EUVD-2026-38594

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784...

SillyTavern - Server-Side Request Forgery

SillyTavern versions up to and including 1.17.0 expose the /api/search/searxng endpoint, which accepts an attacker-controlled baseUrl parameter and uses it directly to build outbound server-side fetch requests. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP...

Chef Automate < 4.13.295 — SQL Injection

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. id: CVE-2025-8868 info...

Apache Druid - Server-Side Request Forgery

Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid.This issue affects all previous Druid versions.When using the Druid management proxy, a request tha...

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

CVE-2026-49339 Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user's playlist

gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit 6dd71e6a3c966867ef8c900d359a7df75789f410 added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controll...

CVE-2026-20220

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}

Summary A path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache directory, by exploiting an incomplete startswith containment check that lacks a trailing path separator...

CVE-2026-11858

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

CVE-2026-0141

CVE-2026-0141 describes a likely out-of-bounds read in decodeAppPacket of RtcpAppPacket.cpp caused by a missing bounds check. The vulnerability enables a remote information disclosure without requiring additional execution privileges and without user interaction. Public references in the provided...

EUVD-2026-36748

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

CVE-2026-42752

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

CVE-2026-11442

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-11442

CVE-2026-11442 affects Allegra, via the exportReport method. The vulnerability arises from inadequate validation of a user-supplied path used in file operations, enabling an attacker to disclose sensitive information with the service account’s context. The CVE notes a directory traversal and info...

CVE-2026-11442 Allegra exportReport Directory Traversal Information Disclosure Vulnerability

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path

Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...

EUVD-2026-36554

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

PT-2026-49051

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

PT-2026-49057

Summary A vulnerability in Fleet's Apple MDM commands listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract sensitive values from joined database tables — including host enrollment secrets and Apple Push Notification Service APNS tokens — through a...