Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23379
Total
1666
Critical
7346
High
7432
Medium
CVE ID Severity Score Description Published
CVE-2026-58266 MEDIUM 6.5 Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, … Jul 07, 2026
CVE-2026-55490 MEDIUM 6.5 OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker … Jul 07, 2026
CVE-2026-55418 HIGH 8.6 FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read … Jul 07, 2026
CVE-2026-55408 UNKNOWN Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the … Jul 07, 2026
CVE-2026-55075 HIGH 7.4 Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained … Jul 07, 2026
CVE-2026-54698 UNKNOWN Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on … Jul 07, 2026
CVE-2026-54607 HIGH 7.7 FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta4, the HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle, … Jul 07, 2026
CVE-2026-54602 UNKNOWN FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId … Jul 07, 2026
CVE-2026-54601 MEDIUM 6.3 FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in … Jul 07, 2026
CVE-2026-50179 MEDIUM 4.2 Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify … Jul 07, 2026
CVE-2026-49229 HIGH 8.3 Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, … Jul 07, 2026
CVE-2026-49033 HIGH 7.8 The application contains a stack-based buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code. Jul 07, 2026
CVE-2026-46354 CRITICAL 9.1 Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, `azureidentity.Validate()` verifies that the … Jul 07, 2026
CVE-2026-45796 MEDIUM 6.5 Coder allows organizations to provision remote development environments via Terraform. Versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 are vulnerable to unauthenticated semi-blind … Jul 07, 2026
CVE-2026-42958 HIGH 7.8 The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to … Jul 07, 2026
CVE-2026-42953 UNKNOWN The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of … Jul 07, 2026
CVE-2026-28378 LOW 3.1 The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different … Jul 07, 2026
CVE-2026-59707 HIGH 8.6 LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized … Jul 07, 2026
CVE-2026-58583 HIGH 7.1 FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at … Jul 07, 2026
CVE-2026-58473 CRITICAL 9.1 Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and … Jul 07, 2026
CVE-2026-58472 MEDIUM 5.9 GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker … Jul 07, 2026
CVE-2026-58471 MEDIUM 5.9 GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to … Jul 07, 2026
CVE-2026-58470 MEDIUM 5.3 GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause … Jul 07, 2026
CVE-2026-58469 HIGH 7.5 GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/metalink.c that allows a malicious server … Jul 07, 2026
CVE-2026-57172 UNKNOWN DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker … Jul 07, 2026