Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23329
Total
1657
Critical
7330
High
7410
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-58250 | HIGH | 7.5 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network … | Jul 08, 2026 |
| CVE-2026-58214 | MEDIUM | 4.3 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could … | Jul 08, 2026 |
| CVE-2026-58213 | HIGH | 7.1 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include … | Jul 08, 2026 |
| CVE-2026-58212 | UNKNOWN | — | Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be … | Jul 08, 2026 |
| CVE-2026-58210 | HIGH | 7.5 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could … | Jul 08, 2026 |
| CVE-2026-58209 | MEDIUM | 4.3 | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and … | Jul 08, 2026 |
| CVE-2026-55760 | HIGH | 7.5 | Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader are vulnerable … | Jul 08, 2026 |
| CVE-2026-55575 | UNKNOWN | — | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full … | Jul 08, 2026 |
| CVE-2026-55404 | HIGH | 7.5 | yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled … | Jul 08, 2026 |
| CVE-2026-53624 | MEDIUM | 4.8 | Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even … | Jul 08, 2026 |
| CVE-2026-45045 | MEDIUM | 5.3 | Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of … | Jul 08, 2026 |
| CVE-2026-44512 | MEDIUM | 5.5 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() … | Jul 08, 2026 |
| CVE-2026-44332 | MEDIUM | 5.3 | Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit … | Jul 08, 2026 |
| CVE-2026-36028 | MEDIUM | 6.8 | A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset | Jul 08, 2026 |
| CVE-2026-36027 | MEDIUM | 6.8 | An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge … | Jul 08, 2026 |
| CVE-2026-15154 | MEDIUM | 6.5 | A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a … | Jul 08, 2026 |
| CVE-2026-14891 | HIGH | 8.7 | HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a … | Jul 08, 2026 |
| CVE-2026-14373 | HIGH | 7.7 | HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated … | Jul 08, 2026 |
| CVE-2026-14361 | MEDIUM | 4.7 | The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be … | Jul 08, 2026 |
| CVE-2026-59938 | UNKNOWN | — | pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are … | Jul 08, 2026 |
| CVE-2026-59937 | UNKNOWN | — | pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause … | Jul 08, 2026 |
| CVE-2026-50813 | MEDIUM | 6.1 | An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path | Jul 08, 2026 |
| CVE-2026-50812 | MEDIUM | 5.5 | A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply … | Jul 08, 2026 |
| CVE-2026-14362 | MEDIUM | 4.9 | HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to … | Jul 08, 2026 |
| CVE-2026-60102 | HIGH | 8.8 | Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability in the Horde_Vfs_Smb driver where the _escapeShellCommand() method fails to sanitize … | Jul 08, 2026 |