Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21839
Total
1559
Critical
6635
High
6967
Medium
CVE ID Severity Score Description Published
CVE-2026-54233 MEDIUM 6.5 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded … Jun 22, 2026
CVE-2026-54232 HIGH 8.8 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack … Jun 22, 2026
CVE-2026-53923 UNKNOWN vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize … Jun 22, 2026
CVE-2026-48746 CRITICAL 9.1 vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust … Jun 22, 2026
CVE-2026-47155 MEDIUM 6.5 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all … Jun 22, 2026
CVE-2026-41523 HIGH 7.5 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows … Jun 22, 2026
CVE-2026-12863 UNKNOWN An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains. Jun 22, 2026
CVE-2026-12862 UNKNOWN Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the … Jun 22, 2026
CVE-2026-12581 HIGH 7.5 EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain … Jun 22, 2026
CVE-2026-12580 MEDIUM 5.4 EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon … Jun 22, 2026
CVE-2025-4994 UNKNOWN The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication … Jun 22, 2026
CVE-2023-45796 HIGH 8.1 A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged … Jun 22, 2026
CVE-2023-45795 HIGH 7.8 A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full … Jun 22, 2026
CVE-2026-54665 UNKNOWN Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header … Jun 22, 2026
CVE-2026-44914 UNKNOWN Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. … Jun 22, 2026
CVE-2026-44913 UNKNOWN Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. … Jun 22, 2026
CVE-2026-44911 UNKNOWN Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed … Jun 22, 2026
CVE-2025-66336 UNKNOWN Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, … Jun 22, 2026
CVE-2025-62198 UNKNOWN An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes … Jun 22, 2026
CVE-2026-8157 UNKNOWN The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST … Jun 22, 2026
CVE-2026-7859 UNKNOWN The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify … Jun 22, 2026
CVE-2026-6858 UNKNOWN The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against … Jun 22, 2026
CVE-2026-4259 UNKNOWN The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site … Jun 22, 2026
CVE-2026-4110 UNKNOWN The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site … Jun 22, 2026
CVE-2026-10530 UNKNOWN The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a … Jun 22, 2026