Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57167 | UNKNOWN | — | PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping … | Jul 10, 2026 |
| CVE-2026-56675 | HIGH | 8.3 | 9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, … | Jul 10, 2026 |
| CVE-2026-55890 | MEDIUM | 4.8 | Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action (CVE-2026-42841) leaves the sibling … | Jul 10, 2026 |
| CVE-2026-55885 | MEDIUM | 6.8 | Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation … | Jul 10, 2026 |
| CVE-2026-55783 | UNKNOWN | — | NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied … | Jul 10, 2026 |
| CVE-2026-55782 | UNKNOWN | — | NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit … | Jul 10, 2026 |
| CVE-2026-55781 | UNKNOWN | — | NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock … | Jul 10, 2026 |
| CVE-2026-55780 | UNKNOWN | — | NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer … | Jul 10, 2026 |
| CVE-2026-55687 | HIGH | 7.5 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in … | Jul 10, 2026 |
| CVE-2026-55669 | MEDIUM | 4.2 | ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer (iss) … | Jul 10, 2026 |
| CVE-2026-55641 | HIGH | 8.2 | 9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled … | Jul 10, 2026 |
| CVE-2026-55638 | HIGH | 8.6 | 9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs … | Jul 10, 2026 |
| CVE-2026-54919 | HIGH | 7.4 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from … | Jul 10, 2026 |
| CVE-2026-54063 | HIGH | 7.5 | Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row … | Jul 10, 2026 |
| CVE-2026-53657 | HIGH | 8.2 | Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an … | Jul 10, 2026 |
| CVE-2026-53653 | UNKNOWN | — | Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image … | Jul 10, 2026 |
| CVE-2026-51119 | CRITICAL | 9.1 | An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components | Jul 10, 2026 |
| CVE-2026-3251 | MEDIUM | 6.4 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum … | Jul 10, 2026 |
| CVE-2026-39903 | HIGH | 7.1 | Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator … | Jul 10, 2026 |
| CVE-2026-39244 | HIGH | 7.5 | adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, … | Jul 10, 2026 |
| CVE-2026-2398 | HIGH | 8.8 | Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. … | Jul 10, 2026 |
| CVE-2026-1667 | HIGH | 7.2 | The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and … | Jul 10, 2026 |
| CVE-2026-15377 | MEDIUM | 4.3 | A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes … | Jul 10, 2026 |
| CVE-2026-15376 | MEDIUM | 6.3 | A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. … | Jul 10, 2026 |
| CVE-2025-70796 | HIGH | 7.5 | An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft … | Jul 10, 2026 |