Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21880
Total
1559
Critical
6647
High
6994
Medium
CVE ID Severity Score Description Published
CVE-2026-9142 CRITICAL 9.1 There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may … Jun 19, 2026
CVE-2026-4027 UNKNOWN A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient … Jun 19, 2026
CVE-2026-4026 UNKNOWN A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to … Jun 19, 2026
CVE-2026-49872 UNKNOWN Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a … Jun 19, 2026
CVE-2026-49871 UNKNOWN Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to … Jun 19, 2026
CVE-2026-49357 UNKNOWN Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or … Jun 19, 2026
CVE-2026-49231 UNKNOWN Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This … Jun 19, 2026
CVE-2026-49230 UNKNOWN Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache … Jun 19, 2026
CVE-2026-48895 UNKNOWN URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose … Jun 19, 2026
CVE-2026-48141 MEDIUM 5.3 There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 … Jun 19, 2026
CVE-2026-48140 MEDIUM 6.5 There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially … Jun 19, 2026
CVE-2026-48139 HIGH 7.5 There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of … Jun 19, 2026
CVE-2026-48138 HIGH 7.5 There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of … Jun 19, 2026
CVE-2026-48137 CRITICAL 9.1 There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, … Jun 19, 2026
CVE-2026-47341 UNKNOWN Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue … Jun 19, 2026
CVE-2026-47339 UNKNOWN Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. … Jun 19, 2026
CVE-2026-44915 UNKNOWN URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential … Jun 19, 2026
CVE-2026-44087 UNKNOWN Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof … Jun 19, 2026
CVE-2026-44046 UNKNOWN Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed … Jun 19, 2026
CVE-2026-39999 UNKNOWN Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache … Jun 19, 2026
CVE-2026-39998 UNKNOWN Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects … Jun 19, 2026
CVE-2026-12104 UNKNOWN OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration … Jun 19, 2026
CVE-2025-62821 UNKNOWN Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a … Jun 19, 2026
CVE-2026-56142 CRITICAL 9.9 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible Jun 19, 2026
CVE-2026-56141 CRITICAL 9.8 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible Jun 19, 2026