Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22296
Total
1591
Critical
6822
High
7139
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3329 | UNKNOWN | — | A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. | Jun 11, 2026 |
| CVE-2026-11986 | MEDIUM | 4.9 | A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints … | Jun 11, 2026 |
| CVE-2026-49982 | HIGH | 8.2 | tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain … | Jun 11, 2026 |
| CVE-2026-44705 | UNKNOWN | — | tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping … | Jun 11, 2026 |
| CVE-2026-44496 | HIGH | 7.5 | Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the … | Jun 11, 2026 |
| CVE-2026-44495 | HIGH | 7.0 | Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request … | Jun 11, 2026 |
| CVE-2026-44494 | HIGH | 8.7 | Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype … | Jun 11, 2026 |
| CVE-2026-44492 | HIGH | 8.6 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When … | Jun 11, 2026 |
| CVE-2026-44490 | MEDIUM | 4.8 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype … | Jun 11, 2026 |
| CVE-2026-44489 | LOW | 3.7 | Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are … | Jun 11, 2026 |
| CVE-2026-44488 | HIGH | 7.5 | Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size … | Jun 11, 2026 |
| CVE-2026-44487 | UNKNOWN | — | Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization … | Jun 11, 2026 |
| CVE-2026-44486 | HIGH | 7.5 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials … | Jun 11, 2026 |
| CVE-2026-11945 | MEDIUM | 6.4 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular … | Jun 11, 2026 |
| CVE-2026-9648 | CRITICAL | 9.1 | The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted … | Jun 11, 2026 |
| CVE-2026-7870 | HIGH | 8.8 | IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could … | Jun 11, 2026 |
| CVE-2026-7787 | HIGH | 7.5 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. | Jun 11, 2026 |
| CVE-2026-53777 | HIGH | 8.1 | Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running … | Jun 11, 2026 |
| CVE-2026-4096 | MEDIUM | 6.5 | IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow … | Jun 11, 2026 |
| CVE-2026-3341 | MEDIUM | 5.4 | IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests … | Jun 11, 2026 |
| CVE-2026-11839 | CRITICAL | 9.9 | Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue … | Jun 11, 2026 |
| CVE-2024-45636 | MEDIUM | 4.1 | IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. | Jun 11, 2026 |
| CVE-2026-8406 | UNKNOWN | — | openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request … | Jun 11, 2026 |
| CVE-2026-6338 | UNKNOWN | — | A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a … | Jun 11, 2026 |
| CVE-2026-53723 | MEDIUM | 5.8 | Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into … | Jun 11, 2026 |