Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23813
Total
1705
Critical
7468
High
7599
Medium
CVE ID Severity Score Description Published
CVE-2026-54261 MEDIUM 6.5 Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check … Jul 01, 2026
CVE-2026-54260 MEDIUM 4.3 Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger … Jul 01, 2026
CVE-2026-54259 MEDIUM 4.3 Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen … Jul 01, 2026
CVE-2026-52190 HIGH 7.5 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component Jul 01, 2026
CVE-2026-52186 CRITICAL 9.8 SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component Jul 01, 2026
CVE-2026-38891 HIGH 7.5 An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist … Jul 01, 2026
CVE-2026-36912 HIGH 7.5 A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a … Jul 01, 2026
CVE-2026-36911 MEDIUM 5.5 A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted … Jul 01, 2026
CVE-2026-36910 MEDIUM 5.5 An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted … Jul 01, 2026
CVE-2026-36909 MEDIUM 6.2 A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a … Jul 01, 2026
CVE-2026-58263 HIGH 7.2 Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer … Jul 01, 2026
CVE-2026-55886 UNKNOWN Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution … Jul 01, 2026
CVE-2026-55661 UNKNOWN Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not … Jul 01, 2026
CVE-2026-55660 UNKNOWN Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable … Jul 01, 2026
CVE-2026-55153 HIGH 7.1 mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory … Jul 01, 2026
CVE-2026-54786 UNKNOWN Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions … Jul 01, 2026
CVE-2026-54756 UNKNOWN Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configure(options) — and the … Jul 01, 2026
CVE-2026-54720 MEDIUM 5.4 Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS … Jul 01, 2026
CVE-2026-54074 HIGH 7.8 Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal … Jul 01, 2026
CVE-2026-50521 HIGH 8.3 Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. Jul 01, 2026
CVE-2026-14340 UNKNOWN An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write … Jul 01, 2026
CVE-2026-58593 HIGH 7.5 NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and … Jul 01, 2026
CVE-2026-58592 HIGH 8.3 Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM … Jul 01, 2026
CVE-2026-58457 CRITICAL 9.8 Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by … Jul 01, 2026
CVE-2026-55688 MEDIUM 4.0 The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and … Jul 01, 2026