Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23379
Total
1666
Critical
7346
High
7432
Medium
CVE ID Severity Score Description Published
CVE-2026-59713 HIGH 8.1 Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs … Jul 06, 2026
CVE-2026-59712 HIGH 8.1 Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, … Jul 06, 2026
CVE-2026-59711 MEDIUM 6.1 showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped … Jul 06, 2026
CVE-2026-57573 HIGH 8.6 Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl … Jul 06, 2026
CVE-2026-57572 CRITICAL 10.0 Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. … Jul 06, 2026
CVE-2026-57571 CRITICAL 9.6 Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from … Jul 06, 2026
CVE-2026-55727 HIGH 7.5 A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to … Jul 06, 2026
CVE-2026-55574 UNKNOWN vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string … Jul 06, 2026
CVE-2026-55514 UNKNOWN vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with … Jul 06, 2026
CVE-2026-54765 UNKNOWN Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted … Jul 06, 2026
CVE-2026-54764 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives … Jul 06, 2026
CVE-2026-54763 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity … Jul 06, 2026
CVE-2026-54709 UNKNOWN Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-54637. Reason: This candidate is a duplicate of CVE-2026-54637. Notes: All CVE users … Jul 06, 2026
CVE-2026-54234 HIGH 7.5 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection … Jul 06, 2026
CVE-2026-50135 UNKNOWN Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat (follows symlinks) instead of Lstat , so a direct … Jul 06, 2026
CVE-2026-48267 MEDIUM 5.5 DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could … Jul 06, 2026
CVE-2026-42341 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. … Jul 06, 2026
CVE-2026-42331 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present … Jul 06, 2026
CVE-2026-34038 CRITICAL 9.9 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment … Jul 06, 2026
CVE-2026-33734 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vulnerability in the `Massmailer` module filter functionality. … Jul 06, 2026
CVE-2026-25271 HIGH 7.8 Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use. Jul 06, 2026
CVE-2026-25268 HIGH 8.8 Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations. Jul 06, 2026
CVE-2026-21384 MEDIUM 5.3 Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits. Jul 06, 2026
CVE-2026-21383 HIGH 7.1 Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security. Jul 06, 2026
CVE-2026-21379 HIGH 7.8 Memory Corruption when allocating memory with sizes that exceed the maximum allowed value. Jul 06, 2026