Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-54908 | UNKNOWN | — | Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while … | Jul 01, 2026 |
| CVE-2026-54164 | MEDIUM | 6.5 | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does … | Jul 01, 2026 |
| CVE-2026-49858 | MEDIUM | 5.9 | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing … | Jul 01, 2026 |
| CVE-2026-14363 | UNKNOWN | — | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This … | Jul 01, 2026 |
| CVE-2026-14265 | HIGH | 7.5 | Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access … | Jul 01, 2026 |
| CVE-2026-58517 | UNKNOWN | — | Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass. This issue affects Mediawiki - WikiLambda Extension: from … | Jul 01, 2026 |
| CVE-2026-58451 | MEDIUM | 6.5 | Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding … | Jul 01, 2026 |
| CVE-2026-55628 | MEDIUM | 5.5 | In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security … | Jul 01, 2026 |
| CVE-2026-55597 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a … | Jul 01, 2026 |
| CVE-2026-55595 | MEDIUM | 4.7 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the … | Jul 01, 2026 |
| CVE-2026-55594 | MEDIUM | 5.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the … | Jul 01, 2026 |
| CVE-2026-55577 | MEDIUM | 5.9 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in … | Jul 01, 2026 |
| CVE-2026-55510 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a … | Jul 01, 2026 |
| CVE-2026-53492 | UNKNOWN | — | containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found … | Jul 01, 2026 |
| CVE-2026-53489 | UNKNOWN | — | containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint … | Jul 01, 2026 |
| CVE-2026-53467 | MEDIUM | 5.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible … | Jul 01, 2026 |
| CVE-2026-53466 | MEDIUM | 6.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF … | Jul 01, 2026 |
| CVE-2026-51947 | UNKNOWN | — | An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code … | Jul 01, 2026 |
| CVE-2026-50195 | UNKNOWN | — | containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails … | Jul 01, 2026 |
| CVE-2026-50160 | CRITICAL | 10.0 | Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable to mass … | Jul 01, 2026 |
| CVE-2026-49119 | HIGH | 7.5 | Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attackers to escape the configured root directory by … | Jul 01, 2026 |
| CVE-2026-47262 | UNKNOWN | — | containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to … | Jul 01, 2026 |
| CVE-2026-41121 | HIGH | 7.3 | Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with … | Jul 01, 2026 |
| CVE-2026-38142 | MEDIUM | 6.5 | An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into … | Jul 01, 2026 |
| CVE-2026-14358 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting (XSS). This issue … | Jul 01, 2026 |