Common Vulnerabilities and Exposures (CVE)

CVE-2026-14605

Jul 6, 2026 15:25:54 UTC

A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-bas...

CVE-2026-4602

Jul 6, 2026 15:25:34 UTC

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break s...

CVE-2026-27775

Jul 6, 2026 15:25:15 UTC

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access.

CVE-2024-21490

Jul 6, 2026 15:25:05 UTC

This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With l...

CVE-2026-10055

Jul 6, 2026 15:23:38 UTC

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns t...

CVE-2026-14796

Jul 6, 2026 15:22:08 UTC

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the argument fromdate results in sql injection. It is possi...

CVE-2026-8804

Jul 6, 2026 15:21:55 UTC

Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the ag...

CVE-2026-27779

Jul 6, 2026 15:21:00 UTC

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation.

CVE-2026-14790

Jul 6, 2026 15:20:48 UTC

A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack require...

CVE-2026-27780

Jul 6, 2026 15:20:06 UTC

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

CVE-2026-14767

Jul 6, 2026 15:19:18 UTC

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoice_n...

CVE-2026-27783

Jul 6, 2026 15:19:12 UTC

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints.

CVE-2026-28699

Jul 6, 2026 15:18:39 UTC

Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.

CVE-2026-28744

Jul 6, 2026 15:17:58 UTC

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.

CVE-2026-14802

Jul 6, 2026 15:17:49 UTC

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injectio...