Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21813
Total
1557
Critical
6628
High
6957
Medium
CVE ID Severity Score Description Published
CVE-2026-54327 LOW 2.2 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the … Jun 23, 2026
CVE-2026-54326 LOW 2.5 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not … Jun 23, 2026
CVE-2026-54325 MEDIUM 4.4 Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user … Jun 23, 2026
CVE-2026-53622 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that … Jun 23, 2026
CVE-2026-48491 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that … Jun 23, 2026
CVE-2026-48020 UNKNOWN Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware … Jun 23, 2026
CVE-2026-45792 UNKNOWN rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-local configuration files. RTK … Jun 23, 2026
CVE-2026-39253 HIGH 8.1 An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components. Jun 23, 2026
CVE-2026-55736 UNKNOWN Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is … Jun 23, 2026
CVE-2026-55249 MEDIUM 6.3 @rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into … Jun 23, 2026
CVE-2026-54322 HIGH 7.7 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints … Jun 23, 2026
CVE-2026-54321 HIGH 7.0 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from … Jun 23, 2026
CVE-2026-54320 HIGH 8.4 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted (and declined) … Jun 23, 2026
CVE-2026-54319 MEDIUM 4.2 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference (volumeId, which may … Jun 23, 2026
CVE-2026-53755 HIGH 8.6 Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl … Jun 23, 2026
CVE-2026-53754 HIGH 7.5 Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used … Jun 23, 2026
CVE-2026-53753 CRITICAL 9.8 Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator … Jun 23, 2026
CVE-2026-57062 LOW 2.9 CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes … Jun 23, 2026
CVE-2026-57053 MEDIUM 4.0 GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is … Jun 23, 2026
CVE-2026-55517 MEDIUM 4.3 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed by the … Jun 23, 2026
CVE-2026-54324 MEDIUM 6.5 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification … Jun 23, 2026
CVE-2026-54323 MEDIUM 5.9 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS … Jun 23, 2026
CVE-2026-54318 HIGH 7.1 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no … Jun 23, 2026
CVE-2026-54317 HIGH 7.6 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, … Jun 23, 2026
CVE-2026-54316 UNKNOWN Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, … Jun 23, 2026