Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23329
Total
1657
Critical
7330
High
7410
Medium
CVE ID Severity Score Description Published
CVE-2025-3110 UNKNOWN OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind … Jul 08, 2026
CVE-2026-9074 CRITICAL 9.1 IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality. Jul 08, 2026
CVE-2026-59880 UNKNOWN Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a … Jul 08, 2026
CVE-2026-59877 MEDIUM 5.3 protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an … Jul 08, 2026
CVE-2026-59876 MEDIUM 4.8 protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, … Jul 08, 2026
CVE-2026-59875 MEDIUM 5.3 node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in … Jul 08, 2026
CVE-2026-59874 UNKNOWN node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, … Jul 08, 2026
CVE-2026-59873 UNKNOWN node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, … Jul 08, 2026
CVE-2026-59871 MEDIUM 5.3 node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, … Jul 08, 2026
CVE-2026-59870 MEDIUM 5.3 js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a … Jul 08, 2026
CVE-2026-59869 HIGH 7.5 js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a … Jul 08, 2026
CVE-2026-59868 MEDIUM 5.3 js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a … Jul 08, 2026
CVE-2026-59725 HIGH 7.5 Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response … Jul 08, 2026
CVE-2026-59724 HIGH 7.5 Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such … Jul 08, 2026
CVE-2026-59702 CRITICAL 9.3 repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to … Jul 08, 2026
CVE-2026-59262 MEDIUM 6.5 AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can … Jul 08, 2026
CVE-2026-57439 MEDIUM 5.0 CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts __proto__ as a key while … Jul 08, 2026
CVE-2026-55761 UNKNOWN Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In … Jul 08, 2026
CVE-2026-54344 MEDIUM 4.7 ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional … Jul 08, 2026
CVE-2026-53951 UNKNOWN Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the `trust` setting's prefix match (`copier/_settings.py`) compares the template … Jul 08, 2026
CVE-2026-49946 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jul 08, 2026
CVE-2026-49945 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jul 08, 2026
CVE-2026-49944 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jul 08, 2026
CVE-2026-3144 HIGH 8.1 IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces … Jul 08, 2026
CVE-2026-15063 MEDIUM 6.3 A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied … Jul 08, 2026