Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23329
Total
1657
Critical
7330
High
7410
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-14967 | LOW | 3.1 | BBOT's `github_workflows` module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve `..`, so a … | Jul 08, 2026 |
| CVE-2026-14966 | LOW | 3.1 | BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a … | Jul 08, 2026 |
| CVE-2026-59703 | HIGH | 7.5 | repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function … | Jul 08, 2026 |
| CVE-2026-55874 | HIGH | 7.7 | SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by … | Jul 08, 2026 |
| CVE-2026-55873 | MEDIUM | 4.3 | SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where … | Jul 08, 2026 |
| CVE-2026-55668 | MEDIUM | 6.3 | File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and … | Jul 08, 2026 |
| CVE-2026-54652 | HIGH | 8.1 | Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download … | Jul 08, 2026 |
| CVE-2026-49147 | HIGH | 7.5 | App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains … | Jul 08, 2026 |
| CVE-2026-49146 | HIGH | 7.5 | App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from … | Jul 08, 2026 |
| CVE-2026-49145 | HIGH | 7.5 | App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory … | Jul 08, 2026 |
| CVE-2026-24700 | HIGH | 7.2 | An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware … | Jul 08, 2026 |
| CVE-2026-24699 | HIGH | 7.2 | An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware … | Jul 08, 2026 |
| CVE-2026-24698 | HIGH | 7.2 | An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware … | Jul 08, 2026 |
| CVE-2026-24697 | HIGH | 7.2 | An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware … | Jul 08, 2026 |
| CVE-2026-15067 | HIGH | 8.8 | Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL … | Jul 08, 2026 |
| CVE-2026-15062 | CRITICAL | 9.6 | SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization … | Jul 08, 2026 |
| CVE-2026-15044 | MEDIUM | 6.3 | A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these … | Jul 08, 2026 |
| CVE-2026-15036 | MEDIUM | 4.3 | A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing … | Jul 08, 2026 |
| CVE-2026-11903 | HIGH | 8.0 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfer (Ad Hoc module). This issue affects MOVEit Transfer: from 2026.0.0 … | Jul 08, 2026 |
| CVE-2026-10708 | UNKNOWN | — | This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, … | Jul 08, 2026 |
| CVE-2026-10706 | UNKNOWN | — | In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId … | Jul 08, 2026 |
| CVE-2026-10699 | HIGH | 7.5 | Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from … | Jul 08, 2026 |
| CVE-2026-10698 | HIGH | 7.2 | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before … | Jul 08, 2026 |
| CVE-2026-60125 | UNKNOWN | — | MISP’s importModule() path used getEnabledModule() to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by … | Jul 08, 2026 |
| CVE-2026-60124 | UNKNOWN | — | An authorization bypass in MISP’s EventsController::importModule() allowed authenticated users or read-only API keys with event view access to persist data to events they were not … | Jul 08, 2026 |