Common Vulnerabilities and Exposures (CVE)

CVE-2026-54919

Jul 14, 2026 03:55:43 UTC

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHT...

CVE-2026-59796

Jul 14, 2026 03:55:42 UTC

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks

CVE-2026-59793

Jul 14, 2026 03:55:41 UTC

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration

CVE-2026-54469

Jul 14, 2026 03:55:41 UTC

Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary comman...

CVE-2026-59792

Jul 14, 2026 03:55:40 UTC

In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible

CVE-2026-59856

Jul 14, 2026 03:55:39 UTC

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern...

CVE-2026-59858

Jul 14, 2026 03:55:38 UTC

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pat...

CVE-2008-4128

Jul 14, 2026 03:55:37 UTC

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" ...

CVE-2026-55671

Jul 14, 2026 02:04:22 UTC

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against prot...

CVE-2026-55782

Jul 14, 2026 02:00:57 UTC

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and c...

CVE-2026-55885

Jul 14, 2026 01:58:03 UTC

Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the administrator pass...

CVE-2026-59161

Jul 14, 2026 01:55:21 UTC

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small X...

CVE-2026-53657

Jul 14, 2026 01:53:50 UTC

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent i...

CVE-2026-15375

Jul 14, 2026 01:52:31 UTC

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack ...

CVE-2026-61437

Jul 14, 2026 01:47:45 UTC

PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a st...