Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22471
Total
1617
Critical
6868
High
7196
Medium
CVE ID Severity Score Description Published
CVE-2026-56664 MEDIUM 4.2 ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token … Jul 10, 2026
CVE-2026-55672 HIGH 7.4 ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to … Jul 10, 2026
CVE-2026-55671 UNKNOWN ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do … Jul 10, 2026
CVE-2026-55670 UNKNOWN ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user … Jul 10, 2026
CVE-2026-53780 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jul 10, 2026
CVE-2026-2397 CRITICAL 9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue … Jul 10, 2026
CVE-2026-59193 MEDIUM 4.9 Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted … Jul 10, 2026
CVE-2026-59190 UNKNOWN grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker … Jul 10, 2026
CVE-2026-59180 LOW 3.1 Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to … Jul 10, 2026
CVE-2026-59162 UNKNOWN Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks … Jul 10, 2026
CVE-2026-59161 UNKNOWN Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows … Jul 10, 2026
CVE-2026-59154 MEDIUM 4.3 Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for … Jul 10, 2026
CVE-2026-58493 UNKNOWN grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such … Jul 10, 2026
CVE-2026-58492 UNKNOWN grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string … Jul 10, 2026
CVE-2026-57167 UNKNOWN PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping … Jul 10, 2026
CVE-2026-56675 HIGH 8.3 9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, … Jul 10, 2026
CVE-2026-55890 MEDIUM 4.8 Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action (CVE-2026-42841) leaves the sibling … Jul 10, 2026
CVE-2026-55885 MEDIUM 6.8 Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation … Jul 10, 2026
CVE-2026-55783 UNKNOWN NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied … Jul 10, 2026
CVE-2026-55782 UNKNOWN NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit … Jul 10, 2026
CVE-2026-55781 UNKNOWN NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock … Jul 10, 2026
CVE-2026-55780 UNKNOWN NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer … Jul 10, 2026
CVE-2026-55687 HIGH 7.5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in … Jul 10, 2026
CVE-2026-55669 MEDIUM 4.2 ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer (iss) … Jul 10, 2026
CVE-2026-55641 HIGH 8.2 9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled … Jul 10, 2026