Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-14896 | MEDIUM | 4.2 | HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the … | Jul 08, 2026 |
| CVE-2026-13320 | HIGH | 7.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … | Jul 08, 2026 |
| CVE-2026-13151 | LOW | 2.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … | Jul 08, 2026 |
| CVE-2026-11827 | MEDIUM | 4.9 | GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … | Jul 08, 2026 |
| CVE-2026-0288 | UNKNOWN | — | Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access … | Jul 08, 2026 |
| CVE-2025-12506 | LOW | 3.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain … | Jul 08, 2026 |
| CVE-2026-8801 | LOW | 3.5 | Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4. | Jul 08, 2026 |
| CVE-2026-8800 | LOW | 2.7 | Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3. | Jul 08, 2026 |
| CVE-2026-8651 | LOW | 3.7 | Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3. | Jul 08, 2026 |
| CVE-2026-8650 | MEDIUM | 4.5 | Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3. | Jul 08, 2026 |
| CVE-2026-8649 | MEDIUM | 6.4 | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: before 2025.0.7, from … | Jul 08, 2026 |
| CVE-2026-60104 | HIGH | 8.7 | Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, allowing a low-privileged organization member … | Jul 08, 2026 |
| CVE-2026-59948 | HIGH | 7.0 | Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org … | Jul 08, 2026 |
| CVE-2026-59947 | MEDIUM | 4.7 | Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print … | Jul 08, 2026 |
| CVE-2026-59946 | MEDIUM | 6.1 | Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve … | Jul 08, 2026 |
| CVE-2026-59939 | HIGH | 7.5 | httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or … | Jul 08, 2026 |
| CVE-2026-59936 | UNKNOWN | — | pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a … | Jul 08, 2026 |
| CVE-2026-59935 | UNKNOWN | — | pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a … | Jul 08, 2026 |
| CVE-2026-59822 | UNKNOWN | — | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed … | Jul 08, 2026 |
| CVE-2026-59821 | UNKNOWN | — | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create … | Jul 08, 2026 |
| CVE-2026-59820 | UNKNOWN | — | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not … | Jul 08, 2026 |
| CVE-2026-59819 | UNKNOWN | — | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM's /health/test_connection endpoint resolved request-supplied environment … | Jul 08, 2026 |
| CVE-2026-59807 | MEDIUM | 6.8 | Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check … | Jul 08, 2026 |
| CVE-2026-59806 | HIGH | 7.4 | Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF … | Jul 08, 2026 |
| CVE-2026-59805 | MEDIUM | 6.5 | Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by … | Jul 08, 2026 |