56023 matches found
CVE-2026-55604
DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global SessionStore accepts caller-supplied sessionid values without binding them to any authenticated principal or transport session. An attacker can enumerate active session I...
GHSA-V4HW-Q98X-8JMM vulnerabilities
Vulnerabilities for packages: linux-azure, linux-gcp, linux-qemu-melange...
GHSA-J4R2-33QC-JRRJ vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-8QP8-73PF-8G22 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-P24M-96HG-M8M8 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-F2VR-9QRM-HV28 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-C53H-XMGP-J2HJ vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-3X3P-QX4R-HMGH vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-499R-FH8Q-QCFC vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-14146 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-XM69-PMF3-JR84 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-14146 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-0275
A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...
CVE-2026-0279
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...
CVE-2026-0279
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...
CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...
CVE-2026-59734
creationtimestamp| type| source ---|---|--- 2026-07-09 18:47:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqacbssmiz2z...
CVE-2026-59826
creationtimestamp| type| source ---|---|--- 2026-07-09 18:28:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqab6hpfet2r 2026-07-09 18:43:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqabz6y7ax27...
CVE-2026-59224
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/openwebui/routers/terminals.py built the wsterminal upstream URL from an unencoded sessionid and appended userid as a query parameter, allowing query injection to make the terminal backe...
CVE-2026-59216
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, geteventcall delivered execute:python and execute:tool Socket.IO events to a client-supplied sessionid after checking only that the session was connected, allowing authenticated users who learne...