Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22832
Total
1629
Critical
7118
High
7284
Medium
CVE ID Severity Score Description Published
CVE-2026-53448 HIGH 7.2 Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly … Jul 10, 2026
CVE-2026-15146 MEDIUM 5.9 GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or … Jul 10, 2026
CVE-2025-30008 MEDIUM 4.6 HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a … Jul 10, 2026
CVE-2025-30007 HIGH 8.8 HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote … Jul 10, 2026
CVE-2026-57476 MEDIUM 4.8 Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into … Jul 10, 2026
CVE-2026-57475 MEDIUM 5.3 Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. … Jul 10, 2026
CVE-2026-57474 MEDIUM 5.3 Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. … Jul 10, 2026
CVE-2026-56668 HIGH 8.1 ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token … Jul 10, 2026
CVE-2026-56667 HIGH 7.3 ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without … Jul 10, 2026
CVE-2026-56666 MEDIUM 4.8 ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but … Jul 10, 2026
CVE-2026-56665 MEDIUM 4.2 ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 … Jul 10, 2026
CVE-2026-56664 MEDIUM 4.2 ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token … Jul 10, 2026
CVE-2026-55672 HIGH 7.4 ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to … Jul 10, 2026
CVE-2026-55671 UNKNOWN ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do … Jul 10, 2026
CVE-2026-55670 UNKNOWN ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user … Jul 10, 2026
CVE-2026-53780 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jul 10, 2026
CVE-2026-2397 CRITICAL 9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue … Jul 10, 2026
CVE-2026-59193 MEDIUM 4.9 Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted … Jul 10, 2026
CVE-2026-59190 UNKNOWN grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker … Jul 10, 2026
CVE-2026-59180 LOW 3.1 Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to … Jul 10, 2026
CVE-2026-59162 UNKNOWN Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks … Jul 10, 2026
CVE-2026-59161 UNKNOWN Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows … Jul 10, 2026
CVE-2026-59154 MEDIUM 4.3 Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for … Jul 10, 2026
CVE-2026-58493 UNKNOWN grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such … Jul 10, 2026
CVE-2026-58492 UNKNOWN grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string … Jul 10, 2026