Skip to content

Menu
  • Home
Menu

CVE-2026-55518 – Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation

Posted on July 18, 2026

CVE ID :CVE-2026-55518 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and…

CVE-2026-54498 – view_component: around_render HTML-Safety Bypass

Posted on July 18, 2026

CVE ID :CVE-2026-54498 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From…

CVE-2026-54466 – websocket-driver: Message corruption via abuse of protocol length headers

Posted on July 18, 2026

CVE ID :CVE-2026-54466 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, the frame format in draft…

CVE-2026-54159 – ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE

Posted on July 18, 2026

CVE ID :CVE-2026-54159 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module…

CVE-2026-53727 – css_parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`

Posted on July 18, 2026

CVE ID :CVE-2026-53727 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and…

CVE-2026-62386 – Grav < 1.0.0-rc.16 Authentication Bypass via token URL Parameter

Posted on July 17, 2026

CVE ID :CVE-2026-62386 Published : July 17, 2026, 12:07 a.m. | 27 minutes ago Description :The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on…

CVE-2026-62241 – clawvet < 0.7.5 Hard-coded JWT Secret Session Forgery

Posted on July 17, 2026

CVE ID :CVE-2026-62241 Published : July 17, 2026, 12:07 a.m. | 27 minutes ago Description :clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret (‘clawvet-dev-secret-change-me’) in auth.ts and ships it…

CVE-2026-62234 – Grav < 2.0.4 SSRF via Unrestricted cURL Protocols

Posted on July 17, 2026

CVE ID :CVE-2026-62234 Published : July 17, 2026, 12:07 a.m. | 27 minutes ago Description :Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to…

CVE-2026-62233 – grav-plugin-api < 1.0.6 Privilege Escalation via createApiKey

Posted on July 17, 2026

CVE ID :CVE-2026-62233 Published : July 17, 2026, 12:07 a.m. | 27 minutes ago Description :grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints, allowing non-super api.users.write managers…

CVE-2026-62232 – Grav < 2.0.4 2FA Bypass via Secret Regeneration

Posted on July 17, 2026

CVE ID :CVE-2026-62232 Published : July 17, 2026, 12:07 a.m. | 27 minutes ago Description :Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FASecret task checks…

Posts pagination

1 2 … 113 Next

Site map

  • About Us
  • Privacy Policy
  • Terms & Conditions of Use
©2026 | Design: Newspaperly WordPress Theme