Total CVEs

143,232

Critical Severity

4,056

High Severity

14,610

Last 7 Days

1,270
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 581 - 600 of 39,637 CVEs
CVE-2026-59707 HIGH - 8.6

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper validation...

Vendor: LocalAI
Product: LocalAI
Published: Jul 07, 2026
Source: NVD
CVE-2026-58583 HIGH - 7.1

FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Window...

Vendor: FluxInk
Product: Color Management Driver
Published: Jul 07, 2026
Source: NVD
CVE-2026-58473 CRITICAL - 9.1

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all LLM ...

Vendor: topoteretes
Product: cognee
Published: Jul 07, 2026
Source: NVD
CVE-2026-58472 MEDIUM - 5.9

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity enc...

Vendor: gnuwget
Product: wget
Published: Jul 07, 2026
Source: NVD
CVE-2026-58471 MEDIUM - 5.9

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is ...

Vendor: gnuwget
Product: wget
Published: Jul 07, 2026
Source: NVD
CVE-2026-58470 MEDIUM - 5.3

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trig...

Vendor: gnuwget
Product: wget
Published: Jul 07, 2026
Source: NVD
CVE-2026-58469 HIGH - 7.5

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can ca...

Vendor: gnuwget
Product: wget
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs, by...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable even...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres() without applying the SQL literal validation and escaping used by other filter paths, allo...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol to...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font storag...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy...

Vendor: lissy93
Product: dashy
Published: Jul 07, 2026
Source: NVD

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route (`/username`) correctly returns 404. However, the `/json` AJAX listing endpoint does not apply the same check. An...

Vendor: chevereto
Product: chevereto, chevereto/chevereto, rodber/chevereto-free
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous para...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute arbi...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download (/exportCenter/download/{id}), delete (/exportCenter/delete), retry (/exportCenter/retry/{id}), or generate download links (/exportCenter/generateDownloadUri/{id}) for export tasks ...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:user_metadata that is passed...

Vendor: kovidgoyal
Product: calibre
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing an...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid li...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD