Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364612 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49814 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-10 | 7.2 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. | ||||
| CVE-2026-60089 | 2 Mervinpraison, Praison | 2 Praisonai, Praisonai | 2026-07-10 | 5.5 Medium |
| PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.output_file path. A repository-controlled config file can set output_file to an absolute or '..' traversal path; when the developer subsequently calls agent.start() without explicitly passing an output parameter, PraisonAI writes the agent response to that path (creating parent directories as needed), allowing an untrusted checked-out project to overwrite files outside the project root with the privileges of the user running PraisonAI. | ||||
| CVE-2026-61437 | 2 Mervinpraison, Praison | 2 Praisonai, Praisonai | 2026-07-10 | 7.8 High |
| PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string output_pydantic reference, the framework locates and imports a sibling tools.py from the workflow file's directory via importlib exec_module without sandboxing, ignoring the PRAISONAI_ALLOW_*_TOOLS environment variables. An attacker who controls a workflow file and its sibling tools.py can execute arbitrary Python code with the workflow runner's privileges when the workflow is executed via WorkflowManager or after load_yaml. | ||||
| CVE-2026-59791 | 1 Jetbrains | 1 Youtrack | 2026-07-10 | 3.5 Low |
| In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible | ||||
| CVE-2026-59792 | 1 Jetbrains | 1 Intellij Idea | 2026-07-10 | 9.6 Critical |
| In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible | ||||
| CVE-2026-59793 | 1 Jetbrains | 1 Teamcity | 2026-07-10 | 8.8 High |
| In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration | ||||
| CVE-2026-59795 | 1 Jetbrains | 1 Teamcity | 2026-07-10 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible | ||||
| CVE-2026-59796 | 1 Jetbrains | 1 Teamcity | 2026-07-10 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks | ||||
| CVE-2026-58123 | 1 Nesquena | 1 Hermes-webui | 2026-07-10 | 9.8 Critical |
| Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitrary commands through the terminal input endpoint to achieve full command execution as the server process user via four sequential unauthenticated HTTP requests. | ||||
| CVE-2026-53657 | 2026-07-10 | 8.2 High | ||
| Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary commands with root privileges in the VM because the guest agent socket provides tunneling for arbitrary addresses, including Unix socket addresses for privileged daemons like D-Bus. This issue is fixed in version 2.1.3. | ||||
| CVE-2026-11404 | 1 Cesanta | 1 Mongoose | 2026-07-10 | 7.5 High |
| Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated attacker can send a single crafted ClientHello with an oversized session id length to read past the receive buffer, crashing any HTTPS, MQTTS, or WSS service built on MG_TLS_BUILTIN. | ||||
| CVE-2026-10601 | 1 Grafana | 1 Grafana | 2026-07-10 | 5.4 Medium |
| A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend. | ||||
| CVE-2026-56675 | 2026-07-10 | 8.3 High | ||
| 9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2. | ||||
| CVE-2026-55638 | 2026-07-10 | 8.6 High | ||
| 9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider credentials. This issue is fixed in version 0.5.2. | ||||
| CVE-2026-53987 | 1 Pluginsglpi | 1 Glpi 11 | 2026-07-10 | 6.4 Medium |
| The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to. | ||||
| CVE-2026-55641 | 2026-07-10 | 8.2 High | ||
| 9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this exposes the /v1 proxy to upstream provider calls using stored provider credentials and allows /v1/search with the searxng provider_options.baseUrl parameter to drive server-side requests to internal or cloud-metadata hosts. This issue is fixed in version 0.5.2. | ||||
| CVE-2026-51926 | 1 Docuform | 1 Client | 2026-07-10 | 7.5 High |
| An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid and invalid usernames based on variations in server responses. This information can be leveraged to identify existing accounts and facilitate further attacks, including brute-force or credential stuffing. | ||||
| CVE-2026-51924 | 1 Docuform | 1 Client | 2026-07-10 | 8.1 High |
| An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component | ||||
| CVE-2026-51923 | 1 Docuform | 1 Client | 2026-07-10 | 8.1 High |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts. | ||||
| CVE-2026-31267 | 1 Mercusys | 1 Mw302r | 2026-07-10 | 5.7 Medium |
| Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address. | ||||