| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-12466 | 0.00 | — | 0.00 | Jun 17, 2026 | Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12465 | 0.00 | — | 0.00 | Jun 17, 2026 | Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12464 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12463 | 0.00 | — | 0.00 | Jun 17, 2026 | Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12462 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12461 | 0.00 | — | 0.00 | Jun 17, 2026 | Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12460 | 0.00 | — | 0.00 | Jun 17, 2026 | Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-12459 | 0.00 | — | 0.00 | Jun 17, 2026 | Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12458 | 0.00 | — | 0.00 | Jun 17, 2026 | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12457 | 0.00 | — | 0.00 | Jun 17, 2026 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12456 | 0.00 | — | 0.00 | Jun 17, 2026 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High) | |||
| CVE-2026-12455 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12454 | 0.00 | — | 0.00 | Jun 17, 2026 | Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12453 | 0.00 | — | 0.00 | Jun 17, 2026 | Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12452 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12451 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12450 | 0.00 | — | 0.00 | Jun 17, 2026 | Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12449 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | |||
| CVE-2026-12448 | 0.00 | — | 0.00 | Jun 17, 2026 | Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12447 | 0.00 | — | 0.00 | Jun 17, 2026 | Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12446 | 0.00 | — | 0.00 | Jun 17, 2026 | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-12445 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | |||
| CVE-2026-12444 | 0.00 | — | 0.00 | Jun 17, 2026 | Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: High) | |||
| CVE-2026-12443 | 0.00 | — | 0.01 | Jun 17, 2026 | Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-12442 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-12441 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-12440 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-12439 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-12438 | 0.00 | — | 0.00 | Jun 17, 2026 | Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-12437 | 0.00 | — | 0.00 | Jun 17, 2026 | Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2025-15641 | 0.00 | — | 0.00 | Jun 17, 2026 | Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the… | |||
| CVE-2026-55706 | 0.00 | — | 0.00 | Jun 17, 2026 | sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths. | |||
| CVE-2025-26240 | 0.00 | — | 0.00 | Jun 17, 2026 | In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files. | |||
| CVE-2025-66391 | 0.00 | — | 0.00 | Jun 17, 2026 | In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user… | |||
| CVE-2026-36418 | 0.00 | — | 0.00 | Jun 17, 2026 | JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing… | |||
| CVE-2026-39199 | 0.00 | — | 0.00 | Jun 17, 2026 | snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file. | |||
| CVE-2026-50559 | imp | 0.49 | 7.5 | 0.00 | Jun 17, 2026 | io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters | ||
| CVE-2026-55225 | imp | 0.45 | 8.0 | — | Jun 17, 2026 | strimzi-cluster-operator: Cross-namespace privilege escalation via Kafka.spec.entityOperator.watchedNamespace in Strimzi | ||
| CVE-2026-54326 | low | 0.00 | — | 0.00 | Jun 16, 2026 | # Potential XSS in HTML session exports via Markdown URL handling Pi HTML exports render session Markdown into a static HTML file. Affected versions did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters… | ||
| CVE-2026-20706 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Summary PR #37698 added checkDownloadTokenScope to /raw/*, /media/*, and attachment download web endpoints. The /archive/* endpoint (repo.Download in routers/web/repo/repo.go:372) was not included in the fix. This endpoint accepts OAuth2 tokens via webAuth.AllowOAuth2… | |||
| CVE-2026-27783 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Summary Three Gitea API endpoints — `GET /repos/{owner}/{repo}/issue_templates`, `GET /repos/{owner}/{repo}/issue_config` and `GET /repos/{owner}/{repo}/issue_config/validate` — read files from the repository's **Code** default branch (`.gitea/ISSUE_TEMPLATE/*` and… | |||
| CVE-2026-25714 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Summary Two related issues in the token public-only scope enforcement introduced by PR #32204 (CVE-2025-68941 fix). A public-only scoped API token can access private organization data. ## Issue 1: /user/orgs missing checkTokenPublicOnly() `routers/api/v1/api.go` line 1599:… | |||
| CVE-2026-26231 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ## Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. ## Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: … | ||
| CVE-2026-28699 | hig | 0.38 | — | 0.01 | Jun 16, 2026 | ### Summary Gitea fails to enforce OAuth2 access token scopes when the token is submitted via HTTP Basic authentication instead of a Bearer token. An OAuth2 application granted only `read:user` can use the same token as `Authorization: Basic base64(:x-oauth-basic)` and… | ||
| CVE-2026-52797 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | **Vulnerability type:** Path Traversal **Impact:** DoS **Exploitation prerequisite:** authorized user **Description:** As an authorized user, an intruder can dictate the value which is passed to the `git diff` command which, together with bypassing the filtering of the passed… | ||
| CVE-2026-49980 | cri | 0.52 | — | 0.01 | Jun 16, 2026 | ## Summary `rclone rcd --rc-serve` accepts unauthenticated `GET` and `HEAD` requests to paths of the form: ```text /[remote:path]/object ``` The `remote` value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend… | ||
| CVE-2026-49468 | cri | 0.52 | — | 0.01 | Jun 16, 2026 | ### Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from `request.url.path` in `litellm/proxy/auth/auth_utils.py::get_request_route()… | ||
| CVE-2026-28744 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ### Summary Gitea v1.26.1 enforces repository-scoped access-token permissions on repository operations. In the Git Smart HTTP path, however, this check runs only when the token is presented via HTTP Basic authentication — `CheckRepoScopedToken()` returns early unless… | ||
| CVE-2026-48797 | 0.00 | — | 0.00 | Jun 16, 2026 | Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration,… | |||
| CVE-2026-54304 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ## Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached… |
- CVE-2026-12466Jun 17, 2026risk 0.00cvss —epss 0.00
Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12465Jun 17, 2026risk 0.00cvss —epss 0.00
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12464Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12463Jun 17, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12462Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12461Jun 17, 2026risk 0.00cvss —epss 0.00
Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12460Jun 17, 2026risk 0.00cvss —epss 0.00
Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)
- CVE-2026-12459Jun 17, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12458Jun 17, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12457Jun 17, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12456Jun 17, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2026-12455Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12454Jun 17, 2026risk 0.00cvss —epss 0.00
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12453Jun 17, 2026risk 0.00cvss —epss 0.00
Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12452Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12451Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12450Jun 17, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12449Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
- CVE-2026-12448Jun 17, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12447Jun 17, 2026risk 0.00cvss —epss 0.00
Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12446Jun 17, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12445Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2026-12444Jun 17, 2026risk 0.00cvss —epss 0.00
Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: High)
- CVE-2026-12443Jun 17, 2026risk 0.00cvss —epss 0.01
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-12442Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-12441Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-12440Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-12439Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-12438Jun 17, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-12437Jun 17, 2026risk 0.00cvss —epss 0.00
Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2025-15641Jun 17, 2026risk 0.00cvss —epss 0.00
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the…
- CVE-2026-55706Jun 17, 2026risk 0.00cvss —epss 0.00
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
- CVE-2025-26240Jun 17, 2026risk 0.00cvss —epss 0.00
In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files.
- CVE-2025-66391Jun 17, 2026risk 0.00cvss —epss 0.00
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user…
- CVE-2026-36418Jun 17, 2026risk 0.00cvss —epss 0.00
JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing…
- CVE-2026-39199Jun 17, 2026risk 0.00cvss —epss 0.00
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.
- risk 0.49cvss 7.5epss 0.00
io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
- risk 0.45cvss 8.0epss —
strimzi-cluster-operator: Cross-namespace privilege escalation via Kafka.spec.entityOperator.watchedNamespace in Strimzi
- risk 0.00cvss —epss 0.00
# Potential XSS in HTML session exports via Markdown URL handling Pi HTML exports render session Markdown into a static HTML file. Affected versions did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters…
- CVE-2026-20706Jun 16, 2026risk 0.00cvss —epss 0.00
## Summary PR #37698 added checkDownloadTokenScope to /raw/*, /media/*, and attachment download web endpoints. The /archive/* endpoint (repo.Download in routers/web/repo/repo.go:372) was not included in the fix. This endpoint accepts OAuth2 tokens via webAuth.AllowOAuth2…
- CVE-2026-27783Jun 16, 2026risk 0.00cvss —epss 0.00
## Summary Three Gitea API endpoints — `GET /repos/{owner}/{repo}/issue_templates`, `GET /repos/{owner}/{repo}/issue_config` and `GET /repos/{owner}/{repo}/issue_config/validate` — read files from the repository's **Code** default branch (`.gitea/ISSUE_TEMPLATE/*` and…
- CVE-2026-25714Jun 16, 2026risk 0.00cvss —epss 0.00
## Summary Two related issues in the token public-only scope enforcement introduced by PR #32204 (CVE-2025-68941 fix). A public-only scoped API token can access private organization data. ## Issue 1: /user/orgs missing checkTokenPublicOnly() `routers/api/v1/api.go` line 1599:…
- risk 0.38cvss —epss 0.00
## Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. ## Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: …
- risk 0.38cvss —epss 0.01
### Summary Gitea fails to enforce OAuth2 access token scopes when the token is submitted via HTTP Basic authentication instead of a Bearer token. An OAuth2 application granted only `read:user` can use the same token as `Authorization: Basic base64(:x-oauth-basic)` and…
- risk 0.38cvss —epss 0.00
**Vulnerability type:** Path Traversal **Impact:** DoS **Exploitation prerequisite:** authorized user **Description:** As an authorized user, an intruder can dictate the value which is passed to the `git diff` command which, together with bypassing the filtering of the passed…
- risk 0.52cvss —epss 0.01
## Summary `rclone rcd --rc-serve` accepts unauthenticated `GET` and `HEAD` requests to paths of the form: ```text /[remote:path]/object ``` The `remote` value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend…
- risk 0.52cvss —epss 0.01
### Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from `request.url.path` in `litellm/proxy/auth/auth_utils.py::get_request_route()…
- risk 0.38cvss —epss 0.00
### Summary Gitea v1.26.1 enforces repository-scoped access-token permissions on repository operations. In the Git Smart HTTP path, however, this check runs only when the token is presented via HTTP Basic authentication — `CheckRepoScopedToken()` returns early unless…
- CVE-2026-48797Jun 16, 2026risk 0.00cvss —epss 0.00
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration,…
- risk 0.38cvss —epss 0.00
## Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached…