Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22193
Total
1583
Critical
6780
High
7106
Medium
CVE ID Severity Score Description Published
CVE-2026-46519 HIGH 8.8 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as … Jun 11, 2026
CVE-2026-45178 UNKNOWN Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could … Jun 11, 2026
CVE-2026-45177 UNKNOWN Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this … Jun 11, 2026
CVE-2026-45176 UNKNOWN Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by … Jun 11, 2026
CVE-2026-11774 HIGH 7.6 An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet … Jun 11, 2026
CVE-2025-46315 HIGH 7.5 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user … Jun 11, 2026
CVE-2025-46313 UNKNOWN A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive … Jun 11, 2026
CVE-2025-46308 MEDIUM 5.3 An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may … Jun 11, 2026
CVE-2025-46293 MEDIUM 5.5 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected … Jun 11, 2026
CVE-2025-43339 MEDIUM 5.5 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access … Jun 11, 2026
CVE-2025-43278 UNKNOWN This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected … Jun 11, 2026
CVE-2025-31272 HIGH 7.8 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections … Jun 11, 2026
CVE-2025-30459 MEDIUM 5.5 A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access … Jun 11, 2026
CVE-2025-30431 MEDIUM 5.5 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may … Jun 11, 2026
CVE-2025-24284 HIGH 8.8 This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to … Jun 11, 2026
CVE-2025-24268 MEDIUM 5.5 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app … Jun 11, 2026
CVE-2025-24165 UNKNOWN A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may … Jun 11, 2026
CVE-2026-49261 CRITICAL 10.0 MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 … Jun 11, 2026
CVE-2026-48546 HIGH 7.3 KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require … Jun 11, 2026
CVE-2026-47157 MEDIUM 6.5 aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before … Jun 11, 2026
CVE-2026-46698 MEDIUM 5.3 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_ajax_nopriv_ftf_get_site_info (includes/Site_Info.php) that verified a nonce … Jun 11, 2026
CVE-2026-46697 HIGH 7.5 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy (includes/Media_Proxy.php) with permission_callback => __return_true … Jun 11, 2026
CVE-2026-3329 UNKNOWN A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. Jun 11, 2026
CVE-2026-11986 MEDIUM 4.9 A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints … Jun 11, 2026
CVE-2026-49982 HIGH 8.2 tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain … Jun 11, 2026