Common Vulnerabilities and Exposures (CVE)

CVE-2026-11586

Jul 6, 2026 15:16:27 UTC

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential ...

CVE-2026-14773

Jul 6, 2026 15:16:07 UTC

A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. T...

CVE-2026-12481

Jul 6, 2026 15:15:46 UTC

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the ...

CVE-2026-14768

Jul 6, 2026 15:15:10 UTC

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried ...

CVE-2026-58418

Jul 6, 2026 15:14:53 UTC

SSRF via HTTP Redirect in Repository Migration

CVE-2026-59520

Jul 6, 2026 15:14:38 UTC

Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16.

CVE-2026-14774

Jul 6, 2026 15:14:15 UTC

A vulnerability was determined in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection. The attack may be initiated...

CVE-2026-58419

Jul 6, 2026 15:14:06 UTC

Notification API leaks private issue metadata after access revocation

CVE-2026-58421

Jul 6, 2026 15:12:29 UTC

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service

CVE-2026-58422

Jul 6, 2026 15:11:20 UTC

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts

CVE-2026-58423

Jul 6, 2026 15:09:55 UTC

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

CVE-2026-58424

Jul 6, 2026 15:09:01 UTC

Permanent Fork PR Workflow Approval Gate Bypass

CVE-2026-58426

Jul 6, 2026 15:07:18 UTC

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

CVE-2026-14611

Jul 6, 2026 15:06:01 UTC

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argume...

CVE-2025-71356

Jul 6, 2026 15:03:48 UTC

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when ...