Common Vulnerabilities and Exposures (CVE)

CVE-2026-56296

Jul 13, 2026 15:19:17 UTC

Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app...

CVE-2026-15499

Jul 13, 2026 15:18:55 UTC

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled Task Handler. Performing a manipulation of the arg...

CVE-2026-15493

Jul 13, 2026 15:18:11 UTC

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument export_date re...

CVE-2026-15487

Jul 13, 2026 15:17:08 UTC

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command...

CVE-2026-15528

Jul 13, 2026 15:16:42 UTC

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicad_mcp/utils/path_validator.py. Performing a manipulation of the argument project_path/schematic_path results in prote...

CVE-2026-12396

Jul 13, 2026 15:11:37 UTC

The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level (self-registerable) account to approve, feature, o...

CVE-2026-61861

Jul 13, 2026 15:07:54 UTC

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, pote...

CVE-2026-12397

Jul 13, 2026 15:06:41 UTC

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level (self-registerable) account to read other employers'...

CVE-2026-61426

Jul 13, 2026 15:05:01 UTC

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, ...

CVE-2026-57214

Jul 13, 2026 15:04:23 UTC

RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allow...

CVE-2026-55515

Jul 13, 2026 15:02:04 UTC

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending()->find($acceptanceId) by global ID without checking access...

CVE-2026-55462

Jul 13, 2026 15:01:17 UTC

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and printInventory() authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an ...

CVE-2026-55464

Jul 13, 2026 15:00:18 UTC

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdow...

CVE-2026-15535

Jul 13, 2026 14:59:55 UTC

A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserialize_from of the file retrieval_lm/src/index.py of the component retrieval_lm. Execut...

CVE-2026-57791

Jul 13, 2026 14:56:36 UTC

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through <= 2.9.0.