Common Vulnerabilities and Exposures (CVE)

CVE-2016-20088

Jun 22, 2026 17:15:20 UTC

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitra...

CVE-2016-20094

Jun 22, 2026 17:15:11 UTC

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root pat...

CVE-2020-37253

Jun 22, 2026 17:15:05 UTC

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed wit...

CVE-2017-20252

Jun 22, 2026 17:14:56 UTC

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=com_nge&view=...

CVE-2017-20258

Jun 22, 2026 17:14:49 UTC

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET req...

CVE-2026-12798

Jun 22, 2026 17:14:45 UTC

A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenA...

CVE-2026-12619

Jun 22, 2026 17:14:41 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting (XSS). This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

CVE-2026-54286

Jun 22, 2026 17:14:40 UTC

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash (%5C) in the request path decodes to \, which the Windows path resolver treats as a separator. se...

CVE-2026-12622

Jun 22, 2026 17:14:35 UTC

The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

CVE-2026-12621

Jun 22, 2026 17:14:26 UTC

Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0.

CVE-2026-12620

Jun 22, 2026 17:14:15 UTC

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

CVE-2026-49342

Jun 22, 2026 17:14:14 UTC

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a t...

CVE-2017-20270

Jun 22, 2026 17:14:07 UTC

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET reques...

CVE-2026-56209

Jun 22, 2026 17:13:58 UTC

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into...

CVE-2017-20276

Jun 22, 2026 17:13:51 UTC

Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php...