Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22471
Total
1617
Critical
6868
High
7196
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57220 | HIGH | 7.5 | RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames … | Jul 10, 2026 |
| CVE-2026-57219 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client … | Jul 10, 2026 |
| CVE-2026-57218 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry … | Jul 10, 2026 |
| CVE-2026-57217 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during … | Jul 10, 2026 |
| CVE-2026-57216 | MEDIUM | 6.8 | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a … | Jul 10, 2026 |
| CVE-2026-57215 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues … | Jul 10, 2026 |
| CVE-2026-57214 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title … | Jul 10, 2026 |
| CVE-2026-57213 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_federation_management plugin renders the consumer_tag field on the Federation Status … | Jul 10, 2026 |
| CVE-2026-57212 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_management HTTP API accepts oversized valid JSON bodies on with_decode … | Jul 10, 2026 |
| CVE-2026-57211 | MEDIUM | 6.5 | RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded … | Jul 10, 2026 |
| CVE-2026-55881 | UNKNOWN | — | OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely … | Jul 10, 2026 |
| CVE-2026-55880 | HIGH | 7.1 | OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that … | Jul 10, 2026 |
| CVE-2026-55879 | CRITICAL | 9.3 | OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any … | Jul 10, 2026 |
| CVE-2026-55665 | UNKNOWN | — | Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a … | Jul 10, 2026 |
| CVE-2026-55664 | MEDIUM | 4.3 | Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the … | Jul 10, 2026 |
| CVE-2026-55659 | HIGH | 7.7 | Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into … | Jul 10, 2026 |
| CVE-2026-55405 | HIGH | 7.6 | LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores … | Jul 10, 2026 |
| CVE-2026-55233 | HIGH | 7.5 | OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When … | Jul 10, 2026 |
| CVE-2026-55229 | HIGH | 7.5 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically … | Jul 10, 2026 |
| CVE-2026-55213 | HIGH | 7.5 | h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the … | Jul 10, 2026 |
| CVE-2026-45203 | UNKNOWN | — | Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted … | Jul 10, 2026 |
| CVE-2026-45196 | UNKNOWN | — | Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can … | Jul 10, 2026 |
| CVE-2026-41154 | UNKNOWN | — | Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than … | Jul 10, 2026 |
| CVE-2026-34196 | UNKNOWN | — | Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses … | Jul 10, 2026 |
| CVE-2026-13039 | MEDIUM | 5.3 | The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to authorization bypass due to a regression in … | Jul 10, 2026 |