Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21987
Total
1565
Critical
6684
High
7043
Medium
CVE ID Severity Score Description Published
CVE-2026-44489 LOW 3.7 Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are … Jun 11, 2026
CVE-2026-44488 HIGH 7.5 Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size … Jun 11, 2026
CVE-2026-44487 UNKNOWN Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization … Jun 11, 2026
CVE-2026-44486 HIGH 7.5 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials … Jun 11, 2026
CVE-2026-11945 MEDIUM 6.4 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular … Jun 11, 2026
CVE-2026-9648 CRITICAL 9.1 The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted … Jun 11, 2026
CVE-2026-7870 HIGH 8.8 IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could … Jun 11, 2026
CVE-2026-7787 HIGH 7.5 IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. Jun 11, 2026
CVE-2026-53777 HIGH 8.1 Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running … Jun 11, 2026
CVE-2026-4096 MEDIUM 6.5 IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow … Jun 11, 2026
CVE-2026-3341 MEDIUM 5.4 IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests … Jun 11, 2026
CVE-2026-11839 CRITICAL 9.9 Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue … Jun 11, 2026
CVE-2024-45636 MEDIUM 4.1 IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. Jun 11, 2026
CVE-2026-8406 UNKNOWN openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request … Jun 11, 2026
CVE-2026-6338 UNKNOWN A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a … Jun 11, 2026
CVE-2026-53723 MEDIUM 5.8 Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into … Jun 11, 2026
CVE-2026-53661 UNKNOWN Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta … Jun 11, 2026
CVE-2026-38581 CRITICAL 9.8 SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) … Jun 11, 2026
CVE-2026-11816 HIGH 8.1 Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils.py`. The functions `filter_safe_tarinfos()` and `filter_safe_zipinfos()` … Jun 11, 2026
CVE-2026-10847 HIGH 7.8 A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary … Jun 11, 2026
CVE-2026-7852 CRITICAL 9.8 Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9. Jun 11, 2026
CVE-2026-49214 MEDIUM 5.3 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party … Jun 11, 2026
CVE-2026-48998 MEDIUM 5.3 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages … Jun 11, 2026
CVE-2026-11956 LOW 3.7 A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing … Jun 11, 2026
CVE-2026-11561 CRITICAL 9.8 Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows … Jun 11, 2026