Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21987
Total
1565
Critical
6684
High
7043
Medium
CVE ID Severity Score Description Published
CVE-2026-46690 MEDIUM 5.8 unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At … Jun 12, 2026
CVE-2026-45833 UNKNOWN A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server … Jun 12, 2026
CVE-2026-45832 UNKNOWN All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls … Jun 12, 2026
CVE-2026-45831 UNKNOWN The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks … Jun 12, 2026
CVE-2026-45830 UNKNOWN A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or … Jun 12, 2026
CVE-2026-44976 UNKNOWN Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has … Jun 12, 2026
CVE-2026-44975 UNKNOWN Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. … Jun 12, 2026
CVE-2026-44967 MEDIUM 5.3 OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response into an in-memory vector … Jun 12, 2026
CVE-2026-44208 UNKNOWN Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to … Jun 12, 2026
CVE-2026-44207 UNKNOWN Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration … Jun 12, 2026
CVE-2026-44206 UNKNOWN Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has … Jun 12, 2026
CVE-2026-40677 UNKNOWN The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution. Jun 12, 2026
CVE-2026-8694 MEDIUM 5.3 Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints. Jun 12, 2026
CVE-2026-7368 HIGH 8.1 The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can … Jun 12, 2026
CVE-2026-6853 CRITICAL 9.8 Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This … Jun 12, 2026
CVE-2026-6211 HIGH 8.7 Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue … Jun 12, 2026
CVE-2026-54133 CRITICAL 9.8 jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. … Jun 12, 2026
CVE-2026-53787 CRITICAL 9.8 Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to … Jun 12, 2026
CVE-2026-53722 UNKNOWN Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, <NuxtLink> did not validate the URL scheme of values bound … Jun 12, 2026
CVE-2026-53721 UNKNOWN Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware … Jun 12, 2026
CVE-2026-47739 UNKNOWN Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This … Jun 12, 2026
CVE-2026-47244 MEDIUM 5.3 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and … Jun 12, 2026
CVE-2026-47210 CRITICAL 9.8 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host … Jun 12, 2026
CVE-2026-47209 HIGH 8.6 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally … Jun 12, 2026
CVE-2026-47208 CRITICAL 10.0 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code … Jun 12, 2026