Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-59828 | MEDIUM | 5.3 | Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked … | Jul 09, 2026 |
| CVE-2026-58144 | MEDIUM | 5.4 | Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying … | Jul 09, 2026 |
| CVE-2026-58143 | HIGH | 8.8 | Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into … | Jul 09, 2026 |
| CVE-2026-58123 | CRITICAL | 9.8 | Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal … | Jul 09, 2026 |
| CVE-2026-58122 | CRITICAL | 9.1 | Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a … | Jul 09, 2026 |
| CVE-2026-57054 | MEDIUM | 5.8 | A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based … | Jul 09, 2026 |
| CVE-2026-57032 | MEDIUM | 6.5 | An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated … | Jul 09, 2026 |
| CVE-2026-57031 | MEDIUM | 4.7 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent … | Jul 09, 2026 |
| CVE-2026-57030 | MEDIUM | 5.9 | A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX … | Jul 09, 2026 |
| CVE-2026-57029 | MEDIUM | 5.3 | A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause … | Jul 09, 2026 |
| CVE-2026-57028 | HIGH | 7.3 | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. … | Jul 09, 2026 |
| CVE-2026-57027 | MEDIUM | 6.5 | A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices … | Jul 09, 2026 |
| CVE-2026-57026 | HIGH | 7.5 | An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX … | Jul 09, 2026 |
| CVE-2026-57025 | MEDIUM | 5.5 | A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a … | Jul 09, 2026 |
| CVE-2026-57024 | MEDIUM | 5.3 | A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX … | Jul 09, 2026 |
| CVE-2026-57023 | HIGH | 7.5 | An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and … | Jul 09, 2026 |
| CVE-2026-57022 | MEDIUM | 5.9 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and … | Jul 09, 2026 |
| CVE-2026-57021 | MEDIUM | 5.3 | An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service … | Jul 09, 2026 |
| CVE-2026-57020 | MEDIUM | 6.5 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an … | Jul 09, 2026 |
| CVE-2026-57019 | MEDIUM | 6.5 | An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an … | Jul 09, 2026 |
| CVE-2026-55689 | MEDIUM | 6.8 | OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer … | Jul 09, 2026 |
| CVE-2026-55605 | MEDIUM | 5.3 | DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of `@arikusi/deepseek-mcp-server` … | Jul 09, 2026 |
| CVE-2026-55604 | HIGH | 8.6 | DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global `SessionStore` accepts caller-supplied `session_id` … | Jul 09, 2026 |
| CVE-2026-55424 | UNKNOWN | — | Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link" was not sufficiently normalized and escaped before being … | Jul 09, 2026 |
| CVE-2026-55170 | UNKNOWN | — | OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive … | Jul 09, 2026 |