Common Vulnerabilities and Exposures (CVE)

CVE-2026-11915

Jul 13, 2026 19:06:23 UTC

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*.

CVE-2026-11914

Jul 13, 2026 19:05:09 UTC

vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*.

CVE-2026-57212

Jul 13, 2026 18:55:35 UTC

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_management HTTP API accepts oversized valid JSON bodies on with_decode and direct_request paths because read_complete_body checks the ac...

CVE-2026-57218

Jul 13, 2026 18:55:32 UTC

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.update_secret refresh to reduced scopes because existing consume...

CVE-2026-34196

Jul 13, 2026 18:55:28 UTC

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the...

CVE-2026-41154

Jul 13, 2026 18:55:25 UTC

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer in...

CVE-2026-7639

Jul 13, 2026 18:55:22 UTC

Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU...

CVE-2026-57574

Jul 13, 2026 18:55:15 UTC

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where insufficient validation of used tokens allows the...

CVE-2026-45203

Jul 13, 2026 18:55:12 UTC

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver coul...

CVE-2026-55664

Jul 13, 2026 18:55:09 UTC

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actual...

CVE-2026-58503

Jul 13, 2026 18:55:05 UTC

Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the reset_password endpoint. This issue is fixed in versions 16.16.0 and 15.106.0.

CVE-2026-55882

Jul 13, 2026 18:54:59 UTC

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-...

CVE-2026-56240

Jul 13, 2026 18:54:55 UTC

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence...

CVE-2026-15089

Jul 13, 2026 18:52:33 UTC

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*.

CVE-2026-11913

Jul 13, 2026 18:51:40 UTC

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.