CVE ID :CVE-2026-58486 Published : July 13, 2026, 11:16 p.m. | 1 hour, 17 minutes ago Description :HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable…
CVE-2026-57856 – Cockpit CMS Path Traversal via Bucket Name in Bucket File Storage API
CVE ID :CVE-2026-57856 Published : July 13, 2026, 11:16 p.m. | 1 hour, 17 minutes ago Description :Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API (/system/buckets/api). The api() method…
CVE-2026-57855 – Cockpit CMS Missing Authorization in Bucket File Storage API
CVE ID :CVE-2026-57855 Published : July 13, 2026, 11:16 p.m. | 1 hour, 17 minutes ago Description :Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api() method…
CVE-2026-62327 – 9Router 0.4.41 – Unauthenticated API Key Exposure via /api/usage/stats
CVE ID :CVE-2026-62327 Published : July 13, 2026, 10:16 p.m. | 2 hours, 16 minutes ago Description :9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext…
CVE-2026-62242 – Spring Boot Admin Server < 4.1.2 SSRF via Unauthenticated Instance Registration
CVE ID :CVE-2026-62242 Published : July 13, 2026, 10:16 p.m. | 2 hours, 16 minutes ago Description :Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to…
CVE-2026-15511 – Comfast CF-WR631AX V3 FastCGI Backend webmgnt system_wl_upload_pic_file os command injection
CVE ID :CVE-2026-15511 Published : July 12, 2026, 11:16 p.m. | 1 hour, 16 minutes ago Description :A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the…
CVE-2026-10666 – Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`
CVE ID :CVE-2026-10666 Published : July 12, 2026, 5:16 p.m. | 7 hours, 17 minutes ago Description :parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form “a.b.c.d:port”) copies the port substring into…
CVE-2026-58596 – Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE ID :CVE-2026-58596 Published : July 12, 2026, 4:16 p.m. | 8 hours, 16 minutes ago Description :Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network….
CVE-2026-61876 – LuCI DHCPv6 Lease Hostname Stored Cross-Site Scripting
CVE ID :CVE-2026-61876 Published : July 12, 2026, 12:16 p.m. | 12 hours, 16 minutes ago Description :LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network…
CVE-2026-61875 – luci-app-upnp Stored XSS via UPnP Port Mapping Description
CVE ID :CVE-2026-61875 Published : July 12, 2026, 12:16 p.m. | 12 hours, 16 minutes ago Description :luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP…