Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53448 | HIGH | 7.2 | Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly … | Jul 10, 2026 |
| CVE-2026-15146 | MEDIUM | 5.9 | GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or … | Jul 10, 2026 |
| CVE-2025-30008 | MEDIUM | 4.6 | HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a … | Jul 10, 2026 |
| CVE-2025-30007 | HIGH | 8.8 | HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote … | Jul 10, 2026 |
| CVE-2026-57476 | MEDIUM | 4.8 | Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into … | Jul 10, 2026 |
| CVE-2026-57475 | MEDIUM | 5.3 | Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. … | Jul 10, 2026 |
| CVE-2026-57474 | MEDIUM | 5.3 | Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. … | Jul 10, 2026 |
| CVE-2026-56668 | HIGH | 8.1 | ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token … | Jul 10, 2026 |
| CVE-2026-56667 | HIGH | 7.3 | ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without … | Jul 10, 2026 |
| CVE-2026-56666 | MEDIUM | 4.8 | ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but … | Jul 10, 2026 |
| CVE-2026-56665 | MEDIUM | 4.2 | ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 … | Jul 10, 2026 |
| CVE-2026-56664 | MEDIUM | 4.2 | ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token … | Jul 10, 2026 |
| CVE-2026-55672 | HIGH | 7.4 | ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to … | Jul 10, 2026 |
| CVE-2026-55671 | UNKNOWN | — | ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do … | Jul 10, 2026 |
| CVE-2026-55670 | UNKNOWN | — | ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user … | Jul 10, 2026 |
| CVE-2026-53780 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jul 10, 2026 |
| CVE-2026-2397 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue … | Jul 10, 2026 |
| CVE-2026-59193 | MEDIUM | 4.9 | Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted … | Jul 10, 2026 |
| CVE-2026-59190 | UNKNOWN | — | grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker … | Jul 10, 2026 |
| CVE-2026-59180 | LOW | 3.1 | Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to … | Jul 10, 2026 |
| CVE-2026-59162 | UNKNOWN | — | Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks … | Jul 10, 2026 |
| CVE-2026-59161 | UNKNOWN | — | Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows … | Jul 10, 2026 |
| CVE-2026-59154 | MEDIUM | 4.3 | Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for … | Jul 10, 2026 |
| CVE-2026-58493 | UNKNOWN | — | grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such … | Jul 10, 2026 |
| CVE-2026-58492 | UNKNOWN | — | grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string … | Jul 10, 2026 |