Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22971
Total
1632
Critical
7220
High
7324
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-51600 | HIGH | 7.5 | Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests (including DESCRIBE, SETUP, and PLAY methods). When a request carrying … | Jul 09, 2026 |
| CVE-2026-51599 | UNKNOWN | — | An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual … | Jul 09, 2026 |
| CVE-2026-51598 | MEDIUM | 6.5 | An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n) allows an unauthenticated, network-adjacent attacker to cause a … | Jul 09, 2026 |
| CVE-2026-51597 | UNKNOWN | — | MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate … | Jul 09, 2026 |
| CVE-2026-15308 | UNKNOWN | — | The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. | Jul 09, 2026 |
| CVE-2026-15194 | LOW | 3.3 | A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_final of the file src/amf/context.c of the component AMF. Performing a manipulation … | Jul 09, 2026 |
| CVE-2026-15193 | MEDIUM | 5.3 | A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android … | Jul 09, 2026 |
| CVE-2026-15192 | MEDIUM | 6.5 | A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads … | Jul 09, 2026 |
| CVE-2026-15191 | MEDIUM | 6.3 | A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation … | Jul 09, 2026 |
| CVE-2026-15190 | HIGH | 7.3 | A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation … | Jul 09, 2026 |
| CVE-2026-13462 | HIGH | 7.5 | PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and … | Jul 09, 2026 |
| CVE-2026-13461 | UNKNOWN | — | When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript … | Jul 09, 2026 |
| CVE-2026-61474 | UNKNOWN | — | An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharing_group_id without triggering the … | Jul 09, 2026 |
| CVE-2026-59208 | MEDIUM | 6.8 | n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted … | Jul 09, 2026 |
| CVE-2026-59207 | MEDIUM | 6.5 | n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains … | Jul 09, 2026 |
| CVE-2026-59206 | HIGH | 7.1 | n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype … | Jul 09, 2026 |
| CVE-2026-58125 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jul 09, 2026 |
| CVE-2026-42486 | UNKNOWN | — | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, … | Jul 09, 2026 |
| CVE-2026-23562 | UNKNOWN | — | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, … | Jul 09, 2026 |
| CVE-2026-23561 | UNKNOWN | — | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, … | Jul 09, 2026 |
| CVE-2026-23560 | UNKNOWN | — | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, … | Jul 09, 2026 |
| CVE-2026-23559 | UNKNOWN | — | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, … | Jul 09, 2026 |
| CVE-2026-23556 | UNKNOWN | — | When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually … | Jul 09, 2026 |
| CVE-2026-15189 | MEDIUM | 6.3 | A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aaf743f88d91347115e09ba23. Affected by this issue is the function upload_media of the component mcp-whatsapp. Such … | Jul 09, 2026 |
| CVE-2026-15188 | MEDIUM | 6.3 | A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the … | Jul 09, 2026 |