CVE.report search for "CVE-2026-25660"

Listed below are 50 relevant search results for "CVE-2026-25660" based on Vendor, Software, and CVE description

These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.

If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.

Search Results

CVE ID Vendor Software Description
CVE-2026-61492JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
CVE-2026-60104Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the au...
CVE-2026-59828Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that sho...
CVE-2026-59805Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticat...
CVE-2026-598009Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-instal...
CVE-2026-59796In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
CVE-2026-59795In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
CVE-2026-59794JetbrainsTeamcityIn JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
CVE-2026-59793JetbrainsTeamcityIn JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
CVE-2026-59792JetbrainsIntellij IdeaIn JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was po...
CVE-2026-59791JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
CVE-2026-59721Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/i...
CVE-2026-59720Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts doe...
CVE-2026-59261OpenclawOpenclawOpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider cre...
CVE-2026-58465Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler w...
CVE-2026-58448yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated use...
CVE-2026-58374W1.fiHostapdIn hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association requ...
CVE-2026-57950ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderControll...
CVE-2026-57949ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GE...
CVE-2026-57926JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
CVE-2026-57925JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
CVE-2026-57924JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
CVE-2026-57923JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project...
CVE-2026-57922JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
CVE-2026-57921JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templat...
CVE-2026-57920PeplinkIntcontrol 2Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /re...
CVE-2026-57913Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts...
CVE-2026-57575Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery...
CVE-2026-57574Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based...
CVE-2026-57522BitwardenServerBitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), whi...
CVE-2026-57521BitwardenServerBitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access ...
CVE-2026-57520BitwardenServerBitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with Ma...
CVE-2026-57476Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional p...
CVE-2026-57475Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a rem...
CVE-2026-57474Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted un...
CVE-2026-57158FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pip...
CVE-2026-57062CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes...
CVE-2026-56781Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to ...
CVE-2026-56412Libexpat ProjectLibexpatlibexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for v...
CVE-2026-56142JetbrainsHubIn JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege esc...
CVE-2026-56141JetbrainsHubIn JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeo...
CVE-2026-56140ApacheCamelImproper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel heade...
CVE-2026-56131Libexpat ProjectLibexpatlibexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a poli...
CVE-2026-56120Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56...
CVE-2026-56099OpenbsdOpenbsdOpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within ...
CVE-2026-55890Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attri...
CVE-2026-55616Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49757. Reason: This candidate is a dupli...
CVE-2026-55615Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passe...
CVE-2026-55470HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the...
CVE-2026-55448mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_c...
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report