Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22332
Total
1596
Critical
6832
High
7160
Medium
CVE ID Severity Score Description Published
CVE-2026-15548 HIGH 8.8 A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/httpd of the component … Jul 13, 2026
CVE-2026-14846 UNKNOWN In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in … Jul 13, 2026
CVE-2026-13014 UNKNOWN A vulnerability in Thales CERT "Suspicious" application =< 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including … Jul 13, 2026
CVE-2026-9708 MEDIUM 4.9 Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target … Jul 13, 2026
CVE-2026-9597 MEDIUM 5.4 Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token … Jul 13, 2026
CVE-2026-9571 MEDIUM 5.9 Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated … Jul 13, 2026
CVE-2026-6850 MEDIUM 6.5 Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows … Jul 13, 2026
CVE-2026-62143 UNKNOWN A Server-Side Request Forgery (SSRF) protection bypass existed in the html_to_markdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, … Jul 13, 2026
CVE-2026-15574 HIGH 7.5 A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally … Jul 13, 2026
CVE-2026-15547 MEDIUM 6.3 A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub_2D048 of the component CIFS Mount Handler. Executing a manipulation … Jul 13, 2026
CVE-2026-15546 MEDIUM 6.3 A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing … Jul 13, 2026
CVE-2026-15545 HIGH 8.8 A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component … Jul 13, 2026
CVE-2026-14453 CRITICAL 9.6 This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without … Jul 13, 2026
CVE-2026-10106 MEDIUM 6.5 Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel … Jul 13, 2026
CVE-2026-10103 MEDIUM 4.3 Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows … Jul 13, 2026
CVE-2026-10085 MEDIUM 5.4 Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support … Jul 13, 2026
CVE-2026-57830 UNKNOWN The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion. Jul 13, 2026
CVE-2026-57829 UNKNOWN The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS. Jul 13, 2026
CVE-2026-4769 CRITICAL 9.8 Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented … Jul 13, 2026
CVE-2026-15544 HIGH 8.8 A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation … Jul 13, 2026
CVE-2026-15543 HIGH 8.8 A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in … Jul 13, 2026
CVE-2026-15542 HIGH 7.3 A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection … Jul 13, 2026
CVE-2026-15541 HIGH 7.3 A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component … Jul 13, 2026
CVE-2026-15540 MEDIUM 4.3 A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component … Jul 13, 2026
CVE-2026-14165 HIGH 7.5 An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users … Jul 13, 2026