Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22332
Total
1596
Critical
6832
High
7160
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-15548 | HIGH | 8.8 | A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/httpd of the component … | Jul 13, 2026 |
| CVE-2026-14846 | UNKNOWN | — | In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in … | Jul 13, 2026 |
| CVE-2026-13014 | UNKNOWN | — | A vulnerability in Thales CERT "Suspicious" application =< 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including … | Jul 13, 2026 |
| CVE-2026-9708 | MEDIUM | 4.9 | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target … | Jul 13, 2026 |
| CVE-2026-9597 | MEDIUM | 5.4 | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token … | Jul 13, 2026 |
| CVE-2026-9571 | MEDIUM | 5.9 | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated … | Jul 13, 2026 |
| CVE-2026-6850 | MEDIUM | 6.5 | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows … | Jul 13, 2026 |
| CVE-2026-62143 | UNKNOWN | — | A Server-Side Request Forgery (SSRF) protection bypass existed in the html_to_markdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, … | Jul 13, 2026 |
| CVE-2026-15574 | HIGH | 7.5 | A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally … | Jul 13, 2026 |
| CVE-2026-15547 | MEDIUM | 6.3 | A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub_2D048 of the component CIFS Mount Handler. Executing a manipulation … | Jul 13, 2026 |
| CVE-2026-15546 | MEDIUM | 6.3 | A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing … | Jul 13, 2026 |
| CVE-2026-15545 | HIGH | 8.8 | A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component … | Jul 13, 2026 |
| CVE-2026-14453 | CRITICAL | 9.6 | This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without … | Jul 13, 2026 |
| CVE-2026-10106 | MEDIUM | 6.5 | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel … | Jul 13, 2026 |
| CVE-2026-10103 | MEDIUM | 4.3 | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows … | Jul 13, 2026 |
| CVE-2026-10085 | MEDIUM | 5.4 | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support … | Jul 13, 2026 |
| CVE-2026-57830 | UNKNOWN | — | The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion. | Jul 13, 2026 |
| CVE-2026-57829 | UNKNOWN | — | The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS. | Jul 13, 2026 |
| CVE-2026-4769 | CRITICAL | 9.8 | Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented … | Jul 13, 2026 |
| CVE-2026-15544 | HIGH | 8.8 | A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation … | Jul 13, 2026 |
| CVE-2026-15543 | HIGH | 8.8 | A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in … | Jul 13, 2026 |
| CVE-2026-15542 | HIGH | 7.3 | A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection … | Jul 13, 2026 |
| CVE-2026-15541 | HIGH | 7.3 | A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component … | Jul 13, 2026 |
| CVE-2026-15540 | MEDIUM | 4.3 | A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component … | Jul 13, 2026 |
| CVE-2026-14165 | HIGH | 7.5 | An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users … | Jul 13, 2026 |