CVE.report search for "CVE-2026-54799"

Listed below are 50 relevant search results for "CVE-2026-54799" based on Vendor, Software, and CVE description

These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.

If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.

Search Results

CVE ID Vendor Software Description
CVE-2026-60104Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the au...
CVE-2026-59828Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that sho...
CVE-2026-59805Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticat...
CVE-2026-598009Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-instal...
CVE-2026-59721Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/i...
CVE-2026-59720Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts doe...
CVE-2026-59261OpenclawOpenclawOpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider cre...
CVE-2026-58465Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler w...
CVE-2026-58448yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated use...
CVE-2026-58374W1.fiHostapdIn hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association requ...
CVE-2026-57950ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderControll...
CVE-2026-57949ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GE...
CVE-2026-57926JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
CVE-2026-57925JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
CVE-2026-57924JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
CVE-2026-57923JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project...
CVE-2026-57922JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
CVE-2026-57921JetbrainsYoutrackIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templat...
CVE-2026-57920PeplinkIntcontrol 2Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /re...
CVE-2026-57913Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts...
CVE-2026-57522BitwardenServerBitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), whi...
CVE-2026-57521BitwardenServerBitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access ...
CVE-2026-57520BitwardenServerBitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with Ma...
CVE-2026-57062CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes...
CVE-2026-56781Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to ...
CVE-2026-56412Libexpat ProjectLibexpatlibexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for v...
CVE-2026-56142JetbrainsHubIn JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege esc...
CVE-2026-56141JetbrainsHubIn JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeo...
CVE-2026-56140ApacheCamelImproper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel heade...
CVE-2026-56131Libexpat ProjectLibexpatlibexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a poli...
CVE-2026-56120Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56...
CVE-2026-56099OpenbsdOpenbsdOpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within ...
CVE-2026-55616Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49757. Reason: This candidate is a dupli...
CVE-2026-55615Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passe...
CVE-2026-55470HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the...
CVE-2026-55448mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_c...
CVE-2026-55441mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (m...
CVE-2026-55424Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link"...
CVE-2026-55420Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-defau...
CVE-2026-55404yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --...
CVE-2026-55212Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, the Studio API class definit...
CVE-2026-55208Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user...
CVE-2026-55207Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, an unauthenticated attacker ...
CVE-2026-54760Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` S...
CVE-2026-54709Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-54637. Reason: This candidate is a dupli...
CVE-2026-54699Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contai...
CVE-2026-54686Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accept...
CVE-2026-54590AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of ...
CVE-2026-54557mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install s...
CVE-2026-54444Rejected reason: ]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49489. Reason: This candidate is a dupl...
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report