Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-55076 |
7.4 (3.1)
|
Coder's OIDC email_verified type coercion bypass enabl… |
coder |
coder |
2026-07-07T22:23:26.179Z | 2026-07-08T14:03:39.329Z |
| CVE-2026-50007 |
7.2 (4.0)
|
Actual: Shared users can perform owner-only file manag… |
actualbudget |
actual |
2026-07-07T20:53:21.457Z | 2026-07-08T14:02:20.277Z |
| CVE-2026-5459 |
5.3 (3.1)
|
User Frontend: AI Powered Frontend Posting, User Direc… |
wedevs |
User Frontend: AI Powered Frontend Posting, User Directory, Profile Builder, Membership & User Registration |
2026-07-08T12:33:16.401Z | 2026-07-08T14:00:54.082Z |
| CVE-2026-55437 |
5.4 (3.1)
|
Coder vulnerable to stored HTML injection via workspac… |
coder |
coder |
2026-07-08T00:29:18.268Z | 2026-07-08T14:00:43.204Z |
| CVE-2026-6230 |
7.5 (3.1)
|
Tainacan <= 1.0.3 - Unauthenticated SQL Injection via … |
tainacan |
Tainacan |
2026-07-08T11:30:32.366Z | 2026-07-08T14:00:11.719Z |
| CVE-2026-15035 |
4.8 (4.0)
5.3 (3.1)
5.3 (3.0)
|
bentoml OpenLLM Model Repository Directory Name common… |
bentoml |
OpenLLM |
2026-07-08T14:00:09.786Z | 2026-07-08T14:00:09.786Z |
| CVE-2026-55655 |
5 (3.1)
|
Openssh: local mitm of x11 forwarding via abstract uni… |
Red Hat |
Red Hat Hardened Images |
2026-06-23T03:36:25.724Z | 2026-07-08T13:59:46.603Z |
| CVE-2026-55654 |
3.7 (3.1)
|
Openssh: heap out-of-bounds read in red hat enterprise… |
Red Hat |
Red Hat Hardened Images |
2026-06-23T03:37:00.160Z | 2026-07-08T13:59:46.550Z |
| CVE-2026-55653 |
4.3 (3.1)
|
Openssh: double free in red hat enterprise linux versi… |
Red Hat |
Red Hat Hardened Images |
2026-06-23T03:36:22.741Z | 2026-07-08T13:59:46.452Z |
| CVE-2026-14740 |
9.1 (3.1)
|
DBI versions before 1.650 for Perl read one byte out-o… |
HMBRAND |
DBI |
2026-07-07T22:05:45.077Z | 2026-07-08T13:59:33.009Z |
| CVE-2026-12041 |
4.4 (3.1)
|
Chatra Live Chat + ChatBot + Cart Saver <= 1.0.12 - Au… |
chatra |
Chatra Live Chat + ChatBot + Cart Saver |
2026-07-08T05:34:08.842Z | 2026-07-08T13:59:24.726Z |
| CVE-2026-9700 |
7.5 (3.1)
|
Eventer <= 4.4.2 - Unauthenticated SQL Injection via '… |
joe007 |
Eventer |
2026-07-08T05:34:08.504Z | 2026-07-08T13:58:51.010Z |
| CVE-2026-49229 |
8.3 (3.1)
|
Actual: Disabled OpenID users keep access through exis… |
actualbudget |
actual |
2026-07-07T20:59:34.173Z | 2026-07-08T13:58:43.272Z |
| CVE-2026-14482 |
8.8 (3.1)
|
多说社会化评论框 <= 1.2 - Unauthenticated Privilege Escalation… |
shen2 |
多说社会化评论框 |
2026-07-08T04:30:50.223Z | 2026-07-08T13:57:46.333Z |
| CVE-2026-50530 |
7.1 (4.0)
|
DataEase: Token with Overly Broad Privileges in Share … |
dataease |
dataease |
2026-07-07T20:41:07.576Z | 2026-07-08T13:57:27.568Z |
| CVE-2026-55431 |
7.7 (3.1)
|
Coder's session token leaked to arbitrary hosts via `c… |
coder |
coder |
2026-07-08T00:10:49.165Z | 2026-07-08T13:57:02.059Z |
| CVE-2026-14739 |
9.8 (3.1)
|
DBI versions before 1.650 for Perl have a heap overflo… |
HMBRAND |
DBI |
2026-07-07T22:05:18.457Z | 2026-07-08T13:56:43.597Z |
| CVE-2026-55078 |
6.5 (3.1)
|
Coder: Zip upload decompression lacks aggregate size l… |
coder |
coder |
2026-07-07T22:47:07.079Z | 2026-07-08T13:55:16.017Z |
| CVE-2026-45796 |
6.5 (3.1)
|
Coder vulnerable to unauthenticated SSRF via Azure Ins… |
coder |
coder |
2026-07-07T21:03:11.066Z | 2026-07-08T13:53:41.602Z |
| CVE-2026-54601 |
6.3 (3.1)
|
FastGPT: reTrainingCollection allows server-owned data… |
labring |
FastGPT |
2026-07-07T21:16:12.976Z | 2026-07-08T13:53:13.863Z |
| CVE-2026-28378 |
3.1 (3.1)
|
Cross-Organization Public Dashboard Deletion via Missi… |
Grafana |
Grafana Enterprise |
2026-07-07T21:08:04.579Z | 2026-07-08T13:52:50.293Z |
| CVE-2026-55490 |
6.5 (3.1)
|
OpenWrt: EAD Integer Underflow → Pre-Auth Denial of Service |
openwrt |
openwrt |
2026-07-07T21:08:26.638Z | 2026-07-08T13:52:07.490Z |
| CVE-2026-60092 |
5.1 (4.0)
6.1 (3.1)
|
AVideo - Stored Cross-Site Scripting via Unescaped Use… |
AVideo |
AVideo |
2026-07-08T13:51:30.509Z | 2026-07-08T13:51:30.509Z |
| CVE-2026-55647 |
5.1 (4.0)
|
DataEase: authenticated stored XSS in the dashboard te… |
dataease |
dataease |
2026-07-07T20:37:54.884Z | 2026-07-08T13:50:59.742Z |
| CVE-2026-59153 |
2.1 (4.0)
|
Anki's local HTTP server does not sufficiently validat… |
ankitects |
anki |
2026-07-07T21:11:01.808Z | 2026-07-08T13:50:15.783Z |
| CVE-2026-53751 |
8.7 (4.0)
|
DataEase: H2 JDBC URL Filter Bypass Leads to Remote Co… |
dataease |
dataease |
2026-07-07T20:31:12.180Z | 2026-07-08T13:49:16.880Z |
| CVE-2026-59257 |
5.3 (4.0)
|
n8n - SQL Injection in MySQL v1 executeQuery Operation… |
n8n |
n8n |
2026-07-08T13:49:13.618Z | 2026-07-08T13:49:13.618Z |
| CVE-2026-59253 |
5.3 (4.0)
|
n8n - Improper Authorization in Workflow Assignment to… |
n8n |
n8n |
2026-07-08T13:49:12.902Z | 2026-07-08T13:49:12.902Z |
| CVE-2026-58657 |
4.8 (4.0)
4.8 (3.1)
|
Grav - Stored CSS Injection via Markdown Image resize(… |
Grav |
Grav |
2026-07-08T13:49:12.183Z | 2026-07-08T13:49:12.183Z |
| CVE-2026-58656 |
8.7 (4.0)
7.5 (3.1)
|
Grav API Plugin - Cross-Origin Admin Account Takeover … |
getgrav |
grav |
2026-07-08T13:49:11.408Z | 2026-07-08T13:49:11.408Z |