Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-14373 HIGH 7.7 HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated … Jul 08, 2026
CVE-2026-14361 MEDIUM 4.7 The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be … Jul 08, 2026
CVE-2026-59938 UNKNOWN pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are … Jul 08, 2026
CVE-2026-59937 UNKNOWN pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause … Jul 08, 2026
CVE-2026-50813 MEDIUM 6.1 An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path Jul 08, 2026
CVE-2026-50812 MEDIUM 5.5 A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply … Jul 08, 2026
CVE-2026-14362 MEDIUM 4.9 HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to … Jul 08, 2026
CVE-2026-60102 HIGH 8.8 Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability in the Horde_Vfs_Smb driver where the _escapeShellCommand() method fails to sanitize … Jul 08, 2026
CVE-2026-59930 MEDIUM 4.3 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N … Jul 08, 2026
CVE-2026-59929 MEDIUM 6.1 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: … Jul 08, 2026
CVE-2026-59928 HIGH 7.5 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic … Jul 08, 2026
CVE-2026-59927 MEDIUM 5.3 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect … Jul 08, 2026
CVE-2026-59926 UNKNOWN Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML … Jul 08, 2026
CVE-2026-59925 HIGH 7.5 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character … Jul 08, 2026
CVE-2026-59924 MEDIUM 5.9 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() joins and normalizes user-supplied include paths without verifying that the result … Jul 08, 2026
CVE-2026-59923 MEDIUM 6.1 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or … Jul 08, 2026
CVE-2026-59922 HIGH 7.5 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a … Jul 08, 2026
CVE-2026-59897 MEDIUM 4.8 Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop … Jul 08, 2026
CVE-2026-59896 MEDIUM 6.5 Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request … Jul 08, 2026
CVE-2026-59895 MEDIUM 6.1 Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx() in hono/css composes class names from plain … Jul 08, 2026
CVE-2026-59892 HIGH 7.5 OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx-* HTTP header values with decodeURIComponent() without handling decode errors, … Jul 08, 2026
CVE-2026-59890 MEDIUM 6.1 setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, … Jul 08, 2026
CVE-2026-59887 HIGH 7.5 linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test() and .match() can be invoked … Jul 08, 2026
CVE-2026-59883 MEDIUM 4.7 Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact … Jul 08, 2026
CVE-2026-59882 MEDIUM 4.2 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, … Jul 08, 2026