Export limit exceeded: 363618 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363618 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27780 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.8 Critical |
| Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks. | ||||
| CVE-2026-27783 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 4.3 Medium |
| Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints. | ||||
| CVE-2026-28699 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.1 High |
| Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication. | ||||
| CVE-2026-28705 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | N/A |
| Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths. | ||||
| CVE-2026-28737 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.7 High |
| Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer. | ||||
| CVE-2026-28740 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.1 High |
| Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access. | ||||
| CVE-2026-28744 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.1 High |
| Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks. | ||||
| CVE-2026-12481 | 1 Keras-team | 1 Keras | 2026-07-06 | 8.8 High |
| A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value when `from_config()` is called outside of a `SafeModeScope` context. This logic error conflates `None` (unset/default-deny) with `False` (explicitly disabled), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized. Affected call sites include `keras.layers.deserialize(config)`, `keras.models.clone_model(model)`, and any direct invocation of `Lambda.from_config(config)` without an enclosing `SafeModeScope(True)`. This vulnerability can be exploited to achieve arbitrary OS-level code execution in the context of the server or user process. | ||||
| CVE-2026-58418 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 6.5 Medium |
| SSRF via HTTP Redirect in Repository Migration | ||||
| CVE-2026-58419 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.5 High |
| Notification API leaks private issue metadata after access revocation | ||||
| CVE-2026-58421 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.5 High |
| Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | ||||
| CVE-2026-58422 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.8 Critical |
| Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | ||||
| CVE-2026-58423 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.7 High |
| LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | ||||
| CVE-2026-58424 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.9 High |
| Permanent Fork PR Workflow Approval Gate Bypass | ||||
| CVE-2026-58426 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.6 Critical |
| Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write | ||||
| CVE-2026-12740 | 1 Cornelius | 1 Plack::middleware::oauth | 2026-07-06 | 8.1 High |
| Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session (register_session) without verifying that the callback corresponds to an authorization request this session initiated. Any application that uses this middleware for OAuth 2.0 login is exposed to login cross-site request forgery: because the callback is not bound to the session that began the flow, an attacker who starts an authorization with their own provider account can deliver the resulting callback to a victim, causing the victim's session to complete the attacker's authorization and associating the attacker's provider identity and access token with that session. Where the application persists this as an account link, the attacker may retain access to the victim's account through their own provider credentials. | ||||
| CVE-2026-59520 | 2 Properfraction, Wordpress | 2 Crawlwp Seo, Wordpress | 2026-07-06 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16. | ||||
| CVE-2026-14803 | 1 Sri | 1 Mojo::json | 2026-07-06 | 6.5 Medium |
| Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path (`_decode_value` dispatching to `_decode_array` and `_decode_object`) recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory. This path is the default when Cpanel::JSON::XS is not installed or `MOJO_NO_JSON_XS=1` is set; the Cpanel::JSON::XS fast path is not affected. Any caller that decodes an untrusted JSON body, for example `Mojo::Message::json` reached through `$c->req->json`, can exhaust process memory and cause denial of service. | ||||
| CVE-2026-14807 | 1 Prog Mis | 1 Erp App | 2026-07-06 | 9.8 Critical |
| ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password. | ||||
| CVE-2026-40047 | 1 Apache | 1 Camel | 2026-07-06 | 9.1 Critical |
| Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool by assembling an argument list in DoclingProducer and executing it through java.lang.ProcessBuilder. Custom CLI arguments supplied through the `CamelDoclingCustomArguments` exchange header (a List<String>) were appended to that argument list with insufficient validation: the original implementation relied on a denylist of disallowed flags and only rejected path values that contained a literal `../` sequence. As a result, a Camel route that forwards externally-influenced data into the `CamelDoclingCustomArguments` header (or into the path-bearing headers used to build the invocation) could cause the producer to pass unrecognized or unintended `docling` CLI flags to the subprocess, and could supply path-like argument values that resolved outside the intended directory through traversal sequences not caught by the literal `../` check. Because Camel itself builds the `docling` invocation from these values, the component is responsible for constraining them, and the weak validation allowed CLI-argument injection and directory traversal in the arguments passed to the external tool. The invocation uses the list-based form of ProcessBuilder, so a shell does not interpret the argument values; OS command injection through shell metacharacters was not possible, and the metacharacter rejection added by the fix is defense-in-depth. This issue affects Apache Camel: from 4.15.0 before 4.18.3. Users are recommended to upgrade to a release that contains the CAMEL-23212 fix. On the mainline the fix is included from Apache Camel 4.19.0 (and later releases such as 4.20.0). For users on the 4.18.x LTS releases stream, upgrade to 4.18.3. The fix replaces the denylist with a strict allowlist of recognized `docling` CLI flags (rejecting any unrecognized flag, and rejecting producer-managed flags such as the output-directory flags), defensively rejects shell metacharacters in argument values, and normalizes path-like values with Path.normalize() before validating them so that traversal sequences which bypass a literal `../` check are detected. As defence in depth, route authors should avoid mapping untrusted message content into the `CamelDoclingCustomArguments` header and the path-bearing headers, and should strip Camel-internal headers from messages that arrive from untrusted producers. | ||||