CVE search

367,083 results
CVE-2026-55450CRITICALLangflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leakEPSS 0.3%CVE-2026-34913MEDIUMA missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlEPSS 0.2%CVE-2026-34917MEDIUMLow‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restrictEPSS 0.3%CVE-2026-44956NONELow‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose cEPSS 0.3%CVE-2026-34916HIGHA missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user tEPSS 0.5%CVE-2026-34914HIGHA missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploiEPSS 0.3%CVE-2026-44958MEDIUMAn access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when EPSS 0.3%CVE-2026-44961NONEThe XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernamEPSS 0.3%CVE-2026-44960NONEA stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected EPSS 0.3%CVE-2026-44957MEDIUMA missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowedEPSS 0.2%CVE-2026-34912MEDIUMA missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and EPSS 0.2%CVE-2026-44959HIGHA missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user couldEPSS 0.4%CVE-2026-34915MEDIUMA missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user tEPSS 0.2%CVE-2026-56117MEDIUMdhcpcd Heap Use-After-Free via Control Socket HandlingEPSS 0.1%CVE-2026-50019MEDIUMyt-dlp: File Downloader cookie leak with curlEPSS 0.3%CVE-2025-13162MEDIUMAdvant Master Online Builder DLL vulnerabilityEPSS 0.1%CVE-2026-56116HIGHdhcpcd Memory Leak DoS via IPv6 Router Advertisement HandlingEPSS 0.2%CVE-2026-50574HIGHyt-dlp: Arbitrary code execution via manifest downloads with aria2cEPSS 0.4%CVE-2026-56115HIGHBootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization BypassEPSS 0.3%CVE-2026-50023HIGHyt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)EPSS 0.6%