Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-48492 UNKNOWN Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can … Jul 08, 2026
CVE-2026-44161 HIGH 7.2 Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd … Jul 08, 2026
CVE-2026-44160 HIGH 7.5 Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's in_http … Jul 08, 2026
CVE-2026-44025 HIGH 7.5 Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor … Jul 08, 2026
CVE-2026-44024 CRITICAL 9.8 Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows … Jul 08, 2026
CVE-2026-39179 MEDIUM 6.3 A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality. Jul 08, 2026
CVE-2026-39178 MEDIUM 6.3 A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint. Jul 08, 2026
CVE-2026-35552 HIGH 8.1 In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged … Jul 08, 2026
CVE-2026-31309 HIGH 7.5 Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node … Jul 08, 2026
CVE-2026-15168 LOW 2.5 BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure Jul 08, 2026
CVE-2026-10037 HIGH 8.8 A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable … Jul 08, 2026
CVE-2026-8472 MEDIUM 4.3 GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … Jul 08, 2026
CVE-2026-7492 MEDIUM 4.3 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … Jul 08, 2026
CVE-2026-6896 HIGH 8.7 GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … Jul 08, 2026
CVE-2026-6352 LOW 2.7 GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … Jul 08, 2026
CVE-2026-60105 HIGH 8.6 Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP() function, … Jul 08, 2026
CVE-2026-59818 MEDIUM 6.5 etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to … Jul 08, 2026
CVE-2026-58525 HIGH 8.2 Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. Jul 08, 2026
CVE-2026-58494 MEDIUM 6.5 Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms … Jul 08, 2026
CVE-2026-58211 MEDIUM 5.4 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered … Jul 08, 2026
CVE-2026-58208 MEDIUM 6.8 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route … Jul 08, 2026
CVE-2026-58207 HIGH 7.7 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send … Jul 08, 2026
CVE-2026-58192 HIGH 8.6 Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 1.1.6, the Appium storage … Jul 08, 2026
CVE-2026-58191 MEDIUM 6.5 Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 10.7.0, Appium's base-driver unconditionally … Jul 08, 2026
CVE-2026-57481 UNKNOWN Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.13 and 8.6.83, a LiveQuery … Jul 08, 2026