Common Vulnerabilities and Exposures (CVE)

CVE-2026-54017

Jun 22, 2026 14:17:11 UTC

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does not fully confine the user-controlled `pa...

CVE-2025-2669

Jun 22, 2026 14:12:31 UTC

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token val...

CVE-2026-49344

Jun 22, 2026 14:11:15 UTC

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine (`/admin/queries/execute`) accepts a JSON DSL (`from` / `select` / `filters` / `traverse` / `out...

CVE-2026-49293

Jun 22, 2026 14:10:09 UTC

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigInt` loop that multiplies a `BigInt` accum...

CVE-2019-25762

Jun 22, 2026 14:09:04 UTC

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with op...

CVE-2019-25756

Jun 22, 2026 14:08:18 UTC

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the va...

CVE-2019-25750

Jun 22, 2026 14:07:33 UTC

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id parameter. Attackers can send ...

CVE-2026-9843

Jun 22, 2026 14:06:30 UTC

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the view_page function in all versions up to, and including, 1.5.1. This mak...

CVE-2026-49346

Jun 22, 2026 14:05:14 UTC

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/i...

CVE-2026-56082

Jun 22, 2026 14:02:40 UTC

Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role and callable with only the public Supabase pub...

CVE-2026-49345

Jun 22, 2026 14:01:57 UTC

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in Mercator's CVE configuration panel (`/admin/config/paramete...

CVE-2026-48582

Jun 22, 2026 14:01:26 UTC

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2026-49337

Jun 22, 2026 14:00:14 UTC

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished p...

CVE-2026-48715

Jun 22, 2026 13:57:45 UTC

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement...

CVE-2026-12549

Jun 22, 2026 13:55:06 UTC

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resultin...