CVE search
361,802 resultsCVE-2026-55411MEDIUMToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization's data-source secretsEPSS 0.1%CVE-2026-55412HIGHToolJet Cloud - SSRF to Azure Cloud Infrastructure CompromiseEPSS 0.2%CVE-2026-13350LOWPermissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.EPSS 0.2%CVE-2026-55413CRITICALToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code ExecutionEPSS 0.3%CVE-2026-54573MEDIUMAuthorization Bypass in API Key/OAuth Scopes via Path Parsing DiscrepancyEPSS 0.3%CVE-2026-55439MEDIUMHalo: Path Traversal in Backup Download Leads to Arbitrary File ReadEPSS 0.3%CVE-2026-54024MEDIUMLibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size LimitsEPSS 0.2%CVE-2026-54025MEDIUMLibreChat: Stored XSS via unescaped image alt text in markdown artifact previewEPSS 0.1%CVE-2026-54027MEDIUMLibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload AuthorizationEPSS 0.2%CVE-2026-54029MEDIUMLibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User FilterEPSS 0.2%CVE-2026-54033HIGHLibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLsEPSS 0.2%CVE-2026-45233HIGHHTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in AutosaveEPSS 0.6%CVE-2026-54037MEDIUMLibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/forkEPSS 0.3%CVE-2026-54030HIGHLibreChat: Missing Resource Parameter Validation in MCP OAuth FlowEPSS 0.1%CVE-2026-54040MEDIUMLibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA BypassEPSS 0.2%CVE-2026-56123CRITICALsocat 1.8.0.0 - 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply ParserEPSS 0.3%CVE-2026-54036MEDIUMLibreChat: 2FA Re-enrollment Allows Full Account 2FA Takeover Without OTP VerificationEPSS 0.2%CVE-2026-4522MEDIUMMissing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception.
This issue affeEPSS 0.1%CVE-2026-55693MEDIUMVim: Out-of-bounds Write in Spell File Word CountEPSS 0.1%CVE-2026-55892MEDIUMVim: Out-of-bounds Write in Spell File Prefix DumpEPSS 0.1%