Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-21
CVE-2026-22794 - Appsmith Plugin
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker’s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.
PLUGIN
Appsmith
CVE-2026-22794
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22799 - Emlog Plugin
Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers (with a valid API key or admin session cookie) to upload arbitrary files (including malicious PHP scripts) to the server. An attacker can obtain the API key either by gaining administrator access to enable the REST API setting, or via information disclosure vulnerabilities in the application. Once uploaded, the malicious PHP file…
PLUGIN
Emlog
CVE-2026-22799
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22788 - WebErpMesv2 Plugin
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies, quotes, orders, tasks, and whiteboards. Limited write access allows creation of company records and full manipulation of collaboration whiteboards. This vulnerability is fixed in 1.19.
PLUGIN
WebErpMesv2
CVE-2026-22788
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22786 - Gin Vue Admin Plugin
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin
PLUGIN
Gin Vue Admin
CVE-2026-22786
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22798 - Hermes Plugin
hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens (e.g., via hermes deposit -O invenio_rdm.auth_token SECRET), these are written to the log file in plain text, making them available to whoever can access the log file. This vulnerability is fixed in 0.9.1.
PLUGIN
Hermes
CVE-2026-22798
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22789 - WebErpMesv2 Plugin
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote Code Execution (RCE). This vulnerability is identical in nature to CVE-2025-52130 but exists in different code locations that were not addressed by the original fix. This vulnerability is fixed in 1.19.
PLUGIN
WebErpMesv2
CVE-2026-22789
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22772 - Fulcio Plugin
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.
PLUGIN
Fulcio
CVE-2026-22772
Risk Score
Threat Entry
Updated 2026-02-26
CVE-2026-22785 - Orval Plugin
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. This vulnerability is fixed in 7.18.0.
PLUGIN
Orval
CVE-2026-22785
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22784 - Lychee Plugin
Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthorized access to other users' password-protected albums. When a user unlocks a password-protected public album, the system automatically unlocks ALL other public albums that share the same password, resulting in a complete authorization bypass. This vulnerability is fixed in 7.1.0.
PLUGIN
Lychee
CVE-2026-22784
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22781 - TinyWeb Plugin
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess(). An unauthenticated remote attacker can execute arbitrary commands on the server by injecting Windows shell metacharacters into HTTP requests. This vulnerability is fixed in 1.98.
PLUGIN
TinyWeb
CVE-2026-22781
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22783 - Iris Web Plugin
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file's file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target…
PLUGIN
Iris Web
CVE-2026-22783
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22252 - LibreChat Plugin
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.
PLUGIN
LibreChat
CVE-2026-22252
Risk Score
Threat Entry
Updated 2026-02-05
CVE-2026-22771 - Gateway Plugin
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to all secrets that are used by Envoy proxy, e.g. TLS private keys and credentials used for downstream and upstream communication. This vulnerability is fixed in 1.5.7 and 1.6.2.
PLUGIN
Gateway
CVE-2026-22771
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22776 - Cpp Httplib Plugin
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.
PLUGIN
Cpp Httplib
CVE-2026-22776
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22200 - osTicket Plugin
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the…
PLUGIN
osTicket
CVE-2026-22200
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22251 - Wlc Plugin
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.
PLUGIN
Wlc
CVE-2026-22251
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22250 - Wlc Plugin
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
PLUGIN
Wlc
CVE-2026-22250
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22033 - Label Studio Plugin
Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users’ browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the…
PLUGIN
Label Studio
CVE-2026-22033
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22050 - ONTAP 9 Plugin
ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none.
PLUGIN
ONTAP 9
CVE-2026-22050
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0855 - IPD Plugin
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
PLUGIN
IPD
CVE-2026-0855
Risk Score