Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23329
Total
1657
Critical
7330
High
7410
Medium
CVE ID Severity Score Description Published
CVE-2026-58250 HIGH 7.5 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network … Jul 08, 2026
CVE-2026-58214 MEDIUM 4.3 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could … Jul 08, 2026
CVE-2026-58213 HIGH 7.1 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include … Jul 08, 2026
CVE-2026-58212 UNKNOWN Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be … Jul 08, 2026
CVE-2026-58210 HIGH 7.5 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could … Jul 08, 2026
CVE-2026-58209 MEDIUM 4.3 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and … Jul 08, 2026
CVE-2026-55760 HIGH 7.5 Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader are vulnerable … Jul 08, 2026
CVE-2026-55575 UNKNOWN LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full … Jul 08, 2026
CVE-2026-55404 HIGH 7.5 yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled … Jul 08, 2026
CVE-2026-53624 MEDIUM 4.8 Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even … Jul 08, 2026
CVE-2026-45045 MEDIUM 5.3 Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of … Jul 08, 2026
CVE-2026-44512 MEDIUM 5.5 Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() … Jul 08, 2026
CVE-2026-44332 MEDIUM 5.3 Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit … Jul 08, 2026
CVE-2026-36028 MEDIUM 6.8 A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset Jul 08, 2026
CVE-2026-36027 MEDIUM 6.8 An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge … Jul 08, 2026
CVE-2026-15154 MEDIUM 6.5 A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a … Jul 08, 2026
CVE-2026-14891 HIGH 8.7 HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a … Jul 08, 2026
CVE-2026-14373 HIGH 7.7 HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated … Jul 08, 2026
CVE-2026-14361 MEDIUM 4.7 The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be … Jul 08, 2026
CVE-2026-59938 UNKNOWN pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are … Jul 08, 2026
CVE-2026-59937 UNKNOWN pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause … Jul 08, 2026
CVE-2026-50813 MEDIUM 6.1 An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path Jul 08, 2026
CVE-2026-50812 MEDIUM 5.5 A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply … Jul 08, 2026
CVE-2026-14362 MEDIUM 4.9 HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to … Jul 08, 2026
CVE-2026-60102 HIGH 8.8 Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability in the Horde_Vfs_Smb driver where the _escapeShellCommand() method fails to sanitize … Jul 08, 2026