Export limit exceeded: 12690 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 23244 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12690 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12690 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14614 1 Redhat 4 Build Keycloak, Jboss Data Grid, Jbosseapxp and 1 more 2026-07-07 5.4 Medium
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not authorized to see or manage. As a result, an attacker could inject unauthorized data or permissions into the security tokens issued to end-users, potentially tricking other applications into granting higher levels of access than intended.
CVE-2026-48948 2026-07-07 N/A
An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.
CVE-2026-48955 2026-07-07 N/A
An improper access check allows unauthorized users to access workflow stage and transition information.
CVE-2026-48957 2026-07-07 N/A
An improper access check allows unauthorized users to access com_privacy datasets.
CVE-2026-48958 2026-07-07 N/A
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
CVE-2026-48956 2026-07-07 N/A
An improper access check allows users to display a list of modules in the frontend.
CVE-2026-48947 2026-07-07 N/A
An improper access check allows privileged users to overwrite media files without editing permissions.
CVE-2026-4360 1 Python 1 Cpython 2026-07-07 N/A
In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function.
CVE-2026-20896 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 9.8 Critical
Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
CVE-2026-20909 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 5.3 Medium
Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries.
CVE-2026-24451 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 7.5 High
Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.
CVE-2026-24690 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 7.5 High
Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches.
CVE-2026-25712 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 7.5 High
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations.
CVE-2026-26247 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 9.1 Critical
Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check.
CVE-2026-26292 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 9.8 Critical
Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests.
CVE-2026-27660 1 Gitea 1 Gitea Open Source Git Server 2026-07-07 7.5 High
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission.
CVE-2026-54765 1 Traefik 1 Traefik 2026-07-07 N/A
Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only one route's filter set to all requests reaching that backend. In Gateway deployments where backendRef filters set security-sensitive headers, such as tenant identity, authorization context, or values the backend trusts, an attacker who can create an accepted HTTPRoute sharing the same backend Service:port may cause their route's filter context to be applied to another route's requests, potentially crossing namespace boundaries when a ReferenceGrant permits cross-namespace targeting. This issue is fixed in version v3.7.6.
CVE-2026-34048 1 Coollabsio 1 Coolify 2026-07-07 9.9 Critical
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes and execute commands on team servers. This issue is fixed in version 4.0.0-beta.471.
CVE-2026-53913 1 Apache 1 Camel Keycloak 2026-07-07 9.8 Critical
Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess(), which performs three checks in sequence: it rejects a request that carries no access token, then - only if requiredRoles is non-empty - validates the roles, and - only if requiredPermissions is non-empty - validates the permissions. The actual cryptographic verification of the bearer access token (signature, issuer and expiry for a local JWT, or active-state and issuer for token introspection) is performed exclusively inside those role and permission checks. KeycloakSecurityPolicy defaults requiredRoles and requiredPermissions to empty - which is the documented 'Basic Setup' - so on a route configured that way the role and permission checks are skipped and the access token is therefore never verified. The token-presence check still rejects a missing token, but an invalid token is accepted: any non-null value in the Authorization: Bearer header - including an arbitrary string or a forged, unsigned JWT - passes the policy and the request reaches the protected route, with no signature, issuer or expiry check and no request to Keycloak. The token is read from the inbound request header because allowTokenFromHeader defaults to true. Because the normal reason to place a route behind this policy is that the route performs server-side work, the bypass results in unauthenticated access to that work; where the protected route forwards to a code-execution-capable producer, it can result in unauthenticated remote code execution. This defect is independent of CVE-2026-23552: that issue concerned the issuer claim and was fixed by adding a check inside the verification routine, but here the verification routine is not reached at all in the default configuration, so the defect remains. This issue affects Apache Camel: from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. For deployments that cannot upgrade immediately, configure a non-empty requiredRoles or requiredPermissions on every KeycloakSecurityPolicy so that the token-verification path is exercised, set allowTokenFromHeader to false where the token is not expected from the request header, or perform token verification at the framework layer ahead of the policy.
CVE-2026-14792 1 Formbricks 1 Formbricks 2026-07-07 6.5 Medium
A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to version 5.1.0-rc.1 will fix this issue. The identifier of the patch is af6023b5ac3b030ffcea24fac799f76f3e3512c6. You should upgrade the affected component.