Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21195
Total
1522
Critical
6451
High
6729
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-52846 | MEDIUM | 4.2 | Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from … | Jun 23, 2026 |
| CVE-2026-52845 | HIGH | 8.1 | Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied identity header before copying the … | Jun 23, 2026 |
| CVE-2026-52844 | HIGH | 7.5 | Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/*, but … | Jun 23, 2026 |
| CVE-2026-50221 | UNKNOWN | — | In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. An … | Jun 23, 2026 |
| CVE-2026-49983 | MEDIUM | 5.2 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --deny-env, … | Jun 23, 2026 |
| CVE-2026-49860 | MEDIUM | 5.2 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules … | Jun 23, 2026 |
| CVE-2026-49859 | MEDIUM | 5.2 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch() was called, Deno checked the destination hostname against --deny-net rules but did … | Jun 23, 2026 |
| CVE-2026-49440 | HIGH | 7.4 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin rounds at all when the … | Jun 23, 2026 |
| CVE-2026-49411 | MEDIUM | 6.5 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before … | Jun 23, 2026 |
| CVE-2026-49406 | MEDIUM | 5.5 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode (nodeModulesDir: "manual"), the module resolver did not … | Jun 23, 2026 |
| CVE-2026-49402 | HIGH | 8.1 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:child_process implementation provided an escapeShellArg() helper used when callers passed shell: true to … | Jun 23, 2026 |
| CVE-2026-49401 | HIGH | 7.3 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against … | Jun 23, 2026 |
| CVE-2026-45692 | MEDIUM | 5.4 | Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not … | Jun 23, 2026 |
| CVE-2026-45135 | HIGH | 8.1 | Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase … | Jun 23, 2026 |
| CVE-2026-44726 | HIGH | 7.4 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client … | Jun 23, 2026 |
| CVE-2026-0864 | UNKNOWN | — | When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with … | Jun 23, 2026 |
| CVE-2025-71382 | MEDIUM | 6.5 | MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by … | Jun 23, 2026 |
| CVE-2025-61029 | HIGH | 7.5 | An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61024 | HIGH | 7.5 | An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2020-9713 | MEDIUM | 5.5 | Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could … | Jun 23, 2026 |
| CVE-2020-9711 | MEDIUM | 5.5 | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An … | Jun 23, 2026 |
| CVE-2020-9695 | HIGH | 7.8 | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the … | Jun 23, 2026 |
| CVE-2026-56968 | LOW | 3.7 | GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted … | Jun 23, 2026 |
| CVE-2026-56117 | MEDIUM | 4.7 | dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to … | Jun 23, 2026 |
| CVE-2026-56116 | MEDIUM | 6.5 | dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link … | Jun 23, 2026 |