Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23503
Total
1676
Critical
7379
High
7473
Medium
CVE ID Severity Score Description Published
CVE-2026-46453 MEDIUM 5.3 Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its … Jul 06, 2026
CVE-2026-44934 UNKNOWN A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with … Jul 06, 2026
CVE-2026-43867 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() reads that … Jul 06, 2026
CVE-2026-43866 HIGH 7.3 Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms() in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the … Jul 06, 2026
CVE-2026-43865 HIGH 8.1 Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no … Jul 06, 2026
CVE-2026-42527 HIGH 8.1 Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering ('java.**;javax.**;org.apache.camel.**;!*', or the … Jul 06, 2026
CVE-2026-40859 HIGH 8.1 Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying … Jul 06, 2026
CVE-2026-40047 CRITICAL 9.1 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool … Jul 06, 2026
CVE-2026-24014 CRITICAL 9.8 Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If … Jul 06, 2026
CVE-2026-24013 CRITICAL 9.1 Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests … Jul 06, 2026
CVE-2026-24012 HIGH 7.5 Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An … Jul 06, 2026
CVE-2026-1433 UNKNOWN uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM … Jul 06, 2026
CVE-2026-14809 HIGH 7.5 Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. Jul 06, 2026
CVE-2026-6382 CRITICAL 9.1 The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before … Jul 06, 2026
CVE-2026-14808 CRITICAL 9.8 Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain … Jul 06, 2026
CVE-2026-14807 CRITICAL 9.8 ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and … Jul 06, 2026
CVE-2026-14802 HIGH 7.3 A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. … Jul 06, 2026
CVE-2026-14801 LOW 3.3 A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin_probe_duration of the file src/filters/load_text.c of the component TeXML File … Jul 06, 2026
CVE-2026-14800 MEDIUM 4.3 A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The … Jul 06, 2026
CVE-2026-12083 HIGH 8.1 The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a … Jul 06, 2026
CVE-2026-11962 HIGH 8.8 The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted … Jul 06, 2026
CVE-2026-11855 HIGH 8.8 The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a … Jul 06, 2026
CVE-2026-11766 HIGH 8.0 The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user … Jul 06, 2026
CVE-2026-10830 HIGH 8.8 The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an … Jul 06, 2026
CVE-2024-6228 HIGH 7.5 The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file … Jul 06, 2026