Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
Showing 1,621 - 1,640 of 143,793 CVEs
CVE-2026-12746 HIGH - 8.1

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting ...

Vendor: BIAFRA
Product: Dancer2::Plugin::Auth::OAuth::Provider
Published: Jul 04, 2026
Source: NVD
CVE-2026-12740 HIGH - 8.1

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session (register_s...

Vendor: CORNELIUS
Product: Plack::Middleware::OAuth
Published: Jul 04, 2026
Source: NVD
CVE-2026-14636 MEDIUM - 5.4

A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function do_upload_others_images of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Image Manager. Executing a manipula...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD
CVE-2026-14635 HIGH - 7.3

A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing a m...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD
CVE-2026-14634 MEDIUM - 4.3

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MY_Controller.php of the component Subscribed Emails Admin Page. Such manipulation o...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD
CVE-2026-14633 MEDIUM - 4.3

A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes cros...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD
CVE-2026-14632 MEDIUM - 4.3

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MY_Controller.php of the component Trusted Backend Interface. The manipulation of the argument href...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get_conversation_history of the file 08_agentic_system/memory/langchain/code/smart_customer_service.py of the component Memory Recall Handler. The manipulation leads to use of we...

Vendor: ForceInjection
Product: AI-fundermentals
Published: Jul 04, 2026
Source: NVD
CVE-2026-14629 MEDIUM - 4.3

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may ...

Product: RT-Thread
Published: Jul 04, 2026
Source: NVD
CVE-2026-14535 HIGH - 8.8

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in ...

Vendor: trailofbits
Product: fickling
Published: Jul 04, 2026
Source: NVD
CVE-2026-14534 HIGH - 8.8

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE...

Vendor: trailofbits
Product: fickling
Published: Jul 04, 2026
Source: NVD
CVE-2026-14628 MEDIUM - 5.3

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is n...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 04, 2026
Source: NVD
CVE-2026-14627 MEDIUM - 5.6

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 04, 2026
Source: NVD

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, lead...

Vendor: WSO2
Product: WSO2 Identity Server, WSO2 API Manager
Published: Jul 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as alloclen = fragheaderlen + t...

Vendor: Linux
Product: Linux
Published: Jul 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -...

Vendor: Linux
Product: Linux
Published: Jul 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change (PSC) reques...

Vendor: Linux
Product: Linux
Published: Jul 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs;...

Vendor: Linux
Product: Linux
Published: Jul 04, 2026
Source: NVD
CVE-2026-14626 MEDIUM - 4.3

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The e...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 04, 2026
Source: NVD
CVE-2026-14625 MEDIUM - 6.3

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to t...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 04, 2026
Source: NVD