Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20369
Total
1466
Critical
6173
High
6472
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-50521 | HIGH | 8.3 | Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | Jul 01, 2026 |
| CVE-2026-14340 | UNKNOWN | — | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write … | Jul 01, 2026 |
| CVE-2026-58593 | HIGH | 7.5 | NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and … | Jul 01, 2026 |
| CVE-2026-58592 | HIGH | 8.3 | Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM … | Jul 01, 2026 |
| CVE-2026-58457 | CRITICAL | 9.8 | Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by … | Jul 01, 2026 |
| CVE-2026-55688 | MEDIUM | 4.0 | The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and … | Jul 01, 2026 |
| CVE-2026-54908 | UNKNOWN | — | Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while … | Jul 01, 2026 |
| CVE-2026-54164 | MEDIUM | 6.5 | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does … | Jul 01, 2026 |
| CVE-2026-49858 | MEDIUM | 5.9 | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing … | Jul 01, 2026 |
| CVE-2026-14363 | UNKNOWN | — | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This … | Jul 01, 2026 |
| CVE-2026-14265 | HIGH | 7.5 | Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access … | Jul 01, 2026 |
| CVE-2026-58517 | UNKNOWN | — | Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass. This issue affects Mediawiki - WikiLambda Extension: from … | Jul 01, 2026 |
| CVE-2026-58451 | MEDIUM | 6.5 | Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding … | Jul 01, 2026 |
| CVE-2026-55628 | MEDIUM | 5.5 | In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security … | Jul 01, 2026 |
| CVE-2026-55597 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a … | Jul 01, 2026 |
| CVE-2026-55595 | MEDIUM | 4.7 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the … | Jul 01, 2026 |
| CVE-2026-55594 | MEDIUM | 5.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the … | Jul 01, 2026 |
| CVE-2026-55577 | MEDIUM | 5.9 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in … | Jul 01, 2026 |
| CVE-2026-55510 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a … | Jul 01, 2026 |
| CVE-2026-53492 | UNKNOWN | — | containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found … | Jul 01, 2026 |
| CVE-2026-53489 | UNKNOWN | — | containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint … | Jul 01, 2026 |
| CVE-2026-53467 | MEDIUM | 5.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible … | Jul 01, 2026 |
| CVE-2026-53466 | MEDIUM | 6.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF … | Jul 01, 2026 |
| CVE-2026-51947 | UNKNOWN | — | An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code … | Jul 01, 2026 |
| CVE-2026-50195 | UNKNOWN | — | containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails … | Jul 01, 2026 |