Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,380
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 541 - 560 of 39,782 CVEs

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jul 08, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jul 08, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jul 08, 2026
Source: NVD
CVE-2026-3144 HIGH - 8.1

IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update.

Published: Jul 08, 2026
Source: NVD
CVE-2026-15063 MEDIUM - 6.3

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the k...

Vendor: Red Hat
Product: Red Hat OpenShift AI (RHOAI)
Published: Jul 08, 2026
Source: NVD

BBOT's `github_workflows` module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve `..`, so a crafted `CODE_REPOSITORY` URL could traverse out of the intended folder. The write is bounded to two directory levels a...

Vendor: Black Lantern Security
Product: BBOT
Published: Jul 08, 2026
Source: NVD

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted d...

Vendor: Black Lantern Security
Product: BBOT
Published: Jul 08, 2026
Source: NVD
CVE-2026-59703 HIGH - 7.5

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file:// scheme...

Vendor: repomix
Product: repomix
Published: Jul 08, 2026
Source: NVD
CVE-2026-55874 HIGH - 7.7

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side cop...

Vendor: seaweedfs
Product: seaweedfs
Published: Jul 08, 2026
Source: NVD
CVE-2026-55873 MEDIUM - 4.3

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated low-privile...

Vendor: seaweedfs
Product: seaweedfs
Published: Jul 08, 2026
Source: NVD
CVE-2026-55668 MEDIUM - 6.3

File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create attacker-controlled...

Vendor: filebrowser
Product: filebrowser
Published: Jul 08, 2026
Source: NVD
CVE-2026-54652 HIGH - 8.1

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and ena...

Vendor: blakeblackshear
Product: frigate
Published: Jul 08, 2026
Source: NVD
CVE-2026-49147 HIGH - 7.5

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a _sa...

Vendor: PETDANCE
Product: App::Ack
Published: Jul 08, 2026
Source: NVD
CVE-2026-49146 HIGH - 7.5

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack si...

Vendor: PETDANCE
Product: App::Ack
Published: Jul 08, 2026
Source: NVD
CVE-2026-49145 HIGH - 7.5

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include --files-...

Vendor: PETDANCE
Product: App::Ack
Published: Jul 08, 2026
Source: NVD
CVE-2026-24700 HIGH - 7.2

An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticat...

Published: Jul 08, 2026
Source: NVD
CVE-2026-24699 HIGH - 7.2

An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authen...

Published: Jul 08, 2026
Source: NVD
CVE-2026-24698 HIGH - 7.2

An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The model_name configuration parameter is not properly sanitized, which could allow an a...

Published: Jul 08, 2026
Source: NVD
CVE-2026-24697 HIGH - 7.2

An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenti...

Published: Jul 08, 2026
Source: NVD
CVE-2026-15067 HIGH - 8.8

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltratio...

Vendor: Snowflake
Product: Terraform Provider for Snowflake
Published: Jul 08, 2026
Source: NVD