Search Results (8784 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55188 1 Rustfs 1 Rustfs 2026-06-27 8.2 High
RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist, but does not verify that the caller has replication or administrator permissions. As a result, an authenticated user with no effective bucket or admin permissions can list remote replication target configuration for a bucket. Because the returned BucketTarget objects include remote target credentials, this can disclose replication access keys and secret keys. This vulnerability is fixed in 1.0.0-beta.9.
CVE-2026-54352 1 Budibase 1 Budibase 2026-06-27 9.6 Critical
Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with extract-zip@2.0.1 into a temp directory, then for each entry listed in icons.json validates the icon path, opens it, and streams the bytes into MinIO. The resulting object is served back via GET /api/assets/{appId}/pwa/{uuid}.png. extract-zip@2.0.1 preserves absolute symlink targets when restoring symlink entries. The icon-source validator at packages/server/src/api/controllers/static/index.ts:259-268 resolves the icon source string against baseDir (path.resolve), checks resolvedSrc.startsWith(baseDir + path.sep) against that string, and calls fs.existsSync(resolvedSrc) which follows symbolic links to confirm the target exists. None of the three calls reject symbolic-link entries. packages/backend-core/src/objectStore/objectStore.ts:302 then calls (await fsp.open(path)).createReadStream() on the resolved path. fsp.open follows the symlink, the target file's bytes stream into MinIO, and the response of the asset-fetch endpoint returns those bytes verbatim. Result: a workspace-level builder reads any file the server process can open. This vulnerability is fixed in 3.39.9.
CVE-2026-56031 2 Uncannyowl, Wordpress 2 Uncanny Automator, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
CVE-2026-9699 1 Mattermost 1 Mattermost 2026-06-26 6.8 Medium
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
CVE-2026-56055 2 Inspirythemes, Wordpress 2 Realhomes, Wordpress 2026-06-26 8.8 High
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
CVE-2026-56032 2 Buddyboss, Wordpress 2 Buddyboss Platform, Wordpress 2026-06-26 9.8 Critical
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
CVE-2026-53765 1 Chromedevtools 1 Chrome-devtools-mcp 2026-06-26 6.1 Medium
Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync() to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDG_RUNTIME_DIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-<uid>/daemon.pid. Because the write does not use O_NOFOLLOW, a local low-privilege user on the same POSIX host can pre-create /tmp/chrome-devtools-mcp-<victim_uid>/daemon.pid as a symlink to a file writable by the victim. When the victim later starts daemon mode, fs.writeFileSync() follows the symlink and truncates the target file to the daemon PID string. This vulnerability is fixed in 1.1.0.
CVE-2026-50017 1 Pnpm 1 Pnpm 2026-06-26 N/A
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped _authToken. The repository does not provide a token-bearing auth line. It only sets registry= to a different registry URL. During normal pnpm metadata/install workflows, pnpm binds the user-origin unscoped credential to the repository-selected registry and sends it as an Authorization header. This vulnerability is fixed in 10.34.0 and 11.4.0.
CVE-2026-53914 1 Jetbrains 1 Kotlin 2026-06-26 6.7 Medium
In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata
CVE-2025-71340 2 Mmaitre314, Picklescan 2 Picklescan, Picklescan 2026-06-26 8.1 High
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.
CVE-2026-44622 1 Evoke 1 Evoke Csms 2026-06-26 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-39006 1 Agentpp 1 Snmp4j-agent 2026-06-26 9.8 Critical
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
CVE-2026-39478 2 Eli Scheetz, Wordpress 2 Anti-malware Security And Brute-force Firewall, Wordpress 2026-06-26 8.8 High
Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.
CVE-2026-39554 2 Elated-themes, Wordpress 2 Fidalgo, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.
CVE-2026-39567 2 Select-themes, Wordpress 2 Santé, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
CVE-2026-39577 2 Elated-themes, Wordpress 2 Playroom, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
CVE-2026-39578 2 Elated-themes, Wordpress 2 Valiance, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
CVE-2026-39580 2 Select-themes, Wordpress 2 Micdrop, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
CVE-2026-40751 2 Mikado-themes, Wordpress 2 Ashtanga, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
CVE-2026-40755 2 Mikado-themes, Wordpress 2 Techlink, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.