Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22471
Total
1617
Critical
6868
High
7196
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-56664 | MEDIUM | 4.2 | ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token … | Jul 10, 2026 |
| CVE-2026-55672 | HIGH | 7.4 | ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to … | Jul 10, 2026 |
| CVE-2026-55671 | UNKNOWN | — | ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do … | Jul 10, 2026 |
| CVE-2026-55670 | UNKNOWN | — | ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user … | Jul 10, 2026 |
| CVE-2026-53780 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jul 10, 2026 |
| CVE-2026-2397 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue … | Jul 10, 2026 |
| CVE-2026-59193 | MEDIUM | 4.9 | Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted … | Jul 10, 2026 |
| CVE-2026-59190 | UNKNOWN | — | grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker … | Jul 10, 2026 |
| CVE-2026-59180 | LOW | 3.1 | Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to … | Jul 10, 2026 |
| CVE-2026-59162 | UNKNOWN | — | Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks … | Jul 10, 2026 |
| CVE-2026-59161 | UNKNOWN | — | Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows … | Jul 10, 2026 |
| CVE-2026-59154 | MEDIUM | 4.3 | Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for … | Jul 10, 2026 |
| CVE-2026-58493 | UNKNOWN | — | grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such … | Jul 10, 2026 |
| CVE-2026-58492 | UNKNOWN | — | grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string … | Jul 10, 2026 |
| CVE-2026-57167 | UNKNOWN | — | PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping … | Jul 10, 2026 |
| CVE-2026-56675 | HIGH | 8.3 | 9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, … | Jul 10, 2026 |
| CVE-2026-55890 | MEDIUM | 4.8 | Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action (CVE-2026-42841) leaves the sibling … | Jul 10, 2026 |
| CVE-2026-55885 | MEDIUM | 6.8 | Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation … | Jul 10, 2026 |
| CVE-2026-55783 | UNKNOWN | — | NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied … | Jul 10, 2026 |
| CVE-2026-55782 | UNKNOWN | — | NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit … | Jul 10, 2026 |
| CVE-2026-55781 | UNKNOWN | — | NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock … | Jul 10, 2026 |
| CVE-2026-55780 | UNKNOWN | — | NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer … | Jul 10, 2026 |
| CVE-2026-55687 | HIGH | 7.5 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in … | Jul 10, 2026 |
| CVE-2026-55669 | MEDIUM | 4.2 | ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer (iss) … | Jul 10, 2026 |
| CVE-2026-55641 | HIGH | 8.2 | 9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled … | Jul 10, 2026 |