Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21632
Total
1549
Critical
6586
High
6915
Medium
CVE ID Severity Score Description Published
CVE-2026-56371 NONE ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is … Jun 23, 2026
CVE-2026-56322 HIGH 7.5 Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to … Jun 23, 2026
CVE-2026-56315 CRITICAL 9.8 picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide … Jun 23, 2026
CVE-2026-56301 MEDIUM 5.5 Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace … Jun 23, 2026
CVE-2026-56275 UNKNOWN Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses … Jun 23, 2026
CVE-2026-56274 CRITICAL 9.9 Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in … Jun 23, 2026
CVE-2026-56263 MEDIUM 6.1 Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An … Jun 23, 2026
CVE-2026-56258 HIGH 8.1 Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended … Jun 23, 2026
CVE-2026-56248 HIGH 7.5 Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the audit_logs table's Row-Level Security (RLS) policy when accessed via the Supabase PostgREST … Jun 23, 2026
CVE-2026-56243 HIGH 8.1 Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforce_hashed_api_keys being enabled. … Jun 23, 2026
CVE-2026-56234 MEDIUM 5.3 Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that is callable using only the public Supabase key without authentication. The … Jun 23, 2026
CVE-2026-56225 HIGH 8.3 Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys created with mode=all but restricted to a … Jun 23, 2026
CVE-2026-56222 HIGH 7.2 Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with … Jun 23, 2026
CVE-2026-54892 UNKNOWN Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 (and Plug.Conn.Query.decode_each/2) parse query strings and application/x-www-form-urlencoded … Jun 23, 2026
CVE-2026-4610 MEDIUM 6.4 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author function … Jun 23, 2026
CVE-2026-44089 UNKNOWN Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to … Jun 23, 2026
CVE-2026-10857 MEDIUM 6.1 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. … Jun 23, 2026
CVE-2026-10711 HIGH 8.8 Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs. … Jun 23, 2026
CVE-2025-71376 HIGH 8.1 picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary … Jun 23, 2026
CVE-2025-71370 HIGH 8.1 picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and … Jun 23, 2026
CVE-2025-71365 HIGH 8.1 picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary … Jun 23, 2026
CVE-2025-71341 HIGH 8.1 picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious … Jun 23, 2026
CVE-2025-71337 HIGH 8.3 Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as … Jun 23, 2026
CVE-2023-54365 HIGH 7.5 Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / … Jun 23, 2026
CVE-2026-4983 MEDIUM 4.1 Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such … Jun 23, 2026