Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22471
Total
1617
Critical
6868
High
7196
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-13241 | UNKNOWN | — | Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0. | Jul 10, 2026 |
| CVE-2026-13240 | UNKNOWN | — | Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0. | Jul 10, 2026 |
| CVE-2026-13239 | UNKNOWN | — | Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0. | Jul 10, 2026 |
| CVE-2026-13238 | UNKNOWN | — | Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to … | Jul 10, 2026 |
| CVE-2026-13237 | UNKNOWN | — | Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from … | Jul 10, 2026 |
| CVE-2026-13236 | UNKNOWN | — | Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from … | Jul 10, 2026 |
| CVE-2026-13235 | UNKNOWN | — | Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to … | Jul 10, 2026 |
| CVE-2026-13234 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS). This issue affects AI (Artificial … | Jul 10, 2026 |
| CVE-2026-13233 | UNKNOWN | — | Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from … | Jul 10, 2026 |
| CVE-2026-13232 | UNKNOWN | — | Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Forceful Browsing. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to … | Jul 10, 2026 |
| CVE-2026-13231 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Stored XSS. This issue affects Advanced … | Jul 10, 2026 |
| CVE-2026-12535 | UNKNOWN | — | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0. | Jul 10, 2026 |
| CVE-2026-11909 | UNKNOWN | — | Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6. | Jul 10, 2026 |
| CVE-2026-11908 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to … | Jul 10, 2026 |
| CVE-2026-10770 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk … | Jul 10, 2026 |
| CVE-2026-10769 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from … | Jul 10, 2026 |
| CVE-2026-10768 | UNKNOWN | — | Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0. | Jul 10, 2026 |
| CVE-2026-9726 | UNKNOWN | — | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce (Basket) allows Object Injection. This issue affects Drupal AlternativeCommerce (Basket) versions: from 0.0.0 … | Jul 10, 2026 |
| CVE-2026-7639 | UNKNOWN | — | Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating … | Jul 10, 2026 |
| CVE-2026-58499 | HIGH | 8.2 | EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message … | Jul 10, 2026 |
| CVE-2026-57807 | CRITICAL | 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password … | Jul 10, 2026 |
| CVE-2026-57575 | UNKNOWN | — | Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery (SSRF) vulnerability in URL preview functionality in … | Jul 10, 2026 |
| CVE-2026-57574 | UNKNOWN | — | Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where … | Jul 10, 2026 |
| CVE-2026-57230 | MEDIUM | 5.4 | OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries … | Jul 10, 2026 |
| CVE-2026-57221 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare … | Jul 10, 2026 |