Common Vulnerabilities and Exposures (CVE)

CVE-2026-58596

Jul 14, 2026 03:55:37 UTC

Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-58281

Jul 14, 2026 03:55:36 UTC

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-54998

Jul 14, 2026 03:55:35 UTC

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2026-15629

Jul 14, 2026 03:30:09 UTC

A weakness has been identified in louisho5 picobot up to 0.2.0. Impacted is the function CreateSkill/GetSkill of the file internal/agent/tools/filesystem.go of the component Workspace Handler. Executing a manipulation can lead to link follo...

CVE-2026-15628

Jul 14, 2026 03:00:11 UTC

A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision._download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipul...

CVE-2026-15627

Jul 14, 2026 02:45:10 UTC

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information dis...

CVE-2026-15626

Jul 14, 2026 02:15:09 UTC

A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/tool_bridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path ...

CVE-2026-55671

Jul 14, 2026 02:04:22 UTC

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against prot...

CVE-2026-55782

Jul 14, 2026 02:00:57 UTC

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and c...

CVE-2026-15625

Jul 14, 2026 02:00:09 UTC

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/exec_approval.go. The manipulation results in incomplete blacklist. The attack c...

CVE-2026-55885

Jul 14, 2026 01:58:03 UTC

Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the administrator pass...

CVE-2026-39903

Jul 14, 2026 01:57:00 UTC

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass...

CVE-2026-59161

Jul 14, 2026 01:55:21 UTC

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small X...

CVE-2026-53657

Jul 14, 2026 01:53:50 UTC

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent i...

CVE-2026-15375

Jul 14, 2026 01:52:31 UTC

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack ...