Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-59804 | MEDIUM | 6.8 | Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active … | Jul 08, 2026 |
| CVE-2026-59803 | HIGH | 7.5 | rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode (protocol/message.go). When a message has the compression flag set, the payload is … | Jul 08, 2026 |
| CVE-2026-59802 | HIGH | 8.2 | PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the valid_url function. Attackers can create malicious pushes containing … | Jul 08, 2026 |
| CVE-2026-58501 | MEDIUM | 5.9 | Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, … | Jul 08, 2026 |
| CVE-2026-58254 | UNKNOWN | — | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were … | Jul 08, 2026 |
| CVE-2026-58253 | HIGH | 8.8 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, … | Jul 08, 2026 |
| CVE-2026-58252 | MEDIUM | 6.5 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could … | Jul 08, 2026 |
| CVE-2026-58251 | MEDIUM | 6.5 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with … | Jul 08, 2026 |
| CVE-2026-58250 | HIGH | 7.5 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network … | Jul 08, 2026 |
| CVE-2026-58214 | MEDIUM | 4.3 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could … | Jul 08, 2026 |
| CVE-2026-58213 | HIGH | 7.1 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include … | Jul 08, 2026 |
| CVE-2026-58212 | UNKNOWN | — | Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be … | Jul 08, 2026 |
| CVE-2026-58210 | HIGH | 7.5 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could … | Jul 08, 2026 |
| CVE-2026-58209 | MEDIUM | 4.3 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and … | Jul 08, 2026 |
| CVE-2026-55760 | HIGH | 7.5 | Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader are vulnerable … | Jul 08, 2026 |
| CVE-2026-55575 | UNKNOWN | — | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full … | Jul 08, 2026 |
| CVE-2026-55404 | HIGH | 7.5 | yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled … | Jul 08, 2026 |
| CVE-2026-53624 | MEDIUM | 4.8 | Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even … | Jul 08, 2026 |
| CVE-2026-45045 | MEDIUM | 5.3 | Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of … | Jul 08, 2026 |
| CVE-2026-44512 | MEDIUM | 5.5 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() … | Jul 08, 2026 |
| CVE-2026-44332 | MEDIUM | 5.3 | Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit … | Jul 08, 2026 |
| CVE-2026-36028 | MEDIUM | 6.8 | A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset | Jul 08, 2026 |
| CVE-2026-36027 | MEDIUM | 6.8 | An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge … | Jul 08, 2026 |
| CVE-2026-15154 | MEDIUM | 6.5 | A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a … | Jul 08, 2026 |
| CVE-2026-14891 | HIGH | 8.7 | HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a … | Jul 08, 2026 |