Total CVEs

143,522

Critical Severity

4,074

High Severity

14,702

Last 7 Days

1,397
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 901 - 920 of 39,927 CVEs
CVE-2026-53509 MEDIUM - 5.7

@aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)

Vendor: npm
Product: @aborruso/ckan-mcp-server
Published: Jul 07, 2026
Source: GitHub
CVE-2026-7017 HIGH - 7.1

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new request, without ...

Published: Jul 07, 2026
Source: NVD
CVE-2026-59800 CRITICAL - 9.8

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint (this route is not covered by the dashboard middleware matcher, so no authorization check is applied). The sudoPassword field from the request body is written to th...

Vendor: decolua
Product: 9router
Published: Jul 07, 2026
Source: NVD
CVE-2026-59708 HIGH - 7.5

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantit...

Vendor: ghostfolio
Product: ghostfolio
Published: Jul 07, 2026
Source: NVD
CVE-2026-48958 HIGH - 8.8

An improper access check allows unauthorized users to create custom fields via webservices endpoints.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48957 HIGH - 8.8

An improper access check allows unauthorized users to access com_privacy datasets.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48956 MEDIUM - 5.0

An improper access check allows users to display a list of modules in the frontend.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48955 MEDIUM - 6.5

An improper access check allows unauthorized users to access workflow stage and transition information.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48954 MEDIUM - 6.1

Improper validation leads to a generic XSS vector in the language override feature.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48953 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the generic image output layout.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48952 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48951 MEDIUM - 6.1

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48950 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48949 MEDIUM - 6.1

Lack of validation leads to an XSS vulnerability in the MFA management views.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48948 HIGH - 8.8

An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48947 MEDIUM - 4.9

An improper access check allows privileged users to overwrite media files without editing permissions.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-57851 HIGH - 7.8

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privile...

Vendor: Micro-Star International (MSI)
Product: KernCoreLib64.sys
Published: Jul 07, 2026
Source: NVD
CVE-2026-23698 HIGH - 7.2

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents dir...

Vendor: Vtiger
Product: Vtiger CRM
Published: Jul 07, 2026
Source: NVD
CVE-2026-23697 HIGH - 8.8

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the .phar...

Vendor: Vtiger
Product: Vtiger CRM
Published: Jul 07, 2026
Source: NVD
CVE-2026-14904 MEDIUM - 6.5

AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue (CWE-59) in the Auth.GetUserPrivateKey API. An authenticated r...

Vendor: AWS
Product: res
Published: Jul 07, 2026
Source: NVD