CVE-2026-58468
— NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper
NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplyi…
Remote
|
Server-Side Request Forgery
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-7017
— HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redi…
HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets.
When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_…
Remote
|
Misconfiguration
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-59800
— 9Router < 0.4.44 - OS Command Injection via sudoPassword Parameter in Tailscale Install E…
9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint (this route is not covered by the dashboard middleware matcher,…
Remote
|
Injection
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-59708
— Ghostfolio - Unauthorized Portfolio Data Exposure via Public Endpoint
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attack…
Remote
|
Authorization
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-55435
— Suspended Coder users retain access to AI Bridge LLM proxy endpoints
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authentic…
Remote
|
Authentication
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48958
— Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
Remote
|
Authorization
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48957
— Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
An improper access check allows unauthorized users to access com_privacy datasets.
Remote
|
Authorization
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48956
— Joomla! Core - [20260710] - Incorrect Access Control in com_modules
An improper access check allows users to display a list of modules in the frontend.
Remote
|
Authorization
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48955
— Joomla! Core - [20260709] - Incorrect Access Control in com_workflow
An improper access check allows unauthorized users to access workflow stage and transition information.
Remote
|
Authorization
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48954
— Joomla! Core - [20260708] - XSS through language overrides
Improper validation leads to a generic XSS vector in the language override feature.
Remote
|
Cross-Site Scripting
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48953
— Joomla! Core - [20260707] - XSS in the generic image output layout
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
Remote
|
Cross-Site Scripting
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
Remote
|
Cross-Site Scripting
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48951
— Joomla! Core - [20260705] - XSS in various modalreturn layouts
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Remote
|
Cross-Site Scripting
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Remote
|
Cross-Site Scripting
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48949
— Joomla! Core - [20260703] - XSS in MFA method management
Lack of validation leads to an XSS vulnerability in the MFA management views.
Remote
|
Cross-Site Scripting
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48948
— Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.
Remote
|
Authorization
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-48947
— Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
An improper access check allows privileged users to overwrite media files without editing permissions.
Remote
|
Authorization
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-44877
— Unauthenticated Remote Disclosure of Cryptographic Secrets
An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthe…
Remote
|
Cryptography
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-57851
— MSI KernCoreLib64.sys Privilege Escalation via IOCTL Handlers
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write a…
|
Memory Corruption
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
CVE-2026-23698
— Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by su…
crm
|
Remote
|
Authentication
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026
Jul 07, 2026