Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,898
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 11,321 - 11,340 of 38,432 CVEs
CVE-2026-8204 MEDIUM - 5.3

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a CVSS...

Vendor: concretecms
Product: concrete_cms
Published: May 21, 2026
Source: NVD
CVE-2026-8203 MEDIUM - 5.4

Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that executes in the context of any visitor's browser, potentially leading to session hijacking, credential ...

Vendor: concretecms
Product: concrete_cms
Published: May 21, 2026
Source: NVD
CVE-2026-8197 MEDIUM - 4.8

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name (admin-controlled) through Concrete's t() translation helper as a sprintf-style format. The <strong>...</strong> wrap is built by PHP string...

Vendor: concretecms
Product: concrete_cms
Published: May 21, 2026
Source: NVD
CVE-2026-8140 MEDIUM - 6.5

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/<remoteId>. The download() method in concrete/controllers/single_page/dashboard/extend/install.php checks only the canInstallPackages() permission before fetching a remo...

Vendor: concretecms
Product: concrete_cms
Published: May 21, 2026
Source: NVD
CVE-2026-8135 HIGH - 7.2

Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism (_fromCIF === true), which normally re...

Vendor: concretecms
Product: concrete_cms
Published: May 21, 2026
Source: NVD
CVE-2026-8134 HIGH - 7.2

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable files o...

Vendor: concretecms
Product: concrete_cms
Published: May 21, 2026
Source: NVD
CVE-2026-6826 MEDIUM - 5.3

Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller.  Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/{fID} with any file ID and receive a list of every page that references that file, includ...

Vendor: concretecms
Product: concrete_cms
Published: May 21, 2026
Source: NVD
CVE-2026-47102 HIGH - 8.8

LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin,...

Vendor: BerriAI
Product: litellm
Published: May 21, 2026
Source: NVD
CVE-2026-47101 HIGH - 8.8

LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created wi...

Vendor: BerriAI
Product: litellm
Published: May 21, 2026
Source: NVD
CVE-2026-46673 HIGH - 7.5

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

Vendor: rust
Product: russh-cryptovec
Published: May 21, 2026
Source: GitHub
CVE-2026-46609 MEDIUM - 4.6

Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0.

Vendor: nuget
Product: Umbraco.Cms
Published: May 21, 2026
Source: GitHub
CVE-2026-46556 MEDIUM - 6.5

FlaskBB: SSRF in get_image_info() via unrestricted avatar URL

Vendor: pip
Product: flaskbb
Published: May 21, 2026
Source: GitHub

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. The API token deletion path removed the database row but d...

Vendor: npm
Product: nocodb
Published: May 21, 2026
Source: GitHub

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...

Vendor: npm
Product: nocodb
Published: May 21, 2026
Source: GitHub
CVE-2026-46552 MEDIUM - 5.8

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID (xc-shared-base-id), an attacker could enumerate base members and invite an arbitrary email int...

Vendor: npm
Product: nocodb
Published: May 21, 2026
Source: GitHub
CVE-2026-46551 MEDIUM - 6.5

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NC_ATTACHMENT_FIELD_SIZE against the remote content-length or against the response stream. An authenticated user (Editor+) could direct the server to downl...

Vendor: npm
Product: nocodb
Published: May 21, 2026
Source: GitHub
CVE-2026-46550 MEDIUM - 5.4

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to c...

Vendor: npm
Product: nocodb
Published: May 21, 2026
Source: GitHub

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_resources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope (e.g. MCP-only) therefore inherit...

Vendor: npm
Product: nocodb
Published: May 21, 2026
Source: GitHub
CVE-2026-46548 MEDIUM - 4.3

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins (Slack, Discord, Mattermost, Teams) because httpAgent / httpsAgent were passed as part of the request body rather tha...

Vendor: npm
Product: nocodb
Published: May 21, 2026
Source: GitHub
CVE-2026-46547 MEDIUM - 6.1

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and <a> tag bindings without validation, allowing javascript: ...

Vendor: npm
Product: nocodb
Published: May 21, 2026
Source: GitHub