Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21901
Total
1562
Critical
6653
High
6999
Medium
CVE ID Severity Score Description Published
CVE-2026-49871 UNKNOWN Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to … Jun 19, 2026
CVE-2026-49357 UNKNOWN Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or … Jun 19, 2026
CVE-2026-49231 UNKNOWN Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This … Jun 19, 2026
CVE-2026-49230 UNKNOWN Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache … Jun 19, 2026
CVE-2026-48895 UNKNOWN URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose … Jun 19, 2026
CVE-2026-48141 MEDIUM 5.3 There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 … Jun 19, 2026
CVE-2026-48140 MEDIUM 6.5 There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially … Jun 19, 2026
CVE-2026-48139 HIGH 7.5 There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of … Jun 19, 2026
CVE-2026-48138 HIGH 7.5 There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of … Jun 19, 2026
CVE-2026-48137 CRITICAL 9.1 There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, … Jun 19, 2026
CVE-2026-47341 UNKNOWN Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue … Jun 19, 2026
CVE-2026-47339 UNKNOWN Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. … Jun 19, 2026
CVE-2026-44915 UNKNOWN URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential … Jun 19, 2026
CVE-2026-44087 UNKNOWN Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof … Jun 19, 2026
CVE-2026-44046 UNKNOWN Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed … Jun 19, 2026
CVE-2026-39999 UNKNOWN Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache … Jun 19, 2026
CVE-2026-39998 UNKNOWN Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects … Jun 19, 2026
CVE-2026-12104 UNKNOWN OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration … Jun 19, 2026
CVE-2025-62821 UNKNOWN Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a … Jun 19, 2026
CVE-2026-56142 CRITICAL 9.9 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible Jun 19, 2026
CVE-2026-56141 CRITICAL 9.8 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible Jun 19, 2026
CVE-2026-53915 HIGH 7.1 In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration Jun 19, 2026
CVE-2026-50242 CRITICAL 10.0 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible Jun 19, 2026
CVE-2026-44939 UNKNOWN A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out … Jun 19, 2026
CVE-2026-12706 MEDIUM 6.5 A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation … Jun 19, 2026