Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23503
Total
1676
Critical
7379
High
7473
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-55798 | MEDIUM | 4.5 | Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without … | Jul 06, 2026 |
| CVE-2026-55380 | HIGH | 7.5 | Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without … | Jul 06, 2026 |
| CVE-2026-55379 | HIGH | 7.5 | Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed … | Jul 06, 2026 |
| CVE-2026-54291 | UNKNOWN | — | pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to … | Jul 06, 2026 |
| CVE-2026-54060 | HIGH | 7.5 | Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), … | Jul 06, 2026 |
| CVE-2026-54059 | HIGH | 7.5 | Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() … | Jul 06, 2026 |
| CVE-2026-13753 | HIGH | 7.5 | A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access … | Jul 06, 2026 |
| CVE-2026-48614 | CRITICAL | 9.9 | An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root … | Jul 06, 2026 |
| CVE-2026-41434 | LOW | 3.3 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jul 06, 2026 |
| CVE-2026-12154 | MEDIUM | 6.4 | The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_id' shortcode attribute of the [fbrev] … | Jul 06, 2026 |
| CVE-2026-48316 | CRITICAL | 10.0 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of … | Jul 06, 2026 |
| CVE-2026-43825 | HIGH | 7.3 | Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 (libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x line) … | Jul 06, 2026 |
| CVE-2026-40257 | MEDIUM | 5.5 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jul 06, 2026 |
| CVE-2026-40141 | UNKNOWN | — | A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. … | Jul 06, 2026 |
| CVE-2026-40140 | UNKNOWN | — | BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an … | Jul 06, 2026 |
| CVE-2026-40139 | UNKNOWN | — | A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to … | Jul 06, 2026 |
| CVE-2026-40138 | HIGH | 8.1 | A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a … | Jul 06, 2026 |
| CVE-2025-53831 | HIGH | 8.2 | DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to … | Jul 06, 2026 |
| CVE-2026-5268 | CRITICAL | 9.1 | An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to … | Jul 06, 2026 |
| CVE-2026-59196 | HIGH | 7.1 | pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases … | Jul 06, 2026 |
| CVE-2026-59195 | HIGH | 8.2 | pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly … | Jul 06, 2026 |
| CVE-2026-59194 | HIGH | 7.1 | pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove … | Jul 06, 2026 |
| CVE-2026-59152 | MEDIUM | 5.0 | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server … | Jul 06, 2026 |
| CVE-2026-58203 | MEDIUM | 5.3 | pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry … | Jul 06, 2026 |
| CVE-2026-13122 | UNKNOWN | — | OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers … | Jul 06, 2026 |