CVE search
363,766 resultsCVE-2026-9772HIGHUnraid Web Server FileUpload Command Injection Remote Code Execution VulnerabilityEPSS 1.1%CVE-2026-50189HIGHAppsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy RouteEPSS 0.3%CVE-2026-10642MEDIUMUnbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow controlEPSS 0.2%CVE-2026-53765MEDIUMchrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directoryEPSS 0.1%CVE-2026-53766MEDIUMchrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing rootsEPSS 0.1%CVE-2026-52794HIGHSentry: Inefficient Regular Expression Complexity in sentryEPSS 0.3%CVE-2026-55570CRITICALSiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)EPSS 0.3%CVE-2026-54759HIGHSiYuan: Lute HTML sanitizer allows `<iframe>` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron clientEPSS 0.3%CVE-2026-47110HIGHTiptap for PHP < 2.1.1 DoS via Malformed href AttributeEPSS 0.3%CVE-2026-50551CRITICALSiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell ContentEPSS 0.4%CVE-2026-54158CRITICALSiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()EPSS 0.3%CVE-2026-54070HIGHSiYuan: Stored XSS in Bazaar marketplace via package README event handlersEPSS 0.2%CVE-2026-54069CRITICALSiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin AllowlistEPSS 0.6%CVE-2026-54068MEDIUMSiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIconEPSS 0.2%CVE-2026-54067CRITICALSiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()EPSS 0.3%CVE-2026-54066HIGHSiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)EPSS 1.9%CVE-2026-55762HIGHRocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` EndpointEPSS 0.3%CVE-2026-55759HIGHRocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replayEPSS 0.2%CVE-2026-55666CRITICALRocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuthEPSS 0.3%CVE-2026-49278MEDIUMRocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor ImpersonationEPSS 0.2%