Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,528
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,741 - 1,760 of 40,198 CVEs
CVE-2026-20909 MEDIUM - 5.3

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries.

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-20896 CRITICAL - 9.8

Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-20779 HIGH - 7.1

Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path.

Vendor: Gitea
Product: Gitea Open Source Git Server
Published: Jul 03, 2026
Source: NVD
CVE-2026-14611 MEDIUM - 4.3

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack m...

Vendor: DeepMyst
Product: Mysti
Published: Jul 03, 2026
Source: NVD
CVE-2026-14610 MEDIUM - 5.3

A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local ex...

Vendor: Open Asset Import Library
Product: Assimp
Published: Jul 03, 2026
Source: NVD
CVE-2026-14609 MEDIUM - 5.6

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This issue affects some unknown processing. The manipulation results in session fixiation. The attack can be executed remotely. The attack requires a high level of complexity. The exploitabi...

Vendor: SourceCodester
Product: CET Automated Grading System with AI Predictive Analytics
Published: Jul 03, 2026
Source: NVD
CVE-2026-14355 MEDIUM - 5.6

In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length withou...

Vendor: php
Product: php
Published: Jul 03, 2026
Source: NVD
CVE-2026-12481 HIGH - 8.8

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is ...

Vendor: keras-team
Product: keras-team/keras
Published: Jul 03, 2026
Source: NVD
CVE-2026-14608 MEDIUM - 4.3

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=view_student of the component POST Handler. The manipulation of the argument ID leads to authorization byp...

Vendor: SourceCodester
Product: CET Automated Grading System with AI Predictive Analytics
Published: Jul 03, 2026
Source: NVD
CVE-2026-14607 MEDIUM - 5.5

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

Product: RT-Thread
Published: Jul 03, 2026
Source: NVD
CVE-2026-14606 HIGH - 7.8

A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the component SWM341 CAN Handler. Performing a manipulation results in stack-based buffer overflow. The atta...

Product: RT-Thread
Published: Jul 03, 2026
Source: NVD
CVE-2026-14605 HIGH - 7.8

A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach thi...

Product: RT-Thread
Published: Jul 03, 2026
Source: NVD
CVE-2026-58379 HIGH - 7.3

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs becaus...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 03, 2026
Source: NVD
CVE-2026-14604 MEDIUM - 6.3

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The expl...

Vendor: Open Asset Import Library
Product: Assimp
Published: Jul 03, 2026
Source: NVD
CVE-2026-14631 MEDIUM - 5.3

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught exc...

Vendor: webpack-dev-server
Product: webpack-dev-server
Published: Jul 03, 2026
Source: NVD
CVE-2026-14620 MEDIUM - 4.7

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any web...

Vendor: webpack-dev-server
Product: webpack-dev-server
Published: Jul 03, 2026
Source: NVD
CVE-2026-14615 MEDIUM - 4.3

A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows...

Vendor: Red Hat
Product: Red Hat Build of Keycloak
Published: Jul 03, 2026
Source: NVD
CVE-2026-14614 MEDIUM - 5.4

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are...

Vendor: Red Hat
Product: Red Hat Build of Keycloak, Red Hat Data Grid 8, Red Hat JBoss Enterprise Application Platform Expansion Pack, Red Hat Single Sign-On 7
Published: Jul 03, 2026
Source: NVD
CVE-2026-14613 MEDIUM - 4.3

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific &qu...

Vendor: Red Hat
Product: Red Hat Build of Keycloak, Red Hat Data Grid 8, Red Hat JBoss Enterprise Application Platform Expansion Pack, Red Hat Single Sign-On 7
Published: Jul 03, 2026
Source: NVD
CVE-2026-14612 MEDIUM - 4.2

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 03, 2026
Source: NVD