Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23329
Total
1657
Critical
7330
High
7410
Medium
CVE ID Severity Score Description Published
CVE-2026-14967 LOW 3.1 BBOT's `github_workflows` module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve `..`, so a … Jul 08, 2026
CVE-2026-14966 LOW 3.1 BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a … Jul 08, 2026
CVE-2026-59703 HIGH 7.5 repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function … Jul 08, 2026
CVE-2026-55874 HIGH 7.7 SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by … Jul 08, 2026
CVE-2026-55873 MEDIUM 4.3 SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where … Jul 08, 2026
CVE-2026-55668 MEDIUM 6.3 File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and … Jul 08, 2026
CVE-2026-54652 HIGH 8.1 Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download … Jul 08, 2026
CVE-2026-49147 HIGH 7.5 App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains … Jul 08, 2026
CVE-2026-49146 HIGH 7.5 App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from … Jul 08, 2026
CVE-2026-49145 HIGH 7.5 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory … Jul 08, 2026
CVE-2026-24700 HIGH 7.2 An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware … Jul 08, 2026
CVE-2026-24699 HIGH 7.2 An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware … Jul 08, 2026
CVE-2026-24698 HIGH 7.2 An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware … Jul 08, 2026
CVE-2026-24697 HIGH 7.2 An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware … Jul 08, 2026
CVE-2026-15067 HIGH 8.8 Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL … Jul 08, 2026
CVE-2026-15062 CRITICAL 9.6 SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization … Jul 08, 2026
CVE-2026-15044 MEDIUM 6.3 A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these … Jul 08, 2026
CVE-2026-15036 MEDIUM 4.3 A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing … Jul 08, 2026
CVE-2026-11903 HIGH 8.0 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfer (Ad Hoc module). This issue affects MOVEit Transfer: from 2026.0.0 … Jul 08, 2026
CVE-2026-10708 UNKNOWN This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, … Jul 08, 2026
CVE-2026-10706 UNKNOWN In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId … Jul 08, 2026
CVE-2026-10699 HIGH 7.5 Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from … Jul 08, 2026
CVE-2026-10698 HIGH 7.2 Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before … Jul 08, 2026
CVE-2026-60125 UNKNOWN MISP’s importModule() path used getEnabledModule() to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by … Jul 08, 2026
CVE-2026-60124 UNKNOWN An authorization bypass in MISP’s EventsController::importModule() allowed authenticated users or read-only API keys with event view access to persist data to events they were not … Jul 08, 2026