Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-48492 | UNKNOWN | — | Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can … | Jul 08, 2026 |
| CVE-2026-44161 | HIGH | 7.2 | Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd … | Jul 08, 2026 |
| CVE-2026-44160 | HIGH | 7.5 | Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's in_http … | Jul 08, 2026 |
| CVE-2026-44025 | HIGH | 7.5 | Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor … | Jul 08, 2026 |
| CVE-2026-44024 | CRITICAL | 9.8 | Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows … | Jul 08, 2026 |
| CVE-2026-39179 | MEDIUM | 6.3 | A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality. | Jul 08, 2026 |
| CVE-2026-39178 | MEDIUM | 6.3 | A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint. | Jul 08, 2026 |
| CVE-2026-35552 | HIGH | 8.1 | In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged … | Jul 08, 2026 |
| CVE-2026-31309 | HIGH | 7.5 | Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node … | Jul 08, 2026 |
| CVE-2026-15168 | LOW | 2.5 | BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure | Jul 08, 2026 |
| CVE-2026-10037 | HIGH | 8.8 | A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable … | Jul 08, 2026 |
| CVE-2026-8472 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … | Jul 08, 2026 |
| CVE-2026-7492 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … | Jul 08, 2026 |
| CVE-2026-6896 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … | Jul 08, 2026 |
| CVE-2026-6352 | LOW | 2.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … | Jul 08, 2026 |
| CVE-2026-60105 | HIGH | 8.6 | Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP() function, … | Jul 08, 2026 |
| CVE-2026-59818 | MEDIUM | 6.5 | etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to … | Jul 08, 2026 |
| CVE-2026-58525 | HIGH | 8.2 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | Jul 08, 2026 |
| CVE-2026-58494 | MEDIUM | 6.5 | Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms … | Jul 08, 2026 |
| CVE-2026-58211 | MEDIUM | 5.4 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered … | Jul 08, 2026 |
| CVE-2026-58208 | MEDIUM | 6.8 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route … | Jul 08, 2026 |
| CVE-2026-58207 | HIGH | 7.7 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send … | Jul 08, 2026 |
| CVE-2026-58192 | HIGH | 8.6 | Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 1.1.6, the Appium storage … | Jul 08, 2026 |
| CVE-2026-58191 | MEDIUM | 6.5 | Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 10.7.0, Appium's base-driver unconditionally … | Jul 08, 2026 |
| CVE-2026-57481 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.13 and 8.6.83, a LiveQuery … | Jul 08, 2026 |