Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21813
Total
1557
Critical
6628
High
6957
Medium
CVE ID Severity Score Description Published
CVE-2026-44789 CRITICAL 9.9 n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could … Jun 23, 2026
CVE-2026-42867 MEDIUM 6.5 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases … Jun 23, 2026
CVE-2026-34917 MEDIUM 4.3 Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An … Jun 23, 2026
CVE-2026-34916 HIGH 8.8 A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical … Jun 23, 2026
CVE-2026-34915 MEDIUM 6.1 A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid … Jun 23, 2026
CVE-2026-34914 HIGH 8.3 A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to … Jun 23, 2026
CVE-2026-34913 MEDIUM 4.3 A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user … Jun 23, 2026
CVE-2026-34912 MEDIUM 4.3 A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via … Jun 23, 2026
CVE-2026-33760 HIGH 8.8 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, … Jun 23, 2026
CVE-2026-13007 HIGH 7.5 Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and … Jun 23, 2026
CVE-2026-12958 HIGH 7.8 Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a … Jun 23, 2026
CVE-2026-12957 HIGH 7.8 Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a … Jun 23, 2026
CVE-2026-11940 UNKNOWN tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name … Jun 23, 2026
CVE-2025-61028 UNKNOWN An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61027 UNKNOWN An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61025 HIGH 7.5 An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61023 UNKNOWN An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61022 HIGH 7.5 An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61021 UNKNOWN An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61020 HIGH 7.5 An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61019 UNKNOWN An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-61018 HIGH 7.5 An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Jun 23, 2026
CVE-2025-13162 MEDIUM 4.4 Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for … Jun 23, 2026
CVE-2026-56696 MEDIUM 5.4 OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can … Jun 23, 2026
CVE-2026-56695 MEDIUM 6.5 OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. … Jun 23, 2026