Total CVEs

139,939

Critical Severity

3,664

High Severity

13,195

Last 7 Days

1,711
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 221 - 240 of 36,344 CVEs
CVE-2026-54036 MEDIUM - 5.3

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen session) even when 2FA is already fully enabled on the account. This endpoint overwrites the existin...

Vendor: danny-avila
Product: LibreChat
Published: Jun 25, 2026
Source: NVD

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1.

Published: Jun 25, 2026
Source: NVD
CVE-2026-48946 MEDIUM - 6.3

The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in th...

Vendor: getk2.com
Product: K2 extension for Joomla
Published: Jun 25, 2026
Source: NVD
CVE-2026-48945 MEDIUM - 5.3

The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names โ€” non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access.

Vendor: getk2.com
Product: K2 extension for Joomla
Published: Jun 25, 2026
Source: NVD
CVE-2026-48944 MEDIUM - 6.5

The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other f...

Vendor: getk2.com
Product: K2 extension for Joomla
Published: Jun 25, 2026
Source: NVD
CVE-2026-48943 MEDIUM - 6.5

K2 โ‰ค 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `...

Vendor: getk2.com
Product: K2 extension for Joomla
Published: Jun 25, 2026
Source: NVD
CVE-2026-48942 MEDIUM - 6.1

K2 โ‰ค 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.

Vendor: getk2.com
Product: K2 extension for Joomla
Published: Jun 25, 2026
Source: NVD
CVE-2026-48941 MEDIUM - 6.5

The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`

Vendor: getk2.com
Product: K2 extension for Joomla
Published: Jun 25, 2026
Source: NVD

A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page.

Vendor: getk2.com
Product: K2 extension for Joomla
Published: Jun 25, 2026
Source: NVD
CVE-2026-12844 HIGH - 7.5

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) inste...

Vendor: DROLSKY
Product: List::SomeUtils::XS
Published: Jun 25, 2026
Source: NVD

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.

Published: Jun 25, 2026
Source: NVD

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

Vendor: tenable
Product: Nessus
Published: Jun 25, 2026
Source: NVD
CVE-2026-57587 MEDIUM - 5.3

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

Vendor: tenable
Product: Nessus
Published: Jun 25, 2026
Source: NVD

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

Vendor: pretix
Product: pretix-mollie
Published: Jun 25, 2026
Source: NVD

Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the render...

Vendor: pretix
Product: pretix
Published: Jun 25, 2026
Source: NVD

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.

Vendor: pretix
Product: pretix-pages
Published: Jun 25, 2026
Source: NVD

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes.

Vendor: pretix
Product: pretix
Published: Jun 25, 2026
Source: NVD

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF renderin...

Vendor: pretix
Product: pretix
Published: Jun 25, 2026
Source: NVD

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could...

Vendor: sparklemotion
Product: nokogiri
Published: Jun 25, 2026
Source: NVD

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collect...

Vendor: sparklemotion
Product: nokogiri
Published: Jun 25, 2026
Source: NVD