Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-13492 | HIGH | 8.8 | The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of … | Jul 09, 2026 |
| CVE-2026-0287 | UNKNOWN | — | Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) … | Jul 09, 2026 |
| CVE-2026-0286 | UNKNOWN | — | A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. … | Jul 09, 2026 |
| CVE-2026-0285 | UNKNOWN | — | A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to … | Jul 09, 2026 |
| CVE-2026-0284 | UNKNOWN | — | An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to … | Jul 09, 2026 |
| CVE-2026-0283 | UNKNOWN | — | An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass … | Jul 09, 2026 |
| CVE-2026-0282 | UNKNOWN | — | A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files … | Jul 09, 2026 |
| CVE-2026-0281 | UNKNOWN | — | An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web … | Jul 09, 2026 |
| CVE-2026-0280 | UNKNOWN | — | An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing … | Jul 09, 2026 |
| CVE-2026-0279 | UNKNOWN | — | Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® … | Jul 09, 2026 |
| CVE-2025-63579 | HIGH | 7.5 | Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian … | Jul 09, 2026 |
| CVE-2026-61344 | MEDIUM | 5.3 | The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information without authentication. | Jul 09, 2026 |
| CVE-2026-61343 | HIGH | 7.2 | LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to … | Jul 09, 2026 |
| CVE-2026-59827 | CRITICAL | 9.9 | Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including … | Jul 09, 2026 |
| CVE-2026-59826 | CRITICAL | 9.1 | Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection … | Jul 09, 2026 |
| CVE-2026-59817 | MEDIUM | 5.3 | Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata … | Jul 09, 2026 |
| CVE-2026-59734 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generate_healthcheck_commands() function directly interpolated the health_check_host, health_check_method, … | Jul 09, 2026 |
| CVE-2026-59726 | CRITICAL | 10.0 | Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST … | Jul 09, 2026 |
| CVE-2026-59721 | HIGH | 7.2 | Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and validateSMTPUrl in … | Jul 09, 2026 |
| CVE-2026-59720 | HIGH | 7.5 | Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma … | Jul 09, 2026 |
| CVE-2026-59221 | HIGH | 7.7 | Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _sanitize_proxy_path in backend/open_webui/routers/terminals.py decoded proxy paths only eight times, allowing … | Jul 09, 2026 |
| CVE-2026-58378 | HIGH | 8.8 | Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root … | Jul 09, 2026 |
| CVE-2026-55420 | HIGH | 7.5 | Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to … | Jul 09, 2026 |
| CVE-2026-43752 | MEDIUM | 4.9 | An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM … | Jul 09, 2026 |
| CVE-2026-15204 | MEDIUM | 5.3 | A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. … | Jul 09, 2026 |