Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21960
Total
1564
Critical
6679
High
7025
Medium
CVE ID Severity Score Description Published
CVE-2025-7003 HIGH 7.8 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the … Jun 12, 2026
CVE-2025-7002 HIGH 7.8 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the … Jun 12, 2026
CVE-2020-2521 UNKNOWN Rejected reason: This candidate was issued in error. Jun 12, 2026
CVE-2026-54397 UNKNOWN A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an … Jun 12, 2026
CVE-2026-54396 UNKNOWN An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was … Jun 12, 2026
CVE-2026-54395 UNKNOWN MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML … Jun 12, 2026
CVE-2026-54394 UNKNOWN MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid … Jun 12, 2026
CVE-2026-54393 UNKNOWN A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal(), … Jun 12, 2026
CVE-2026-54362 UNKNOWN An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their … Jun 12, 2026
CVE-2026-54057 UNKNOWN Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the … Jun 12, 2026
CVE-2026-54056 HIGH 7.6 Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate … Jun 12, 2026
CVE-2026-53607 LOW 3.7 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@apostrophecms/file` (a documented SEO … Jun 12, 2026
CVE-2026-53606 MEDIUM 5.4 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 … Jun 12, 2026
CVE-2026-4870 HIGH 7.5 IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion … Jun 12, 2026
CVE-2026-47264 MEDIUM 5.3 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializer#tag_group_names returned every tag … Jun 12, 2026
CVE-2026-47263 MEDIUM 4.3 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for … Jun 12, 2026
CVE-2026-45775 MEDIUM 6.8 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability … Jun 12, 2026
CVE-2026-45085 MEDIUM 5.3 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in … Jun 12, 2026
CVE-2026-45014 UNKNOWN ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name … Jun 12, 2026
CVE-2026-45013 HIGH 8.1 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using … Jun 12, 2026
CVE-2026-45012 HIGH 7.6 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery (SSRF) in the rich-text widget … Jun 12, 2026
CVE-2026-45011 HIGH 7.3 ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the … Jun 12, 2026
CVE-2026-44990 CRITICAL 9.3 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of … Jun 12, 2026
CVE-2026-44786 HIGH 7.5 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public … Jun 12, 2026
CVE-2026-44785 MEDIUM 4.3 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper … Jun 12, 2026