Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21632
Total
1549
Critical
6586
High
6915
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34913 | MEDIUM | 4.3 | A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user … | Jun 23, 2026 |
| CVE-2026-34912 | MEDIUM | 4.3 | A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via … | Jun 23, 2026 |
| CVE-2026-33760 | HIGH | 8.8 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, … | Jun 23, 2026 |
| CVE-2026-13007 | HIGH | 7.5 | Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and … | Jun 23, 2026 |
| CVE-2026-12958 | HIGH | 7.8 | Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a … | Jun 23, 2026 |
| CVE-2026-12957 | HIGH | 7.8 | Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a … | Jun 23, 2026 |
| CVE-2026-11940 | UNKNOWN | — | tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name … | Jun 23, 2026 |
| CVE-2025-61028 | UNKNOWN | — | An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61027 | UNKNOWN | — | An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61025 | HIGH | 7.5 | An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61023 | UNKNOWN | — | An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61022 | HIGH | 7.5 | An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61021 | UNKNOWN | — | An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61020 | HIGH | 7.5 | An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61019 | UNKNOWN | — | An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-61018 | HIGH | 7.5 | An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | Jun 23, 2026 |
| CVE-2025-13162 | MEDIUM | 4.4 | Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for … | Jun 23, 2026 |
| CVE-2026-56696 | MEDIUM | 5.4 | OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can … | Jun 23, 2026 |
| CVE-2026-56695 | MEDIUM | 6.5 | OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. … | Jun 23, 2026 |
| CVE-2026-56694 | MEDIUM | 5.4 | NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped … | Jun 23, 2026 |
| CVE-2026-56693 | MEDIUM | 5.5 | NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers … | Jun 23, 2026 |
| CVE-2026-56692 | MEDIUM | 5.5 | NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only … | Jun 23, 2026 |
| CVE-2026-56402 | MEDIUM | 6.5 | NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can … | Jun 23, 2026 |
| CVE-2026-55767 | MEDIUM | 5.8 | Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain() removes leading … | Jun 23, 2026 |
| CVE-2026-55766 | MEDIUM | 4.8 | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: … | Jun 23, 2026 |