Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22193
Total
1583
Critical
6780
High
7106
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47200 | UNKNOWN | — | Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 … | Jun 12, 2026 |
| CVE-2026-46342 | UNKNOWN | — | Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 … | Jun 12, 2026 |
| CVE-2026-45670 | UNKNOWN | — | Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is … | Jun 12, 2026 |
| CVE-2026-45669 | UNKNOWN | — | Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates … | Jun 12, 2026 |
| CVE-2026-1836 | UNKNOWN | — | The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform … | Jun 12, 2026 |
| CVE-2026-12066 | HIGH | 7.3 | A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password … | Jun 12, 2026 |
| CVE-2026-12065 | LOW | 1.8 | A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView … | Jun 12, 2026 |
| CVE-2026-11967 | UNKNOWN | — | MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as … | Jun 12, 2026 |
| CVE-2026-11879 | UNKNOWN | — | MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable … | Jun 12, 2026 |
| CVE-2017-20240 | MEDIUM | 5.9 | Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to … | Jun 12, 2026 |
| CVE-2026-49347 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. … | Jun 12, 2026 |
| CVE-2026-48485 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but … | Jun 12, 2026 |
| CVE-2026-47197 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate … | Jun 12, 2026 |
| CVE-2026-47196 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. … | Jun 12, 2026 |
| CVE-2026-47195 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They … | Jun 12, 2026 |
| CVE-2026-9266 | UNKNOWN | — | A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation … | Jun 12, 2026 |
| CVE-2026-11849 | CRITICAL | 9.8 | The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative … | Jun 12, 2026 |
| CVE-2026-11848 | MEDIUM | 5.3 | The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain … | Jun 12, 2026 |
| CVE-2026-50645 | HIGH | 7.5 | There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to … | Jun 12, 2026 |
| CVE-2026-50634 | MEDIUM | 6.5 | A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can … | Jun 12, 2026 |
| CVE-2026-50633 | HIGH | 8.1 | A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to … | Jun 12, 2026 |
| CVE-2026-50632 | HIGH | 8.1 | A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow … | Jun 12, 2026 |
| CVE-2026-50631 | HIGH | 7.4 | A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' … | Jun 12, 2026 |
| CVE-2026-50630 | MEDIUM | 6.5 | A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return … | Jun 12, 2026 |
| CVE-2026-50629 | MEDIUM | 5.3 | The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to … | Jun 12, 2026 |