Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22471
Total
1617
Critical
6868
High
7196
Medium
CVE ID Severity Score Description Published
CVE-2026-55638 HIGH 8.6 9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs … Jul 10, 2026
CVE-2026-54919 HIGH 7.4 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from … Jul 10, 2026
CVE-2026-54063 HIGH 7.5 Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row … Jul 10, 2026
CVE-2026-53657 HIGH 8.2 Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an … Jul 10, 2026
CVE-2026-53653 UNKNOWN Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image … Jul 10, 2026
CVE-2026-51119 CRITICAL 9.1 An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components Jul 10, 2026
CVE-2026-3251 MEDIUM 6.4 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum … Jul 10, 2026
CVE-2026-39903 HIGH 7.1 Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator … Jul 10, 2026
CVE-2026-39244 HIGH 7.5 adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, … Jul 10, 2026
CVE-2026-2398 HIGH 8.8 Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. … Jul 10, 2026
CVE-2026-1667 HIGH 7.2 The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and … Jul 10, 2026
CVE-2026-15377 MEDIUM 4.3 A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes … Jul 10, 2026
CVE-2026-15376 MEDIUM 6.3 A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. … Jul 10, 2026
CVE-2025-70796 HIGH 7.5 An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft … Jul 10, 2026
CVE-2026-8609 MEDIUM 5.3 An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the … Jul 10, 2026
CVE-2026-8595 MEDIUM 6.8 A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the … Jul 10, 2026
CVE-2026-56676 HIGH 7.4 9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the … Jul 10, 2026
CVE-2026-55501 HIGH 7.3 9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled … Jul 10, 2026
CVE-2026-55500 CRITICAL 9.9 9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, … Jul 10, 2026
CVE-2026-54149 HIGH 8.8 MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py do not … Jul 10, 2026
CVE-2026-54001 UNKNOWN osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap … Jul 10, 2026
CVE-2026-54000 UNKNOWN osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap … Jul 10, 2026
CVE-2026-46388 MEDIUM 4.4 osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery … Jul 10, 2026
CVE-2026-33382 HIGH 7.5 Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very … Jul 10, 2026
CVE-2026-15375 MEDIUM 4.3 A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User … Jul 10, 2026