CVE.report search for "CVE-2026-40336"
Listed below are 50 relevant search results for "CVE-2026-40336" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-57926 | In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack | ||
| CVE-2026-57925 | In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags | ||
| CVE-2026-57924 | In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details | ||
| CVE-2026-57923 | In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project... | ||
| CVE-2026-57922 | In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible | ||
| CVE-2026-57921 | In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templat... | ||
| CVE-2026-57920 | Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /re... | ||
| CVE-2026-57913 | Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts... | ||
| CVE-2026-57522 | Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), whi... | ||
| CVE-2026-57521 | Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access ... | ||
| CVE-2026-57520 | Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with Ma... | ||
| CVE-2026-57062 | CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes... | ||
| CVE-2026-56412 | Libexpat Project | Libexpat | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for v... |
| CVE-2026-56142 | Jetbrains | Hub | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege esc... |
| CVE-2026-56141 | Jetbrains | Hub | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeo... |
| CVE-2026-56131 | Libexpat Project | Libexpat | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a poli... |
| CVE-2026-56120 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56... | ||
| CVE-2026-56099 | OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within ... | ||
| CVE-2026-55448 | mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_c... | ||
| CVE-2026-55441 | mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (m... | ||
| CVE-2026-54699 | Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contai... | ||
| CVE-2026-54686 | Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accept... | ||
| CVE-2026-54557 | mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install s... | ||
| CVE-2026-54444 | Rejected reason: ]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49489. Reason: This candidate is a dupl... | ||
| CVE-2026-54420 | Litespeedtech | Litespeed Cpanel Plugin | LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by ... |
| CVE-2026-54318 | Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the Loca... | ||
| CVE-2026-54317 | Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konn... | ||
| CVE-2026-54296 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12075. Reason: This candidate is a dupli... | ||
| CVE-2026-54295 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12061. Reason: This candidate is a dupli... | ||
| CVE-2026-54294 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12072. Reason: This candidate is a dupli... | ||
| CVE-2026-54292 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12074. Reason: This candidate is a dupli... | ||
| CVE-2026-54271 | Protobufjs Project | Protobufjs-cli | protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling ... |
| CVE-2026-54236 | Vllm | Vllm | vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, whi... |
| CVE-2026-54066 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal ... | ||
| CVE-2026-54019 | Openwebui | Open Webui | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI... |
| CVE-2026-53931 | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMa... | ||
| CVE-2026-53930 | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-... | ||
| CVE-2026-53929 | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NC_SECURE_ATTACHMENTS=true, an authentica... | ||
| CVE-2026-53928 | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-for... | ||
| CVE-2026-53927 | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint (axiosRequestMa... | ||
| CVE-2026-53926 | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensByUser in the users servic... | ||
| CVE-2026-53915 | Jetbrains | Goland | In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration |
| CVE-2026-53866 | Openclaw | Openclaw | OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticate... |
| CVE-2026-53865 | Openclaw | Openclaw | OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived ... |
| CVE-2026-53864 | Openclaw | Openclaw | OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows N... |
| CVE-2026-53863 | Openclaw | Openclaw | OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated gro... |
| CVE-2026-53862 | Openclaw | Openclaw | OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse... |
| CVE-2026-53861 | Openclaw | Openclaw | OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSI... |
| CVE-2026-53860 | Openclaw | Openclaw | OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allow... |
| CVE-2026-53859 | Openclaw | Openclaw | OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons usi... |