Common Vulnerabilities and Exposures (CVE)

CVE-2026-50254

Jul 1, 2026 15:40:16 UTC

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops ...

CVE-2026-50003

Jul 1, 2026 15:39:24 UTC

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

CVE-2026-48286

Jul 1, 2026 15:39:06 UTC

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does no...

CVE-2026-10562

Jul 1, 2026 15:38:52 UTC

An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface.  An unauthenticated attacker can craft URLs containing URL-encoded path t...

CVE-2026-14102

Jul 1, 2026 15:38:42 UTC

Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-13207

Jul 1, 2026 15:38:21 UTC

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing una...

CVE-2026-9132

Jul 1, 2026 15:37:50 UTC

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summ...

CVE-2026-14330

Jul 1, 2026 15:37:41 UTC

Multiple unbounded alloca() calls in the PulseAudio protocol server.

CVE-2026-9106

Jul 1, 2026 15:37:28 UTC

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth applicat...

CVE-2026-10585

Jul 1, 2026 15:36:59 UTC

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discu...

CVE-2026-14105

Jul 1, 2026 15:36:34 UTC

Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-50040

Jul 1, 2026 15:35:58 UTC

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbi...

CVE-2026-55721

Jul 1, 2026 15:35:19 UTC

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an...

CVE-2026-13228

Jul 1, 2026 15:33:25 UTC

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference (IDOR...

CVE-2026-13083

Jul 1, 2026 15:32:01 UTC

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS)...