Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20369
Total
1466
Critical
6173
High
6472
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-11950 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jul 01, 2026 |
| CVE-2026-55793 | UNKNOWN | — | Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in … | Jul 01, 2026 |
| CVE-2026-54712 | MEDIUM | 5.3 | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number … | Jul 01, 2026 |
| CVE-2026-54704 | MEDIUM | 6.5 | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in … | Jul 01, 2026 |
| CVE-2026-54263 | HIGH | 7.3 | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists … | Jul 01, 2026 |
| CVE-2026-54262 | MEDIUM | 4.3 | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can … | Jul 01, 2026 |
| CVE-2026-54261 | MEDIUM | 6.5 | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check … | Jul 01, 2026 |
| CVE-2026-54260 | MEDIUM | 4.3 | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger … | Jul 01, 2026 |
| CVE-2026-54259 | MEDIUM | 4.3 | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen … | Jul 01, 2026 |
| CVE-2026-52190 | HIGH | 7.5 | Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component | Jul 01, 2026 |
| CVE-2026-52186 | CRITICAL | 9.8 | SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component | Jul 01, 2026 |
| CVE-2026-38891 | HIGH | 7.5 | An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist … | Jul 01, 2026 |
| CVE-2026-36912 | HIGH | 7.5 | A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a … | Jul 01, 2026 |
| CVE-2026-36911 | MEDIUM | 5.5 | A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted … | Jul 01, 2026 |
| CVE-2026-36910 | MEDIUM | 5.5 | An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted … | Jul 01, 2026 |
| CVE-2026-36909 | MEDIUM | 6.2 | A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a … | Jul 01, 2026 |
| CVE-2026-58263 | HIGH | 7.2 | Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer … | Jul 01, 2026 |
| CVE-2026-55886 | UNKNOWN | — | Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution … | Jul 01, 2026 |
| CVE-2026-55661 | UNKNOWN | — | Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not … | Jul 01, 2026 |
| CVE-2026-55660 | UNKNOWN | — | Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable … | Jul 01, 2026 |
| CVE-2026-55153 | HIGH | 7.1 | mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory … | Jul 01, 2026 |
| CVE-2026-54786 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions … | Jul 01, 2026 |
| CVE-2026-54756 | UNKNOWN | — | Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configure(options) — and the … | Jul 01, 2026 |
| CVE-2026-54720 | MEDIUM | 5.4 | Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS … | Jul 01, 2026 |
| CVE-2026-54074 | HIGH | 7.8 | Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal … | Jul 01, 2026 |