Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23379
Total
1666
Critical
7346
High
7432
Medium
CVE ID Severity Score Description Published
CVE-2026-48958 UNKNOWN An improper access check allows unauthorized users to create custom fields via webservices endpoints. Jul 07, 2026
CVE-2026-48957 UNKNOWN An improper access check allows unauthorized users to access com_privacy datasets. Jul 07, 2026
CVE-2026-48956 UNKNOWN An improper access check allows users to display a list of modules in the frontend. Jul 07, 2026
CVE-2026-48955 UNKNOWN An improper access check allows unauthorized users to access workflow stage and transition information. Jul 07, 2026
CVE-2026-48954 UNKNOWN Improper validation leads to a generic XSS vector in the language override feature. Jul 07, 2026
CVE-2026-48953 UNKNOWN Lack of escaping leads to an XSS vulnerability in the generic image output layout. Jul 07, 2026
CVE-2026-48952 UNKNOWN Lack of escaping leads to an XSS vulnerability in the update list view of com_installer. Jul 07, 2026
CVE-2026-48951 UNKNOWN Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. Jul 07, 2026
CVE-2026-48950 UNKNOWN Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. Jul 07, 2026
CVE-2026-48949 UNKNOWN Lack of validation leads to an XSS vulnerability in the MFA management views. Jul 07, 2026
CVE-2026-48948 UNKNOWN An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible. Jul 07, 2026
CVE-2026-48947 UNKNOWN An improper access check allows privileged users to overwrite media files without editing permissions. Jul 07, 2026
CVE-2026-57851 HIGH 7.8 MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory … Jul 07, 2026
CVE-2026-23698 HIGH 7.2 Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP … Jul 07, 2026
CVE-2026-23697 HIGH 8.8 Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing … Jul 07, 2026
CVE-2026-14904 MEDIUM 6.5 AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources … Jul 07, 2026
CVE-2026-13020 HIGH 8.1 A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, … Jul 07, 2026
CVE-2026-13019 CRITICAL 9.8 Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated … Jul 07, 2026
CVE-2025-12799 MEDIUM 6.5 A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters … Jul 07, 2026
CVE-2026-56812 UNKNOWN Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix (Presence JavaScript client) allows an attacker with ordinary channel access to cause a persistent … Jul 07, 2026
CVE-2026-56811 UNKNOWN Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix (Phoenix.Socket module) allows an unauthenticated attacker to cause a denial of service against any … Jul 07, 2026
CVE-2026-14969 MEDIUM 4.4 A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an … Jul 07, 2026
CVE-2026-14935 LOW 3.7 A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers … Jul 07, 2026
CVE-2026-59709 MEDIUM 4.3 Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with … Jul 07, 2026
CVE-2026-53878 MEDIUM 6.1 An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a … Jul 07, 2026