VulnAway
de en fr it

10 CVE — CVSS 3.1/au mieux, score ≥ 8.5, publiées aujourd'hui (limité à 10 lignes).

CVEPubliéScoreTypeSévéritéÉditeur / LogicielDescription
CVE-2026-62948 2026-07-15 20:16 9.6 3.1 · Sec CRITICAL openwrt/openwrt OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefi…
CVE-2026-53513 2026-07-15 20:16 9.6 3.1 · Sec CRITICAL Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoint…
CVE-2026-40501 2026-07-15 20:16 8.8 3.1 · Prim HIGH cherryhq/cherry-studio Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitr…
CVE-2026-62378 2026-07-15 19:16 9.0 3.1 · Sec CRITICAL rustfs/console RustFS Console is a web management console for the RustFS distributed file system. From 0.1.7 until 0.1.10, the RustFS Console components/object/preview-modal.tsx and components/o…
CVE-2026-52842 2026-07-15 19:16 9.3 3.1 · Sec CRITICAL lightpanda-io/browser Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component whe…
CVE-2026-52843 2026-07-15 19:16 9.3 3.1 · Sec CRITICAL lightpanda-io/browser Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest unconditionally attached session cookies to every HTTP reque…
CVE-2026-20150 2026-07-15 19:16 8.8 3.1 · Prim HIGH As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This rev…
CVE-2026-55242 2026-07-15 18:16 8.8 3.1 · Sec HIGH frappe/erpnext ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side …
CVE-2026-50148 2026-07-15 18:16 10.0 3.1 · Sec CRITICAL Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user w…
CVE-2026-44986 2026-07-15 18:16 9.9 3.1 · Sec CRITICAL penpot/penpot Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams_invitations.clj invitation tokens from create-team-invitations, embed…
Afficher : 10 · 25 · 50 · 100 résultats

Page générée le 2026-07-15 21:09