Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21632
Total
1549
Critical
6586
High
6915
Medium
CVE ID Severity Score Description Published
CVE-2026-46552 MEDIUM 5.8 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the … Jun 23, 2026
CVE-2026-46551 MEDIUM 6.5 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NC_ATTACHMENT_FIELD_SIZE against the … Jun 23, 2026
CVE-2026-46550 MEDIUM 5.4 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag … Jun 23, 2026
CVE-2026-46549 LOW 2.0 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_resources to the request user, but the … Jun 23, 2026
CVE-2026-46548 MEDIUM 4.3 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins (Slack, Discord, … Jun 23, 2026
CVE-2026-46547 MEDIUM 6.1 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and … Jun 23, 2026
CVE-2026-41862 HIGH 8.8 Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which … Jun 23, 2026
CVE-2026-23513 UNKNOWN FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients … Jun 23, 2026
CVE-2026-12892 MEDIUM 4.4 A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, … Jun 23, 2026
CVE-2026-12891 MEDIUM 4.3 A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 … Jun 23, 2026
CVE-2026-12112 HIGH 7.8 A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to … Jun 23, 2026
CVE-2026-11820 MEDIUM 6.5 Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: api_key and api_secret are declared no_log=True at the input level, but both credentials are immediately URL-encoded … Jun 23, 2026
CVE-2026-11819 MEDIUM 5.5 Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential … Jun 23, 2026
CVE-2026-11807 CRITICAL 9.6 A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. … Jun 23, 2026
CVE-2025-64105 UNKNOWN FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to … Jun 23, 2026
CVE-2026-54762 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider … Jun 23, 2026
CVE-2026-54761 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider … Jun 23, 2026
CVE-2026-54555 HIGH 7.8 rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several … Jun 23, 2026
CVE-2026-54328 HIGH 7.3 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under … Jun 23, 2026
CVE-2026-54327 LOW 2.2 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the … Jun 23, 2026
CVE-2026-54326 LOW 2.5 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not … Jun 23, 2026
CVE-2026-54325 MEDIUM 4.4 Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user … Jun 23, 2026
CVE-2026-53622 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that … Jun 23, 2026
CVE-2026-48491 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that … Jun 23, 2026
CVE-2026-48020 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware … Jun 23, 2026