Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57480 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.12 and 8.6.82, deeply nested … | Jul 08, 2026 |
| CVE-2026-56669 | HIGH | 7.5 | Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization … | Jul 08, 2026 |
| CVE-2026-55778 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.11 and 8.6.81, the default … | Jul 08, 2026 |
| CVE-2026-55596 | HIGH | 8.7 | Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState … | Jul 08, 2026 |
| CVE-2026-55542 | UNKNOWN | — | Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated … | Jul 08, 2026 |
| CVE-2026-55206 | UNKNOWN | — | py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo._read() in archiveinfo.py used an O(n^2) … | Jul 08, 2026 |
| CVE-2026-55195 | UNKNOWN | — | py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress() extracted archive entries without … | Jul 08, 2026 |
| CVE-2026-54591 | HIGH | 8.1 | AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior … | Jul 08, 2026 |
| CVE-2026-54590 | MEDIUM | 5.9 | AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version … | Jul 08, 2026 |
| CVE-2026-54528 | HIGH | 7.1 | JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user … | Jul 08, 2026 |
| CVE-2026-54527 | UNKNOWN | — | JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader() method passes Git filenames directly to innerHTML when rendering renamed … | Jul 08, 2026 |
| CVE-2026-49866 | HIGH | 7.5 | libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT … | Jul 08, 2026 |
| CVE-2026-35211 | MEDIUM | 6.5 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter … | Jul 08, 2026 |
| CVE-2026-35210 | HIGH | 7.1 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any … | Jul 08, 2026 |
| CVE-2026-15174 | MEDIUM | 5.5 | Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Jul 08, 2026 |
| CVE-2026-15173 | MEDIUM | 4.7 | pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service | Jul 08, 2026 |
| CVE-2026-15172 | MEDIUM | 5.5 | FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Jul 08, 2026 |
| CVE-2026-15171 | MEDIUM | 5.5 | SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Jul 08, 2026 |
| CVE-2026-15170 | MEDIUM | 5.5 | Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Jul 08, 2026 |
| CVE-2026-15169 | MEDIUM | 5.5 | UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Jul 08, 2026 |
| CVE-2026-15167 | HIGH | 7.5 | DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Jul 08, 2026 |
| CVE-2026-15166 | MEDIUM | 5.5 | IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Jul 08, 2026 |
| CVE-2026-15165 | MEDIUM | 5.5 | TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service | Jul 08, 2026 |
| CVE-2026-15164 | MEDIUM | 5.5 | Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Jul 08, 2026 |
| CVE-2026-15163 | MEDIUM | 5.5 | Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service | Jul 08, 2026 |