Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21195
Total
1522
Critical
6451
High
6729
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44959 | HIGH | 8.8 | A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component … | Jun 23, 2026 |
| CVE-2026-44958 | MEDIUM | 5.4 | An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were … | Jun 23, 2026 |
| CVE-2026-44957 | MEDIUM | 4.3 | A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to … | Jun 23, 2026 |
| CVE-2026-44956 | NONE | — | Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is … | Jun 23, 2026 |
| CVE-2026-44792 | CRITICAL | 9.0 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to … | Jun 23, 2026 |
| CVE-2026-44791 | CRITICAL | 9.9 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-44790 | HIGH | 8.8 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-44789 | CRITICAL | 9.9 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-42867 | MEDIUM | 6.5 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases … | Jun 23, 2026 |
| CVE-2026-34917 | MEDIUM | 4.3 | Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An … | Jun 23, 2026 |
| CVE-2026-34916 | HIGH | 8.8 | A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical … | Jun 23, 2026 |
| CVE-2026-34915 | MEDIUM | 6.1 | A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid … | Jun 23, 2026 |
| CVE-2026-34914 | HIGH | 8.3 | A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to … | Jun 23, 2026 |
| CVE-2026-34913 | MEDIUM | 4.3 | A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user … | Jun 23, 2026 |
| CVE-2026-34912 | MEDIUM | 4.3 | A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via … | Jun 23, 2026 |
| CVE-2026-33760 | HIGH | 8.8 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, … | Jun 23, 2026 |
| CVE-2026-13007 | HIGH | 7.5 | Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and … | Jun 23, 2026 |
| CVE-2026-12958 | HIGH | 7.8 | Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a … | Jun 23, 2026 |
| CVE-2026-12957 | HIGH | 7.8 | Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a … | Jun 23, 2026 |
| CVE-2026-11940 | UNKNOWN | — | tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name … | Jun 23, 2026 |
| CVE-2025-61028 | UNKNOWN | — | An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61027 | UNKNOWN | — | An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61025 | HIGH | 7.5 | An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61023 | UNKNOWN | — | An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61022 | HIGH | 7.5 | An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |