Product-WuzhiCMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2026-15519
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.24% / 14.84%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 01:00
Updated-13 Jul, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
usestrix PyPI system_prompt.jinja inclusion of functionality from untrusted control sphere

A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file system_prompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-usestrix
Product-strix
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-10664
Assigner-Zephyr Project
ShareView Details
Assigner-Zephyr Project
CVSS Score-5||MEDIUM
EPSS-0.15% / 4.46%
||
7 Day CHG~0.00%
Published-12 Jul, 2026 | 16:16
Updated-16 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)

The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src/wifi_mgmt.c copied TWT (Target Wake Time) flow entries from an nrf_wifi_umac_event_power_save_info event into the fixed-size twt_flows[WIFI_MAX_TWT_FLOWS] (8-element) array of a caller-supplied struct wifi_ps_config, looping over event-provided num_twt_flows without validating it against WIFI_MAX_TWT_FLOWS or checking event_len. When num_twt_flows exceeds 8, the handler writes past the destination array (which is typically on the caller's stack, e.g. the wifi ps shell command) -- an out-of-bounds write of ~40-byte TWT entries -- and reads twt_flow_info[i] past the event buffer. The event is delivered by the nRF70 co-processor firmware in response to a host-initiated power-save GET, so reaching the overflow requires the firmware to emit a malformed or out-of-range event; the trust boundary is host-to-trusted-coprocessor rather than a direct remote-AP write, with over-the-air influence on the flow count being indirect and bounded by the 3-bit TWT flow-id space. Affected: builds with CONFIG_NRF70_STA_MODE on releases through v4.4.0. The fix rejects events with num_twt_flows > WIFI_MAX_TWT_FLOWS or with event_len shorter than the claimed entries, and adds a NULL check on the caller buffer.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-15492
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 34.30%
||
7 Day CHG~0.00%
Published-12 Jul, 2026 | 10:00
Updated-13 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
igweze wizgrade studentConductManager.php cross site scripting

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-igweze
Product-wizgrade
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-57221
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 19.08%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 20:24
Updated-13 Jul, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RabbitMQ: Passive queue/exchange declaration bypasses authorization checks, leaking queue metadata to unprivileged users

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and exchange names and read queue message and consumer counts. This issue is fixed in versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6.

Action-Not Available
Vendor-rabbitmqBroadcom Inc.
Product-rabbitmq_serverrabbitmq-server
CWE ID-CWE-862
Missing Authorization
CVE-2026-55515
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.26% / 17.03%
||
7 Day CHG+0.01%
Published-10 Jul, 2026 | 19:36
Updated-14 Jul, 2026 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Snipe-IT: Cross-company deletion of pending checkout acceptances via unscoped report endpoint

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending()->find($acceptanceId) by global ID without checking access to the related checkoutable asset, allowing a reports user in one company to delete pending checkout acceptance records for another company. This issue is fixed in version 8.6.2.

Action-Not Available
Vendor-snipeitappgrokability
Product-snipe-itsnipe-it
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-15202
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.89%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 17:30
Updated-09 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YzmCMS Header yzmphp.php get_url cross site scripting

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function get_url of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTP_HOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/a
Product-YzmCMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-59213
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.27% / 19.27%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 16:55
Updated-10 Jul, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: Cross-user model-list exposure via static cache key in get_all_models (aiocache key= vs key_builder= misuse)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, get_all_models handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of key_builder, causing permission-filtered per-user model lists to share a static cache entry and exposing one user’s model list to another caller during the TTL window. This issue is fixed in version 0.10.0.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CVE-2026-57439
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.09% / 0.76%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 14:58
Updated-10 Jul, 2026 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberChef: Prototype pollution in Series Chart operation

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts __proto__ as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript into HTML output. This issue is fixed in version 11.2.0.

Action-Not Available
Vendor-gchq
Product-CyberChef
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-59253
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 6.12%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 13:49
Updated-08 Jul, 2026 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
n8n - Improper Authorization in Workflow Assignment to Folders

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical integrity violations in target project folder structures.

Action-Not Available
Vendor-n8nn8n
Product-n8nn8n
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-15034
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 12.73%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 13:30
Updated-08 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
flask-dashboard Flask-MonitoringDashboard cross-site request forgery

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-flask-dashboard
Product-Flask-MonitoringDashboard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2026-48956
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-6.4||MEDIUM
EPSS-0.17% / 6.34%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 17:31
Updated-09 Jul, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla! Core - [20260710] - Incorrect Access Control in com_modules

An improper access check allows users to display a list of modules in the frontend.

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla! CMS
CWE ID-CWE-284
Improper Access Control
CVE-2024-56141
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.11% / 1.58%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 23:17
Updated-08 Jul, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Minosoft has IV equal to key

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager  encryption routine ( CryptManager.kt ) initializes its AES cipher using an initialization vector (IV) that is set equal to the secret key rather than to a sufficiently random value. Because the IV is not random and is derived directly from the key, the encryption is vulnerable to chosen-ciphertext/chosen-plaintext attacks: an attacker who can submit specific messages for encryption can recover the secret key. This affects all versions supporting Minecraft protocol 1.7 and later. No patched version is available, and no known workarounds are available.

Action-Not Available
Vendor-Bixilon
Product-Minosoft
CWE ID-CWE-329
Generation of Predictable IV with CBC Mode
CVE-2026-34167
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.20% / 9.91%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 21:28
Updated-08 Jul, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify: Cross-tenant activity log disclosure via unlocked Livewire property in ActivityMonitor

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's #[Locked] attribute. It loads activities via Activity::find($this->activityId) with no authorization or team scoping. Activity IDs are auto-incrementing integers. Any authenticated user can enumerate activity records across all teams and read the full command output from remote SSH processes, which may include secrets, configuration files, and infrastructure details. This issue is fixed in version 4.0.0-beta.471.

Action-Not Available
Vendor-coollabsio
Product-coolify
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-59152
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.17% / 7.03%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 14:26
Updated-07 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary server-side file read in LangSmith SDK TracingMiddleware

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access (for example a low-privilege workspace member, a contractor, or a compromised teammate account) gains the ability to read files from any server running TracingMiddleware, a capability outside that workspace's intended trust boundary. This vulnerability is fixed in 0.8.18.

Action-Not Available
Vendor-langchain-ai
Product-langsmith-sdk
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-44936
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-5||MEDIUM
EPSS-0.39% / 30.92%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 09:30
Updated-09 Jul, 2026 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.

Action-Not Available
Vendor-SUSE
Product-rancher_fleetRancher
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-14800
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 5.42%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 06:00
Updated-06 Jul, 2026 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
imhamzaazam ecommerceFlask cross-site request forgery

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-imhamzaazam
Product-ecommerceFlask
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2026-14704
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 20.17%
||
7 Day CHG~0.00%
Published-05 Jul, 2026 | 04:30
Updated-06 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
stephen-kruger bluebox cross site scripting

A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report.

Action-Not Available
Vendor-stephen-kruger
Product-bluebox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-14687
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.33% / 25.35%
||
7 Day CHG~0.00%
Published-05 Jul, 2026 | 00:30
Updated-06 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
666ghj BettaFish InsightEngine search-result Deduplication agent.py _deduplicate_results partial string comparison

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Action-Not Available
Vendor-666ghj
Product-BettaFish
CWE ID-CWE-187
Partial String Comparison
CWE ID-CWE-697
Incorrect Comparison
CVE-2026-14656
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.44% / 35.86%
||
7 Day CHG~0.00%
Published-04 Jul, 2026 | 21:30
Updated-06 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Assessment Management remove-user.php cross site scripting

A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Assessment Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-14634
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 20.72%
||
7 Day CHG~0.00%
Published-04 Jul, 2026 | 16:15
Updated-06 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kirilkirkov Ecommerce-CodeIgniter-Bootstrap Subscribed Emails Admin MY_Controller.php checkForPostRequests cross site scripting

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MY_Controller.php of the component Subscribed Emails Admin Page. Such manipulation of the argument User-Agent leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is 23105f25dadf57b4314fc015a63a7c6e910c89df. It is advisable to implement a patch to correct this issue.

Action-Not Available
Vendor-kirilkirkov
Product-Ecommerce-CodeIgniter-Bootstrap
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-14633
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 20.72%
||
7 Day CHG~0.00%
Published-04 Jul, 2026 | 15:45
Updated-07 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kirilkirkov Ecommerce-CodeIgniter-Bootstrap Hidden REST API Endpoint set cross site scripting

A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. Patch name: d9785f995da77bdc62fb2d34bad5f7a162c9ad23. To fix this issue, it is recommended to deploy a patch.

Action-Not Available
Vendor-kirilkirkov
Product-Ecommerce-CodeIgniter-Bootstrap
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-14632
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 19.19%
||
7 Day CHG~0.00%
Published-04 Jul, 2026 | 15:15
Updated-06 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kirilkirkov Ecommerce-CodeIgniter-Bootstrap Trusted Backend MY_Controller.php setReferrer redirect

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MY_Controller.php of the component Trusted Backend Interface. The manipulation of the argument href results in open redirect. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The patch is identified as 213babdbaa949e94557246414db0130e01394517. A patch should be applied to remediate this issue.

Action-Not Available
Vendor-kirilkirkov
Product-Ecommerce-CodeIgniter-Bootstrap
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-14628
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.55% / 42.40%
||
7 Day CHG~0.00%
Published-04 Jul, 2026 | 13:00
Updated-06 Jul, 2026 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NousResearch
Product-hermes-agent
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-59100
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.18% / 7.78%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 19:43
Updated-14 Jul, 2026 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent Operations

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and removeAgentsFromGroup operations without user-scoped predicates to read agent listings, modify agent roles and ordering, and remove agents from chat groups belonging to other users.

Action-Not Available
Vendor-lobehub
Product-lobehub
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-14340
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Assigner-GitHub, Inc. (Products Only)
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 11.94%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 21:03
Updated-06 Jul, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An incorrect authorization vulnerability in GitHub Enterprise Server allows issue creation in unrelated public repositories

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization check only verified that the installation had read permissions on the target repository rather than verifying that the token's installation was explicitly granted access to that repository. An attacker who obtained a victim's user-to-server token could create issues, issue comments, commit comments, and private vulnerability reports on any public repository, appearing as the victim user with no indication of the app involvement. This vulnerability was fixed by adding a repository scope check for user-to-server tokens issued by global apps. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-54786
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.22% / 12.10%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 20:12
Updated-02 Jul, 2026 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wasmtime: Leak in WASIp1 `fd_renumber` implementation

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fd_renumber function where the file descriptor being renumbered to is not properly closed. Wasmtime's implementation erroneously only updated the table of descriptors for WASIp1 and didn't update the underlying table of descriptors used by the host. This behavior means that while fd_renumber works correctly from a guest's perspective it ends up leaking resources in the host that aren't cleaned up until the corresponding Store is destroyed. In a loop, guests can use fd_renumber to cause hosts to exhaust both resources and file descriptors. This bug only affects the native implementation of WASIp1, meaning that only runtimes which load core wasm modules and expose fd_renumber are affected. Runtimes are additionally only affected if they expose the ability to acquire a file descriptor, such as opening a file. For runtimes that deny access to files they are unaffected. This issue has been fixed in versions 24.0.10, 36.0.11, 44.0.3, and 45.0.2.

Action-Not Available
Vendor-bytecodealliancebytecodealliance
Product-wasmtimewasmtime
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2026-56777
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 15.73%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:08
Updated-02 Jul, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
n8n - AST Validator Bypass in Python Code Node

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module namespace. The issue only affects self-hosted instances where the Python Task Runner is enabled; where N8N_BLOCK_RUNNER_ENV_ACCESS is configured to allow it, this can disclose environment variables accessible to the task runner process.

Action-Not Available
Vendor-n8nn8n
Product-n8nn8n
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2026-56399
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 24.13%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:08
Updated-02 Jul, 2026 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI - Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.

Action-Not Available
Vendor-open-webui
Product-open-webui
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-27883
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.21% / 11.62%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 14:32
Updated-01 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deployments/{uuid}` endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId is extracted from the authentication token but never used to scope the database query. This vulnerability is fixed in 4.0.0-beta.464.

Action-Not Available
Vendor-coollabsio
Product-coolify
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-27881
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.16% / 5.75%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 14:28
Updated-30 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/deployments/{uuid}` in DeployController.php retrieves deployment details without validating that the deployment belongs to the authenticated user's team. Any authenticated API user can read deployment records from other teams by providing a valid deployment UUID. This vulnerability is fixed in 4.0.0-beta.464.

Action-Not Available
Vendor-coollabsio
Product-coolify
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 349
  • 350
  • Next