Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-59804 MEDIUM 6.8 Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active … Jul 08, 2026
CVE-2026-59803 HIGH 7.5 rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode (protocol/message.go). When a message has the compression flag set, the payload is … Jul 08, 2026
CVE-2026-59802 HIGH 8.2 PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the valid_url function. Attackers can create malicious pushes containing … Jul 08, 2026
CVE-2026-58501 MEDIUM 5.9 Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, … Jul 08, 2026
CVE-2026-58254 UNKNOWN NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were … Jul 08, 2026
CVE-2026-58253 HIGH 8.8 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, … Jul 08, 2026
CVE-2026-58252 MEDIUM 6.5 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could … Jul 08, 2026
CVE-2026-58251 MEDIUM 6.5 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with … Jul 08, 2026
CVE-2026-58250 HIGH 7.5 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network … Jul 08, 2026
CVE-2026-58214 MEDIUM 4.3 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could … Jul 08, 2026
CVE-2026-58213 HIGH 7.1 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include … Jul 08, 2026
CVE-2026-58212 UNKNOWN Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be … Jul 08, 2026
CVE-2026-58210 HIGH 7.5 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could … Jul 08, 2026
CVE-2026-58209 MEDIUM 4.3 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and … Jul 08, 2026
CVE-2026-55760 HIGH 7.5 Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader are vulnerable … Jul 08, 2026
CVE-2026-55575 UNKNOWN LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full … Jul 08, 2026
CVE-2026-55404 HIGH 7.5 yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled … Jul 08, 2026
CVE-2026-53624 MEDIUM 4.8 Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even … Jul 08, 2026
CVE-2026-45045 MEDIUM 5.3 Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of … Jul 08, 2026
CVE-2026-44512 MEDIUM 5.5 Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() … Jul 08, 2026
CVE-2026-44332 MEDIUM 5.3 Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit … Jul 08, 2026
CVE-2026-36028 MEDIUM 6.8 A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset Jul 08, 2026
CVE-2026-36027 MEDIUM 6.8 An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge … Jul 08, 2026
CVE-2026-15154 MEDIUM 6.5 A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a … Jul 08, 2026
CVE-2026-14891 HIGH 8.7 HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a … Jul 08, 2026