| CVE-2026-16015 |
2026-07-17 |
A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function create_task of the file executor_manager/app/api/v1/tasks.py of the component executor_manager … |
| CVE-2026-62241 |
2026-07-16 |
clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') in auth.ts and ships it as the default in .env.example. Because GET /api/v1/sca… |
| CVE-2026-6511 |
2026-07-16 |
During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files… |
| CVE-2026-63087 |
2026-07-16 |
Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install … |
| CVE-2026-57206 |
2026-07-16 |
SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.206, several plugin validation routes in application/single_app… |
| CVE-2026-45695 |
2026-07-16 |
Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP… |
| CVE-2026-46339 |
2026-07-15 |
9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/* and /api/mcp/*, allowing unauthenticated registration of customPlugi… |
| CVE-2026-58658 |
2026-07-15 |
GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify wo… |
| CVE-2026-53512 |
2026-07-15 |
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the legacy oidcProvider and mcp plugins expose OAuth token endpoints whose refresh_token grant authenticates… |
| CVE-2026-61613 |
2026-07-15 |
Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from i… |
| CVE-2026-48325 |
2026-07-14 |
ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does… |
| CVE-2026-24259 |
2026-07-14 |
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execu… |
| CVE-2026-24229 |
2026-07-14 |
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the Fas… |
| CVE-2026-48252 |
2026-07-14 |
Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to by… |
| CVE-2026-47212 |
2026-07-14 |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse() received the configured webhook se… |
| CVE-2026-45755 |
2026-07-14 |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse() received the configured webhook secret bu… |
| CVE-2026-45754 |
2026-07-14 |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parse… |
| CVE-2026-50451 |
2026-07-14 |
Missing authentication for critical function in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. |
| CVE-2026-50444 |
2026-07-14 |
Missing authentication for critical function in Windows Server Update Service allows an authorized attacker to elevate privileges over a network. |
| CVE-2026-57969 |
2026-07-14 |
Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network. |