Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.3 HIGH
CVE-2026-9086 — Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Unif…

build_of_keycloak | Remote | Cross-Site Scripting
Jun 25, 2026 Jul 01, 2026
Jun 25, 2026
Jul 01, 2026
4.9 MEDIUM
CVE-2026-9083 — Keycloak: keycloak: information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key …

build_of_keycloak | Remote | Information Disclosure
Jun 25, 2026 Jul 01, 2026
Jun 25, 2026
Jul 01, 2026
9.8 CRITICAL
CVE-2026-56123 — socat 1.8.0.0 - 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply Parser

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension …

socat | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
5.5 MEDIUM
CVE-2026-55439 — Halo: Path Traversal in Backup Download Leads to Arbitrary File Read

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the serv…

halo | Remote | Path Traversal
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.4 CRITICAL
CVE-2026-55413 — ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role (free t…

tooljet | Remote | Supply Chain
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.3 HIGH
CVE-2026-55412 — ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source compo…

tooljet | Remote | Server-Side Request Forgery
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
6.8 MEDIUM
CVE-2026-55411 — ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — an…

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sourc…

tooljet | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-55092 — Trivy: Path traversal via a crafted vulnerability database or other downloaded artifacts

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename withou…

trivy | Remote | Path Traversal
Jun 25, 2026 Jun 27, 2026
Jun 25, 2026
Jun 27, 2026
5.3 MEDIUM
CVE-2026-54573 — Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the requi…

outline | Remote | Authentication
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
6.9 MEDIUM
CVE-2026-54448 — Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAll(tr) and no size limit. An attacker who can place a…

trivy | Remote | Denial of Service
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-54040 — LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring an…

librechat | Remote | Authentication
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-54037 — LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting A…

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/for…

librechat | Remote | Denial of Service
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
7.7 HIGH
CVE-2026-54033 — LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on u…

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This U…

librechat | Remote | Server-Side Request Forgery
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
9.3 CRITICAL
CVE-2026-54030 — LibreChat: Missing Resource Parameter Validation in MCP OAuth Flow

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Res…

librechat | Remote | Authentication
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-54029 — LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMess…

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete an…

librechat | Remote | Authorization
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-54027 — LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File U…

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool…

librechat | Remote | Authorization
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
5.4 MEDIUM
CVE-2026-54025 — LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12…

librechat | Remote | Cross-Site Scripting
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-54024 — LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missin…

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (commit bb58a2d0) added limits: { fileSize } to createMulterInstance() in th…

librechat | Remote | Misconfiguration
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
8.1 HIGH
CVE-2026-45233 — HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfil…

Remote | Path Traversal
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-13351 — net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming…

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by th…

zephyr | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Showing 20 of 7983 Results