Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21632
Total
1549
Critical
6586
High
6915
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-55568 | MEDIUM | 5.9 | Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the … | Jun 23, 2026 |
| CVE-2026-54314 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on … | Jun 23, 2026 |
| CVE-2026-54313 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in … | Jun 23, 2026 |
| CVE-2026-54312 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype … | Jun 23, 2026 |
| CVE-2026-54311 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute … | Jun 23, 2026 |
| CVE-2026-54310 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply … | Jun 23, 2026 |
| CVE-2026-54309 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts … | Jun 23, 2026 |
| CVE-2026-54303 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter … | Jun 23, 2026 |
| CVE-2026-52673 | MEDIUM | 6.5 | SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component | Jun 23, 2026 |
| CVE-2025-62180 | UNKNOWN | — | Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted … | Jun 23, 2026 |
| CVE-2025-55639 | MEDIUM | 6.5 | GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial … | Jun 23, 2026 |
| CVE-2025-15619 | LOW | 3.5 | HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario. | Jun 23, 2026 |
| CVE-2026-56815 | HIGH | 7.4 | pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor. | Jun 23, 2026 |
| CVE-2026-35019 | HIGH | 8.1 | NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded … | Jun 23, 2026 |
| CVE-2026-35018 | HIGH | 8.8 | NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root … | Jun 23, 2026 |
| CVE-2026-28496 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulnerability in the template rendering … | Jun 23, 2026 |
| CVE-2026-27604 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API … | Jun 23, 2026 |
| CVE-2026-12969 | MEDIUM | 5.3 | An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that … | Jun 23, 2026 |
| CVE-2026-11772 | UNKNOWN | — | DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary … | Jun 23, 2026 |
| CVE-2026-10609 | MEDIUM | 6.8 | A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that … | Jun 23, 2026 |
| CVE-2026-56784 | HIGH | 8.1 | OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms … | Jun 23, 2026 |
| CVE-2026-56762 | MEDIUM | 5.3 | Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control … | Jun 23, 2026 |
| CVE-2026-56701 | MEDIUM | 6.5 | Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application … | Jun 23, 2026 |
| CVE-2026-56379 | NONE | — | ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can … | Jun 23, 2026 |
| CVE-2026-56376 | LOW | 3.7 | ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale … | Jun 23, 2026 |