Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21960
Total
1564
Critical
6679
High
7025
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-7003 | HIGH | 7.8 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the … | Jun 12, 2026 |
| CVE-2025-7002 | HIGH | 7.8 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the … | Jun 12, 2026 |
| CVE-2020-2521 | UNKNOWN | — | Rejected reason: This candidate was issued in error. | Jun 12, 2026 |
| CVE-2026-54397 | UNKNOWN | — | A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an … | Jun 12, 2026 |
| CVE-2026-54396 | UNKNOWN | — | An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was … | Jun 12, 2026 |
| CVE-2026-54395 | UNKNOWN | — | MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML … | Jun 12, 2026 |
| CVE-2026-54394 | UNKNOWN | — | MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid … | Jun 12, 2026 |
| CVE-2026-54393 | UNKNOWN | — | A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal(), … | Jun 12, 2026 |
| CVE-2026-54362 | UNKNOWN | — | An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their … | Jun 12, 2026 |
| CVE-2026-54057 | UNKNOWN | — | Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the … | Jun 12, 2026 |
| CVE-2026-54056 | HIGH | 7.6 | Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate … | Jun 12, 2026 |
| CVE-2026-53607 | LOW | 3.7 | ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@apostrophecms/file` (a documented SEO … | Jun 12, 2026 |
| CVE-2026-53606 | MEDIUM | 5.4 | ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 … | Jun 12, 2026 |
| CVE-2026-4870 | HIGH | 7.5 | IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion … | Jun 12, 2026 |
| CVE-2026-47264 | MEDIUM | 5.3 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializer#tag_group_names returned every tag … | Jun 12, 2026 |
| CVE-2026-47263 | MEDIUM | 4.3 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for … | Jun 12, 2026 |
| CVE-2026-45775 | MEDIUM | 6.8 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability … | Jun 12, 2026 |
| CVE-2026-45085 | MEDIUM | 5.3 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in … | Jun 12, 2026 |
| CVE-2026-45014 | UNKNOWN | — | ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name … | Jun 12, 2026 |
| CVE-2026-45013 | HIGH | 8.1 | ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using … | Jun 12, 2026 |
| CVE-2026-45012 | HIGH | 7.6 | ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery (SSRF) in the rich-text widget … | Jun 12, 2026 |
| CVE-2026-45011 | HIGH | 7.3 | ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the … | Jun 12, 2026 |
| CVE-2026-44990 | CRITICAL | 9.3 | ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of … | Jun 12, 2026 |
| CVE-2026-44786 | HIGH | 7.5 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public … | Jun 12, 2026 |
| CVE-2026-44785 | MEDIUM | 4.3 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper … | Jun 12, 2026 |