Common Vulnerabilities and Exposures (CVE)

CVE-2026-50262

Jul 7, 2026 11:39:24 UTC

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to informatio...

CVE-2024-54216

Jul 7, 2026 11:22:19 UTC

Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms allows Path Traversal. This issue affects ARForms: from n/a before 7.0.2.

CVE-2026-41048

Jul 7, 2026 09:31:37 UTC

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".

CVE-2022-21952

Jul 7, 2026 09:28:04 UTC

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE M...

CVE-2025-4994

Jul 7, 2026 09:05:50 UTC

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuratio...

CVE-2026-12491

Jul 7, 2026 07:44:29 UTC

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing...

CVE-2026-3823

Jul 7, 2026 06:24:16 UTC

EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.

CVE-2026-10834

Jul 7, 2026 06:00:01 UTC

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrar...

CVE-2026-14345

Jul 7, 2026 05:34:19 UTC

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to ...

CVE-2026-56810

Jul 7, 2026 04:32:36 UTC

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files l...

CVE-2026-54893

Jul 7, 2026 04:32:26 UTC

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path (/users/{from}/sendMail) without percent-encoding ...

CVE-2026-13383

Jul 7, 2026 03:56:38 UTC

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fire...

CVE-2026-13384

Jul 7, 2026 03:56:37 UTC

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Firew...

CVE-2026-13722

Jul 7, 2026 03:56:36 UTC

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerabilit...

CVE-2026-13368

Jul 7, 2026 03:56:35 UTC

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary co...