Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,380
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 741 - 760 of 39,782 CVEs

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute arbi...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download (/exportCenter/download/{id}), delete (/exportCenter/delete), retry (/exportCenter/retry/{id}), or generate download links (/exportCenter/generateDownloadUri/{id}) for export tasks ...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:user_metadata that is passed...

Vendor: kovidgoyal
Product: calibre
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing an...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid li...

Vendor: dataease
Product: dataease
Published: Jul 07, 2026
Source: NVD

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with user_access on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users, ...

Vendor: actualbudget
Product: actual
Published: Jul 07, 2026
Source: NVD
CVE-2026-49471 HIGH - 8.3

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A...

Vendor: oraios
Product: serena
Published: Jul 07, 2026
Source: NVD
CVE-2026-53518 HIGH - 8.1

@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive

Vendor: npm
Product: @better-auth/oauth-provider
Published: Jul 07, 2026
Source: GitHub
CVE-2026-53513 CRITICAL - 9.6

@better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints

Vendor: npm
Product: @better-auth/sso
Published: Jul 07, 2026
Source: GitHub
CVE-2026-53517 HIGH - 8.1

Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption

Vendor: npm
Product: @better-auth/oauth-provider
Published: Jul 07, 2026
Source: GitHub
CVE-2026-53516 HIGH - 8.3

Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email

Vendor: npm
Product: better-auth
Published: Jul 07, 2026
Source: GitHub
CVE-2026-53514 HIGH - 7.7

Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin

Vendor: npm
Product: better-auth
Published: Jul 07, 2026
Source: GitHub
CVE-2026-58468 MEDIUM - 5.5

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Attacke...

Vendor: nocobase
Product: nocobase
Published: Jul 07, 2026
Source: NVD
CVE-2026-44877 MEDIUM - 6.5

An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Networking Instant On
Published: Jul 07, 2026
Source: NVD
CVE-2026-53512 CRITICAL - 9.1

Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins

Vendor: npm
Product: better-auth
Published: Jul 07, 2026
Source: GitHub
CVE-2026-53509 MEDIUM - 5.7

@aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)

Vendor: npm
Product: @aborruso/ckan-mcp-server
Published: Jul 07, 2026
Source: GitHub
CVE-2026-7017 HIGH - 7.1

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new request, without ...

Published: Jul 07, 2026
Source: NVD
CVE-2026-59800 CRITICAL - 9.8

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint (this route is not covered by the dashboard middleware matcher, so no authorization check is applied). The sudoPassword field from the request body is written to th...

Vendor: decolua
Product: 9router
Published: Jul 07, 2026
Source: NVD
CVE-2026-59708 HIGH - 7.5

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantit...

Vendor: ghostfolio
Product: ghostfolio
Published: Jul 07, 2026
Source: NVD
CVE-2026-48958 HIGH - 8.8

An improper access check allows unauthorized users to create custom fields via webservices endpoints.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD