Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23503
Total
1676
Critical
7379
High
7473
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-46453 | MEDIUM | 5.3 | Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its … | Jul 06, 2026 |
| CVE-2026-44934 | UNKNOWN | — | A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with … | Jul 06, 2026 |
| CVE-2026-43867 | CRITICAL | 9.8 | Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() reads that … | Jul 06, 2026 |
| CVE-2026-43866 | HIGH | 7.3 | Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms() in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the … | Jul 06, 2026 |
| CVE-2026-43865 | HIGH | 8.1 | Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no … | Jul 06, 2026 |
| CVE-2026-42527 | HIGH | 8.1 | Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering ('java.**;javax.**;org.apache.camel.**;!*', or the … | Jul 06, 2026 |
| CVE-2026-40859 | HIGH | 8.1 | Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying … | Jul 06, 2026 |
| CVE-2026-40047 | CRITICAL | 9.1 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool … | Jul 06, 2026 |
| CVE-2026-24014 | CRITICAL | 9.8 | Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If … | Jul 06, 2026 |
| CVE-2026-24013 | CRITICAL | 9.1 | Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests … | Jul 06, 2026 |
| CVE-2026-24012 | HIGH | 7.5 | Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An … | Jul 06, 2026 |
| CVE-2026-1433 | UNKNOWN | — | uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM … | Jul 06, 2026 |
| CVE-2026-14809 | HIGH | 7.5 | Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | Jul 06, 2026 |
| CVE-2026-6382 | CRITICAL | 9.1 | The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before … | Jul 06, 2026 |
| CVE-2026-14808 | CRITICAL | 9.8 | Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain … | Jul 06, 2026 |
| CVE-2026-14807 | CRITICAL | 9.8 | ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and … | Jul 06, 2026 |
| CVE-2026-14802 | HIGH | 7.3 | A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. … | Jul 06, 2026 |
| CVE-2026-14801 | LOW | 3.3 | A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin_probe_duration of the file src/filters/load_text.c of the component TeXML File … | Jul 06, 2026 |
| CVE-2026-14800 | MEDIUM | 4.3 | A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The … | Jul 06, 2026 |
| CVE-2026-12083 | HIGH | 8.1 | The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a … | Jul 06, 2026 |
| CVE-2026-11962 | HIGH | 8.8 | The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted … | Jul 06, 2026 |
| CVE-2026-11855 | HIGH | 8.8 | The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a … | Jul 06, 2026 |
| CVE-2026-11766 | HIGH | 8.0 | The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user … | Jul 06, 2026 |
| CVE-2026-10830 | HIGH | 8.8 | The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an … | Jul 06, 2026 |
| CVE-2024-6228 | HIGH | 7.5 | The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file … | Jul 06, 2026 |