Common Vulnerabilities and Exposures (CVE)

CVE-2026-3833

Jul 13, 2026 21:10:41 UTC

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permitt...

CVE-2026-58411

Jul 13, 2026 21:05:18 UTC

ChurchCRM is an open-source church management system. Prior to version 7.4.0, Cross-Site Scripting (XSS) vulnerabilities were identified due to insufficient output encoding of user-controlled request parameter names and parameter values. Th...

CVE-2026-6845

Jul 13, 2026 20:58:53 UTC

A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (EL...

CVE-2026-3442

Jul 13, 2026 20:58:49 UTC

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted m...

CVE-2026-3441

Jul 13, 2026 20:58:44 UTC

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially c...

CVE-2026-26396

Jul 13, 2026 19:45:59 UTC

OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter “filename” is user-controllable and is concatenated into the file path to b...

CVE-2026-14906

Jul 13, 2026 19:32:16 UTC

Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.

CVE-2025-45869

Jul 13, 2026 19:29:41 UTC

LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input parameters to trigger a server-side reque...

CVE-2026-15527

Jul 13, 2026 19:26:34 UTC

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scan_project_icons/sync_icon. Such manipulation of the argument icons_file leads to path traversal. An attack h...

CVE-2026-15533

Jul 13, 2026 19:22:17 UTC

A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The at...

CVE-2026-15471

Jul 13, 2026 19:19:11 UTC

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_status.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possi...

CVE-2026-15477

Jul 13, 2026 19:11:58 UTC

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results...

CVE-2026-15086

Jul 13, 2026 19:09:51 UTC

vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] versions: *.*.

CVE-2026-15087

Jul 13, 2026 19:07:49 UTC

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.

CVE-2026-11915

Jul 13, 2026 19:06:23 UTC

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*.