Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366256 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56692 | 1 Nanoco | 1 Nanoclaw | 2026-07-14 | 5.5 Medium |
| NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files. | ||||
| CVE-2026-56402 | 1 Nanoco | 1 Nanoclaw | 2026-07-14 | 6.5 Medium |
| NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation. | ||||
| CVE-2026-56266 | 2 Crawl4ai, Kidocode | 2 Crawl4ai, Crawl4ai | 2026-07-14 | 8.6 High |
| Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints. | ||||
| CVE-2026-56265 | 2 Crawl4ai, Kidocode | 2 Crawl4ai, Crawl4ai | 2026-07-14 | 9.8 Critical |
| Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality. | ||||
| CVE-2026-56264 | 2 Crawl4ai, Kidocode | 2 Crawl4ai, Crawl4ai | 2026-07-14 | 8.1 High |
| Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary JavaScript and, combined with the browser's relaxed security settings, perform server-side request forgery against internal services. | ||||
| CVE-2026-56263 | 2 Crawl4ai, Kidocode | 2 Crawl4ai, Crawl4ai | 2026-07-14 | 6.1 Medium |
| Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing the dashboard. | ||||
| CVE-2026-56262 | 2 Crawl4ai, Kidocode | 2 Crawl4ai, Crawl4ai | 2026-07-14 | 6.5 Medium |
| Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication, causing service disruption. | ||||
| CVE-2026-56261 | 2 Crawl4ai, Kidocode | 2 Crawl4ai, Crawl4ai | 2026-07-14 | 8.6 High |
| Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, or cloud metadata endpoints (e.g. 169.254.169.254), causing the server to make requests to internal services and potentially expose cloud metadata. | ||||
| CVE-2026-56260 | 2 Crawl4ai, Kidocode | 2 Crawl4ai, Crawl4ai | 2026-07-14 | 9.1 Critical |
| Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location writable by the application's user, overwriting server files and causing denial of service. | ||||
| CVE-2026-56259 | 2 Crawl4ai, Kidocode | 2 Crawl4ai, Crawl4ai | 2026-07-14 | 8.2 High |
| Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by supplying a malicious base_url parameter and setting api_token to env:VARIABLE_NAME to exfiltrate provider API keys and server secrets including JWT SECRET_KEY for authentication bypass. | ||||
| CVE-2026-56258 | 2 Crawl4ai, Kidocode | 2 Crawl4ai, Crawl4ai | 2026-07-14 | 8.1 High |
| Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use (TOCTOU) attacks on the output_path parameter. Remote attackers can exploit insufficient path validation and symlink following to achieve arbitrary file write and potential code execution on systems where the runtime user has write access to executable or cron locations. | ||||
| CVE-2026-56123 | 2 Dest-unreach, Socat | 2 Socat, Socat | 2026-07-14 | 8.1 High |
| socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read through a signed char field causing a negative bytes_to_read value that is implicitly converted to size_t, resulting in an unbounded heap write into the 262-byte reply buffer with attacker-controlled size and content. | ||||
| CVE-2026-45363 | 2026-07-14 | 9.1 Critical | ||
| ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT.decode(token, '', true, algorithm: 'HS256') accepts an attacker-forged token because OpenSSL::HMAC.digest('SHA256', '', payload) returns a valid digest under an empty key and no empty-key precondition exists in the HMAC algorithm. The same path is reached when a keyfinder block or key_finder: argument returns an empty string, nil, or an array containing nil for an unknown key, affecting HS256, HS384, and HS512 verification through JWT.decode and JWT::EncodedToken#verify_signature!. This issue is fixed in versions 2.10.3 and 3.2.0. | ||||
| CVE-2026-56109 | 1 Alsa-project | 1 Alsa-lib | 2026-07-14 | 6.8 Medium |
| The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read. | ||||
| CVE-2026-56104 | 1 Chainlit | 1 Chainlit | 2026-07-14 | 8.2 High |
| Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the restore_existing_session path to assume a victim's permissions and roles, enabling unauthorized invocation of tools and access to data restricted to the authenticated victim. | ||||
| CVE-2026-55205 | 2 Get-hermes, Nesquena | 2 Hermes Web Ui, Hermes-webui | 2026-07-14 | 5.3 Medium |
| Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and thread resources, potentially triggering repeated outbound device-code requests to upstream OAuth providers. | ||||
| CVE-2026-55198 | 2 Get-hermes, Nesquena | 2 Hermes Web Ui, Hermes-webui | 2026-07-14 | 6.5 Medium |
| Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data, enabling attackers to exfiltrate foreign session transcripts by guessing or knowing session identifiers. | ||||
| CVE-2026-55197 | 2 Get-hermes, Nesquena | 2 Hermes Web Ui, Hermes-webui | 2026-07-14 | 6.5 Medium |
| Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET /api/session?session_id=<foreign_id>&messages=1 to retrieve unauthorized conversation transcripts and metadata. | ||||
| CVE-2026-55196 | 2 Get-hermes, Hermes-webui | 2 Hermes Web Ui, Hermes-webui | 2026-07-14 | 9.1 Critical |
| Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMES_WEBUI_PASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options and POST /api/auth/passkey/register endpoints are accessible without authentication, allowing attackers to claim the first passkey and gain permanent administrative control. | ||||
| CVE-2026-54388 | 2 Tinyproxy, Tinyproxy Project | 2 Tinyproxy, Tinyproxy | 2026-07-14 | 9.1 Critical |
| Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can desynchronize the proxy and backend parser state, allowing injection of arbitrary HTTP requests to the backend to enable cache poisoning, access control bypass, and request hijacking. | ||||