Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23570
Total
1678
Critical
7413
High
7498
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-13708 | HIGH | 7.5 | Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol. i_readjpeg_wiol walks the marker list libjpeg … | Jul 06, 2026 |
| CVE-2026-13705 | HIGH | 7.1 | Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in read_rgb_16_rle. read_rgb_16_rle … | Jul 06, 2026 |
| CVE-2025-15668 | LOW | 3.3 | A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomedia/box_code_base.c of the component MP4Box. Such manipulation … | Jul 06, 2026 |
| CVE-2025-15667 | LOW | 3.3 | A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation … | Jul 06, 2026 |
| CVE-2026-6901 | HIGH | 7.7 | Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5. | Jul 06, 2026 |
| CVE-2026-6900 | HIGH | 7.4 | Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5. | Jul 06, 2026 |
| CVE-2026-58226 | UNKNOWN | — | Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on … | Jul 06, 2026 |
| CVE-2026-56810 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response. This … | Jul 06, 2026 |
| CVE-2026-4249 | HIGH | 8.6 | The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated … | Jul 06, 2026 |
| CVE-2026-49297 | HIGH | 8.1 | Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without … | Jul 06, 2026 |
| CVE-2026-49042 | HIGH | 7.3 | Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade … | Jul 06, 2026 |
| CVE-2026-46588 | HIGH | 7.3 | Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended … | Jul 06, 2026 |
| CVE-2026-46587 | HIGH | 7.3 | Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended … | Jul 06, 2026 |
| CVE-2026-44937 | UNKNOWN | — | Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 … | Jul 06, 2026 |
| CVE-2026-44936 | MEDIUM | 5.0 | Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, … | Jul 06, 2026 |
| CVE-2026-12686 | UNKNOWN | — | An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within … | Jul 06, 2026 |
| CVE-2025-8591 | MEDIUM | 6.1 | The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an … | Jul 06, 2026 |
| CVE-2026-9165 | HIGH | 7.7 | A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the … | Jul 06, 2026 |
| CVE-2026-56140 | CRITICAL | 9.8 | Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, … | Jul 06, 2026 |
| CVE-2026-56139 | MEDIUM | 5.3 | Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what … | Jul 06, 2026 |
| CVE-2026-55994 | HIGH | 7.5 | Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Iggy component. The camel-iggy consumer … | Jul 06, 2026 |
| CVE-2026-55993 | UNKNOWN | — | Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket … | Jul 06, 2026 |
| CVE-2026-53913 | UNKNOWN | — | Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route … | Jul 06, 2026 |
| CVE-2026-49365 | UNKNOWN | — | Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls … | Jul 06, 2026 |
| CVE-2026-49099 | UNKNOWN | — | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The … | Jul 06, 2026 |