Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22471
Total
1617
Critical
6868
High
7196
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-55638 | HIGH | 8.6 | 9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs … | Jul 10, 2026 |
| CVE-2026-54919 | HIGH | 7.4 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from … | Jul 10, 2026 |
| CVE-2026-54063 | HIGH | 7.5 | Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row … | Jul 10, 2026 |
| CVE-2026-53657 | HIGH | 8.2 | Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an … | Jul 10, 2026 |
| CVE-2026-53653 | UNKNOWN | — | Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image … | Jul 10, 2026 |
| CVE-2026-51119 | CRITICAL | 9.1 | An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components | Jul 10, 2026 |
| CVE-2026-3251 | MEDIUM | 6.4 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum … | Jul 10, 2026 |
| CVE-2026-39903 | HIGH | 7.1 | Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator … | Jul 10, 2026 |
| CVE-2026-39244 | HIGH | 7.5 | adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, … | Jul 10, 2026 |
| CVE-2026-2398 | HIGH | 8.8 | Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. … | Jul 10, 2026 |
| CVE-2026-1667 | HIGH | 7.2 | The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and … | Jul 10, 2026 |
| CVE-2026-15377 | MEDIUM | 4.3 | A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes … | Jul 10, 2026 |
| CVE-2026-15376 | MEDIUM | 6.3 | A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. … | Jul 10, 2026 |
| CVE-2025-70796 | HIGH | 7.5 | An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft … | Jul 10, 2026 |
| CVE-2026-8609 | MEDIUM | 5.3 | An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the … | Jul 10, 2026 |
| CVE-2026-8595 | MEDIUM | 6.8 | A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the … | Jul 10, 2026 |
| CVE-2026-56676 | HIGH | 7.4 | 9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the … | Jul 10, 2026 |
| CVE-2026-55501 | HIGH | 7.3 | 9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled … | Jul 10, 2026 |
| CVE-2026-55500 | CRITICAL | 9.9 | 9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, … | Jul 10, 2026 |
| CVE-2026-54149 | HIGH | 8.8 | MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py do not … | Jul 10, 2026 |
| CVE-2026-54001 | UNKNOWN | — | osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap … | Jul 10, 2026 |
| CVE-2026-54000 | UNKNOWN | — | osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap … | Jul 10, 2026 |
| CVE-2026-46388 | MEDIUM | 4.4 | osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery … | Jul 10, 2026 |
| CVE-2026-33382 | HIGH | 7.5 | Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very … | Jul 10, 2026 |
| CVE-2026-15375 | MEDIUM | 4.3 | A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User … | Jul 10, 2026 |