Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,261 - 1,280 of 40,154 CVEs

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configure b...

Vendor: coollabsio
Product: coolify
Published: Jul 06, 2026
Source: NVD
CVE-2026-32718 MEDIUM - 6.5

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, allowing read-scoped API tokens to perform state-changing operations such as validating cloud tokens and servers...

Vendor: coollabsio
Product: coolify
Published: Jul 06, 2026
Source: NVD

Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase)

Vendor: pip
Product: kiwitcms
Published: Jul 06, 2026
Source: GitHub
CVE-2026-55501 HIGH - 7.3

9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFai...

Vendor: npm
Product: 9router
Published: Jul 06, 2026
Source: GitHub
CVE-2026-55500 CRITICAL - 9.9

9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTEC...

Vendor: npm
Product: 9router
Published: Jul 06, 2026
Source: GitHub
CVE-2026-54724 MEDIUM - 6.1

Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint

Vendor: pip
Product: kiwitcms
Published: Jul 06, 2026
Source: GitHub
CVE-2026-54496 CRITICAL - 9.3

Zebra: Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness

Vendor: rust
Product: zebrad
Published: Jul 06, 2026
Source: GitHub

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt inj...

Vendor: pip
Product: langroid
Published: Jul 06, 2026
Source: GitHub
CVE-2026-59713 HIGH - 8.1

Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the attack...

Vendor: Leantime
Product: Leantime
Published: Jul 06, 2026
Source: NVD
CVE-2026-59712 HIGH - 8.1

Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to ...

Vendor: Leantime
Product: Leantime
Published: Jul 06, 2026
Source: NVD
CVE-2026-59711 MEDIUM - 6.1

showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into HT...

Vendor: showdown
Product: showdown
Published: Jul 06, 2026
Source: NVD
CVE-2026-57573 HIGH - 8.6

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handle_stream_crawl_request passed seed URLs straight to the crawler with no destination validatio...

Vendor: unclecode
Product: crawl4ai
Published: Jul 06, 2026
Source: NVD
CVE-2026-57572 CRITICAL - 10.0

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command toget...

Vendor: unclecode
Product: crawl4ai
Published: Jul 06, 2026
Source: NVD
CVE-2026-57571 CRITICAL - 9.6

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or traversal ...

Vendor: unclecode
Product: crawl4ai
Published: Jul 06, 2026
Source: NVD
CVE-2026-55727 HIGH - 7.5

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams.

Vendor: Genetec Inc.
Product: Genetec Security Center
Published: Jul 06, 2026
Source: NVD
CVE-2026-55574 HIGH - 7.5

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string...

Vendor: vllm-project
Product: vllm
Published: Jul 06, 2026
Source: NVD
CVE-2026-55514 MEDIUM - 6.5

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is aut...

Vendor: vllm-project
Product: vllm
Published: Jul 06, 2026
Source: NVD
CVE-2026-54765 HIGH - 8.5

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply onl...

Vendor: traefik
Product: traefik
Published: Jul 06, 2026
Source: NVD
CVE-2026-54764 MEDIUM - 5.8

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of...

Vendor: traefik
Product: traefik
Published: Jul 06, 2026
Source: NVD
CVE-2026-54763 CRITICAL - 10.0

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names...

Vendor: traefik
Product: traefik
Published: Jul 06, 2026
Source: NVD