Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,264
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 601 - 620 of 39,631 CVEs
CVE-2026-53514 HIGH - 7.7

Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin

Vendor: npm
Product: better-auth
Published: Jul 07, 2026
Source: GitHub
CVE-2026-58468 MEDIUM - 5.5

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Attacke...

Vendor: nocobase
Product: nocobase
Published: Jul 07, 2026
Source: NVD
CVE-2026-44877 MEDIUM - 6.5

An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Networking Instant On
Published: Jul 07, 2026
Source: NVD
CVE-2026-53512 CRITICAL - 9.1

Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins

Vendor: npm
Product: better-auth
Published: Jul 07, 2026
Source: GitHub
CVE-2026-53509 MEDIUM - 5.7

@aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)

Vendor: npm
Product: @aborruso/ckan-mcp-server
Published: Jul 07, 2026
Source: GitHub
CVE-2026-7017 HIGH - 7.1

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new request, without ...

Published: Jul 07, 2026
Source: NVD
CVE-2026-59800 CRITICAL - 9.8

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint (this route is not covered by the dashboard middleware matcher, so no authorization check is applied). The sudoPassword field from the request body is written to th...

Vendor: decolua
Product: 9router
Published: Jul 07, 2026
Source: NVD
CVE-2026-59708 HIGH - 7.5

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantit...

Vendor: ghostfolio
Product: ghostfolio
Published: Jul 07, 2026
Source: NVD
CVE-2026-48958 HIGH - 8.8

An improper access check allows unauthorized users to create custom fields via webservices endpoints.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48957 HIGH - 8.8

An improper access check allows unauthorized users to access com_privacy datasets.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48956 MEDIUM - 5.0

An improper access check allows users to display a list of modules in the frontend.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48955 MEDIUM - 6.5

An improper access check allows unauthorized users to access workflow stage and transition information.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48954 MEDIUM - 6.1

Improper validation leads to a generic XSS vector in the language override feature.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48953 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the generic image output layout.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48952 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48951 MEDIUM - 6.1

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48950 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48949 MEDIUM - 6.1

Lack of validation leads to an XSS vulnerability in the MFA management views.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48948 HIGH - 8.8

An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48947 MEDIUM - 4.9

An improper access check allows privileged users to overwrite media files without editing permissions.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD