Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20842
Total
1506
Critical
6322
High
6604
Medium
CVE ID Severity Score Description Published
CVE-2026-49277 UNKNOWN Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth … Jun 24, 2026
CVE-2026-47733 MEDIUM 4.4 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into <a href> … Jun 24, 2026
CVE-2026-47267 HIGH 8.3 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a … Jun 24, 2026
CVE-2026-46423 UNKNOWN Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation … Jun 24, 2026
CVE-2026-45757 UNKNOWN Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat allows users deactivated through … Jun 24, 2026
CVE-2026-45689 CRITICAL 9.1 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains … Jun 24, 2026
CVE-2026-45688 CRITICAL 9.1 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards … Jun 24, 2026
CVE-2026-45687 HIGH 8.5 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes … Jun 24, 2026
CVE-2026-45677 UNKNOWN Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not … Jun 24, 2026
CVE-2026-33543 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. … Jun 24, 2026
CVE-2026-33235 HIGH 7.7 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block … Jun 24, 2026
CVE-2026-32315 MEDIUM 5.5 motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf … Jun 24, 2026
CVE-2026-31978 MEDIUM 6.5 motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to … Jun 24, 2026
CVE-2026-25119 UNKNOWN Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured authentication header (default: X-WEBAUTH-USER) directly from … Jun 24, 2026
CVE-2026-1840 HIGH 7.5 The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes … Jun 24, 2026
CVE-2026-13208 MEDIUM 6.5 A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity (namespace/name) solely from the … Jun 24, 2026
CVE-2026-13201 MEDIUM 5.2 A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers … Jun 24, 2026
CVE-2026-11998 HIGH 7.6 A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within … Jun 24, 2026
CVE-2025-64719 MEDIUM 4.9 Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or … Jun 24, 2026
CVE-2026-55583 HIGH 7.6 Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference (IDOR) in the … Jun 24, 2026
CVE-2026-48028 MEDIUM 6.5 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data … Jun 24, 2026
CVE-2026-47389 HIGH 8.6 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.private_address? … Jun 24, 2026
CVE-2026-46349 MEDIUM 5.3 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data … Jun 24, 2026
CVE-2026-46348 UNKNOWN Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ranges was … Jun 24, 2026
CVE-2026-27708 UNKNOWN FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's __call method accepts an order_id parameter … Jun 24, 2026