Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21987
Total
1565
Critical
6684
High
7043
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47141 | UNKNOWN | — | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The … | Jun 12, 2026 |
| CVE-2026-47140 | CRITICAL | 10.0 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, … | Jun 12, 2026 |
| CVE-2026-47139 | HIGH | 8.6 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this … | Jun 12, 2026 |
| CVE-2026-47137 | CRITICAL | 10.0 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that … | Jun 12, 2026 |
| CVE-2026-47135 | HIGH | 8.7 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. … | Jun 12, 2026 |
| CVE-2026-47131 | CRITICAL | 10.0 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), and Node.js's ERR_INVALID_ARG_TYPE Error, the … | Jun 12, 2026 |
| CVE-2026-46340 | HIGH | 7.5 | Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete … | Jun 12, 2026 |
| CVE-2026-45674 | HIGH | 8.7 | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the … | Jun 12, 2026 |
| CVE-2026-45673 | MEDIUM | 6.8 | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable … | Jun 12, 2026 |
| CVE-2026-45536 | MEDIUM | 4.0 | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` … | Jun 12, 2026 |
| CVE-2026-45416 | HIGH | 7.5 | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake … | Jun 12, 2026 |
| CVE-2026-44894 | HIGH | 7.5 | Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. … | Jun 12, 2026 |
| CVE-2026-44893 | HIGH | 7.5 | Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL … | Jun 12, 2026 |
| CVE-2026-44205 | UNKNOWN | — | Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to … | Jun 12, 2026 |
| CVE-2026-41581 | UNKNOWN | — | Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been … | Jun 12, 2026 |
| CVE-2026-10557 | CRITICAL | 9.8 | The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in … | Jun 12, 2026 |
| CVE-2026-54102 | UNKNOWN | — | Rejected reason: Reserved but no longer needed. | Jun 12, 2026 |
| CVE-2026-54101 | UNKNOWN | — | Rejected reason: Reserved but no longer needed. | Jun 12, 2026 |
| CVE-2026-49993 | UNKNOWN | — | Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there … | Jun 12, 2026 |
| CVE-2026-47200 | UNKNOWN | — | Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 … | Jun 12, 2026 |
| CVE-2026-46342 | UNKNOWN | — | Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 … | Jun 12, 2026 |
| CVE-2026-45670 | UNKNOWN | — | Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is … | Jun 12, 2026 |
| CVE-2026-45669 | UNKNOWN | — | Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates … | Jun 12, 2026 |
| CVE-2026-1836 | UNKNOWN | — | The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform … | Jun 12, 2026 |
| CVE-2026-12066 | HIGH | 7.3 | A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password … | Jun 12, 2026 |