Common Vulnerabilities and Exposures (CVE)

CVE-2026-13376

Jul 6, 2026 15:03:24 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-20...

CVE-2026-13377

Jul 6, 2026 15:02:58 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025...

CVE-2025-71367

Jul 6, 2026 15:02:33 UTC

picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using _operator.attrgetter in reduce methods to...

CVE-2026-14623

Jul 6, 2026 15:01:50 UTC

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be per...

CVE-2026-14629

Jul 6, 2026 15:00:19 UTC

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may b...

CVE-2026-14534

Jul 6, 2026 14:59:37 UTC

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist,...

CVE-2026-14535

Jul 6, 2026 14:58:34 UTC

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsaf...

CVE-2026-14636

Jul 6, 2026 14:57:17 UTC

A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function do_upload_others_images of the file application/modules/vendor/controllers/AddProduct.php...

CVE-2026-12746

Jul 6, 2026 14:56:03 UTC

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without issuing a state value, and the callback met...

CVE-2026-13728

Jul 6, 2026 14:56:01 UTC

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 202...

CVE-2026-13084

Jul 6, 2026 14:54:50 UTC

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mo...

CVE-2026-58460

Jul 6, 2026 14:54:44 UTC

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name value containing dot-dot pa...

CVE-2026-13768

Jul 6, 2026 14:51:30 UTC

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this...

CVE-2026-59097

Jul 6, 2026 14:50:35 UTC

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue du...

CVE-2026-52189

Jul 6, 2026 14:49:36 UTC

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_487330 component