Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Common Vulnerability Scoring System49875
0
10
CVE-2026-9103
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 18:49
Updated-17 Jul, 2026 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Superuser Token Issuance via Auto-Login Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/auto_login endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTO_LOGIN configuration is enabled (enabled by default), which may allow an unauthenticated network attacker to obtain full administrative access. Additionally, permissive cross-origin resource sharing (CORS) settings may allow tokens to be exposed to unintended origins, increasing the risk of unauthorized access.

Action-Not Available
Vendor-IBM Corporation
Product-Langflow OSS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-9135
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 18:48
Updated-17 Jul, 2026 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 94981c443d4918517b9e8163d70fc598dc33a32d) contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allow_custom_components=false security control. The vulnerability exists because the validation mechanism only checks the main component source code in node_template["code"]["value"] but fails to validate dynamic CodeInput fields that store generated ToolGuard Python files. Attackers can embed malicious Python code in these unvalidated dynamic fields, which are persisted in Flow.data and later executed server-side when a guarded tool is invoked through the ToolGuard runtime. This allows authenticated users with flow creation privileges to achieve arbitrary Python code execution on the backend despite custom component restrictions. The vulnerability can be escalated through cross-tenant flow manipulation via the agentic MCP update_flow_component_field tool, which accepts attacker-controlled user_id parameters, enabling attackers to inject malicious code into victim users' flows. When combined with publicly accessible flows and specific misconfigurations (AUTO_LOGIN=true, NEW_USER_IS_ACTIVE=true), the attack can be conducted with reduced authentication requirements.

Action-Not Available
Vendor-IBM Corporation
Product-Langflow OSS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-9198
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 17:36
Updated-17 Jul, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/auto_login (mints SUPERUSER tokens to any network caller) with /api/v1/validate/code (executes user code via exec()) to achieve full RCE on default Langflow deployments

Action-Not Available
Vendor-IBM Corporation
Product-Langflow OSS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-9202
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 17:33
Updated-17 Jul, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated User Registration Could Lead to Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW_USER_IS_ACTIVE=true (documented deployment option), newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need for AUTO_LOGIN.

Action-Not Available
Vendor-IBM Corporation
Product-Langflow OSS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-12694
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:59
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in Vimesoft's Enterprise Video Platform

Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

Action-Not Available
Vendor-Vimesoft Inc.
Product-Enterprise Video Platform
CWE ID-CWE-862
Missing Authorization
CVE-2026-54496
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:59
Updated-17 Jul, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2_gadgets/src/ecc/chip/mul/incomplete.rs used assign_advice() for the base point without a copy constraint tying it to the actual base, allowing a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point and bypass the diversified-address-integrity check that binds pk_d, g_d, ivk, the nullifier (nf), and the spend validating key (ak) to the note being spent. This issue is fixed in zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0.

Action-Not Available
Vendor-zcashZcashFoundation
Product-zcashorchardzebrahalo2_gadgetslibrustzcash
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-12693
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.4||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:50
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Vimesoft's Enterprise Video Platform

Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

Action-Not Available
Vendor-Vimesoft Inc.
Product-Enterprise Video Platform
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-12692
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:39
Updated-17 Jul, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Vimesoft's Enterprise Video Platform

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

Action-Not Available
Vendor-Vimesoft Inc.
Product-Enterprise Video Platform
CWE ID-CWE-620
Unverified Password Change
CVE-2026-9586
Assigner-Security Risk Advisors (SRA)
ShareView Details
Assigner-Security Risk Advisors (SRA)
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:57
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The /pa endpoint processes XML content beginning with <PolycomIPPhone> and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution.

Action-Not Available
Vendor-Sangoma Technologies Corp.
Product-Switchvox SMB Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-8297
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:50
Updated-17 Jul, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQLi in GIS Informatics' GisLab Laboratory Management System

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.

Action-Not Available
Vendor-Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc.
Product-GisLab Laboratory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-23564
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:25
Updated-17 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verify the validity of the provided UserId, but similar validation is not applied to Email requests when sending passwords to user emails.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-Aftermarket EPC
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2026-9810
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 06:00
Updated-17 Jul, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI Chatbot & Workflow Automation by AIWU < 1.5.4 - Unauthenticated Privilege Escalation via MCP OAuth

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitrary user creation and role escalation.

Action-Not Available
Vendor-Unknown
Product-AI Copilot
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-15982
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 05:35
Updated-17 Jul, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation via 'aiomatic_call_google_ai_function'

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomatic_call_google_ai_function' function. This makes it possible for unauthenticated attackers to leverage the 'aimogen_wp_god_mode' tool to clear function blacklists and execute arbitrary PHP functions, such as creating administrator accounts.

Action-Not Available
Vendor-CodeRevolution
Product-Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-14956
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 01:30
Updated-17 Jul, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bricksforge <= 3.1.8.6 - Unauthenticated Privilege Escalation via Pro Forms fieldIds Parameter

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-field whitelist. This makes it possible for unauthenticated attackers to register a new administrator account by submitting a crafted request to a publicly accessible Bricksforge Pro Forms registration form. Successful exploitation requires that the site has a public Bricksforge Pro Forms element configured with the User Registration action.

Action-Not Available
Vendor-Bricksforge
Product-Bricksforge
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-62241
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 00:07
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
clawvet < 0.7.5 Hard-coded JWT Secret Session Forgery

clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated attacker can harvest a victim's userId, forge a valid HS256 cg_session cookie offline using the known secret, and call GET /api/v1/auth/me to obtain the victim's email address, subscription plan, and secret apiKey. The published clawvet npm package (CLI only) is not affected.

Action-Not Available
Vendor-MohibShaikh
Product-clawvet
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2026-62232
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 00:07
Updated-17 Jul, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grav < 2.0.4 2FA Bypass via Secret Regeneration

Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FASecret task checks only user existence, not authorization, during the pending TOTP challenge window. Attackers who know the victim's password can call this task without a CSRF nonce to overwrite the 2FA secret with an attacker-chosen value, compute a valid TOTP code, and complete authentication while reducing 2FA to password-only protection.

Action-Not Available
Vendor-getgrav
Product-grav
CWE ID-CWE-862
Missing Authorization
CVE-2026-51080
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 00:00
Updated-17 Jul, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML External Entity (XXE) vulnerability.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2026-44182
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 22:05
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jupyter Enterprise Gateway Has Kubernetes Manifest Injection via Jinja2 Template Rendering

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates untrusted environment variables (e.g., KERNEL_XXX) into Kubernetes manifests without YAML-aware escaping, enabling YAML injection attacks. Attackers can inject new fields, overwrite critical fields (e.g., duplicate securityContext keys, where the last one prevails), and inject document boundaries (--- for new documents, ... for end-of-document) to generate multiple resources, potentially creating arbitrary types, such as privileged pods. The Jinja2 template for the Kubernetes manifest contains several kernel_xxx variables, such as kernel_working_dir that are used when rendering the manifest and are all vectors for YAML injection. This issue has been fixed in version 3.3.0.

Action-Not Available
Vendor-jupyter-server
Product-enterprise_gateway
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-44181
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 22:03
Updated-17 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection results in Remote Code Execution

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables (KERNEL_XXX) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI). By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can use or steal the Kubernetes service account token, which can steal Kubernetes secrets and be used to fully compromise the Kubernetes cluster by scheduling a privileged pod or a pod with a hostPath volume mount. This issue has been fixed in version 3.3.0.

Action-Not Available
Vendor-jupyter-server
Product-enterprise_gateway
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CVE-2026-44180
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 21:59
Updated-17 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids can be Bypassed

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. Versions 2.0.0rc1 and above prior to 3.3.0 have a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root), and this restriction can be bypassed using a specially crafted KERNEL_UID or KERNEL_GID value. This input validation vulnerability allows running Jupyter kernels as root, which can be dangerous as it allows more attack surface, and may lead to container escapes, compromising the worker node and all workloads running on it. Repeated exploitation can compromise all worker nodes, and thus the entire Kubernetes cluster. It is possible to specify volume mounts, so one vector for a container escape is to use a hostPath R/W volume mount, use this UID/GID bypass to run as root, and then gain code execution in the underlying worker node by creating a crontab entry in the mounted host file system. This issue has been fixed in version 3.0.0.

Action-Not Available
Vendor-jupyter-server
Product-enterprise_gateway
CWE ID-CWE-20
Improper Input Validation
CVE-2026-57075
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 21:39
Updated-17 Jul, 2026 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64_xtable with a signed char, so any !!binary byte >= 0x80 sign-extends to a negative index and reads before the table. The decoder receives the raw bytes of any !!binary node, a standard YAML type not gated by $LoadBlessed or $LoadCode, so it is reached on the default Load path. Any caller that runs Load or LoadFile on an untrusted document containing a !!binary scalar with a high-bit byte triggers the read, and the value read can surface in the decoded result.

Action-Not Available
Vendor-TODDR
Product-YAML::Syck
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-53412
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 21:15
Updated-17 Jul, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace VDI Plugin for Windows - Improper Input Validation

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.

Action-Not Available
Vendor-Zoom Communications
Product-Zoom Workplace for Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2026-15422
Assigner-0ca53633-f0b5-4853-ba72-e0a2e62000d0
ShareView Details
Assigner-0ca53633-f0b5-4853-ba72-e0a2e62000d0
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SCTP needs to better-check INIT ACK chunk parameters

The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification (i.e. before SCTP integrity checks or IPsec policy are applied) a remote, unauthenticated attacker can send a crafted SCTP INIT ACK packet with malformed address parameters to cause an out-of-bounds access and kernel heap corruption, which may lead to remote code execution. The flaw has existed since 2010 (illumos-gate commit a5407c02), and affects any illumos distribution prior to illumos-gate commit 53a3efde.

Action-Not Available
Vendor-Triton Data CenterOmniOSillumos
Product-illumos-gateOmniOSSmartOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-63089
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 19:28
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WireGuard Easy Weak Token Generation Information Disclosure via OTL Route

WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuard peer credentials by brute-forcing a keyspace of at most 1000 candidate tokens per client ID, as the token is computed using CRC32 over a random value constrained to 0-999. Attackers can enumerate candidate tokens against the unauthenticated /cnf/:oneTimeLink route, which lacks rate limiting and does not validate token expiration, to obtain a peer's PrivateKey and PresharedKey and impersonate that peer on the VPN network.

Action-Not Available
Vendor-wg-easy
Product-wg-easy
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-46515
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 18:17
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frogman: Multiple read-tier tools expose admin-grade data and arbitrary GraphQL execution

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.3, PERM_READ access was sufficient to call fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query, and fm_diagnose_trunk, exposing AMI manager secrets, outbound dial PINs, full Asterisk dialplan context, root SSH connection commands, backup artifact paths, CDR history, arbitrary saved GraphQL query execution, and raw AMI endpoint dumps containing SIP fields such as password, md5_cred, and oauth_secret. This issue is fixed in version 1.6.3.

Action-Not Available
Vendor-mwtcmi
Product-frogman
CWE ID-CWE-862
Missing Authorization
CVE-2026-46512
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 18:15
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frogman: Dialplan template parameters interpolated into extensions_custom.conf without escaping

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fm_dialplan_apply accepted template parameters including greeting, dest, url, extension, code, and file, and Tools/DialplanApply.php wrote Dialplan/Templates.php output to extensions_custom.conf while only Dialplan/TemplateBase.php:38-42 sanitized contextName(), allowing a PERM_WRITE caller using confirm:true to inject arbitrary Asterisk directives such as System(), Set(SHELL(...)), Goto, or Macro. This issue is fixed in version 1.6.2.

Action-Not Available
Vendor-mwtcmi
Product-frogman
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-45336
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 17:03
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HireFlow: Use of Hard-coded Credentials

HireFlow is a web-based interview management system for managing candidates, scheduling interviews, and tracking hiring progress. In 1.2 and earlier, app.py assigns a hard-coded Flask secret_key used to sign session cookies, allowing unauthenticated attackers who know the public source value to forge cookies containing role=admin and user_id values and bypass authentication. The advisory lists version 1.3 as fixed.

Action-Not Available
Vendor-StratonWebDesigners
Product-HireFlow
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-45568
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 16:45
Updated-17 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing requests.request to return a server-side response from an attacker-chosen URL. This issue is fixed in version 2.0.3.

Action-Not Available
Vendor-openziti
Product-zrok
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-3031
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 16:22
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library

Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library. Image::EPEG includes Epeg 0.9.0 that was last updated in 2004. Epeg is a fast JPEG thumbnail library that was once part of the Englightenment Project.

Action-Not Available
Vendor-TOKUHIROM
Product-Image::EPEG
CWE ID-CWE-1104
Use of Unmaintained Third Party Components
CVE-2026-57074
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 16:15
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read.

Action-Not Available
Vendor-CODECHILD
Product-XML::Bare
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-57073
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 16:15
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead

HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.

Action-Not Available
Vendor-CODECHILD
Product-HTML::Bare
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-46621
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 16:07
Updated-16 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yamcs: Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the ChangeMissionDatabase privilege could override an existing Python algorithm's logic through the mission database REST API and import and execute arbitrary Java classes such as java.lang.Runtime to achieve remote code execution on the underlying host operating system. This issue is fixed in versions 5.12.7 and 5.13.0, which disable algorithm editing by default.

Action-Not Available
Vendor-yamcs
Product-yamcs
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-46562
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 16:06
Updated-16 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yamcs: Remote Code Execution via Mission Database algorithm override

Yamcs is a mission control framework. Prior to 5.12.7, the Nashorn ScriptEngine used to evaluate user-supplied JavaScript algorithm text in yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java was constructed without a ClassFilter, so a user with the ChangeMissionDatabase privilege could override an algorithm through the MdbOverrideApi.updateAlgorithm endpoint and supply JavaScript that reaches arbitrary Java classes (for example Java.type("java.lang.Runtime").getRuntime().exec(...)) to execute arbitrary OS commands as the Yamcs process; in the default configuration with no security.yaml the built-in guest user has superuser=true, making the issue reachable without authentication. This issue is fixed in versions 5.12.7 and 5.13.0, which disable algorithm editing by default.

Action-Not Available
Vendor-yamcs
Product-yamcs
CWE ID-CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2026-44632
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 16:05
Updated-16 Jul, 2026 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yamcs: Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`

Yamcs is a mission control framework. Prior to 5.12.7, a server-side code injection vulnerability existed in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory, which dynamically compiled and evaluated user-controlled algorithm text through the Janino compiler without enforcing a secure sandbox, so an authenticated user with the ChangeMissionDatabase privilege could override an existing algorithm's text via the mission database REST API and inject Java code (for example using java.lang.Runtime) to achieve remote code execution on the underlying host operating system. This issue is fixed in versions 5.12.7 and 5.13.0, which disable algorithm editing by default.

Action-Not Available
Vendor-yamcs
Product-yamcs
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-63087
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 16:03
Updated-17 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint

Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install endpoint using hardcoded default stack_id and org_id values present in the public source tree. Attackers can leverage the acquired token to authenticate against all internal API endpoints, create arbitrary Admin users via the user-context header bootstrap path, revoke the legitimate plugin token, and redirect OnCall-to-Grafana API calls to an attacker-controlled host by overwriting the organization's grafana_url and api_token.

Action-Not Available
Vendor-grafana-cold-storage
Product-oncall
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-45695
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 15:42
Updated-16 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists and forwards attacker-supplied SFTP storage configuration to blob.NewStorage, where externalSSH: true and sshArguments containing -oProxyCommand=<cmd> can cause exec.CommandContext("ssh") to invoke the command through OpenSSH. This issue is fixed in version 0.23.0.

Action-Not Available
Vendor-kopia
Product-kopia
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-54733
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 14:52
Updated-16 Jul, 2026 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
moodle-local_o365: Authentication bypass via unverified JWT signature in Teams SSO endpoint

The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin local_o365 Teams SSO endpoint sso_login.php base64-decodes a JWT payload and authenticates users from the upn claim without verifying the JWT signature, allowing an unauthenticated attacker to forge a token and obtain a Moodle session as an O365-authenticated user. This issue is fixed in versions 4.5.6, 5.0.5, and 5.1.1.

Action-Not Available
Vendor-Microsoft Corporation
Product-o365-moodle
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-59866
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 14:46
Updated-17 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kiota: Arbitrary file write + code-injection via x-ms-kiota-info clientClassName and clientNamespaceName

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clientNamespaceName values without identifier or path sanitization as both generated client class or namespace names and generated output path components when `kiota generate` ran without -c/--class-name, allowing an attacker-controlled or compromised OpenAPI description to write generated source outside the -o output directory and inject arbitrary text into generated class or namespace declarations. This issue is fixed in version 1.32.5 by GenerationConfiguration.SanitizeClientClassName and SanitizeClientNamespaceName.

Action-Not Available
Vendor-Microsoft Corporation
Product-kiota
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-59864
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 14:45
Updated-17 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kiota: Path/URL injection into generated Copilot plugin manifest via x-ai-* extensions

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota plugin add` and `kiota plugin generate` (with `-t APIPlugin`) emitted attacker-controlled static_template.file values from x-ai-adaptive-card and x-ai-capabilities into generated Microsoft 365 Copilot and Teams plugin manifests without path validation, allowing ../, absolute, rooted, UNC, Windows drive, or URI paths in response_semantics.static_template.file to cause path traversal or out-of-package file inclusion when the generated plugin was deployed. This issue is fixed in version 1.32.5.

Action-Not Available
Vendor-Microsoft Corporation
Product-kiota
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-14890
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 14:43
Updated-16 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-14890

SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when the feature is enabled and the service is reachable over the network.

Action-Not Available
Vendor-SGLang
Product-SGLang
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-59865
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 14:43
Updated-17 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kiota: Command injection via x-ms-kiota-info dependencyInstallCommand surfaced by `kiota info`

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota info` read x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presented the spec-supplied command as Kiota's recommended install command, allowing an attacker-controlled or compromised description to cause command injection when the suggested command was run manually or through the Kiota VS Code extension's kiota info --json dependency-install flow. This issue is fixed in version 1.32.5.

Action-Not Available
Vendor-Microsoft Corporation
Product-kiota
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-56453
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.5||MEDIUM
EPSS-Not Assigned
Published-16 Jul, 2026 | 13:06
Updated-17 Jul, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability.

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to bypass controls and gain unauthorized access to targeted user accounts.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dfxanalyticsDFXAnalytics
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2026-63306
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 12:19
Updated-16 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints

stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.

Action-Not Available
Vendor-stoatchat
Product-stoatchat
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-63305
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 12:19
Updated-17 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVideo through 29.0 OS Command Injection via ffmpeg.json.php

AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php endpoint where notifyCode and callback parameters are concatenated into a shell command without escaping. Attackers who can craft a valid encrypted payload can inject arbitrary shell metacharacters into these fields to execute OS commands as the web-server user.

Action-Not Available
Vendor-WWBN
Product-AVideo
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-63304
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 12:19
Updated-16 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVideo through 29.0 OS Command Injection via listFFmpegProcesses

AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses() function interpolates unsanitized keyword parameters inside single quotes without escaping. Attackers who can craft a valid encrypted codeToExec payload can break out of the single-quoted grep context and execute arbitrary OS commands as the web-server user.

Action-Not Available
Vendor-WWBN
Product-AVideo
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-11386
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-9||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 12:16
Updated-16 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ubuntu-pro-client Input Validation Vulnerability Leading to Arbitrary APT Directive Injection and Remote Code Execution

An input validation and injection vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client constructs APT source files (such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents) using data received directly from the contract server response via the directives.suites[] and directives.aptURL fields. Because the client utilizes Python's str.format() to write these files without performing escaping, validation, or newline character filtering, a malicious or tampered contract response containing embedded newline (\n) characters can successfully inject arbitrary, attacker-controlled deb configuration lines into root-owned APT sources. When combined with the unvalidated additionalPackages[] field—which is passed positionally into a root-executed apt-get install command—an attacker capable of spoofing or manipulating the contract response (e.g., via a compromised internal infrastructure, an intercepted connection utilizing a trusted CA, or local logical bugs) can force the client to fetch and install malicious packages. This ultimately leads to arbitrary code execution with root privileges on the affected system. This component is preinstalled on supported Ubuntu Server releases and auto-attaches by default on cloud provider Ubuntu Pro images.

Action-Not Available
Vendor-Canonical Ltd.
Product-Ubuntu 18.04 LTSUbuntu 22.04 LTSUbuntu 24.04 LTSUbuntu 16.04 LTSUbuntu 20.04 LTSUbuntu 26.04 LTSubuntu-pro-client (ubuntu-advantage-tools)Ubuntu 14.04 LTS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-49899
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 10:11
Updated-16 Jul, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Origin Validation Error in X-Rite MA-T6

An unauthenticated remote attacker can execute any command on the affected device due to not correctly verifying the origin of a communication channel.

Action-Not Available
Vendor-X-Rite
Product-MA-T6
CWE ID-CWE-346
Origin Validation Error
CVE-2023-49900
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 10:11
Updated-16 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Origin Validation Error in X-Rite MA-T6

An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command.

Action-Not Available
Vendor-X-Rite
Product-MA-T6
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-12492
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 4.52%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 06:00
Updated-16 Jul, 2026 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Happy Coders OTP Login for WooCommerce < 2.8 - Unauthenticated Account Takeover via hcotp_auto_login_user

The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well as to create new accounts.

Action-Not Available
Vendor-Unknown
Product-Happy Coders OTP Login for WooCommerce
CWE ID-CWE-287
Improper Authentication
CVE-2026-15925
Assigner-412d305a-227d-44f9-a262-a31ba44f2aea
ShareView Details
Assigner-412d305a-227d-44f9-a262-a31ba44f2aea
CVSS Score-9.2||CRITICAL
EPSS-0.17% / 6.65%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 05:31
Updated-16 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper TLS Hostname Verification in Snowflake Connector for Python

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by intercepting or redirecting network traffic and presenting a certificate signed by any trusted CA for any domain, causing the connector to accept connections without validating that the certificate matched the requested hostname. Successful exploitation requires an on-path traffic interception capability (e.g. ARP/DNS poisoning, rogue access point, BGP hijacking, or malicious proxy/exit node). This vulnerability may have exposed credentials, query data, and staged file contents to interception and tampering, and may have enabled the attacker to issue arbitrary SQL within the context of the victim's connector session. Impact is limited by the privileges of the affected Snowflake role. The fix is available in Snowflake Connector for Python versions 4.7.1 and 3.18.1. Users must manually upgrade.

Action-Not Available
Vendor-Snowflake
Product-Snowflake Connector for Python
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 997
  • 998
  • Next