Common Vulnerabilities and Exposures (CVE)

CVE-2026-10055

Jul 3, 2026 10:30:57 UTC

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns t...

CVE-2026-13341

Jul 3, 2026 10:19:10 UTC

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

CVE-2026-10054

Jul 3, 2026 10:11:32 UTC

In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication. WebSocket origin valid...

CVE-2026-5137

Jul 3, 2026 09:31:52 UTC

The RTMKit (rometheme-for-elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the render_templates AJAX end...

CVE-2026-47898

Jul 3, 2026 09:09:03 UTC

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library). This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are re...

CVE-2026-47897

Jul 3, 2026 09:09:01 UTC

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library). This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018...

CVE-2026-47896

Jul 3, 2026 09:08:58 UTC

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library). This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta0001...

CVE-2026-4322

Jul 3, 2026 08:58:08 UTC

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE...

CVE-2026-35159

Jul 3, 2026 08:54:57 UTC

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

CVE-2026-4321

Jul 3, 2026 08:54:03 UTC

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE...

CVE-2026-35085

Jul 3, 2026 08:53:29 UTC

A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.

CVE-2026-35084

Jul 3, 2026 08:53:13 UTC

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.

CVE-2026-35083

Jul 3, 2026 08:52:40 UTC

A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.

CVE-2026-35082

Jul 3, 2026 08:52:21 UTC

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

CVE-2026-35081

Jul 3, 2026 08:51:59 UTC

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.