Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23379
Total
1666
Critical
7346
High
7432
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-48958 | UNKNOWN | — | An improper access check allows unauthorized users to create custom fields via webservices endpoints. | Jul 07, 2026 |
| CVE-2026-48957 | UNKNOWN | — | An improper access check allows unauthorized users to access com_privacy datasets. | Jul 07, 2026 |
| CVE-2026-48956 | UNKNOWN | — | An improper access check allows users to display a list of modules in the frontend. | Jul 07, 2026 |
| CVE-2026-48955 | UNKNOWN | — | An improper access check allows unauthorized users to access workflow stage and transition information. | Jul 07, 2026 |
| CVE-2026-48954 | UNKNOWN | — | Improper validation leads to a generic XSS vector in the language override feature. | Jul 07, 2026 |
| CVE-2026-48953 | UNKNOWN | — | Lack of escaping leads to an XSS vulnerability in the generic image output layout. | Jul 07, 2026 |
| CVE-2026-48952 | UNKNOWN | — | Lack of escaping leads to an XSS vulnerability in the update list view of com_installer. | Jul 07, 2026 |
| CVE-2026-48951 | UNKNOWN | — | Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. | Jul 07, 2026 |
| CVE-2026-48950 | UNKNOWN | — | Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. | Jul 07, 2026 |
| CVE-2026-48949 | UNKNOWN | — | Lack of validation leads to an XSS vulnerability in the MFA management views. | Jul 07, 2026 |
| CVE-2026-48948 | UNKNOWN | — | An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible. | Jul 07, 2026 |
| CVE-2026-48947 | UNKNOWN | — | An improper access check allows privileged users to overwrite media files without editing permissions. | Jul 07, 2026 |
| CVE-2026-57851 | HIGH | 7.8 | MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory … | Jul 07, 2026 |
| CVE-2026-23698 | HIGH | 7.2 | Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP … | Jul 07, 2026 |
| CVE-2026-23697 | HIGH | 8.8 | Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing … | Jul 07, 2026 |
| CVE-2026-14904 | MEDIUM | 6.5 | AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources … | Jul 07, 2026 |
| CVE-2026-13020 | HIGH | 8.1 | A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, … | Jul 07, 2026 |
| CVE-2026-13019 | CRITICAL | 9.8 | Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated … | Jul 07, 2026 |
| CVE-2025-12799 | MEDIUM | 6.5 | A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters … | Jul 07, 2026 |
| CVE-2026-56812 | UNKNOWN | — | Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix (Presence JavaScript client) allows an attacker with ordinary channel access to cause a persistent … | Jul 07, 2026 |
| CVE-2026-56811 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix (Phoenix.Socket module) allows an unauthenticated attacker to cause a denial of service against any … | Jul 07, 2026 |
| CVE-2026-14969 | MEDIUM | 4.4 | A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an … | Jul 07, 2026 |
| CVE-2026-14935 | LOW | 3.7 | A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers … | Jul 07, 2026 |
| CVE-2026-59709 | MEDIUM | 4.3 | Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with … | Jul 07, 2026 |
| CVE-2026-53878 | MEDIUM | 6.1 | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a … | Jul 07, 2026 |