Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21195
Total
1522
Critical
6451
High
6729
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-11819 | MEDIUM | 5.5 | Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential … | Jun 23, 2026 |
| CVE-2026-11807 | CRITICAL | 9.6 | A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. … | Jun 23, 2026 |
| CVE-2025-64105 | UNKNOWN | — | FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to … | Jun 23, 2026 |
| CVE-2026-54762 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider … | Jun 23, 2026 |
| CVE-2026-54761 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider … | Jun 23, 2026 |
| CVE-2026-54555 | HIGH | 7.8 | rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several … | Jun 23, 2026 |
| CVE-2026-54328 | HIGH | 7.3 | Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under … | Jun 23, 2026 |
| CVE-2026-54327 | LOW | 2.2 | Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the … | Jun 23, 2026 |
| CVE-2026-54326 | LOW | 2.5 | Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not … | Jun 23, 2026 |
| CVE-2026-54325 | MEDIUM | 4.4 | Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user … | Jun 23, 2026 |
| CVE-2026-53622 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that … | Jun 23, 2026 |
| CVE-2026-48491 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that … | Jun 23, 2026 |
| CVE-2026-48020 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware … | Jun 23, 2026 |
| CVE-2026-45792 | UNKNOWN | — | rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-local configuration files. RTK … | Jun 23, 2026 |
| CVE-2026-39253 | HIGH | 8.1 | An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components. | Jun 23, 2026 |
| CVE-2026-55736 | UNKNOWN | — | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is … | Jun 23, 2026 |
| CVE-2026-55249 | MEDIUM | 6.3 | @rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into … | Jun 23, 2026 |
| CVE-2026-54322 | HIGH | 7.7 | Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints … | Jun 23, 2026 |
| CVE-2026-54321 | HIGH | 7.0 | Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from … | Jun 23, 2026 |
| CVE-2026-54320 | HIGH | 8.4 | Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted (and declined) … | Jun 23, 2026 |
| CVE-2026-54319 | MEDIUM | 4.2 | Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference (volumeId, which may … | Jun 23, 2026 |
| CVE-2026-53755 | HIGH | 8.6 | Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl … | Jun 23, 2026 |
| CVE-2026-53754 | HIGH | 7.5 | Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used … | Jun 23, 2026 |
| CVE-2026-53753 | CRITICAL | 9.8 | Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator … | Jun 23, 2026 |
| CVE-2026-57062 | LOW | 2.9 | CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes … | Jun 23, 2026 |