Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20842
Total
1506
Critical
6322
High
6604
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-23879 | HIGH | 8.0 | py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file … | Jun 24, 2026 |
| CVE-2026-53950 | HIGH | 7.5 | @tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously … | Jun 24, 2026 |
| CVE-2026-53949 | MEDIUM | 5.3 | Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, … | Jun 24, 2026 |
| CVE-2026-53948 | MEDIUM | 5.4 | Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed … | Jun 24, 2026 |
| CVE-2026-53947 | MEDIUM | 5.3 | Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an … | Jun 24, 2026 |
| CVE-2026-53946 | MEDIUM | 5.4 | Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP … | Jun 24, 2026 |
| CVE-2026-53945 | MEDIUM | 4.0 | Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing … | Jun 24, 2026 |
| CVE-2026-53944 | MEDIUM | 5.8 | Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that … | Jun 24, 2026 |
| CVE-2026-53943 | CRITICAL | 9.6 | Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared … | Jun 24, 2026 |
| CVE-2026-49980 | CRITICAL | 9.8 | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts … | Jun 24, 2026 |
| CVE-2026-49247 | HIGH | 8.8 | Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields … | Jun 24, 2026 |
| CVE-2026-49246 | UNKNOWN | — | Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to … | Jun 24, 2026 |
| CVE-2026-49220 | MEDIUM | 5.7 | Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user … | Jun 24, 2026 |
| CVE-2026-48793 | HIGH | 8.8 | Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. … | Jun 24, 2026 |
| CVE-2026-13038 | HIGH | 8.8 | Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML … | Jun 24, 2026 |
| CVE-2026-13037 | HIGH | 7.8 | Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via … | Jun 24, 2026 |
| CVE-2026-13036 | HIGH | 8.8 | Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Jun 24, 2026 |
| CVE-2026-13035 | HIGH | 8.8 | Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. … | Jun 24, 2026 |
| CVE-2026-13034 | MEDIUM | 4.7 | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via … | Jun 24, 2026 |
| CVE-2026-13033 | HIGH | 8.8 | Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted … | Jun 24, 2026 |
| CVE-2026-13032 | CRITICAL | 9.6 | Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a … | Jun 24, 2026 |
| CVE-2026-13031 | HIGH | 8.8 | Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Jun 24, 2026 |
| CVE-2026-13030 | MEDIUM | 5.3 | Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via … | Jun 24, 2026 |
| CVE-2026-13029 | HIGH | 7.5 | Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to … | Jun 24, 2026 |
| CVE-2026-13028 | CRITICAL | 9.6 | Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a … | Jun 24, 2026 |