Export limit exceeded: 363725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4321 | 1 Raera | 1 Destekz | 2026-07-06 | 9.8 Critical |
| Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2026-4322 | 1 Raera | 1 Destekz | 2026-07-06 | 6.1 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2026-13341 | 1 Konghq | 1 Mcp-konnect | 2026-07-06 | 7.4 High |
| A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests. | ||||
| CVE-2026-56015 | 1 Tpoder | 1 Net::ip::lpm | 2026-07-06 | 9.1 Critical |
| Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add() passes the prefix string to the trie builder addPrefixToTrie() without checking it against the address width. addPrefixToTrie() then walks the prefix buffer by prefix_length bits, reading prefix[byte] for byte up to prefix_len/8, where prefix is the 4-byte (IPv4) or 16-byte (IPv6) packed address. A prefix length greater than 32 for IPv4 or 128 for IPv6, for example add("1.2.3.4/255", $v) or add("2001:db8::/255", $v), reads past the end of the packed address. The out-of-bounds read happens during trie construction and is bounded: the prefix length is stored as an unsigned char, so the bit walk reads at most 32 bytes from the start of the packed address, a short distance past the end of the 4-byte or 16-byte buffer. It is detectable under AddressSanitizer, valgrind, or a hardened allocator, where it can abort the process. Lookups and dump() format only the valid address width, so the out-of-bounds bytes are not exposed through the module's API. | ||||
| CVE-2026-20706 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.1 Critical |
| Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint. | ||||
| CVE-2026-22555 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.1 High |
| Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets. | ||||
| CVE-2026-26307 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | N/A |
| Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources. | ||||
| CVE-2026-27775 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.8 High |
| Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access. | ||||
| CVE-2026-27779 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.5 High |
| Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation. | ||||
| CVE-2026-27780 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.8 Critical |
| Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks. | ||||
| CVE-2026-27783 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 4.3 Medium |
| Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints. | ||||
| CVE-2026-28699 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.1 High |
| Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication. | ||||
| CVE-2026-28744 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.1 High |
| Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks. | ||||
| CVE-2026-12481 | 1 Keras-team | 1 Keras | 2026-07-06 | 8.8 High |
| A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value when `from_config()` is called outside of a `SafeModeScope` context. This logic error conflates `None` (unset/default-deny) with `False` (explicitly disabled), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized. Affected call sites include `keras.layers.deserialize(config)`, `keras.models.clone_model(model)`, and any direct invocation of `Lambda.from_config(config)` without an enclosing `SafeModeScope(True)`. This vulnerability can be exploited to achieve arbitrary OS-level code execution in the context of the server or user process. | ||||
| CVE-2026-58418 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 6.5 Medium |
| SSRF via HTTP Redirect in Repository Migration | ||||
| CVE-2026-58419 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.5 High |
| Notification API leaks private issue metadata after access revocation | ||||
| CVE-2026-58421 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.5 High |
| Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | ||||
| CVE-2026-58422 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 9.8 Critical |
| Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | ||||
| CVE-2026-58423 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 7.7 High |
| LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | ||||
| CVE-2026-58424 | 1 Gitea | 1 Gitea Open Source Git Server | 2026-07-06 | 8.9 High |
| Permanent Fork PR Workflow Approval Gate Bypass | ||||