Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20806
Total
1504
Critical
6313
High
6591
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-8106 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jun 24, 2026 |
| CVE-2025-60474 | HIGH | 7.5 | A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a … | Jun 24, 2026 |
| CVE-2025-60467 | HIGH | 7.5 | A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … | Jun 24, 2026 |
| CVE-2026-9779 | HIGH | 7.2 | ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Jun 24, 2026 |
| CVE-2026-9778 | HIGH | 7.2 | ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication … | Jun 24, 2026 |
| CVE-2026-9777 | HIGH | 7.2 | ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication … | Jun 24, 2026 |
| CVE-2026-9776 | HIGH | 7.5 | ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is … | Jun 24, 2026 |
| CVE-2026-9775 | MEDIUM | 5.5 | ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication … | Jun 24, 2026 |
| CVE-2026-9774 | MEDIUM | 5.5 | ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication … | Jun 24, 2026 |
| CVE-2026-9773 | HIGH | 8.8 | Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication … | Jun 24, 2026 |
| CVE-2026-9772 | HIGH | 8.8 | Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication … | Jun 24, 2026 |
| CVE-2026-55762 | HIGH | 8.1 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces … | Jun 24, 2026 |
| CVE-2026-55759 | HIGH | 7.4 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT … | Jun 24, 2026 |
| CVE-2026-55666 | UNKNOWN | — | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT … | Jun 24, 2026 |
| CVE-2026-55570 | CRITICAL | 9.0 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are … | Jun 24, 2026 |
| CVE-2026-55455 | UNKNOWN | — | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by … | Jun 24, 2026 |
| CVE-2026-55454 | CRITICAL | 9.9 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no … | Jun 24, 2026 |
| CVE-2026-54759 | UNKNOWN | — | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove <iframe> elements. Combined with the SiYuan Electron client's … | Jun 24, 2026 |
| CVE-2026-54158 | CRITICAL | 9.9 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell content raw in four of its … | Jun 24, 2026 |
| CVE-2026-54070 | HIGH | 7.1 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the … | Jun 24, 2026 |
| CVE-2026-54069 | UNKNOWN | — | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to … | Jun 24, 2026 |
| CVE-2026-54068 | MEDIUM | 5.9 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router (router.go, "不需要鉴权" … | Jun 24, 2026 |
| CVE-2026-54067 | CRITICAL | 9.9 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag when renderSnippet() … | Jun 24, 2026 |
| CVE-2026-54066 | HIGH | 7.5 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal via Double URL Encoding") sanitized the /export/ route … | Jun 24, 2026 |
| CVE-2026-53766 | MEDIUM | 6.1 | Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by … | Jun 24, 2026 |