Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Common Vulnerability Scoring System93242
0
10
CVE-2026-12484
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-19 Jul, 2026 | 19:47
Updated-19 Jul, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe Deserialization in keras.layers.TorchModuleWrapper.from_config

A vulnerability in keras-team/keras version 3.15.0 allows unsafe deserialization of attacker-controlled PyTorch pickle data through the public `keras.layers.TorchModuleWrapper.from_config` method. This method invokes `torch.load(..., weights_only=False)` without requiring an explicit unsafe opt-in, such as a `safe_mode=False` parameter. When called outside a `SafeModeScope(True)` context, the absence of an ambient safe mode state permits unsafe deserialization by default. This issue can lead to arbitrary code execution if untrusted Keras layer configurations are processed using this method. The vulnerability arises because the method does not enforce safe deserialization practices unless explicitly guarded by Keras safe mode.

Action-Not Available
Vendor-keras-team
Product-keras-team/keras
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-16221
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-19 Jul, 2026 | 14:08
Updated-19 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fast-uri vulnerable to host confusion via literal backslash authority delimiter

Impact: fast-uri versions from 2.3.1 through 4.1.0 (including the 3.x line up to 3.1.3 and the 2.x line up to 2.4.2) do not treat a literal backslash character (U+005C) as an authority delimiter. Node's native WHATWG URL parser, used by fetch, undici, and Node's http and https clients, normalizes the backslash to a forward slash for special schemes such as http, https, ws, wss, ftp, and file. As a result, the two parsers extract different hosts from the same input string. Applications that use fast-uri to enforce host-based policy such as allowlists, denylists, loopback or SSRF filtering, redirect validation, or outbound proxy routing before passing the same URL into Node's URL or fetch consumers can be steered to an unintended destination, including cloud metadata endpoints, loopback, or internal hosts. Patches: upgrade to fast-uri 4.1.1, 3.1.4, or 2.4.3. Workarounds: none.

Action-Not Available
Vendor-fast-uri
Product-fast-uri
CWE ID-CWE-436
Interpretation Conflict
CVE-2026-16228
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 09:30
Updated-19 Jul, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Class and Exam Timetabling System edit_schoolyr.php sql injection

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /edit_schoolyr.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Class and Exam Timetabling System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-16227
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 09:15
Updated-19 Jul, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Class and Exam Timetabling System edit_subject.php sql injection

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /edit_subject.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Class and Exam Timetabling System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-16210
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 03:15
Updated-19 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
newpanjing simpleui AjaxAdmin AJAX Endpoint admin.py self.get_action missing authentication

A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the function self.get_action of the file simpleui/admin.py of the component AjaxAdmin AJAX Endpoint. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-newpanjing
Product-simpleui
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-16209
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 03:00
Updated-19 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gerapy Project Upload Endpoint views.py missing authentication

A vulnerability has been found in Gerapy up to 0.9.13. The impacted element is an unknown function of the file gerapy/server/core/views.py of the component Project Upload Endpoint. Such manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd4891c60315f17611a3b7a651ffe0fba7cfe71e. Applying a patch is advised to resolve this issue.

Action-Not Available
Vendor-n/a
Product-Gerapy
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-16204
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 01:45
Updated-19 Jul, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zevorn rt-claw Telegram-to-AI Tool Execution Flow script.c tool_run_script_execute code injection

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This affects the function tool_run_script_execute of the file claw/services/tools/script.c of the component Telegram-to-AI Tool Execution Flow. Performing a manipulation results in code injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-zevorn
Product-rt-claw
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-16200
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-19 Jul, 2026 | 00:15
Updated-19 Jul, 2026 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zevorn rt-claw RPC swarm.c claw_tool_invoke authorization

A vulnerability has been found in zevorn rt-claw up to 0.2.0. This impacts the function claw_tool_invoke of the file claw/services/swarm/swarm.c of the component RPC Handler. The manipulation leads to incorrect authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-zevorn
Product-rt-claw
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-16154
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-18 Jul, 2026 | 20:15
Updated-18 Jul, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Class and Exam Timetabling System edit_room1.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /edit_room1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-SourceCodester
Product-Class and Exam Timetabling System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-16152
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-18 Jul, 2026 | 20:00
Updated-18 Jul, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Class and Exam Timetabling System edit_rooma.php sql injection

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /edit_rooma.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-SourceCodester
Product-Class and Exam Timetabling System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-53994
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 19:30
Updated-18 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProFTPD mod_sftp Heap Buffer Overflow via Unsigned Integer Underflow and Size Truncation

ProFTPD mod_sftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxp_packet_read() function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to underflow to approximately 4 GB. That oversized request reaches the core memory allocator, where the rounded size is computed in size_t but passed to new_block() as a 32-bit int; the low 32 bits of 0x100000000 are 0, so new_block() returns a small (~512-byte) block while the caller is told it received ~4 GB. The subsequent fill loop then streams attacker-controlled bytes past the end of the 544-byte allocation, producing an attacker-controlled heap buffer overflow. An authenticated user can crash the per-connection ProFTPD session child on demand with a single malformed SFTP packet (packet_len=0 followed by a body greater than approximately 544 bytes), producing reliable authenticated remote denial of service. Depending on heap layout and adjacent allocations, heap metadata corruption and further consequences beyond denial of service may be possible, though only denial of service is demonstrated by the supplied proof of concept.

Action-Not Available
Vendor-ProFTPD Project
Product-ProFTPD
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-16128
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-18 Jul, 2026 | 16:30
Updated-18 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zevorn rt-claw http_request swarm.c receiver_thread server-side request forgery

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiver_thread of the file claw/services/swarm/swarm.c of the component http_request. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-zevorn
Product-rt-claw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-16127
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-18 Jul, 2026 | 16:00
Updated-18 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zevorn rt-claw http_request tool_net.c claw_net_post server-side request forgery

A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function claw_net_get/claw_net_post of the file claw/tools/tool_net.c of the component http_request. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-zevorn
Product-rt-claw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-16126
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-18 Jul, 2026 | 15:45
Updated-18 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zevorn rt-claw Swarm RPC Receiver swarm.c handle_rpc_request authorization

A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handle_rpc_request of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-zevorn
Product-rt-claw
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-16125
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-18 Jul, 2026 | 15:15
Updated-18 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zevorn rt-claw http_request net.c claw_net_post server-side request forgery

A vulnerability was found in zevorn rt-claw up to 0.2.0. The affected element is the function claw_net_get/claw_net_post of the file claw/services/tools/net.c of the component http_request. The manipulation of the argument url results in server-side request forgery. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-zevorn
Product-rt-claw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-71397
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 2.2.2 CPU Exhaustion via nested FOR loops

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions (at the root, namespace, or database level) to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is constrained, nesting multiple loops (e.g., each with 1,000,000 iterations) is not, so an attacker can execute a function that consumes all server CPU time. Configured timeouts do not stop the execution, rendering the server unresponsive to other queries and connections until it is manually restarted.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2025-71395
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 2.2.2 Memory Exhaustion via string::replace

SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations, causing denial of service.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2025-71391
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 2.2.2 Denial of Service via /sql endpoint

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instance and any dependent applications.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-248
Uncaught Exception
CVE-2024-58370
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 1.1.0 Uncontrolled Recursion Denial of Service

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-58369
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 1.1.1 Denial of Service via Global Parameters

SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace levels, causing server panic. Authorized clients can invoke these entities at unsupported levels to crash the SurrealDB server, resulting in denial of service.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-248
Uncaught Exception
CVE-2024-58368
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 1.1.0 Denial of Service via HTTP Headers

SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST API requests containing special characters. Unauthenticated attackers can send crafted HTTP requests with malformed header values to trigger an uncaught exception that crashes the server.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-248
Uncaught Exception
CVE-2024-58367
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 2.0.4 Improper Authorization via SELECT Permissions

SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allowing authorized users to access unauthorized field values through various query techniques. Attackers can exploit SELECT VALUE operations, field aliasing, function arguments, WHERE clause filtering, RETURN BEFORE clauses, and SET clause references to leak protected field contents despite lacking SELECT permissions.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-285
Improper Authorization
CVE-2024-58365
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 1.2.0 Denial of Service via Nonexistent Function

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-248
Uncaught Exception
CVE-2024-58364
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 1.2.1 Denial of Service via Parsing Error

SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing denial of service.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-248
Uncaught Exception
CVE-2024-58361
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 2.0.4 Denial of Service via Parser Exception

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error rendering, crashing the server.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-248
Uncaught Exception
CVE-2024-58359
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 2.1.0 Denial of Service via rand() Sorting

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand() clause. Authorized clients can execute queries with ORDER BY rand() to trigger a panic in the sorting function, crashing the server.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-248
Uncaught Exception
CVE-2024-58357
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 13:10
Updated-18 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SurrealDB before 2.1.0 Denial of Service via rand::time()

SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time() function that panics when unwrap is called on a None result from timestamp_opt. Authorized clients can repeatedly invoke rand::time() to reliably trigger server panics and cause denial of service.

Action-Not Available
Vendor-surrealdb
Product-surrealdb
CWE ID-CWE-248
Uncaught Exception
CVE-2026-9147
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-18 Jul, 2026 | 12:46
Updated-18 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uproot 5.7.4 and prior Code Injection via TStreamerInfo Metadata

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields (for example, streamer element names) are interpolated into the generated Python source without safe quoting via repr() or the !r format specifier. An attacker who can supply a crafted ROOT file can place Python expression-breaking content into a streamer metadata field. When uproot generates and invokes the corresponding reader method, the injected Python expression is evaluated in the context of the process opening the file, resulting in arbitrary Python code execution in applications that open or process attacker-controlled ROOT files with affected uproot code paths.

Action-Not Available
Vendor-scikit-hep
Product-uproot
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-16084
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 32.42%
||
7 Day CHG~0.00%
Published-18 Jul, 2026 | 09:00
Updated-18 Jul, 2026 | 09:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sipeed PicoClaw web.go web_fetch server-side request forgery

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function web_fetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Patch name: c15aac21fe05ee103a470e1104bc891754e83392. To fix this issue, it is recommended to deploy a patch.

Action-Not Available
Vendor-Sipeed
Product-PicoClaw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-47870
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-7.1||HIGH
EPSS-0.39% / 31.32%
||
7 Day CHG~0.00%
Published-18 Jul, 2026 | 08:57
Updated-18 Jul, 2026 | 09:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VMware Avi Load Balancer Privilege Escalation Vulnerability

VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious authenticated user with network access may be able to execute remote code. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Avi Load Balancer
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-47868
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.40%
||
7 Day CHG~0.00%
Published-18 Jul, 2026 | 08:57
Updated-18 Jul, 2026 | 09:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VMware Avi Load Balancer Local Privilege Escalation Vulnerability

VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able to escalate their privileges to run code as root. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Avi Load Balancer
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-56171
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.55% / 42.50%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 21:34
Updated-17 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Admin CenterRemote Desktop Web Client
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2026-56740
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 40.18%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 21:17
Updated-17 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JLine: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables() in TelnetIO.java:1127-1180 stores each variable pair in a HashMap held by ConnectionData, allowing an unauthenticated attacker to flood unique variable pairs before the terminating IAC SE byte and exhaust JVM heap memory with an OutOfMemoryError. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1.

Action-Not Available
Vendor-jline
Product-jline3
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-56741
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.79%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 21:15
Updated-17 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JLine: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS() in TelnetIO.java:856-879 reads client-supplied width and height as 16-bit unsigned integers and passes values such as 65535x65535 to setTerminalGeometry(), allowing an unauthenticated remote attacker to repeatedly alternate values and trigger continuous expensive rendering work that causes CPU exhaustion and denial of service. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1.

Action-Not Available
Vendor-jline
Product-jline3
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-49485
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.68% / 48.11%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 20:59
Updated-17 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.9 and 6.9.4.2, all implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation, and the FHIRPath functions matches(), matchesFull(), and replaceMatches() pass user-controlled regular expressions to Java's Pattern.compile() and String.replaceAll() through an incomplete timeout utility. An attacker can send a resource containing an evil regex pattern that causes catastrophic backtracking, exhausting CPU resources and causing denial of service in the FHIR Validator HTTP endpoint and affected org.hl7.fhir.* modules. This issue is fixed in versions 6.9.9 and 6.9.4.2.

Action-Not Available
Vendor-hapifhir
Product-org.hl7.fhir.core
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-50271
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.79% / 52.24%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 20:42
Updated-17 Jul, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dd-trace-py: Improper parsing of W3C baggage headers may lead to DoS

Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES limits on the extract path. A remote, unauthenticated attacker can send a request whose baggage header contains an arbitrarily large number of comma-separated key-value pairs or a single very large value, causing unbounded CPU and memory consumption and enabling a remote denial of service against HTTP services with baggage propagation enabled. This issue is fixed in version 4.8.2.

Action-Not Available
Vendor-DataDog
Product-dd-trace-py
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-50274
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.79% / 52.25%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 20:41
Updated-17 Jul, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS

Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monitoring. Prior to 2.8.1, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES limits on the extract path. A remote, unauthenticated attacker can send a request whose baggage header contains an arbitrarily large number of comma-separated key-value pairs or a single very large value, causing unbounded CPU and memory consumption and enabling a remote denial of service against HTTP services with baggage propagation enabled. This issue is fixed in version 2.8.1.

Action-Not Available
Vendor-DataDog
Product-dd-trace-go
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-50272
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.79% / 52.25%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 20:28
Updated-17 Jul, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dd-trace: Improper parsing of W3C baggage headers may lead to DoS

dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing/propagation/text_map.js parsed incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES on extraction. A remote, unauthenticated attacker can send a request whose baggage header contains an arbitrarily large number of comma-separated key-value pairs, or a single very large value, causing unbounded CPU and memory consumption and enabling a remote denial of service against any HTTP service with baggage propagation enabled. This issue is fixed in version 5.100.0.

Action-Not Available
Vendor-DataDog
Product-dd-trace-js
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-44891
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.71%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 20:16
Updated-17 Jul, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only restricts individual header lines. An attacker can send a large number of short headers that are accumulated in memory inside DefaultStompHeadersSubframe until the JVM throws an OutOfMemoryError, causing denial of service for servers exposing a STOMP endpoint based on StompSubframeDecoder. This issue is fixed in versions 4.1.136.Final and 4.2.16.Final.

Action-Not Available
Vendor-The Netty Project
Product-netty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-44974
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.34% / 26.60%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 20:11
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parameter smuggling in @hapi/content header parser allows upload-filter bypass via duplicate parameters

@hapi/content provided HTTP Content-* headers parsing. Prior to 6.0.2, Content.disposition() retained the last occurrence of each duplicate parameter while Content.type() retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another component in the request-processing chain resolves duplicates the opposite way. This can allow an upload filename allowlist bypass in headers such as Content-Disposition: form-data; name="file"; filename="safe.txt"; filename="shell.php". This issue is fixed in version 6.0.2.

Action-Not Available
Vendor-hapijs
Product-content
CWE ID-CWE-436
Interpretation Conflict
CVE-2026-45799
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.26%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:49
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

Wire provides gRPC and protocol buffers for Android, Kotlin, Swift, and Java. Prior to 6.3.0 and 7.0.0-alpha03, ByteArrayProtoReader32.skipGroup() and ProtoReader.skipGroup() in wire-runtime do not validate that a LENGTH_DELIMITED field length is non-negative before skip(), allowing a crafted protobuf varint encoding -128 as a signed Int to make skip(-128) move the internal position negative and make the next readByte() throw ArrayIndexOutOfBoundsException instead of the documented IOException or ProtocolException, which can crash services using ProtoAdapter.decode(byte[]) on untrusted payloads. This issue is fixed in versions 6.3.0 and 7.0.0-alpha03.

Action-Not Available
Vendor-square
Product-wire
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-16118
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.44%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:44
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c

A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-50151
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.41%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:41
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oras-go: credential forwarding via unvalidated Location header in blob upload

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-controlled Location header during monolithic blob upload and reuses the Authorization header from the initial POST request for the subsequent PUT request, allowing a malicious registry to return a cross-host Location and receive the caller's credentials at an attacker-controlled endpoint. This issue is fixed in version 2.6.1.

Action-Not Available
Vendor-oras-project
Product-oras-go
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-50163
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.43% / 34.79%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:36
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oras-go: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution in `oras-go` tar extraction

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.2, ensureLinkPath in content/file/utils.go:262-275 validates a hardlink target relative to the extract base but returns the unresolved target, causing os.Link("victim.secret", "<extract_base>/payload.tar.gz/evil_cwd_link") to resolve header.Linkname against the process current working directory for a Typeflag=TypeLink entry such as Name=payload.tar.gz/evil_cwd_link and Linkname="victim.secret" with io.deis.oras.content.unpack: "true", which can expose or tamper with files such as .env, .git/config, .aws/credentials, and ~/.ssh/config. This issue is fixed in version 2.6.2.

Action-Not Available
Vendor-oras-project
Product-oras-go
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-15322
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.41%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:35
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in IBM Engineering AI hub.

IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive information due to the exposure of session tokens in URLs.

Action-Not Available
Vendor-IBM Corporation
Product-Engineering AI Hub
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CVE-2026-48373
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.39%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader | Heap-based Buffer Overflow (CWE-122)

Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-Acrobat Reader
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-50197
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.55% / 42.35%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:23
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding: chunked / HTTP/2 requests

Skipper is an HTTP router and reverse proxy for service composition. Prior to 0.26.10, zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header, because the opaAuthorizeRequestWithBody filter and OpenPolicyAgentInstance.ExtractHttpBodyOptionally in filters/openpolicyagent/openpolicyagent.go produce an empty raw_body and input.parsed_body while the upstream service receives the full attacker-controlled body. This issue is fixed in version 0.26.10.

Action-Not Available
Vendor-zalando
Product-skipper
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2026-49284
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.65%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:17
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Prior to 2.4.7 and 2.5.2, SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated login when unsigned Response/InResponseTo is combined with a signed assertion lacking SubjectConfirmationData/InResponseTo, allowing a response issued by one trusted IdP to be bound to SP state created for another IdP and bypass flows that route users to a specific IdP, including deployments that set enable_unsolicited to false. This issue is fixed in versions 2.4.7 and 2.5.2.

Action-Not Available
Vendor-simplesamlphp
Product-simplesamlphp
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-7872
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.52%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:15
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authentication Bypass

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user.

Action-Not Available
Vendor-IBM Corporation
Product-Langflow OSS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-63030
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-8.95% / 94.67%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:14
Updated-18 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the author__not_in WP_Query SQL Injection (CVE-2026-60137), could allow an attacker to perform SQL Injection and achieve Remote Code Execution.

Action-Not Available
Vendor-WordPress.org
Product-WordPress
CWE ID-CWE-436
Interpretation Conflict
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 1864
  • 1865
  • Next