13727 matches found
CVE-2026-12510
The vulnerability affects the AI Engine WordPress plugin prior to 3.5.5 . It arises from a missing ownership verification for a client-supplied chatbot conversation identifier, enabling subscriber-level users to read other users’ private conversations and potentially take over their conversation ...
CVE-2026-23538
The CVE affects Feast: Feast Feature Server /ws/chat accepts unauthenticated, persistent WebSocket connections. An attacker can open many concurrent connections to exhaust memory, CPU, and file descriptors, causing DoS. Affected software: Feast (Python SDK context cited by SNYK for Feast >=0.1...
EUVD-2026-44838
A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...
CVE-2026-52888
NocoBase before 2.1.0-alpha.46 exposes sensitive data via the SQL Collection feature. The plugin-collection-sql checkSQL() used an incomplete keyword blacklist that did not block PostgreSQL system catalogs (e.g., pg_shadow, pg_roles, pg_stat_activity), allowing an admin-role user to read password...
EUVD-2026-44744
Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2026-56687
Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2026-62294
Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...
CVE-2026-62294
Flameshot prior to 14.0.0 is affected by a local TOCTOU race in the Open With feature. The software wrote screenshots to a predictable temporary path and followed symlinks, enabling a local unprivileged user on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through ...
CVE-2026-57833
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...
CVE-2026-57833
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...
phpVMS < 7.0.6 - Legacy Importer Authorization Bypass
phpVMS 7.0.6 contains an authentication bypass caused by unauthenticated access to a legacy import feature, letting unauthenticated attackers access restricted functionality, exploit requires no special privileges. id: CVE-2026-42569 info: name: phpVMS 7.0.6 - Legacy Importer Authorization Bypass...
EUVD-2026-44523
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...
CVE-2026-48312
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...
CVE-2026-48312
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...
Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for July 2026, which includes 622 vulnerabilities affecting a range of products, including 57 that Microsoft marked as "critical." Microsoft notes that two of the vulnerabilities disclosed this month have been exploited in the wild. CVE-2026-5615...
CVE-2026-47996
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...
CVE-2026-47998 Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control...
CVE-2026-48252
Adobe Experience Manager is affected by CVE-2026-48252 (Missing Authentication for Critical Function, CWE-306). An attacker could bypass security measures and gain unauthorized write access without user interaction. The vulnerability has a CVSS v3.1 score of 8.6 (Network, Low attack complexity, N...
CVE-2026-47304
Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-58638
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...