Common Vulnerabilities and Exposures (CVE)

CVE-2026-21764

Jul 17, 2026 17:11:01 UTC

HCL DevOps Loop is affected by insufficient input validation that allows special characters where they should be restricted. This may result in unintended application behavior under certain conditions.

CVE-2026-21762

Jul 17, 2026 17:10:33 UTC

HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting.

CVE-2026-21761

Jul 17, 2026 17:10:02 UTC

HCL DevOps Loop is affected by a Cross-Origin Resource Sharing (CORS) misconfiguration. Improper CORS configuration may allow unauthorized cross-origin requests, potentially exposing application resources to untrusted domains.

CVE-2026-21760

Jul 17, 2026 17:06:19 UTC

HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality (Forced Browsing) vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing...

CVE-2026-16103

Jul 17, 2026 17:02:25 UTC

A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication (CIBA) initiation handler ...

CVE-2026-12694

Jul 17, 2026 16:59:09 UTC

Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

CVE-2026-15783

Jul 17, 2026 16:55:53 UTC

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including privat...

CVE-2026-51080

Jul 17, 2026 16:55:36 UTC

libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML External Entity (XXE) vulnerability.

CVE-2026-16106

Jul 17, 2026 16:53:32 UTC

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, a...

CVE-2026-49210

Jul 17, 2026 16:52:59 UTC

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml() interpolates the client-controlled children[id].tag value from LiveComponentSubsc...

CVE-2026-12692

Jul 17, 2026 16:51:32 UTC

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

CVE-2026-12693

Jul 17, 2026 16:50:54 UTC

Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3...

CVE-2026-12691

Jul 17, 2026 16:50:39 UTC

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

CVE-2025-60357

Jul 17, 2026 16:48:37 UTC

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint.

CVE-2026-57860

Jul 17, 2026 16:45:31 UTC

ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.j...