Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22374
Total
1599
Critical
6838
High
7169
Medium
CVE ID Severity Score Description Published
CVE-2026-15501 MEDIUM 6.3 A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of … Jul 12, 2026
CVE-2026-61876 HIGH 8.8 LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send … Jul 12, 2026
CVE-2026-61875 HIGH 8.8 luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious … Jul 12, 2026
CVE-2026-61874 LOW 3.1 filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers … Jul 12, 2026
CVE-2026-59260 HIGH 8.8 OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass … Jul 12, 2026
CVE-2026-56336 MEDIUM 5.3 Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enumerate email domains … Jul 12, 2026
CVE-2026-56313 HIGH 8.1 Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in … Jul 12, 2026
CVE-2026-56308 HIGH 7.3 Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a … Jul 12, 2026
CVE-2026-56281 LOW 3.8 Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit parameter is destructured from unvalidated request body and interpolated … Jul 12, 2026
CVE-2026-56271 CRITICAL 9.8 Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in … Jul 12, 2026
CVE-2026-56260 CRITICAL 9.1 Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths … Jul 12, 2026
CVE-2026-56259 HIGH 8.2 Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read … Jul 12, 2026
CVE-2026-56252 MEDIUM 5.4 Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with … Jul 12, 2026
CVE-2026-56241 HIGH 8.3 Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not … Jul 12, 2026
CVE-2026-56238 HIGH 7.5 Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics … Jul 12, 2026
CVE-2026-15500 MEDIUM 6.3 A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the … Jul 12, 2026
CVE-2026-15499 MEDIUM 6.3 A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled … Jul 12, 2026
CVE-2026-15498 HIGH 7.3 A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation … Jul 12, 2026
CVE-2026-15497 HIGH 7.3 A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. … Jul 12, 2026
CVE-2026-15496 MEDIUM 6.3 A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy … Jul 12, 2026
CVE-2026-15495 MEDIUM 6.3 A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component … Jul 12, 2026
CVE-2026-15494 MEDIUM 4.7 A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of … Jul 12, 2026
CVE-2026-15493 LOW 3.5 A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the … Jul 12, 2026
CVE-2026-15492 MEDIUM 4.3 A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to … Jul 12, 2026
CVE-2026-15491 HIGH 7.3 A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible … Jul 12, 2026