Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22796
Total
1628
Critical
7094
High
7273
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-61874 | LOW | 3.1 | filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers … | Jul 12, 2026 |
| CVE-2026-59260 | HIGH | 8.8 | OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass … | Jul 12, 2026 |
| CVE-2026-56336 | MEDIUM | 5.3 | Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enumerate email domains … | Jul 12, 2026 |
| CVE-2026-56313 | HIGH | 8.1 | Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in … | Jul 12, 2026 |
| CVE-2026-56308 | HIGH | 7.3 | Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a … | Jul 12, 2026 |
| CVE-2026-56281 | LOW | 3.8 | Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit parameter is destructured from unvalidated request body and interpolated … | Jul 12, 2026 |
| CVE-2026-56271 | CRITICAL | 9.8 | Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in … | Jul 12, 2026 |
| CVE-2026-56260 | CRITICAL | 9.1 | Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths … | Jul 12, 2026 |
| CVE-2026-56259 | HIGH | 8.2 | Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read … | Jul 12, 2026 |
| CVE-2026-56252 | MEDIUM | 5.4 | Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with … | Jul 12, 2026 |
| CVE-2026-56241 | HIGH | 8.3 | Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not … | Jul 12, 2026 |
| CVE-2026-56238 | HIGH | 7.5 | Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics … | Jul 12, 2026 |
| CVE-2026-15500 | MEDIUM | 6.3 | A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the … | Jul 12, 2026 |
| CVE-2026-15499 | MEDIUM | 6.3 | A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled … | Jul 12, 2026 |
| CVE-2026-15498 | HIGH | 7.3 | A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation … | Jul 12, 2026 |
| CVE-2026-15497 | HIGH | 7.3 | A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. … | Jul 12, 2026 |
| CVE-2026-15496 | MEDIUM | 6.3 | A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy … | Jul 12, 2026 |
| CVE-2026-15495 | MEDIUM | 6.3 | A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component … | Jul 12, 2026 |
| CVE-2026-15494 | MEDIUM | 4.7 | A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of … | Jul 12, 2026 |
| CVE-2026-15493 | LOW | 3.5 | A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the … | Jul 12, 2026 |
| CVE-2026-15492 | MEDIUM | 4.3 | A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to … | Jul 12, 2026 |
| CVE-2026-15491 | HIGH | 7.3 | A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible … | Jul 12, 2026 |
| CVE-2026-15490 | HIGH | 7.3 | A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The … | Jul 12, 2026 |
| CVE-2026-15489 | HIGH | 7.3 | A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The manipulation of … | Jul 12, 2026 |
| CVE-2026-15488 | HIGH | 7.3 | A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can … | Jul 12, 2026 |