Common Vulnerabilities and Exposures (CVE)

CVE-2026-27409

Jul 1, 2026 17:34:50 UTC

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13.

CVE-2026-34097

Jul 1, 2026 17:34:31 UTC

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated attacker can craft a URL that injects scrip...

CVE-2026-13777

Jul 1, 2026 17:33:16 UTC

Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13776

Jul 1, 2026 17:32:57 UTC

Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-3227

Jul 1, 2026 17:31:49 UTC

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authe...

CVE-2026-58521

Jul 1, 2026 17:30:50 UTC

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from * before ...

CVE-2026-58165

Jul 1, 2026 17:29:19 UTC

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, includ...

CVE-2026-14079

Jul 1, 2026 17:28:52 UTC

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-48276

Jul 1, 2026 17:28:19 UTC

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue do...

CVE-2026-48277

Jul 1, 2026 17:28:07 UTC

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user in...

CVE-2026-7873

Jul 1, 2026 17:27:51 UTC

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

CVE-2026-7871

Jul 1, 2026 17:27:39 UTC

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.

CVE-2026-10134

Jul 1, 2026 17:27:28 UTC

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to int...

CVE-2026-10109

Jul 1, 2026 17:27:00 UTC

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.

CVE-2026-13775

Jul 1, 2026 17:26:49 UTC

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)