Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21960
Total
1564
Critical
6679
High
7025
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53724 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the … | Jun 12, 2026 |
| CVE-2026-53408 | HIGH | 8.1 | Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated … | Jun 12, 2026 |
| CVE-2026-53407 | HIGH | 8.1 | Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated … | Jun 12, 2026 |
| CVE-2026-50244 | MEDIUM | 5.3 | The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership … | Jun 12, 2026 |
| CVE-2026-50108 | HIGH | 7.5 | The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. … | Jun 12, 2026 |
| CVE-2026-50101 | HIGH | 8.1 | Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid … | Jun 12, 2026 |
| CVE-2026-50099 | MEDIUM | 4.6 | During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production … | Jun 12, 2026 |
| CVE-2026-50008 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.3, … | Jun 12, 2026 |
| CVE-2026-47248 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse … | Jun 12, 2026 |
| CVE-2026-47236 | MEDIUM | 4.3 | Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members … | Jun 12, 2026 |
| CVE-2026-47138 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an … | Jun 12, 2026 |
| CVE-2026-42947 | HIGH | 8.8 | A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because … | Jun 12, 2026 |
| CVE-2026-42932 | MEDIUM | 5.3 | Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an … | Jun 12, 2026 |
| CVE-2026-42306 | HIGH | 7.2 | Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to … | Jun 12, 2026 |
| CVE-2026-41568 | MEDIUM | 6.1 | Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to … | Jun 12, 2026 |
| CVE-2026-28742 | CRITICAL | 9.8 | Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any … | Jun 12, 2026 |
| CVE-2026-12143 | HIGH | 7.5 | form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim … | Jun 12, 2026 |
| CVE-2026-12043 | HIGH | 8.8 | Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to … | Jun 12, 2026 |
| CVE-2026-10715 | UNKNOWN | — | Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST … | Jun 12, 2026 |
| CVE-2026-53406 | HIGH | 7.8 | Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an … | Jun 12, 2026 |
| CVE-2026-48558 | CRITICAL | 10.0 | SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity … | Jun 12, 2026 |
| CVE-2026-48165 | HIGH | 8.0 | MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 … | Jun 12, 2026 |
| CVE-2026-48163 | HIGH | 8.0 | MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 … | Jun 12, 2026 |
| CVE-2026-47965 | HIGH | 7.8 | Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | Jun 12, 2026 |
| CVE-2026-47225 | UNKNOWN | — | Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both … | Jun 12, 2026 |