Search

Search Results (366571 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-45337 1 Better-auth 1 Better Auth 2026-07-15 7.6 High
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the deviceAuthorization plugin treats any authenticated session as the owner of any pending device code because GET /device does not claim the row and POST /device/approve and POST /device/deny short-circuit when userId is unset, allowing an authenticated attacker who learns a valid user_code to bind the polling device to the attacker's account or deny the legitimate flow. This issue is fixed in version 1.6.11.
CVE-2026-40501 1 Cherryhq 1 Cherry-studio 2026-07-15 8.8 High
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron BrowserWindow configured with nodeIntegration enabled and contextIsolation disabled. Attackers who control a search engine provider, individual search result pages, or provider settings pages can execute JavaScript with full Node.js privileges, gaining access to fs, child_process, os, and process.env under the operating-system account of the Cherry Studio process.
CVE-2026-62948 1 Openwrt 1 Openwrt 2026-07-15 9.6 Critical
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefiles_write_state6() and statefiles_write_state4() without escaping, allowing newline injection of forged lease lines that LuCI rpcd-mod-luci getDHCPLeases displays through htdocs/luci-static/resources/view/status/include/40_dhcp.js and htdocs/luci-static/resources/luci.js dom.append as live HTML in the Active DHCPv6 Leases admin page. This vulnerability is fixed in 25.12.5.
CVE-2026-46485 1 Lissy93 1 Dashy 2026-07-15 8.2 High
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality despite configured permissions, allowing unauthorized modification of dashboard configuration and potential service disruption. This issue is fixed in version 4.0.8.
CVE-2026-62355 1 Taosdata 1 Tdengine 2026-07-15 5.4 Medium
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader admin_user on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and create user were denied. This issue is fixed in version 3.4.1.15.
CVE-2026-62348 1 Taosdata 1 Tdengine 2026-07-15 5.4 Medium
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE <id> against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the intended MND_OPER_SSMIGRATE_DB privilege check was commented out. This issue is fixed in version 3.4.1.15.
CVE-2026-62353 1 Taosdata 1 Tdengine 2026-07-15 5.4 Medium
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken() incremented past a trailing backslash in a SQL string literal such as 'abc\ and read one byte beyond the null terminator, allowing an authenticated user who can submit SQL queries to crash the server and possibly leak adjacent memory. This issue is fixed in version 3.4.1.14.
CVE-2026-26718 2026-07-15 N/A
A Cross-Site Request Forgery (CSRF) vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive request mapping
CVE-2026-26719 2026-07-15 N/A
Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script
CVE-2026-47164 1 Dani-garcia 1 Vaultwarden 2026-07-15 7.7 High
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP email_verified claim only for new-user creation and not when SSO_SIGNUPS_MATCH_EMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled IdP identity asserting a victim email address to bind to and authenticate as that account. This issue is fixed in version 1.36.0.
CVE-2026-48799 1 Gitroomhq 1 Postiz-app 2026-07-15 7.7 High
Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary organizations lifetime PRO subscriptions without payment. This issue is fixed in version 2.21.8.
CVE-2026-53517 1 Better-auth 2 Better Auth, Oauth-provider 2026-07-15 8.1 High
Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refresh_token grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing concurrent requests with the same parent refresh token to pass the revoked check and create forked refresh-token families; the vulnerable range also includes embedded better-auth plugin versions before 1.6.0. This issue is fixed in version 1.6.11.
CVE-2026-54443 1 Lissy93 1 Dashy 2026-07-15 N/A
Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a javascript: URI that executes when clicked in the Dashy origin. This issue is fixed in version 3.2.0.
CVE-2026-26032 1 Apache 1 Ivy 2026-07-15 5.4 Medium
The PackagerResolver of Apache Ivy is able to download online artifacts and to (re)package them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" directory. This subdirectory is calculated based on modules coordinates, like the organisation, name or version. If one of the coordinates contains "../" sequences - which are valid characters for Ivy coordinates in general- it is possible to break out of the configured "buildRoot" directory where other files can be overwritten. In order to exploit this vulnerability an attacker needs to have access to a packager repository and add or modify the coordinates in ivy.xml files to have such "../" sequences. Users of Apache Ivy 2.0.0 to 2.5.3 (inclusive) should upgrade to Ivy 2.6.0.
CVE-2026-62349 1 Taosdata 1 Tdengine 2026-07-15 8.3 High
TDengine is an open source, time-series database optimized for Internet of Things devices. In 3.4.1.6 and earlier, source/libs/parser/src/parUtil.c trimString() checks space for only one byte before processing SQL string escape sequences \%, \_, or \x, allowing a one-byte out-of-bounds write to the stack buffer tmpTokenBuf that can cause denial of service and potentially remote code execution. This issue is fixed in version 3.4.1.14.
CVE-2026-62351 1 Taosdata 1 Tdengine 2026-07-15 7.5 High
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, source/libs/transport/src/transComm.c transDecompressMsg() read STransCompMsg.contLen when pHead->comp == 1 without first validating that the RPC packet contained the 8-byte STransCompMsg structure, causing an unauthenticated out-of-bounds read, uncontrolled allocation, integer underflow, and server crash. This issue is fixed in version 3.4.1.15.
CVE-2026-49445 1 Cilium 1 Cilium 2026-07-15 9.2 Critical
Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2.
CVE-2026-56742 1 Cilium 1 Cilium 2026-07-15 5.9 Medium
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.
CVE-2026-56743 1 Cilium 1 Cilium 2026-07-15 5.4 Medium
Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom clusterName rather than the default any value. The parser incorrectly instantiates a pod selector on selectorless peer definitions, allowing traffic from other workloads in the same namespace as the subject of the policy. This issue is fixed in version 1.19.5.
CVE-2026-45417 1 Dataease 1 Dataease 2026-07-15 N/A
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema() into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvider#checkStatus, allowing SQL injection against DB2, SQL Server, PostgreSQL, and other affected datasources. This issue is fixed in version 2.10.23.