Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-51923 | HIGH | 8.1 | An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings … | Jul 09, 2026 |
| CVE-2026-33801 | MEDIUM | 6.5 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows … | Jul 09, 2026 |
| CVE-2026-33800 | MEDIUM | 6.5 | An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent … | Jul 09, 2026 |
| CVE-2026-33799 | MEDIUM | 4.3 | An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific … | Jul 09, 2026 |
| CVE-2026-33794 | MEDIUM | 5.9 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit (evo-aftmand) of Juniper Networks Junos OS Evolved on PTX Series allows … | Jul 09, 2026 |
| CVE-2026-31267 | MEDIUM | 5.7 | Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface … | Jul 09, 2026 |
| CVE-2026-21901 | MEDIUM | 4.4 | A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting … | Jul 09, 2026 |
| CVE-2025-45422 | UNKNOWN | — | Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules. | Jul 09, 2026 |
| CVE-2026-15270 | HIGH | 7.5 | A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web … | Jul 09, 2026 |
| CVE-2026-0278 | UNKNOWN | — | Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement … | Jul 09, 2026 |
| CVE-2026-0277 | UNKNOWN | — | An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. … | Jul 09, 2026 |
| CVE-2026-0276 | UNKNOWN | — | A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user. | Jul 09, 2026 |
| CVE-2026-0275 | UNKNOWN | — | A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform … | Jul 09, 2026 |
| CVE-2026-59149 | MEDIUM | 6.5 | Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in … | Jul 09, 2026 |
| CVE-2026-59148 | HIGH | 8.8 | Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as … | Jul 09, 2026 |
| CVE-2026-58198 | MEDIUM | 5.5 | ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract() uses a predictable home-rooted output directory (~/ubuntu_data/ubuntu_dialogs) with a … | Jul 09, 2026 |
| CVE-2026-55590 | UNKNOWN | — | CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect() … | Jul 09, 2026 |
| CVE-2026-54695 | HIGH | 7.5 | Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket … | Jul 09, 2026 |
| CVE-2026-54005 | UNKNOWN | — | Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a role has the pages.access permission disabled allowed authenticated users … | Jul 09, 2026 |
| CVE-2026-54004 | UNKNOWN | — | Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for … | Jul 09, 2026 |
| CVE-2026-54003 | UNKNOWN | — | Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible … | Jul 09, 2026 |
| CVE-2026-54002 | UNKNOWN | — | Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call … | Jul 09, 2026 |
| CVE-2026-50188 | UNKNOWN | — | Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request(), Remote::get(), … | Jul 09, 2026 |
| CVE-2026-49276 | UNKNOWN | — | Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link … | Jul 09, 2026 |
| CVE-2026-49274 | UNKNOWN | — | Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission … | Jul 09, 2026 |