Sun, Jul 12 · 11:16 PM CDTCVE-2026-15511
9.8/10 · Must read/watchNVDvuln
Summary
A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function system_wl_upload_pic_file of the file /usr/bin/webmgnt of the component FastCGI Backend. This manipulation of the argument filename causes os command injection. It is possible to initiate the attack rem
CVECVE-2026-15511
SeverityCRITICAL
TypeNEW
PublishedSun, Jul 12 · 11:16 PM CDT
ModifiedSun, Jul 12 · 11:16 PM CDT
Mon, Jul 13 · 08:16 AM CDTCVE-2026-4769
9.8/10 · Must read/watchNVDvuln
Summary
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attack
CVECVE-2026-4769
SeverityCRITICAL
TypeNEW
PublishedMon, Jul 13 · 08:16 AM CDT
ModifiedMon, Jul 13 · 08:16 AM CDT
Sun, Jul 12 · 12:16 PM CDTCVE-2026-56271
9.8/10 · Must read/watchNVDvuln
Summary
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in the enterprise passport authentication middleware (packages/server/src/enterprise/middleware/passport/index.ts). When the c
CVECVE-2026-56271
SeverityCRITICAL
TypeNEW
PublishedSun, Jul 12 · 12:16 PM CDT
ModifiedSun, Jul 12 · 12:16 PM CDT
Mon, Jul 13 · 09:16 AM CDTCVE-2026-14453
9.6/10 · Must read/watchNVDvuln
Summary
This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to inject and execute
CVECVE-2026-14453
SeverityCRITICAL
TypeNEW
PublishedMon, Jul 13 · 09:16 AM CDT
ModifiedMon, Jul 13 · 09:16 AM CDT
Sun, Jul 12 · 12:16 PM CDTCVE-2026-56260
9.1/10 · Must read/watchNVDvuln
Summary
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location writable by the appli
CVECVE-2026-56260
SeverityCRITICAL
TypeNEW
PublishedSun, Jul 12 · 12:16 PM CDT
ModifiedSun, Jul 12 · 12:16 PM CDT
Mon, Jul 13 · 08:16 AM CDTCVE-2026-15543
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
CVECVE-2026-15543
SeverityHIGH
TypeNEW
PublishedMon, Jul 13 · 08:16 AM CDT
ModifiedMon, Jul 13 · 08:16 AM CDT
Mon, Jul 13 · 08:16 AM CDTCVE-2026-15544
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed a
CVECVE-2026-15544
SeverityHIGH
TypeNEW
PublishedMon, Jul 13 · 08:16 AM CDT
ModifiedMon, Jul 13 · 08:16 AM CDT
Mon, Jul 13 · 09:16 AM CDTCVE-2026-15545
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly available and might be used.
CVECVE-2026-15545
SeverityHIGH
TypeNEW
PublishedMon, Jul 13 · 09:16 AM CDT
ModifiedMon, Jul 13 · 09:16 AM CDT
Sun, Jul 12 · 12:16 PM CDTCVE-2026-59260
8.8/10 · Worth your timeNVDvuln
Summary
OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process, triggering command execution
CVECVE-2026-59260
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 12:16 PM CDT
ModifiedSun, Jul 12 · 12:16 PM CDT
Sun, Jul 12 · 12:16 PM CDTCVE-2026-61875
8.8/10 · Worth your timeNVDvuln
Summary
luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders without output encoding, e
CVECVE-2026-61875
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 12:16 PM CDT
ModifiedSun, Jul 12 · 12:16 PM CDT
Sun, Jul 12 · 12:16 PM CDTCVE-2026-61876
8.8/10 · Worth your timeNVDvuln
Summary
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages.
CVECVE-2026-61876
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 12:16 PM CDT
ModifiedSun, Jul 12 · 12:16 PM CDT
Sun, Jul 12 · 12:16 PM CDTCVE-2026-56241
8.3/10 · Worth your timeNVDvuln
Summary
Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not being cleared during role binding deletion. Attackers can exploit this by maintaining a prev
CVECVE-2026-56241
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 12:16 PM CDT
ModifiedSun, Jul 12 · 12:16 PM CDT
Sun, Jul 12 · 04:16 PM CDTCVE-2026-58596
8.3/10 · Worth your timeNVDvuln
Summary
Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
CVECVE-2026-58596
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 04:16 PM CDT
ModifiedSun, Jul 12 · 04:16 PM CDT
Sun, Jul 12 · 12:16 PM CDTCVE-2026-56259
8.2/10 · Worth your timeNVDvuln
Summary
Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by supplying a malicious b
CVECVE-2026-56259
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 12:16 PM CDT
ModifiedSun, Jul 12 · 12:16 PM CDT
Sun, Jul 12 · 05:16 PM CDTCVE-2026-10666
8.1/10 · Worth your timeNVDvuln
Summary
parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the port substring into a fixed 17-byte stack buffer (char ipaddr[NET_IPV4_ADDR_LEN + 1]) using a length of str_len - end - 1, where str_len is the full, unbounded input length and end is only the (<=15-
CVECVE-2026-10666
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 05:16 PM CDT
ModifiedSun, Jul 12 · 05:16 PM CDT
Sun, Apr 12 · 07:16 PM CDTCVE-2026-40393
8.1/10 · Worth your timeNVDvuln
Summary
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
CVECVE-2026-40393
SeverityHIGH
TypeUPDATED
PublishedSun, Apr 12 · 07:16 PM CDT
ModifiedMon, Jul 13 · 10:16 AM CDT
Sun, Jul 12 · 12:16 PM CDTCVE-2026-56313
8.1/10 · Worth your timeNVDvuln
Summary
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endp
CVECVE-2026-56313
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 12:16 PM CDT
ModifiedSun, Jul 12 · 12:16 PM CDT
Sun, Jul 12 · 05:16 PM CDTCVE-2026-10667
7.8/10 · Worth your timeNVDvuln
Summary
Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-linked list (obj_list) of dynamically allocated kernel objects. Iteration over this list in k_object_wordlist_foreach() was performed under lists_lock using the SAFE iterator (which caches the next nod
CVECVE-2026-10667
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 05:16 PM CDT
ModifiedSun, Jul 12 · 05:16 PM CDT
Fri, Jun 05 · 09:16 AM CDTCVE-2026-11332
7.8/10 · Worth your timeNVDvuln
Summary
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary
CVECVE-2026-11332
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 05 · 09:16 AM CDT
ModifiedMon, Jul 13 · 08:16 AM CDT
Sun, Jul 12 · 10:16 PM CDTCVE-2026-15506
7.8/10 · Worth your timeNVDvuln
Summary
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may
CVECVE-2026-15506
SeverityHIGH
TypeNEW
PublishedSun, Jul 12 · 10:16 PM CDT
ModifiedSun, Jul 12 · 10:16 PM CDT
Fri, Jun 05 · 12:16 PM CDTCVE-2026-50256
7.8/10 · Worth your timeNVDvuln
Summary
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1
CVECVE-2026-50256
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 05 · 12:16 PM CDT
ModifiedMon, Jul 13 · 06:16 AM CDT
Fri, Jun 05 · 12:16 PM CDTCVE-2026-50257
7.8/10 · Worth your timeNVDvuln
Summary
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, c
CVECVE-2026-50257
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 05 · 12:16 PM CDT
ModifiedMon, Jul 13 · 06:16 AM CDT
Fri, Jun 05 · 12:16 PM CDTCVE-2026-50258
7.8/10 · Worth your timeNVDvuln
Summary
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger
CVECVE-2026-50258
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 05 · 12:16 PM CDT
ModifiedMon, Jul 13 · 06:16 AM CDT
Fri, Jun 05 · 12:16 PM CDTCVE-2026-50259
7.8/10 · Worth your timeNVDvuln
Summary
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to
CVECVE-2026-50259
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 05 · 12:16 PM CDT
ModifiedMon, Jul 13 · 06:16 AM CDT
Fri, Jun 05 · 12:16 PM CDTCVE-2026-50260
7.8/10 · Worth your timeNVDvuln
Summary
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if t
CVECVE-2026-50260
SeverityHIGH
TypeUPDATED
PublishedFri, Jun 05 · 12:16 PM CDT
ModifiedMon, Jul 13 · 06:16 AM CDT