Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20842
Total
1506
Critical
6322
High
6604
Medium
CVE ID Severity Score Description Published
CVE-2026-55570 CRITICAL 9.0 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are … Jun 24, 2026
CVE-2026-55455 UNKNOWN Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by … Jun 24, 2026
CVE-2026-55454 CRITICAL 9.9 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no … Jun 24, 2026
CVE-2026-54759 UNKNOWN SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove <iframe> elements. Combined with the SiYuan Electron client's … Jun 24, 2026
CVE-2026-54158 CRITICAL 9.9 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell content raw in four of its … Jun 24, 2026
CVE-2026-54070 HIGH 7.1 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the … Jun 24, 2026
CVE-2026-54069 UNKNOWN SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to … Jun 24, 2026
CVE-2026-54068 MEDIUM 5.9 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router (router.go, "不需要鉴权" … Jun 24, 2026
CVE-2026-54067 CRITICAL 9.9 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag when renderSnippet() … Jun 24, 2026
CVE-2026-54066 HIGH 7.5 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal via Double URL Encoding") sanitized the /export/ route … Jun 24, 2026
CVE-2026-53766 MEDIUM 6.1 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by … Jun 24, 2026
CVE-2026-53765 MEDIUM 6.1 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its … Jun 24, 2026
CVE-2026-52794 HIGH 7.5 Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event … Jun 24, 2026
CVE-2026-50551 CRITICAL 9.9 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset … Jun 24, 2026
CVE-2026-50189 UNKNOWN Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, … Jun 24, 2026
CVE-2026-49979 UNKNOWN Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values … Jun 24, 2026
CVE-2026-47110 MEDIUM 6.5 Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON … Jun 24, 2026
CVE-2026-47093 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jun 24, 2026
CVE-2026-39897 MEDIUM 6.1 Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has … Jun 24, 2026
CVE-2026-39894 LOW 2.9 Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric … Jun 24, 2026
CVE-2026-39893 CRITICAL 9.8 Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL … Jun 24, 2026
CVE-2026-2050 HIGH 7.8 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. … Jun 24, 2026
CVE-2026-10642 MEDIUM 6.5 The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) contains an unbounded software loop in pl011_irq_tx_enable() that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask … Jun 24, 2026
CVE-2026-10043 HIGH 7.8 MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. … Jun 24, 2026
CVE-2025-60468 MEDIUM 5.5 GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: … Jun 24, 2026