10 CVE — CVSS 3.1/au mieux, score ≥ 8.5, publiées aujourd'hui (limité à 10 lignes).
| CVE | Publié | Score | Type | Sévérité | Éditeur / Logiciel | Description |
|---|---|---|---|---|---|---|
| CVE-2026-62948 | 2026-07-15 20:16 | 9.6 | 3.1 · Sec | CRITICAL | openwrt/openwrt | OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefi… |
| CVE-2026-53513 | 2026-07-15 20:16 | 9.6 | 3.1 · Sec | CRITICAL | — | Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoint… |
| CVE-2026-40501 | 2026-07-15 20:16 | 8.8 | 3.1 · Prim | HIGH | cherryhq/cherry-studio | Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitr… |
| CVE-2026-62378 | 2026-07-15 19:16 | 9.0 | 3.1 · Sec | CRITICAL | rustfs/console | RustFS Console is a web management console for the RustFS distributed file system. From 0.1.7 until 0.1.10, the RustFS Console components/object/preview-modal.tsx and components/o… |
| CVE-2026-52842 | 2026-07-15 19:16 | 9.3 | 3.1 · Sec | CRITICAL | lightpanda-io/browser | Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component whe… |
| CVE-2026-52843 | 2026-07-15 19:16 | 9.3 | 3.1 · Sec | CRITICAL | lightpanda-io/browser | Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest unconditionally attached session cookies to every HTTP reque… |
| CVE-2026-20150 | 2026-07-15 19:16 | 8.8 | 3.1 · Prim | HIGH | — | As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This rev… |
| CVE-2026-55242 | 2026-07-15 18:16 | 8.8 | 3.1 · Sec | HIGH | frappe/erpnext | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side … |
| CVE-2026-50148 | 2026-07-15 18:16 | 10.0 | 3.1 · Sec | CRITICAL | — | Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user w… |
| CVE-2026-44986 | 2026-07-15 18:16 | 9.9 | 3.1 · Sec | CRITICAL | penpot/penpot | Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams_invitations.clj invitation tokens from create-team-invitations, embed… |
Page générée le 2026-07-15 21:09