Common Vulnerabilities and Exposures (CVE)

CVE-2026-57574

Jul 13, 2026 18:55:15 UTC

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where insufficient validation of used tokens allows the...

CVE-2026-45203

Jul 13, 2026 18:55:12 UTC

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver coul...

CVE-2026-55664

Jul 13, 2026 18:55:09 UTC

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actual...

CVE-2026-58503

Jul 13, 2026 18:55:05 UTC

Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the reset_password endpoint. This issue is fixed in versions 16.16.0 and 15.106.0.

CVE-2026-55882

Jul 13, 2026 18:54:59 UTC

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-...

CVE-2026-56240

Jul 13, 2026 18:54:55 UTC

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence...

CVE-2026-15089

Jul 13, 2026 18:52:33 UTC

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*.

CVE-2026-11913

Jul 13, 2026 18:51:40 UTC

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.

CVE-2026-61462

Jul 13, 2026 18:49:55 UTC

mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted job_id values like ../../../user to esca...

CVE-2026-55772

Jul 13, 2026 18:44:47 UTC

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Recor...

CVE-2026-15540

Jul 13, 2026 18:39:28 UTC

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page ...

CVE-2026-15546

Jul 13, 2026 18:37:30 UTC

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exec results in os command injection. Remot...

CVE-2026-61463

Jul 13, 2026 18:27:34 UTC

Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATC...

CVE-2026-15085

Jul 13, 2026 18:25:09 UTC

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3.

CVE-2026-55803

Jul 13, 2026 18:24:17 UTC

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 ...