Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20714
Total
1493
Critical
6288
High
6559
Medium
CVE ID Severity Score Description Published
CVE-2026-10098 UNKNOWN OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation … Jun 25, 2026
CVE-2025-71340 HIGH 8.1 picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes … Jun 25, 2026
CVE-2025-71338 CRITICAL 10.0 Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized … Jun 25, 2026
CVE-2025-71336 CRITICAL 9.8 Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute … Jun 25, 2026
CVE-2025-71335 HIGH 8.1 Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who … Jun 25, 2026
CVE-2025-71334 CRITICAL 9.8 Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are … Jun 25, 2026
CVE-2025-71333 UNKNOWN Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal … Jun 25, 2026
CVE-2025-71328 HIGH 8.3 Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings (Security) section without supplying … Jun 25, 2026
CVE-2025-71327 CRITICAL 9.1 Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint … Jun 25, 2026
CVE-2025-71324 HIGH 7.5 Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated … Jun 25, 2026
CVE-2021-47987 HIGH 7.5 Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an … Jun 25, 2026
CVE-2021-47986 HIGH 7.5 Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal … Jun 25, 2026
CVE-2020-37256 MEDIUM 5.4 Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject … Jun 25, 2026
CVE-2026-6731 UNKNOWN X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS … Jun 25, 2026
CVE-2026-6681 UNKNOWN The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This … Jun 25, 2026
CVE-2026-6679 UNKNOWN A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to … Jun 25, 2026
CVE-2026-6678 UNKNOWN Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption. Jun 25, 2026
CVE-2026-6450 UNKNOWN A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to … Jun 25, 2026
CVE-2026-6412 UNKNOWN Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. Jun 25, 2026
CVE-2026-56445 CRITICAL 9.1 The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths. Jun 25, 2026
CVE-2026-38640 HIGH 7.5 A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string. Jun 25, 2026
CVE-2026-38637 HIGH 7.5 An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input. Jun 25, 2026
CVE-2026-37452 HIGH 7.5 Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component Jun 25, 2026
CVE-2026-12473 HIGH 8.2 Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically … Jun 25, 2026
CVE-2026-7531 CRITICAL 9.8 Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC … Jun 25, 2026