Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23873
Total
1707
Critical
7489
High
7624
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-56219 | HIGH | 7.5 | Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_access_rbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. … | Jun 30, 2026 |
| CVE-2026-55721 | CRITICAL | 9.3 | Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated … | Jun 30, 2026 |
| CVE-2026-55223 | UNKNOWN | — | c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization … | Jun 30, 2026 |
| CVE-2026-54696 | LOW | 3.7 | Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with … | Jun 30, 2026 |
| CVE-2026-54673 | UNKNOWN | — | electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched … | Jun 30, 2026 |
| CVE-2026-54672 | HIGH | 7.8 | electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the … | Jun 30, 2026 |
| CVE-2026-52198 | HIGH | 7.5 | Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_425994 component | Jun 30, 2026 |
| CVE-2026-52197 | HIGH | 7.5 | An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component | Jun 30, 2026 |
| CVE-2026-52195 | HIGH | 7.5 | Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component | Jun 30, 2026 |
| CVE-2026-52193 | HIGH | 7.5 | Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component | Jun 30, 2026 |
| CVE-2026-50110 | CRITICAL | 9.2 | Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded … | Jun 30, 2026 |
| CVE-2026-50040 | MEDIUM | 6.1 | Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can … | Jun 30, 2026 |
| CVE-2026-28322 | MEDIUM | 5.6 | SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | Jun 30, 2026 |
| CVE-2026-14156 | MEDIUM | 6.5 | Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin … | Jun 30, 2026 |
| CVE-2026-14155 | MEDIUM | 6.5 | Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium … | Jun 30, 2026 |
| CVE-2026-14154 | MEDIUM | 4.8 | Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI … | Jun 30, 2026 |
| CVE-2026-14153 | MEDIUM | 5.3 | Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to … | Jun 30, 2026 |
| CVE-2026-14152 | CRITICAL | 9.6 | Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to … | Jun 30, 2026 |
| CVE-2026-14151 | HIGH | 8.3 | Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox … | Jun 30, 2026 |
| CVE-2026-14150 | MEDIUM | 5.4 | Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform … | Jun 30, 2026 |
| CVE-2026-14149 | HIGH | 8.8 | Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML … | Jun 30, 2026 |
| CVE-2026-14148 | MEDIUM | 6.5 | Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted … | Jun 30, 2026 |
| CVE-2026-14147 | MEDIUM | 6.1 | Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML … | Jun 30, 2026 |
| CVE-2026-14146 | MEDIUM | 6.5 | Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security … | Jun 30, 2026 |
| CVE-2026-14145 | MEDIUM | 6.1 | Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML … | Jun 30, 2026 |