368634 matches found
CVE-2026-52830
The CVE describes a path-traversal in fast-mcp-telegram prior to 0.19.1 where HTTP Bearer tokens are joined into a session-file path. The verifier rejects only the exact reserved token, not path separators or normalized paths, enabling a remote client to authenticate as the default legacy session...
CVE-2026-49289
Technical details for CVE-2026-49289 are not publicly available in the provided documents. Monitor for updates as information may be released by the reserving party.
CVE-2026-52829
Technical details for CVE-2026-52829 are not publicly available in the provided documents; the entry is reserved. Monitor for updates.
CVE-2026-49283
Technical details for CVE-2026-49283 are not publicly available in the provided documents. Monitor for updates as information remains reserved/no detail.
CVE-2026-52817
Technical details for CVE-2026-52817 are not publicly available in the provided documents; no affected products, impact, or remediation are described. Monitor for future updates.
CVE-2026-52746
Technical details for CVE-2026-52746 are not publicly available in the provided documents; the entry is reserved. Monitor for updates.
CVE-2026-52734
Technical details for CVE-2026-52734 are not publicly available in the provided documents. No affected products, root cause, or remediation are disclosed. Monitor for updates from the issuing party.
CVE-2026-52733
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-58460
CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...
CVE-2026-58467
Cockpit CMS prior to release 364 is affected by a path traversal and local file inclusion vulnerability. Unauthenticated attackers can craft a request (via the URL’s PATH_INFO in REQUEST_URI) to reach arbitrary files; if the resolved path ends with .php, it may be passed to include(), enabling lo...
CVE-2026-58466
AutoBangumi prior to version 3.2.8 contains a hard-coded default-credentials vulnerability. When the users table is empty, a default administrator account is seeded at startup via add_default_user() in the database user module, allowing unauthenticated attackers to authenticate as admin by submit...
CVE-2026-52739
Technical details are not publicly available in the provided documents. This CVE entry is reserved; monitor for updates.
CVE-2026-58381
CVE-2026-58381 affects GIMP's PSP file format parser. A double-free in read_layer_block() when processing a specially crafted PSP file can cause memory corruption, potentially leading to denial of service or arbitrary code execution. The provided data includes a CVSSv3.1 vector (AV:L/AC:L/PR:L/UI...
CVE-2026-52738
Technical details are not publicly available in the provided documents. Monitor for updates to CVE-2026-52738 for potential disclosure, affected products, impact, or remedies.
CVE-2026-52737
Technical details for CVE-2026-52737 are not publicly available in the provided documents. No affected products, vectors, or remediation are stated. Monitor for updates as new information is published.
CVE-2026-59102
CVE-2026-59102 affects Forgejo prior to 15.0.3, with a stored XSS in the Actions run page when DEFAULT_SHOW_FULL_NAME is enabled. The description shows that an authenticated attacker can inject an HTML payload into the full name, which is interpolated into an HTML string via a translation functio...
CVE-2026-59101
AutoBangumi
CVE-2026-52735
Technical details for CVE-2026-52735 are not publicly available in the provided documents. Monitor for updates as information becomes available.
CVE-2026-59100
CVE-2026-59100 affects LobeChat up to version 2.2.9. It describes a broken object level authorization allowing authenticated attackers to access and modify other users’ chat-group agent data by supplying arbitrary group identifiers. Attackers can call getGroupAgents, updateAgentInGroup, and remov...
CVE-2026-52736
Technical details for CVE-2026-52736 are not provided in the supplied documents; no affected products, vectors, or remediation are disclosed. Monitor for updates.