Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21813
Total
1557
Critical
6628
High
6957
Medium
CVE ID Severity Score Description Published
CVE-2026-49440 HIGH 7.4 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin rounds at all when the … Jun 23, 2026
CVE-2026-49411 MEDIUM 6.5 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before … Jun 23, 2026
CVE-2026-49406 MEDIUM 5.5 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode (nodeModulesDir: "manual"), the module resolver did not … Jun 23, 2026
CVE-2026-49402 HIGH 8.1 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:child_process implementation provided an escapeShellArg() helper used when callers passed shell: true to … Jun 23, 2026
CVE-2026-49401 HIGH 7.3 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against … Jun 23, 2026
CVE-2026-45692 MEDIUM 5.4 Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not … Jun 23, 2026
CVE-2026-45135 HIGH 8.1 Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase … Jun 23, 2026
CVE-2026-44726 HIGH 7.4 Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client … Jun 23, 2026
CVE-2026-0864 UNKNOWN When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with … Jun 23, 2026
CVE-2025-71382 MEDIUM 6.5 MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by … Jun 23, 2026
CVE-2025-61029 HIGH 7.5 An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61024 HIGH 7.5 An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2020-9713 MEDIUM 5.5 Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could … Jun 23, 2026
CVE-2020-9711 MEDIUM 5.5 Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An … Jun 23, 2026
CVE-2020-9695 HIGH 7.8 Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the … Jun 23, 2026
CVE-2026-56968 LOW 3.7 GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted … Jun 23, 2026
CVE-2026-56117 MEDIUM 4.7 dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to … Jun 23, 2026
CVE-2026-56116 MEDIUM 6.5 dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link … Jun 23, 2026
CVE-2026-56115 MEDIUM 5.3 dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write … Jun 23, 2026
CVE-2026-56114 MEDIUM 5.3 dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write … Jun 23, 2026
CVE-2026-56113 MEDIUM 5.3 dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted … Jun 23, 2026
CVE-2026-55450 CRITICAL 9.3 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the … Jun 23, 2026
CVE-2026-55447 CRITICAL 9.6 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, … Jun 23, 2026
CVE-2026-55446 HIGH 7.5 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication … Jun 23, 2026
CVE-2026-55423 MEDIUM 6.1 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous … Jun 23, 2026