Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21003
Total
1519
Critical
6392
High
6662
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-56231 | HIGH | 7.6 | Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based … | Jun 24, 2026 |
| CVE-2026-56223 | HIGH | 8.7 | Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email … | Jun 24, 2026 |
| CVE-2026-13163 | UNKNOWN | — | Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c/<token>/) in Mailerup <1.0.0 on all platforms allows remote unauthenticated attackers to redirect … | Jun 24, 2026 |
| CVE-2026-13140 | UNKNOWN | — | Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue … | Jun 24, 2026 |
| CVE-2026-12242 | HIGH | 8.8 | The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute … | Jun 24, 2026 |
| CVE-2025-71361 | HIGH | 8.1 | picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that … | Jun 24, 2026 |
| CVE-2025-71354 | HIGH | 8.1 | picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that … | Jun 24, 2026 |
| CVE-2025-71332 | MEDIUM | 6.5 | Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply … | Jun 24, 2026 |
| CVE-2026-13150 | UNKNOWN | — | Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the … | Jun 24, 2026 |
| CVE-2026-52944 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE FSCTL_SET_SPARSE in fsctl_set_sparse() … | Jun 24, 2026 |
| CVE-2026-52943 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: fix missing zerocopy reference in pskb_carve helpers pskb_carve_inside_header() and pskb_carve_inside_nonlinear() both copy the … | Jun 24, 2026 |
| CVE-2026-11968 | MEDIUM | 5.5 | Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit | Jun 24, 2026 |
| CVE-2026-10745 | UNKNOWN | — | Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: … | Jun 24, 2026 |
| CVE-2026-7761 | HIGH | 8.8 | The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This … | Jun 24, 2026 |
| CVE-2026-56052 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue … | Jun 24, 2026 |
| CVE-2026-52942 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_log: validate MAC header was set before dumping it The fallback path of dump_mac_header() … | Jun 24, 2026 |
| CVE-2026-52941 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint The smc_msg_event tracepoint class, shared by … | Jun 24, 2026 |
| CVE-2026-52940 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tun_put_user() tun_put_user() declares an on-stack struct virtio_net_hdr_v1_hash_tunnel without … | Jun 24, 2026 |
| CVE-2026-52939 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rds_ib_send_cqe_handler() on masked atomic completion rds_ib_xmit_atomic() always programs a masked … | Jun 24, 2026 |
| CVE-2026-52938 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpf_sk_storage_clone and diag paths bpf_selem_unlink_nofail() sets SDATA(selem)->smap to NULL … | Jun 24, 2026 |
| CVE-2026-52937 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR In the SIOCGIFHWADDR path, tap_ioctl() copies 16 … | Jun 24, 2026 |
| CVE-2026-52936 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jent_kcapi_random() serializes the shared jitterentropy state, but … | Jun 24, 2026 |
| CVE-2026-52935 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit … | Jun 24, 2026 |
| CVE-2026-52934 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadv_tvlv_container_ogm_append() builds a TVLV packet section from the tvlv.container_list. … | Jun 24, 2026 |
| CVE-2026-52933 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: fix signed comparison in io_poll_get_ownership() io_poll_get_ownership() uses a signed comparison to check whether poll_refs … | Jun 24, 2026 |