Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22296
Total
1591
Critical
6822
High
7139
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-61463 | HIGH | 8.8 | Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can … | Jul 13, 2026 |
| CVE-2026-61462 | HIGH | 8.6 | mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can … | Jul 13, 2026 |
| CVE-2026-60103 | MEDIUM | 6.1 | Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted … | Jul 13, 2026 |
| CVE-2026-53365 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix zerocopy completion for multi-skb sends When a large message is fragmented into multiple … | Jul 13, 2026 |
| CVE-2026-53364 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate() hci_le_big_terminate() allocates iso_list_data via kzalloc_obj but returns 0 … | Jul 13, 2026 |
| CVE-2026-57433 | UNKNOWN | — | Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from … | Jul 13, 2026 |
| CVE-2026-57432 | UNKNOWN | — | Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size … | Jul 13, 2026 |
| CVE-2026-13221 | UNKNOWN | — | Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie … | Jul 13, 2026 |
| CVE-2026-61692 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61454. Reason: This candidate is a duplicate of CVE-2026-61454. Notes: All CVE users … | Jul 13, 2026 |
| CVE-2026-59245 | UNKNOWN | — | In the Apache Airflow FAB auth manager, a DAG whose `dag_id` is `DAGs` collided with the global all-DAGs permission resource name produced by `resource_name()`, so … | Jul 13, 2026 |
| CVE-2026-58065 | UNKNOWN | — | The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path … | Jul 13, 2026 |
| CVE-2026-6847 | UNKNOWN | — | Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated … | Jul 13, 2026 |
| CVE-2026-61498 | CRITICAL | 9.8 | Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gen_graphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying … | Jul 13, 2026 |
| CVE-2026-60121 | CRITICAL | 9.8 | Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/ping.php endpoint that allows remote attackers to execute arbitrary commands by exploiting a … | Jul 13, 2026 |
| CVE-2026-40553 | UNKNOWN | — | Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk (ftype() routine). This issue could be used to crash the program and potentially … | Jul 13, 2026 |
| CVE-2026-40469 | UNKNOWN | — | Integer overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue could be used to overwrite gawk heap metadata and … | Jul 13, 2026 |
| CVE-2026-40468 | UNKNOWN | — | Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and … | Jul 13, 2026 |
| CVE-2026-40467 | UNKNOWN | — | Use After Free vulnerability has been found in "io.c" program file of gawk (do_getline_redir() routine). This issue may lead to a crash. It affects gawk … | Jul 13, 2026 |
| CVE-2026-15584 | HIGH | 7.5 | A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared … | Jul 13, 2026 |
| CVE-2026-15559 | MEDIUM | 6.3 | A vulnerability was detected in CodeAstro Simple Online Leave Management System 1.0. This affects an unknown part of the file /SimpleOnlineLeave/admin/accept.php of the component POST … | Jul 13, 2026 |
| CVE-2026-62147 | MEDIUM | 6.5 | The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated … | Jul 13, 2026 |
| CVE-2026-15558 | MEDIUM | 6.3 | A security vulnerability has been detected in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file … | Jul 13, 2026 |
| CVE-2026-12257 | UNKNOWN | — | Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution (RCE) vulnerability. The flaw is located in the endpoint “/index.cfm/_api/json/v1/default”, where the … | Jul 13, 2026 |
| CVE-2026-9824 | MEDIUM | 4.3 | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an … | Jul 13, 2026 |
| CVE-2026-9820 | LOW | 3.8 | Mattermost versions 11.7.x <= 11.7.2, 10.11.x <= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the … | Jul 13, 2026 |