Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-62294 — Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check t…

| Race Condition
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
8.6 HIGH
CVE-2026-61836 — Directus: Authorization-dependent response served from unsegmented cache key

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes…

Remote | Authorization
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
7.7 HIGH
CVE-2026-61835 — Directus: SSRF Protection Bypass via 0.0.0.0 in File Import

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, the SSRF protection on Directus's file-import-from-URL feature can be bypassed using the address 0.0.…

Remote | Server-Side Request Forgery
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
9.3 CRITICAL
CVE-2026-61740 — LightRAG: Authentication bypass: hardcoded DEFAULT_TOKEN_SECRET and public /auth-status d…

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAG_API_KEY set but AUTH_ACCOUNTS unset, X-API-Key protection can be bypassed bec…

lightrag | Remote | Authentication
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
9.3 CRITICAL
CVE-2026-61736 — LightRAG: CORS Wildcard + Credentials Enables Any-Origin Credentialed Requests

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORS_ORIGINS=* combined with allow_credentials=True in lightrag/api/lightrag_server.py, causin…

lightrag | Remote | Misconfiguration
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
8.8 HIGH
CVE-2026-61684 — FastGPT: Unauthenticated cross-tenant data access via forgeable plugin-invoke JWT (defaul…

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/* authenticate only by verifying a JWT signed with INVOKE_TOKEN_S…

Remote | Authentication
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
6.3 MEDIUM
CVE-2026-61646 — FastGPT: Shared axios SSRF guard validates only the initial URL before following redirects

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows …

Remote | Server-Side Request Forgery
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
7.7 HIGH
CVE-2026-61644 — FastGPT: /api/core/chat/record/getCollectionQuote can disclose cross-tenant dataset text …

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection contex…

Remote | Authorization
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
7.7 HIGH
CVE-2026-61613 — Cursor: Cloud Agent Browser Sandbox Escape

Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from …

Remote | Authentication
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
6.3 MEDIUM
CVE-2026-60065 — NGINX Plus ngx_stream_mqtt_filter_module vulnerability

When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond t…

nginx_plus | Remote | Denial of Service
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
6.4 MEDIUM
CVE-2026-60062 — NGINX Agent Vulnerability

The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required fo…

nginx_instance_manager nginx_agent | Remote | Path Traversal
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
8.7 HIGH
CVE-2026-59762 — BIG-IP HTTP/2 vulnerability

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.   Impact: System performance can degrade until the TMM pr…

big-ip big-ip big-ip_next_for_kubernetes | Remote | Denial of Service
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
8.3 HIGH
CVE-2026-56434 — NGINX ngx_http_ssi_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directiv…

nginx_plus nginx_open_source | Remote | Memory Corruption
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
8.7 HIGH
CVE-2026-55723 — NGINX Ingress Controller vulnerability

When NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controlle…

nginx_ingress_controller | Remote | Injection
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
7.1 HIGH
CVE-2026-54563 — Cloudreve: Path Traversal / Broken Access Control in Cloudreve WebDAV (`/dav`) — scoped D…

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPr…

Remote | Path Traversal
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
6.5 MEDIUM
CVE-2026-54562 — Cloudreve: Non-admin remote download users can SSRF loopback/internal services and read i…

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to th…

Remote | Server-Side Request Forgery
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
7.6 HIGH
CVE-2026-54560 — Cloudreve: OAuth access tokens bypass scope enforcement due to missing client_id claim

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth client_id claim, so the JWT verifier does not loa…

Remote | Authentication
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
7.1 HIGH
CVE-2026-52865 — NGINX Ingress Controller vulnerability

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the …

nginx_ingress_controller | Remote | Denial of Service
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
9.2 CRITICAL
CVE-2026-42533 — NGINX Map directive and Regex matching vulnerability

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map out…

nginx_plus nginx_open_source | Remote | Memory Corruption
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
6.1 MEDIUM
CVE-2026-33213 — Redash: Open redirect vulnerability in post-login redirect handling

Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the get_next_path() function in Redash's authentication module stripped the scheme and netloc from user-supplied next par…

Remote | Authentication
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
Showing 20 of 8444 Results