Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
3.7 LOW
CVE-2026-44753 — Information Disclosure vulnerability in SAP HANA Extended Application Services classic mo…

SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and e…

Remote | Information Disclosure
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.2 HIGH
CVE-2026-44752 — Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configu…

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's brow…

netweaver_application_server_java | Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.9 CRITICAL
CVE-2026-44747 — Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modifi…

netweaver_application_server_abap | Remote | Memory Corruption
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.1 HIGH
CVE-2026-44745 — Open Redirect vulnerability in SAP Approuter

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link w…

Remote | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.1 CRITICAL
CVE-2026-27690 — HTTP Request Smuggling in SAP Approuter

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could r…

Remote | Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.3 MEDIUM
CVE-2026-15621 — mosaxiv clawlet File Tools fs_ops.go edit_file link following

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulati…

clawlet | Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.5 MEDIUM
CVE-2026-15620 — mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side reques…

clawlet | Remote | Server-Side Request Forgery
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.4 HIGH
CVE-2026-0487 — DLL Hijacking vulnerability in SAProuter on Microsoft Windows

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the …

| Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-15619 — mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of …

clawlet | Remote | Server-Side Request Forgery
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-15618 — mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manip…

clawlet | Remote | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.8 MEDIUM
CVE-2026-58489 — HedgeDoc: CSRF in GitHub Gist export callback

HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export flow created an OAuth2  state  value but only checked that it was present rathe…

hedgedoc | Remote | Cross-Site Request Forgery
Jul 13, 2026 Jul 14, 2026
Jul 13, 2026
Jul 14, 2026
8.3 HIGH
CVE-2026-58486 — HedgeDoc: Denial-of-service via YAML alias expansion in note frontmatter

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatte…

hedgedoc | Remote | Denial of Service
Jul 13, 2026 Jul 14, 2026
Jul 13, 2026
Jul 14, 2026
9.1 CRITICAL
CVE-2026-58102 — Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a…

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by…

Remote | Memory Corruption
Jul 13, 2026 Jul 14, 2026
Jul 13, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-58101 — Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL poin…

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5st…

Remote | Denial of Service
Jul 13, 2026 Jul 14, 2026
Jul 13, 2026
Jul 14, 2026
8.8 HIGH
CVE-2026-57856 — Cockpit CMS Path Traversal via Bucket Name in Bucket File Storage API

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php sanitizes the bucket name with preg…

Remote | Path Traversal
Jul 13, 2026 Jul 14, 2026
Jul 13, 2026
Jul 14, 2026
8.8 HIGH
CVE-2026-57855 — Cockpit CMS Missing Authorization in Bucket File Storage API

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php executes bucket commands (ls…

Remote | Authorization
Jul 13, 2026 Jul 14, 2026
Jul 13, 2026
Jul 14, 2026
4.3 MEDIUM
CVE-2026-15607 — tanstack db Alias Path select.ts select prototype pollution

A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the function select of the file src/query/compiler/select.ts of the component Alias Path Handler. The manipu…

db | Remote | Misconfiguration
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
3.1 LOW
CVE-2026-15605 — wandb Artifact Integrity Validation hashutil.py ArtifactManifestEntry.download weak hash

A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity V…

wandb | Remote | Cryptography
Jul 13, 2026 Jul 14, 2026
Jul 13, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-62328 — 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoi…

Remote | Information Disclosure
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.3 CRITICAL
CVE-2026-62327 — 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats

9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by s…

Remote | Information Disclosure
Jul 13, 2026 Jul 14, 2026
Jul 13, 2026
Jul 14, 2026
Showing 20 of 7477 Results