Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22471
Total
1617
Critical
6868
High
7196
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-15089 | UNKNOWN | — | vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. | Jul 10, 2026 |
| CVE-2026-15087 | UNKNOWN | — | vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. | Jul 10, 2026 |
| CVE-2026-15086 | UNKNOWN | — | vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] versions: *.*. | Jul 10, 2026 |
| CVE-2026-14480 | CRITICAL | 9.9 | OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly … | Jul 10, 2026 |
| CVE-2026-14286 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jul 10, 2026 |
| CVE-2026-11915 | UNKNOWN | — | vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*. | Jul 10, 2026 |
| CVE-2026-11914 | UNKNOWN | — | vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. | Jul 10, 2026 |
| CVE-2026-11913 | UNKNOWN | — | vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. | Jul 10, 2026 |
| CVE-2026-59155 | UNKNOWN | — | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full … | Jul 10, 2026 |
| CVE-2026-58591 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS). This issue affects Colorbox versions: from 0.0.0 … | Jul 10, 2026 |
| CVE-2026-58590 | UNKNOWN | — | Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | Jul 10, 2026 |
| CVE-2026-58589 | UNKNOWN | — | Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | Jul 10, 2026 |
| CVE-2026-58588 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: … | Jul 10, 2026 |
| CVE-2026-58587 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: … | Jul 10, 2026 |
| CVE-2026-58503 | UNKNOWN | — | Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the reset_password endpoint. This issue is fixed … | Jul 10, 2026 |
| CVE-2026-57584 | UNKNOWN | — | Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled … | Jul 10, 2026 |
| CVE-2026-55884 | UNKNOWN | — | Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux … | Jul 10, 2026 |
| CVE-2026-55883 | UNKNOWN | — | Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a … | Jul 10, 2026 |
| CVE-2026-55882 | UNKNOWN | — | Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug … | Jul 10, 2026 |
| CVE-2026-55852 | UNKNOWN | — | Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members were not sufficiently … | Jul 10, 2026 |
| CVE-2026-55810 | UNKNOWN | — | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2. | Jul 10, 2026 |
| CVE-2026-55809 | UNKNOWN | — | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 … | Jul 10, 2026 |
| CVE-2026-55808 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core versions: … | Jul 10, 2026 |
| CVE-2026-55807 | UNKNOWN | — | Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from … | Jul 10, 2026 |
| CVE-2026-55806 | UNKNOWN | — | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, … | Jul 10, 2026 |