Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21987
Total
1565
Critical
6684
High
7043
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44489 | LOW | 3.7 | Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are … | Jun 11, 2026 |
| CVE-2026-44488 | HIGH | 7.5 | Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size … | Jun 11, 2026 |
| CVE-2026-44487 | UNKNOWN | — | Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization … | Jun 11, 2026 |
| CVE-2026-44486 | HIGH | 7.5 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials … | Jun 11, 2026 |
| CVE-2026-11945 | MEDIUM | 6.4 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular … | Jun 11, 2026 |
| CVE-2026-9648 | CRITICAL | 9.1 | The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted … | Jun 11, 2026 |
| CVE-2026-7870 | HIGH | 8.8 | IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could … | Jun 11, 2026 |
| CVE-2026-7787 | HIGH | 7.5 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. | Jun 11, 2026 |
| CVE-2026-53777 | HIGH | 8.1 | Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running … | Jun 11, 2026 |
| CVE-2026-4096 | MEDIUM | 6.5 | IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow … | Jun 11, 2026 |
| CVE-2026-3341 | MEDIUM | 5.4 | IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests … | Jun 11, 2026 |
| CVE-2026-11839 | CRITICAL | 9.9 | Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue … | Jun 11, 2026 |
| CVE-2024-45636 | MEDIUM | 4.1 | IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. | Jun 11, 2026 |
| CVE-2026-8406 | UNKNOWN | — | openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request … | Jun 11, 2026 |
| CVE-2026-6338 | UNKNOWN | — | A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a … | Jun 11, 2026 |
| CVE-2026-53723 | MEDIUM | 5.8 | Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into … | Jun 11, 2026 |
| CVE-2026-53661 | UNKNOWN | — | Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta … | Jun 11, 2026 |
| CVE-2026-38581 | CRITICAL | 9.8 | SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) … | Jun 11, 2026 |
| CVE-2026-11816 | HIGH | 8.1 | Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils.py`. The functions `filter_safe_tarinfos()` and `filter_safe_zipinfos()` … | Jun 11, 2026 |
| CVE-2026-10847 | HIGH | 7.8 | A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary … | Jun 11, 2026 |
| CVE-2026-7852 | CRITICAL | 9.8 | Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9. | Jun 11, 2026 |
| CVE-2026-49214 | MEDIUM | 5.3 | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party … | Jun 11, 2026 |
| CVE-2026-48998 | MEDIUM | 5.3 | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages … | Jun 11, 2026 |
| CVE-2026-11956 | LOW | 3.7 | A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing … | Jun 11, 2026 |
| CVE-2026-11561 | CRITICAL | 9.8 | Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows … | Jun 11, 2026 |