Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20842
Total
1506
Critical
6322
High
6604
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-49277 | UNKNOWN | — | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth … | Jun 24, 2026 |
| CVE-2026-47733 | MEDIUM | 4.4 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into <a href> … | Jun 24, 2026 |
| CVE-2026-47267 | HIGH | 8.3 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a … | Jun 24, 2026 |
| CVE-2026-46423 | UNKNOWN | — | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation … | Jun 24, 2026 |
| CVE-2026-45757 | UNKNOWN | — | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat allows users deactivated through … | Jun 24, 2026 |
| CVE-2026-45689 | CRITICAL | 9.1 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains … | Jun 24, 2026 |
| CVE-2026-45688 | CRITICAL | 9.1 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards … | Jun 24, 2026 |
| CVE-2026-45687 | HIGH | 8.5 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes … | Jun 24, 2026 |
| CVE-2026-45677 | UNKNOWN | — | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not … | Jun 24, 2026 |
| CVE-2026-33543 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. … | Jun 24, 2026 |
| CVE-2026-33235 | HIGH | 7.7 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block … | Jun 24, 2026 |
| CVE-2026-32315 | MEDIUM | 5.5 | motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf … | Jun 24, 2026 |
| CVE-2026-31978 | MEDIUM | 6.5 | motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to … | Jun 24, 2026 |
| CVE-2026-25119 | UNKNOWN | — | Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured authentication header (default: X-WEBAUTH-USER) directly from … | Jun 24, 2026 |
| CVE-2026-1840 | HIGH | 7.5 | The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes … | Jun 24, 2026 |
| CVE-2026-13208 | MEDIUM | 6.5 | A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity (namespace/name) solely from the … | Jun 24, 2026 |
| CVE-2026-13201 | MEDIUM | 5.2 | A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers … | Jun 24, 2026 |
| CVE-2026-11998 | HIGH | 7.6 | A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within … | Jun 24, 2026 |
| CVE-2025-64719 | MEDIUM | 4.9 | Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or … | Jun 24, 2026 |
| CVE-2026-55583 | HIGH | 7.6 | Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference (IDOR) in the … | Jun 24, 2026 |
| CVE-2026-48028 | MEDIUM | 6.5 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data … | Jun 24, 2026 |
| CVE-2026-47389 | HIGH | 8.6 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.private_address? … | Jun 24, 2026 |
| CVE-2026-46349 | MEDIUM | 5.3 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data … | Jun 24, 2026 |
| CVE-2026-46348 | UNKNOWN | — | Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ranges was … | Jun 24, 2026 |
| CVE-2026-27708 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's __call method accepts an order_id parameter … | Jun 24, 2026 |