| CVE-2026-55576 |
2026-07-15 |
MaaAssistantArknights is a one-click tool for daily Arknights tasks. In the current dev-v2 workflow, .github/workflows/release-preparation.yml inlined attacker-controlled github.event.pull_request.tit… |
| CVE-2026-45534 |
2026-07-15 |
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getPropert… |
| CVE-2026-62350 |
2026-07-15 |
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a user with create udf privilege could upload a crafted shared library and install it as a… |
| CVE-2026-61446 |
2026-07-15 |
PraisonAI (praisonaiagents) before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python (.py) files from project-level and user-home .… |
| CVE-2026-61433 |
2026-07-15 |
PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.… |
| CVE-2026-58655 |
2026-07-15 |
The bundled Grav Flex Objects plugin (getgrav/grav-plugin-flex-objects) before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles,… |
| CVE-2026-46640 |
2026-07-14 |
Twig is a template language for PHP. From 3.15.0 until 3.26.0, _self.(<string>) and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression … |
| CVE-2026-46633 |
2026-07-14 |
Twig is a template language for PHP. Prior to 3.26.0, Compiler::string() does not escape single quotes when a template name from a {% use %} tag is placed inside a PHP single-quoted string literal, al… |
| CVE-2026-42049 |
2026-07-14 |
jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization whe… |
| CVE-2026-38450 |
2026-07-14 |
An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description parameter of the Add/Update Project function |
| CVE-2026-48322 |
2026-07-14 |
ColdFusion is affected by an Improper Control of Generation of Code ('Code Injection') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t… |
| CVE-2026-50650 |
2026-07-14 |
Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally. |
| CVE-2026-15410 |
2026-07-14 |
Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could pot… |
| CVE-2026-15715 |
2026-07-14 |
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argum… |
| CVE-2026-56185 |
2026-07-14 |
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network. |
| CVE-2026-15702 |
2026-07-14 |
A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modi… |
| CVE-2026-15699 |
2026-07-14 |
A vulnerability was identified in spencermountain compromise up to 14.15.1. Affected is the function nlp.extend of the file src/API/extend.js of the component Public Root API. The manipulation of the … |
| CVE-2026-15698 |
2026-07-14 |
A vulnerability was determined in kofrasa mingo up to 7.2.1. This impacts the function update/updateOne/updateMany of the component Update API. Executing a manipulation of the argument Set can lead to… |
| CVE-2026-15697 |
2026-07-14 |
A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in im… |
| CVE-2026-15678 |
2026-07-14 |
A security vulnerability has been detected in code-projects Online Job Portal 1.0. This impacts an unknown function of the file /Admin/DetailJob.php. The manipulation leads to cross site scripting. Th… |