Common Vulnerabilities and Exposures (CVE)

CVE-2026-12774

Jun 22, 2026 10:57:42 UTC

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Se...

CVE-2026-12781

Jun 22, 2026 10:57:03 UTC

A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack nee...

CVE-2026-12789

Jun 22, 2026 10:56:23 UTC

A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking...

CVE-2026-56229

Jun 22, 2026 10:54:01 UTC

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched app_id and job_id c...

CVE-2026-56265

Jun 22, 2026 10:43:47 UTC

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing auth...

CVE-2026-56382

Jun 22, 2026 10:30:06 UTC

Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview() method, which passes the fieldLayoutConfig POST parameter directly to...

CVE-2026-56395

Jun 22, 2026 10:29:04 UTC

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsi...

CVE-2026-12810

Jun 22, 2026 10:27:45 UTC

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in co...

CVE-2026-12863

Jun 22, 2026 10:27:10 UTC

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.

CVE-2026-12580

Jun 22, 2026 10:26:46 UTC

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.

CVE-2026-12581

Jun 22, 2026 10:26:23 UTC

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in.

CVE-2026-12821

Jun 22, 2026 10:22:43 UTC

A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can le...

CVE-2026-8450

Jun 22, 2026 07:58:11 UTC

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subproces...

CVE-2026-50263

Jun 22, 2026 07:47:18 UTC

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.

CVE-2026-50262

Jun 22, 2026 07:47:16 UTC

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to informatio...