Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21195
Total
1522
Critical
6451
High
6729
Medium
CVE ID Severity Score Description Published
CVE-2025-61021 UNKNOWN An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61020 HIGH 7.5 An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61019 UNKNOWN An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61018 HIGH 7.5 An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-13162 MEDIUM 4.4 Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for … Jun 23, 2026
CVE-2026-56696 MEDIUM 5.4 OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can … Jun 23, 2026
CVE-2026-56695 MEDIUM 6.5 OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. … Jun 23, 2026
CVE-2026-56694 MEDIUM 5.4 NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped … Jun 23, 2026
CVE-2026-56693 MEDIUM 5.5 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers … Jun 23, 2026
CVE-2026-56692 MEDIUM 5.5 NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only … Jun 23, 2026
CVE-2026-56402 MEDIUM 6.5 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can … Jun 23, 2026
CVE-2026-55767 MEDIUM 5.8 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain() removes leading … Jun 23, 2026
CVE-2026-55766 MEDIUM 4.8 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: … Jun 23, 2026
CVE-2026-55568 MEDIUM 5.9 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the … Jun 23, 2026
CVE-2026-54314 UNKNOWN n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on … Jun 23, 2026
CVE-2026-54313 UNKNOWN n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in … Jun 23, 2026
CVE-2026-54312 UNKNOWN n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype … Jun 23, 2026
CVE-2026-54311 UNKNOWN n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute … Jun 23, 2026
CVE-2026-54310 UNKNOWN n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply … Jun 23, 2026
CVE-2026-54309 UNKNOWN n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts … Jun 23, 2026
CVE-2026-54303 UNKNOWN n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter … Jun 23, 2026
CVE-2026-52673 MEDIUM 6.5 SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component Jun 23, 2026
CVE-2025-62180 UNKNOWN Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted … Jun 23, 2026
CVE-2025-55639 MEDIUM 6.5 GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial … Jun 23, 2026
CVE-2025-15619 LOW 3.5 HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario. Jun 23, 2026