Common Vulnerabilities and Exposures (CVE)

CVE-2026-55661

Jul 6, 2026 14:39:33 UTC

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing j...

CVE-2025-53827

Jul 6, 2026 14:39:25 UTC

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. ...

CVE-2026-0156

Jul 6, 2026 14:39:15 UTC

In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed fo...

CVE-2026-0128

Jul 6, 2026 14:38:55 UTC

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploita...

CVE-2025-15546

Jul 6, 2026 14:38:27 UTC

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file ...

CVE-2026-53441

Jul 6, 2026 14:37:58 UTC

Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored c...

CVE-2026-52830

Jul 6, 2026 14:36:02 UTC

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not re...

CVE-2026-14241

Jul 6, 2026 14:35:48 UTC

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Fir...

CVE-2026-52188

Jul 6, 2026 14:31:02 UTC

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead//sub_497498 component

CVE-2026-58282

Jul 6, 2026 14:27:42 UTC

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-59152

Jul 6, 2026 14:26:55 UTC

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary ...

CVE-2026-58300

Jul 6, 2026 14:26:33 UTC

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-8403

Jul 6, 2026 14:24:32 UTC

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from ...

CVE-2026-8402

Jul 6, 2026 14:23:39 UTC

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 60...

CVE-2026-44268

Jul 6, 2026 14:22:01 UTC

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permis...