Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21987
Total
1565
Critical
6684
High
7043
Medium
CVE ID Severity Score Description Published
CVE-2026-47141 UNKNOWN vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The … Jun 12, 2026
CVE-2026-47140 CRITICAL 10.0 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, … Jun 12, 2026
CVE-2026-47139 HIGH 8.6 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this … Jun 12, 2026
CVE-2026-47137 CRITICAL 10.0 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that … Jun 12, 2026
CVE-2026-47135 HIGH 8.7 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. … Jun 12, 2026
CVE-2026-47131 CRITICAL 10.0 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), and Node.js's ERR_INVALID_ARG_TYPE Error, the … Jun 12, 2026
CVE-2026-46340 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete … Jun 12, 2026
CVE-2026-45674 HIGH 8.7 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the … Jun 12, 2026
CVE-2026-45673 MEDIUM 6.8 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable … Jun 12, 2026
CVE-2026-45536 MEDIUM 4.0 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` … Jun 12, 2026
CVE-2026-45416 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake … Jun 12, 2026
CVE-2026-44894 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. … Jun 12, 2026
CVE-2026-44893 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL … Jun 12, 2026
CVE-2026-44205 UNKNOWN Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to … Jun 12, 2026
CVE-2026-41581 UNKNOWN Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been … Jun 12, 2026
CVE-2026-10557 CRITICAL 9.8 The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in … Jun 12, 2026
CVE-2026-54102 UNKNOWN Rejected reason: Reserved but no longer needed. Jun 12, 2026
CVE-2026-54101 UNKNOWN Rejected reason: Reserved but no longer needed. Jun 12, 2026
CVE-2026-49993 UNKNOWN Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there … Jun 12, 2026
CVE-2026-47200 UNKNOWN Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 … Jun 12, 2026
CVE-2026-46342 UNKNOWN Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 … Jun 12, 2026
CVE-2026-45670 UNKNOWN Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is … Jun 12, 2026
CVE-2026-45669 UNKNOWN Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates … Jun 12, 2026
CVE-2026-1836 UNKNOWN The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform … Jun 12, 2026
CVE-2026-12066 HIGH 7.3 A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password … Jun 12, 2026