Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.1 HIGH
CVE-2026-59209 — n8n: Shared Credential Header Leak via HTTP Request Pagination Expression

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated he…

Remote | Information Disclosure
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
8.4 HIGH
CVE-2026-58459 — gpsd gpsprof Command Injection via gnuplot plot title subtype field

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell c…

| Injection
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.3 HIGH
CVE-2026-53987 — GLPI 11 < 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, result…

Remote | Cross-Site Scripting
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-51606 — Tenda CP3 RTSP Service Improper Input Handling Denial of Service Vulnerability

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) causes the device to abruptly terminate the TCP connection with a RST packet when a request contai…

Remote | Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-51605 — Tenda CP3 RTSP Stack-Based Buffer Overflow

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991) allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN …

Remote | Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-51604 — Tenda CP3 RTSP Stack-Based Buffer Overflow

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY reque…

Remote | Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-51603 — Tenda CP3 RTSP Service Stack-Based Buffer Overflow

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted second SET…

Remote | Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-51602 — Tenda CP3 RTSP Service Stack-Based Buffer Overflow

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP requ…

Remote | Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
0.0 NA
CVE-2026-51601 — Tenda CP3 RTSP Service Stack-Based Buffer Overflow

Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a …

| Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-51600 — Tenda CP3 RTSP Denial of Service Vulnerability

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests (including DESCRIBE, SETUP, and PLAY methods). When a request carrying a Content-Length header is…

Remote | Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
0.0 NA
CVE-2026-51599 — MERCURY MIPC252W RTSP Service Denial of Service Vulnerability

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection …

| Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.5 MEDIUM
CVE-2026-51598 — MERCURY MIPC252W IP Camera RTSP Denial of Service Vulnerability

An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n) allows an unauthenticated, network-adjacent attacker to cause a denial of service v…

| Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
0.0 NA
CVE-2026-51597 — MERCURY MIPC252W RTSP Digest Authentication Replay Vulnerability

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication excha…

| Authentication
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
10.0 CRITICAL
CVE-2026-15308 — Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup …

The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.

cpython cpython | Remote | Denial of Service
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
3.3 LOW
CVE-2026-15194 — Open5GS AMF context.c amf_context_final use after free

A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_final of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after fr…

| Memory Corruption
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
5.3 MEDIUM
CVE-2026-15193 — AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the com…

| Injection
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.5 MEDIUM
CVE-2026-15192 — mettle sendportal APIv1 Webhooks mailjet missing authentication

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing au…

sendportal | Remote | Authentication
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
6.5 MEDIUM
CVE-2026-15191 — mettle sendportal Campaign Creation Endpoint CampaignStoreRequest.php authorization

A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component C…

sendportal | Remote | Authorization
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-15190 — SourceCodester Simple and Nice Shopping Cart Script login.php sql injection

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username result…

Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
7.5 HIGH
CVE-2026-13462 — PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can …

Remote | Misconfiguration
Jul 09, 2026 Jul 09, 2026
Jul 09, 2026
Jul 09, 2026
Showing 20 of 7343 Results