Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20842
Total
1506
Critical
6322
High
6604
Medium
CVE ID Severity Score Description Published
CVE-2026-23879 HIGH 8.0 py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file … Jun 24, 2026
CVE-2026-53950 HIGH 7.5 @tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously … Jun 24, 2026
CVE-2026-53949 MEDIUM 5.3 Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, … Jun 24, 2026
CVE-2026-53948 MEDIUM 5.4 Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed … Jun 24, 2026
CVE-2026-53947 MEDIUM 5.3 Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an … Jun 24, 2026
CVE-2026-53946 MEDIUM 5.4 Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP … Jun 24, 2026
CVE-2026-53945 MEDIUM 4.0 Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing … Jun 24, 2026
CVE-2026-53944 MEDIUM 5.8 Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that … Jun 24, 2026
CVE-2026-53943 CRITICAL 9.6 Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared … Jun 24, 2026
CVE-2026-49980 CRITICAL 9.8 Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts … Jun 24, 2026
CVE-2026-49247 HIGH 8.8 Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields … Jun 24, 2026
CVE-2026-49246 UNKNOWN Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to … Jun 24, 2026
CVE-2026-49220 MEDIUM 5.7 Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user … Jun 24, 2026
CVE-2026-48793 HIGH 8.8 Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. … Jun 24, 2026
CVE-2026-13038 HIGH 8.8 Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML … Jun 24, 2026
CVE-2026-13037 HIGH 7.8 Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via … Jun 24, 2026
CVE-2026-13036 HIGH 8.8 Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … Jun 24, 2026
CVE-2026-13035 HIGH 8.8 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. … Jun 24, 2026
CVE-2026-13034 MEDIUM 4.7 Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via … Jun 24, 2026
CVE-2026-13033 HIGH 8.8 Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted … Jun 24, 2026
CVE-2026-13032 CRITICAL 9.6 Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a … Jun 24, 2026
CVE-2026-13031 HIGH 8.8 Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … Jun 24, 2026
CVE-2026-13030 MEDIUM 5.3 Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via … Jun 24, 2026
CVE-2026-13029 HIGH 7.5 Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to … Jun 24, 2026
CVE-2026-13028 CRITICAL 9.6 Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a … Jun 24, 2026