Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20806
Total
1504
Critical
6313
High
6591
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53765 | MEDIUM | 6.1 | Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its … | Jun 24, 2026 |
| CVE-2026-52794 | HIGH | 7.5 | Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event … | Jun 24, 2026 |
| CVE-2026-50551 | CRITICAL | 9.9 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset … | Jun 24, 2026 |
| CVE-2026-50189 | UNKNOWN | — | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, … | Jun 24, 2026 |
| CVE-2026-49979 | UNKNOWN | — | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values … | Jun 24, 2026 |
| CVE-2026-47110 | MEDIUM | 6.5 | Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON … | Jun 24, 2026 |
| CVE-2026-47093 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jun 24, 2026 |
| CVE-2026-39897 | MEDIUM | 6.1 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has … | Jun 24, 2026 |
| CVE-2026-39894 | LOW | 2.9 | Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric … | Jun 24, 2026 |
| CVE-2026-39893 | CRITICAL | 9.8 | Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL … | Jun 24, 2026 |
| CVE-2026-2050 | HIGH | 7.8 | GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. … | Jun 24, 2026 |
| CVE-2026-10642 | MEDIUM | 6.5 | The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) contains an unbounded software loop in pl011_irq_tx_enable() that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask … | Jun 24, 2026 |
| CVE-2026-10043 | HIGH | 7.8 | MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. … | Jun 24, 2026 |
| CVE-2025-60468 | MEDIUM | 5.5 | GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: … | Jun 24, 2026 |
| CVE-2026-7539 | UNKNOWN | — | A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege … | Jun 24, 2026 |
| CVE-2026-52816 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb allows arbitrary data: URIs without … | Jun 24, 2026 |
| CVE-2026-52815 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/org_team.go:8 returns … | Jun 24, 2026 |
| CVE-2026-52814 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of … | Jun 24, 2026 |
| CVE-2026-52813 | CRITICAL | 10.0 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted by Gogs, and repositories under … | Jun 24, 2026 |
| CVE-2026-52812 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (<LFS-root>/<oid[0]>/<oid[1]>/<oid>) but per-repo authorization lives in … | Jun 24, 2026 |
| CVE-2026-52811 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, (*Repository).UploadRepoFiles checks for symlinks only on the leaf of the upload target (osx.IsSymlink(targetPath)). The … | Jun 24, 2026 |
| CVE-2026-52810 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string (so ?service=git-upload-pack … | Jun 24, 2026 |
| CVE-2026-52809 | MEDIUM | 6.8 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the account-activation lifetime), not conf.Auth.ResetPasswordCodeLives. The token lifetime … | Jun 24, 2026 |
| CVE-2026-52808 | HIGH | 7.1 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated … | Jun 24, 2026 |
| CVE-2026-52807 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, in new_form.tmpl, milestone names are rendered with Go's default auto-escaping ({{.Name}}), which converts < … | Jun 24, 2026 |