Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22832
Total
1629
Critical
7118
High
7284
Medium
CVE ID Severity Score Description Published
CVE-2026-57167 UNKNOWN PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping … Jul 10, 2026
CVE-2026-56675 HIGH 8.3 9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, … Jul 10, 2026
CVE-2026-55890 MEDIUM 4.8 Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action (CVE-2026-42841) leaves the sibling … Jul 10, 2026
CVE-2026-55885 MEDIUM 6.8 Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation … Jul 10, 2026
CVE-2026-55783 UNKNOWN NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied … Jul 10, 2026
CVE-2026-55782 UNKNOWN NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit … Jul 10, 2026
CVE-2026-55781 UNKNOWN NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock … Jul 10, 2026
CVE-2026-55780 UNKNOWN NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer … Jul 10, 2026
CVE-2026-55687 HIGH 7.5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in … Jul 10, 2026
CVE-2026-55669 MEDIUM 4.2 ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer (iss) … Jul 10, 2026
CVE-2026-55641 HIGH 8.2 9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled … Jul 10, 2026
CVE-2026-55638 HIGH 8.6 9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs … Jul 10, 2026
CVE-2026-54919 HIGH 7.4 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from … Jul 10, 2026
CVE-2026-54063 HIGH 7.5 Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row … Jul 10, 2026
CVE-2026-53657 HIGH 8.2 Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an … Jul 10, 2026
CVE-2026-53653 UNKNOWN Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image … Jul 10, 2026
CVE-2026-51119 CRITICAL 9.1 An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components Jul 10, 2026
CVE-2026-3251 MEDIUM 6.4 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum … Jul 10, 2026
CVE-2026-39903 HIGH 7.1 Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator … Jul 10, 2026
CVE-2026-39244 HIGH 7.5 adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, … Jul 10, 2026
CVE-2026-2398 HIGH 8.8 Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. … Jul 10, 2026
CVE-2026-1667 HIGH 7.2 The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and … Jul 10, 2026
CVE-2026-15377 MEDIUM 4.3 A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes … Jul 10, 2026
CVE-2026-15376 MEDIUM 6.3 A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. … Jul 10, 2026
CVE-2025-70796 HIGH 7.5 An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft … Jul 10, 2026