Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,298
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1 - 20 of 14,292 CVEs
CVE-2026-61343 HIGH - 7.2

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0.

Vendor: LibreBooking
Product: LibreBooking
Published: Jul 09, 2026
Source: NVD
CVE-2026-59734 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generate_healthcheck_commands() function directly interpolated the health_check_host, health_check_method, and health_chec...

Vendor: coollabsio
Product: coolify
Published: Jul 09, 2026
Source: NVD
CVE-2026-59721 HIGH - 7.2

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into sen...

Vendor: hoppscotch
Product: hoppscotch
Published: Jul 09, 2026
Source: NVD
CVE-2026-59720 HIGH - 7.5

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without auth...

Vendor: hoppscotch
Product: hoppscotch
Published: Jul 09, 2026
Source: NVD
CVE-2026-59221 HIGH - 7.7

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _sanitize_proxy_path in backend/open_webui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-58378 HIGH - 8.8

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.

Vendor: Allwinner
Product: H616
Published: Jul 09, 2026
Source: NVD
CVE-2026-55420 HIGH - 7.5

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

Vendor: discourse
Product: discourse
Published: Jul 09, 2026
Source: NVD
CVE-2026-59224 HIGH - 8.0

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded session_id and appended user_id as a query parameter, allowing query injection to make the terminal back...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59219 HIGH - 7.1

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_to...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59216 HIGH - 7.7

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get_event_call delivered execute:python and execute:tool Socket.IO events to a client-supplied session_id after checking only that the session was connected, allowing authenticated users who learne...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-59214 HIGH - 7.3

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue auth...

Vendor: open-webui
Product: open-webui
Published: Jul 09, 2026
Source: NVD
CVE-2026-58459 HIGH - 7.8

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The subtype...

Vendor: ntpsec
Product: gpsd
Published: Jul 09, 2026
Source: NVD
CVE-2026-51606 HIGH - 7.5

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response. T...

Published: Jul 09, 2026
Source: NVD
CVE-2026-51605 HIGH - 7.5

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991) allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request.

Published: Jul 09, 2026
Source: NVD
CVE-2026-51604 HIGH - 7.5

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request.

Published: Jul 09, 2026
Source: NVD
CVE-2026-51603 HIGH - 7.5

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a ...

Published: Jul 09, 2026
Source: NVD
CVE-2026-51602 HIGH - 7.5

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL ...

Published: Jul 09, 2026
Source: NVD
CVE-2026-51600 HIGH - 7.5

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests (including DESCRIBE, SETUP, and PLAY methods). When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting sta...

Published: Jul 09, 2026
Source: NVD
CVE-2026-15190 HIGH - 7.3

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may ...

Vendor: SourceCodester
Product: Simple and Nice Shopping Cart Script
Published: Jul 09, 2026
Source: NVD
CVE-2026-11404 HIGH - 7.5

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthentica...

Vendor: Cesanta
Product: Mongoose
Published: Jul 09, 2026
Source: NVD