Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23503
Total
1676
Critical
7379
High
7473
Medium
CVE ID Severity Score Description Published
CVE-2026-55798 MEDIUM 4.5 Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without … Jul 06, 2026
CVE-2026-55380 HIGH 7.5 Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without … Jul 06, 2026
CVE-2026-55379 HIGH 7.5 Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed … Jul 06, 2026
CVE-2026-54291 UNKNOWN pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to … Jul 06, 2026
CVE-2026-54060 HIGH 7.5 Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), … Jul 06, 2026
CVE-2026-54059 HIGH 7.5 Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() … Jul 06, 2026
CVE-2026-13753 HIGH 7.5 A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access … Jul 06, 2026
CVE-2026-48614 CRITICAL 9.9 An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root … Jul 06, 2026
CVE-2026-41434 LOW 3.3 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … Jul 06, 2026
CVE-2026-12154 MEDIUM 6.4 The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_id' shortcode attribute of the [fbrev] … Jul 06, 2026
CVE-2026-48316 CRITICAL 10.0 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of … Jul 06, 2026
CVE-2026-43825 HIGH 7.3 Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 (libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x line) … Jul 06, 2026
CVE-2026-40257 MEDIUM 5.5 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … Jul 06, 2026
CVE-2026-40141 UNKNOWN A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. … Jul 06, 2026
CVE-2026-40140 UNKNOWN BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an … Jul 06, 2026
CVE-2026-40139 UNKNOWN A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to … Jul 06, 2026
CVE-2026-40138 HIGH 8.1 A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a … Jul 06, 2026
CVE-2025-53831 HIGH 8.2 DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to … Jul 06, 2026
CVE-2026-5268 CRITICAL 9.1 An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to … Jul 06, 2026
CVE-2026-59196 HIGH 7.1 pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases … Jul 06, 2026
CVE-2026-59195 HIGH 8.2 pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly … Jul 06, 2026
CVE-2026-59194 HIGH 7.1 pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove … Jul 06, 2026
CVE-2026-59152 MEDIUM 5.0 LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server … Jul 06, 2026
CVE-2026-58203 MEDIUM 5.3 pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry … Jul 06, 2026
CVE-2026-13122 UNKNOWN OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers … Jul 06, 2026