CVE.report search for "CVE-2026-31670"
Listed below are 50 relevant search results for "CVE-2026-31670" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-49433 | The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attac... | ||
| CVE-2026-49386 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Pl... |
| CVE-2026-49385 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts |
| CVE-2026-49383 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible |
| CVE-2026-49382 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin |
| CVE-2026-49381 | In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible | ||
| CVE-2026-49380 | In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible | ||
| CVE-2026-49379 | In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names | ||
| CVE-2026-49378 | In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion | ||
| CVE-2026-49376 | In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin | ||
| CVE-2026-49375 | In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page | ||
| CVE-2026-49374 | In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters | ||
| CVE-2026-49373 | In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings | ||
| CVE-2026-49372 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible |
| CVE-2026-49371 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible |
| CVE-2026-49370 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests |
| CVE-2026-49369 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages |
| CVE-2026-49368 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible |
| CVE-2026-49367 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account |
| CVE-2026-49366 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion |
| CVE-2026-49298 | A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API ... | ||
| CVE-2026-49267 | Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without... | ||
| CVE-2026-48843 | Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) saniti... | ||
| CVE-2026-48696 | Pavel-odintsov | Fastnetmon | FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-... |
| CVE-2026-48210 | An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for ... | ||
| CVE-2026-48208 | An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attack... | ||
| CVE-2026-48191 | An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Fil... | ||
| CVE-2026-48190 | An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated custom... | ||
| CVE-2026-48189 | An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are re... | ||
| CVE-2026-48188 | An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthentic... | ||
| CVE-2026-48187 | An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocati... | ||
| CVE-2026-48172 | Litespeedtech | Litespeed Cpanel Plugin | LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May... |
| CVE-2026-48027 | Nx | Nx Console | Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at... |
| CVE-2026-47323 | Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy ... | ||
| CVE-2026-46740 | Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were n... | ||
| CVE-2026-46728 | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a h... | ||
| CVE-2026-46344 | liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to ... | ||
| CVE-2026-46113 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpe... | ||
| CVE-2026-45913 | In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: always update mdb_n_entries for vlan... | ||
| CVE-2026-45505 | Apache | Activemq | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker,... |
| CVE-2026-45370 | python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py pas... | ||
| CVE-2026-45321 | Abhishake1 | Supersurkhet/cli | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published... |
| CVE-2026-45318 | Openwebui | Open Webui | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his adviso... |
| CVE-2026-45306 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prev... | ||
| CVE-2026-45207 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected ... | ||
| CVE-2026-45206 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected ... | ||
| CVE-2026-45191 | Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, whic... | ||
| CVE-2026-45190 | Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ... | ||
| CVE-2026-45109 | Vercel | Next.js | Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found... |
| CVE-2026-45006 | OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.pat... | ||