Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21901
Total
1562
Critical
6653
High
6999
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-49871 | UNKNOWN | — | Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to … | Jun 19, 2026 |
| CVE-2026-49357 | UNKNOWN | — | Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or … | Jun 19, 2026 |
| CVE-2026-49231 | UNKNOWN | — | Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This … | Jun 19, 2026 |
| CVE-2026-49230 | UNKNOWN | — | Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache … | Jun 19, 2026 |
| CVE-2026-48895 | UNKNOWN | — | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose … | Jun 19, 2026 |
| CVE-2026-48141 | MEDIUM | 5.3 | There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 … | Jun 19, 2026 |
| CVE-2026-48140 | MEDIUM | 6.5 | There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially … | Jun 19, 2026 |
| CVE-2026-48139 | HIGH | 7.5 | There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of … | Jun 19, 2026 |
| CVE-2026-48138 | HIGH | 7.5 | There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of … | Jun 19, 2026 |
| CVE-2026-48137 | CRITICAL | 9.1 | There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, … | Jun 19, 2026 |
| CVE-2026-47341 | UNKNOWN | — | Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue … | Jun 19, 2026 |
| CVE-2026-47339 | UNKNOWN | — | Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. … | Jun 19, 2026 |
| CVE-2026-44915 | UNKNOWN | — | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential … | Jun 19, 2026 |
| CVE-2026-44087 | UNKNOWN | — | Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof … | Jun 19, 2026 |
| CVE-2026-44046 | UNKNOWN | — | Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed … | Jun 19, 2026 |
| CVE-2026-39999 | UNKNOWN | — | Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache … | Jun 19, 2026 |
| CVE-2026-39998 | UNKNOWN | — | Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects … | Jun 19, 2026 |
| CVE-2026-12104 | UNKNOWN | — | OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration … | Jun 19, 2026 |
| CVE-2025-62821 | UNKNOWN | — | Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a … | Jun 19, 2026 |
| CVE-2026-56142 | CRITICAL | 9.9 | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible | Jun 19, 2026 |
| CVE-2026-56141 | CRITICAL | 9.8 | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible | Jun 19, 2026 |
| CVE-2026-53915 | HIGH | 7.1 | In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration | Jun 19, 2026 |
| CVE-2026-50242 | CRITICAL | 10.0 | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible | Jun 19, 2026 |
| CVE-2026-44939 | UNKNOWN | — | A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out … | Jun 19, 2026 |
| CVE-2026-12706 | MEDIUM | 6.5 | A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation … | Jun 19, 2026 |