Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23379
Total
1666
Critical
7346
High
7432
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53877 | MEDIUM | 4.8 | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which … | Jul 07, 2026 |
| CVE-2026-48588 | LOW | 3.1 | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when … | Jul 07, 2026 |
| CVE-2026-14940 | MEDIUM | 5.3 | A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested … | Jul 07, 2026 |
| CVE-2026-12948 | UNKNOWN | — | A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi … | Jul 07, 2026 |
| CVE-2026-12352 | MEDIUM | 5.9 | This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device. | Jul 07, 2026 |
| CVE-2026-6101 | HIGH | 7.5 | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This … | Jul 07, 2026 |
| CVE-2026-53479 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 07, 2026 |
| CVE-2026-44938 | HIGH | 8.8 | A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml (or BundleDeployment.spec.options.namespaceLabels) when applying them to … | Jul 07, 2026 |
| CVE-2026-53483 | CRITICAL | 9.8 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 07, 2026 |
| CVE-2026-53481 | CRITICAL | 9.8 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 07, 2026 |
| CVE-2026-10659 | MEDIUM | 4.7 | The Dhara flash translation layer disk driver (drivers/disk/ftl_dhara.c) implemented the dhara_nand_ callbacks so that, on a flash error, the error code was written unconditionally through … | Jul 07, 2026 |
| CVE-2026-13696 | HIGH | 8.8 | Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman … | Jul 07, 2026 |
| CVE-2026-11348 | HIGH | 8.1 | Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107. | Jul 07, 2026 |
| CVE-2011-10043 | CRITICAL | 9.8 | Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the … | Jul 07, 2026 |
| CVE-2026-11340 | HIGH | 8.3 | Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107. | Jul 07, 2026 |
| CVE-2026-49487 | MEDIUM | 6.5 | In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator … | Jul 07, 2026 |
| CVE-2026-49296 | MEDIUM | 6.5 | Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. `GET /api/v2/dagSources/{dag_id}` … | Jul 07, 2026 |
| CVE-2026-48892 | MEDIUM | 6.5 | The Config API in Apache Airflow surfaced per-key secrets-backend overrides (environment variables like `AIRFLOW__SECRETS__BACKEND_KWARG__SECRET_ID` and `AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__SECRET_ID`) as synthetic config options whose option names were not … | Jul 07, 2026 |
| CVE-2026-48891 | MEDIUM | 4.3 | A bug in Apache Airflow's `/ui/dependencies` scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag … | Jul 07, 2026 |
| CVE-2026-48828 | MEDIUM | 6.5 | The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based `should_hide_value_for_key` check (which triggers on secret-suffixed key … | Jul 07, 2026 |
| CVE-2026-33264 | CRITICAL | 9.8 | A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could … | Jul 07, 2026 |
| CVE-2026-14868 | UNKNOWN | — | The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, … | Jul 07, 2026 |
| CVE-2026-14867 | UNKNOWN | — | Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ … | Jul 07, 2026 |
| CVE-2026-14476 | HIGH | 8.0 | A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing … | Jul 07, 2026 |
| CVE-2026-14474 | HIGH | 8.8 | A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for … | Jul 07, 2026 |