Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20806
Total
1504
Critical
6313
High
6591
Medium
CVE ID Severity Score Description Published
CVE-2025-8106 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jun 24, 2026
CVE-2025-60474 HIGH 7.5 A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a … Jun 24, 2026
CVE-2025-60467 HIGH 7.5 A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … Jun 24, 2026
CVE-2026-9779 HIGH 7.2 ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … Jun 24, 2026
CVE-2026-9778 HIGH 7.2 ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication … Jun 24, 2026
CVE-2026-9777 HIGH 7.2 ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication … Jun 24, 2026
CVE-2026-9776 HIGH 7.5 ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is … Jun 24, 2026
CVE-2026-9775 MEDIUM 5.5 ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication … Jun 24, 2026
CVE-2026-9774 MEDIUM 5.5 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication … Jun 24, 2026
CVE-2026-9773 HIGH 8.8 Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication … Jun 24, 2026
CVE-2026-9772 HIGH 8.8 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication … Jun 24, 2026
CVE-2026-55762 HIGH 8.1 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces … Jun 24, 2026
CVE-2026-55759 HIGH 7.4 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT … Jun 24, 2026
CVE-2026-55666 UNKNOWN Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT … Jun 24, 2026
CVE-2026-55570 CRITICAL 9.0 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are … Jun 24, 2026
CVE-2026-55455 UNKNOWN Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by … Jun 24, 2026
CVE-2026-55454 CRITICAL 9.9 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no … Jun 24, 2026
CVE-2026-54759 UNKNOWN SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove <iframe> elements. Combined with the SiYuan Electron client's … Jun 24, 2026
CVE-2026-54158 CRITICAL 9.9 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell content raw in four of its … Jun 24, 2026
CVE-2026-54070 HIGH 7.1 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the … Jun 24, 2026
CVE-2026-54069 UNKNOWN SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to … Jun 24, 2026
CVE-2026-54068 MEDIUM 5.9 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router (router.go, "不需要鉴权" … Jun 24, 2026
CVE-2026-54067 CRITICAL 9.9 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag when renderSnippet() … Jun 24, 2026
CVE-2026-54066 HIGH 7.5 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal via Double URL Encoding") sanitized the /export/ route … Jun 24, 2026
CVE-2026-53766 MEDIUM 6.1 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by … Jun 24, 2026