Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22193
Total
1583
Critical
6780
High
7106
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-46519 | HIGH | 8.8 | mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as … | Jun 11, 2026 |
| CVE-2026-45178 | UNKNOWN | — | Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could … | Jun 11, 2026 |
| CVE-2026-45177 | UNKNOWN | — | Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this … | Jun 11, 2026 |
| CVE-2026-45176 | UNKNOWN | — | Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by … | Jun 11, 2026 |
| CVE-2026-11774 | HIGH | 7.6 | An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet … | Jun 11, 2026 |
| CVE-2025-46315 | HIGH | 7.5 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user … | Jun 11, 2026 |
| CVE-2025-46313 | UNKNOWN | — | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive … | Jun 11, 2026 |
| CVE-2025-46308 | MEDIUM | 5.3 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may … | Jun 11, 2026 |
| CVE-2025-46293 | MEDIUM | 5.5 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected … | Jun 11, 2026 |
| CVE-2025-43339 | MEDIUM | 5.5 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access … | Jun 11, 2026 |
| CVE-2025-43278 | UNKNOWN | — | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected … | Jun 11, 2026 |
| CVE-2025-31272 | HIGH | 7.8 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections … | Jun 11, 2026 |
| CVE-2025-30459 | MEDIUM | 5.5 | A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access … | Jun 11, 2026 |
| CVE-2025-30431 | MEDIUM | 5.5 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may … | Jun 11, 2026 |
| CVE-2025-24284 | HIGH | 8.8 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to … | Jun 11, 2026 |
| CVE-2025-24268 | MEDIUM | 5.5 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app … | Jun 11, 2026 |
| CVE-2025-24165 | UNKNOWN | — | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may … | Jun 11, 2026 |
| CVE-2026-49261 | CRITICAL | 10.0 | MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 … | Jun 11, 2026 |
| CVE-2026-48546 | HIGH | 7.3 | KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require … | Jun 11, 2026 |
| CVE-2026-47157 | MEDIUM | 6.5 | aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before … | Jun 11, 2026 |
| CVE-2026-46698 | MEDIUM | 5.3 | Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_ajax_nopriv_ftf_get_site_info (includes/Site_Info.php) that verified a nonce … | Jun 11, 2026 |
| CVE-2026-46697 | HIGH | 7.5 | Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy (includes/Media_Proxy.php) with permission_callback => __return_true … | Jun 11, 2026 |
| CVE-2026-3329 | UNKNOWN | — | A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. | Jun 11, 2026 |
| CVE-2026-11986 | MEDIUM | 4.9 | A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints … | Jun 11, 2026 |
| CVE-2026-49982 | HIGH | 8.2 | tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain … | Jun 11, 2026 |