Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-54261 | MEDIUM | 6.5 | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check … | Jul 01, 2026 |
| CVE-2026-54260 | MEDIUM | 4.3 | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger … | Jul 01, 2026 |
| CVE-2026-54259 | MEDIUM | 4.3 | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen … | Jul 01, 2026 |
| CVE-2026-52190 | HIGH | 7.5 | Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component | Jul 01, 2026 |
| CVE-2026-52186 | CRITICAL | 9.8 | SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component | Jul 01, 2026 |
| CVE-2026-38891 | HIGH | 7.5 | An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist … | Jul 01, 2026 |
| CVE-2026-36912 | HIGH | 7.5 | A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a … | Jul 01, 2026 |
| CVE-2026-36911 | MEDIUM | 5.5 | A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted … | Jul 01, 2026 |
| CVE-2026-36910 | MEDIUM | 5.5 | An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted … | Jul 01, 2026 |
| CVE-2026-36909 | MEDIUM | 6.2 | A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a … | Jul 01, 2026 |
| CVE-2026-58263 | HIGH | 7.2 | Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer … | Jul 01, 2026 |
| CVE-2026-55886 | UNKNOWN | — | Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution … | Jul 01, 2026 |
| CVE-2026-55661 | UNKNOWN | — | Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not … | Jul 01, 2026 |
| CVE-2026-55660 | UNKNOWN | — | Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable … | Jul 01, 2026 |
| CVE-2026-55153 | HIGH | 7.1 | mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory … | Jul 01, 2026 |
| CVE-2026-54786 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions … | Jul 01, 2026 |
| CVE-2026-54756 | UNKNOWN | — | Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configure(options) — and the … | Jul 01, 2026 |
| CVE-2026-54720 | MEDIUM | 5.4 | Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS … | Jul 01, 2026 |
| CVE-2026-54074 | HIGH | 7.8 | Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal … | Jul 01, 2026 |
| CVE-2026-50521 | HIGH | 8.3 | Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | Jul 01, 2026 |
| CVE-2026-14340 | UNKNOWN | — | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write … | Jul 01, 2026 |
| CVE-2026-58593 | HIGH | 7.5 | NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and … | Jul 01, 2026 |
| CVE-2026-58592 | HIGH | 8.3 | Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM … | Jul 01, 2026 |
| CVE-2026-58457 | CRITICAL | 9.8 | Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by … | Jul 01, 2026 |
| CVE-2026-55688 | MEDIUM | 4.0 | The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and … | Jul 01, 2026 |