Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23830
Total
1706
Critical
7474
High
7609
Medium
CVE ID Severity Score Description Published
CVE-2026-56277 UNKNOWN Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard (*) on its text-to-speech (TTS) generation endpoint (packages/server/src/controllers/text-to-speech/index.ts), independent of the server's configured CORS policy. This … Jun 30, 2026
CVE-2026-56264 HIGH 8.1 Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and executes arbitrary user-supplied JavaScript in the … Jun 30, 2026
CVE-2026-56249 HIGH 7.6 Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. … Jun 30, 2026
CVE-2026-56247 HIGH 8.8 Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can … Jun 30, 2026
CVE-2026-56233 HIGH 8.3 Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers … Jun 30, 2026
CVE-2026-56230 HIGH 8.8 Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey() that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to … Jun 30, 2026
CVE-2026-56224 MEDIUM 5.4 Capgo console.capgo.app/login before 12.128.2 accepts access_token and refresh_token in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims … Jun 30, 2026
CVE-2026-56219 HIGH 7.5 Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_access_rbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. … Jun 30, 2026
CVE-2026-55721 CRITICAL 9.3 Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated … Jun 30, 2026
CVE-2026-55223 UNKNOWN c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization … Jun 30, 2026
CVE-2026-54696 LOW 3.7 Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with … Jun 30, 2026
CVE-2026-54673 UNKNOWN electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched … Jun 30, 2026
CVE-2026-54672 HIGH 7.8 electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the … Jun 30, 2026
CVE-2026-52198 HIGH 7.5 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_425994 component Jun 30, 2026
CVE-2026-52197 HIGH 7.5 An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component Jun 30, 2026
CVE-2026-52195 HIGH 7.5 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component Jun 30, 2026
CVE-2026-52193 HIGH 7.5 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component Jun 30, 2026
CVE-2026-50110 CRITICAL 9.2 Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded … Jun 30, 2026
CVE-2026-50040 MEDIUM 6.1 Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can … Jun 30, 2026
CVE-2026-28322 MEDIUM 5.6 SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. Jun 30, 2026
CVE-2026-14156 MEDIUM 6.5 Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin … Jun 30, 2026
CVE-2026-14155 MEDIUM 6.5 Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium … Jun 30, 2026
CVE-2026-14154 MEDIUM 4.8 Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI … Jun 30, 2026
CVE-2026-14153 MEDIUM 5.3 Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to … Jun 30, 2026
CVE-2026-14152 CRITICAL 9.6 Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to … Jun 30, 2026