Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21632
Total
1549
Critical
6586
High
6915
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45135 | HIGH | 8.1 | Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase … | Jun 23, 2026 |
| CVE-2026-44726 | HIGH | 7.4 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client … | Jun 23, 2026 |
| CVE-2026-0864 | UNKNOWN | — | When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with … | Jun 23, 2026 |
| CVE-2025-71382 | MEDIUM | 6.5 | MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by … | Jun 23, 2026 |
| CVE-2025-61029 | HIGH | 7.5 | An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61024 | HIGH | 7.5 | An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2020-9713 | MEDIUM | 5.5 | Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could … | Jun 23, 2026 |
| CVE-2020-9711 | MEDIUM | 5.5 | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An … | Jun 23, 2026 |
| CVE-2020-9695 | HIGH | 7.8 | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the … | Jun 23, 2026 |
| CVE-2026-56968 | LOW | 3.7 | GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted … | Jun 23, 2026 |
| CVE-2026-56117 | MEDIUM | 4.7 | dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to … | Jun 23, 2026 |
| CVE-2026-56116 | MEDIUM | 6.5 | dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link … | Jun 23, 2026 |
| CVE-2026-56115 | MEDIUM | 5.3 | dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write … | Jun 23, 2026 |
| CVE-2026-56114 | MEDIUM | 5.3 | dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write … | Jun 23, 2026 |
| CVE-2026-56113 | MEDIUM | 5.3 | dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted … | Jun 23, 2026 |
| CVE-2026-55450 | CRITICAL | 9.3 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the … | Jun 23, 2026 |
| CVE-2026-55447 | CRITICAL | 9.6 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, … | Jun 23, 2026 |
| CVE-2026-55446 | HIGH | 7.5 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication … | Jun 23, 2026 |
| CVE-2026-55423 | MEDIUM | 6.1 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous … | Jun 23, 2026 |
| CVE-2026-55255 | CRITICAL | 9.9 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint … | Jun 23, 2026 |
| CVE-2026-54308 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As … | Jun 23, 2026 |
| CVE-2026-54307 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could … | Jun 23, 2026 |
| CVE-2026-54306 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject … | Jun 23, 2026 |
| CVE-2026-54305 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any … | Jun 23, 2026 |
| CVE-2026-54304 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and … | Jun 23, 2026 |