Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20369
Total
1466
Critical
6173
High
6472
Medium
CVE ID Severity Score Description Published
CVE-2026-11950 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jul 01, 2026
CVE-2026-55793 UNKNOWN Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in … Jul 01, 2026
CVE-2026-54712 MEDIUM 5.3 OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number … Jul 01, 2026
CVE-2026-54704 MEDIUM 6.5 OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in … Jul 01, 2026
CVE-2026-54263 HIGH 7.3 Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists … Jul 01, 2026
CVE-2026-54262 MEDIUM 4.3 Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can … Jul 01, 2026
CVE-2026-54261 MEDIUM 6.5 Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check … Jul 01, 2026
CVE-2026-54260 MEDIUM 4.3 Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger … Jul 01, 2026
CVE-2026-54259 MEDIUM 4.3 Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen … Jul 01, 2026
CVE-2026-52190 HIGH 7.5 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component Jul 01, 2026
CVE-2026-52186 CRITICAL 9.8 SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component Jul 01, 2026
CVE-2026-38891 HIGH 7.5 An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist … Jul 01, 2026
CVE-2026-36912 HIGH 7.5 A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a … Jul 01, 2026
CVE-2026-36911 MEDIUM 5.5 A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted … Jul 01, 2026
CVE-2026-36910 MEDIUM 5.5 An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted … Jul 01, 2026
CVE-2026-36909 MEDIUM 6.2 A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a … Jul 01, 2026
CVE-2026-58263 HIGH 7.2 Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer … Jul 01, 2026
CVE-2026-55886 UNKNOWN Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution … Jul 01, 2026
CVE-2026-55661 UNKNOWN Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not … Jul 01, 2026
CVE-2026-55660 UNKNOWN Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable … Jul 01, 2026
CVE-2026-55153 HIGH 7.1 mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory … Jul 01, 2026
CVE-2026-54786 UNKNOWN Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions … Jul 01, 2026
CVE-2026-54756 UNKNOWN Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configure(options) — and the … Jul 01, 2026
CVE-2026-54720 MEDIUM 5.4 Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS … Jul 01, 2026
CVE-2026-54074 HIGH 7.8 Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal … Jul 01, 2026