Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10770 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk … | Jul 10, 2026 |
| CVE-2026-10769 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from … | Jul 10, 2026 |
| CVE-2026-10768 | UNKNOWN | — | Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0. | Jul 10, 2026 |
| CVE-2026-9726 | UNKNOWN | — | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce (Basket) allows Object Injection. This issue affects Drupal AlternativeCommerce (Basket) versions: from 0.0.0 … | Jul 10, 2026 |
| CVE-2026-7639 | UNKNOWN | — | Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating … | Jul 10, 2026 |
| CVE-2026-58499 | HIGH | 8.2 | EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message … | Jul 10, 2026 |
| CVE-2026-57807 | CRITICAL | 9.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password … | Jul 10, 2026 |
| CVE-2026-57575 | UNKNOWN | — | Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery (SSRF) vulnerability in URL preview functionality in … | Jul 10, 2026 |
| CVE-2026-57574 | UNKNOWN | — | Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where … | Jul 10, 2026 |
| CVE-2026-57230 | MEDIUM | 5.4 | OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries … | Jul 10, 2026 |
| CVE-2026-57221 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare … | Jul 10, 2026 |
| CVE-2026-57220 | HIGH | 7.5 | RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames … | Jul 10, 2026 |
| CVE-2026-57219 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client … | Jul 10, 2026 |
| CVE-2026-57218 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry … | Jul 10, 2026 |
| CVE-2026-57217 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during … | Jul 10, 2026 |
| CVE-2026-57216 | MEDIUM | 6.8 | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a … | Jul 10, 2026 |
| CVE-2026-57215 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues … | Jul 10, 2026 |
| CVE-2026-57214 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title … | Jul 10, 2026 |
| CVE-2026-57213 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_federation_management plugin renders the consumer_tag field on the Federation Status … | Jul 10, 2026 |
| CVE-2026-57212 | UNKNOWN | — | RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_management HTTP API accepts oversized valid JSON bodies on with_decode … | Jul 10, 2026 |
| CVE-2026-57211 | MEDIUM | 6.5 | RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded … | Jul 10, 2026 |
| CVE-2026-55881 | UNKNOWN | — | OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely … | Jul 10, 2026 |
| CVE-2026-55880 | HIGH | 7.1 | OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that … | Jul 10, 2026 |
| CVE-2026-55879 | CRITICAL | 9.3 | OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any … | Jul 10, 2026 |
| CVE-2026-55665 | UNKNOWN | — | Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a … | Jul 10, 2026 |