Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23596
Total
1679
Critical
7415
High
7509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-14633 | MEDIUM | 4.3 | A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API … | Jul 04, 2026 |
| CVE-2026-14632 | MEDIUM | 4.3 | A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MY_Controller.php of the component … | Jul 04, 2026 |
| CVE-2026-14630 | LOW | 3.1 | A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get_conversation_history of the file 08_agentic_system/memory/langchain/code/smart_customer_service.py of the component Memory … | Jul 04, 2026 |
| CVE-2026-14629 | MEDIUM | 4.3 | A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing … | Jul 04, 2026 |
| CVE-2026-14535 | HIGH | 8.8 | In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless … | Jul 04, 2026 |
| CVE-2026-14534 | HIGH | 8.8 | Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS … | Jul 04, 2026 |
| CVE-2026-14628 | MEDIUM | 5.3 | A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. … | Jul 04, 2026 |
| CVE-2026-14627 | MEDIUM | 5.6 | A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord … | Jul 04, 2026 |
| CVE-2025-13475 | LOW | 3.5 | In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS … | Jul 04, 2026 |
| CVE-2026-53362 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch … | Jul 04, 2026 |
| CVE-2026-53361 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with … | Jul 04, 2026 |
| CVE-2026-53360 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the … | Jul 04, 2026 |
| CVE-2026-53359 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix … | Jul 04, 2026 |
| CVE-2026-14626 | MEDIUM | 4.3 | A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component … | Jul 04, 2026 |
| CVE-2026-14625 | MEDIUM | 6.3 | A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation … | Jul 04, 2026 |
| CVE-2026-12196 | UNKNOWN | — | HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management … | Jul 04, 2026 |
| CVE-2026-12195 | UNKNOWN | — | myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when … | Jul 04, 2026 |
| CVE-2026-14624 | MEDIUM | 4.3 | A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The … | Jul 04, 2026 |
| CVE-2026-14623 | MEDIUM | 4.3 | A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation … | Jul 04, 2026 |
| CVE-2026-14622 | HIGH | 7.3 | A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing … | Jul 04, 2026 |
| CVE-2026-14621 | LOW | 3.1 | A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. … | Jul 04, 2026 |
| CVE-2026-14619 | MEDIUM | 6.3 | A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /medicine.php. This manipulation … | Jul 04, 2026 |
| CVE-2026-12194 | UNKNOWN | — | PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the … | Jul 04, 2026 |
| CVE-2026-14618 | MEDIUM | 4.3 | A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amf_nnrf_handle_nf_discover of the file src/amf/nnrf-handler.c of the component AMF. … | Jul 04, 2026 |
| CVE-2026-12252 | HIGH | 7.8 | In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes … | Jul 04, 2026 |