Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22296
Total
1591
Critical
6822
High
7139
Medium
CVE ID Severity Score Description Published
CVE-2026-3329 UNKNOWN A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. Jun 11, 2026
CVE-2026-11986 MEDIUM 4.9 A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints … Jun 11, 2026
CVE-2026-49982 HIGH 8.2 tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain … Jun 11, 2026
CVE-2026-44705 UNKNOWN tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping … Jun 11, 2026
CVE-2026-44496 HIGH 7.5 Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the … Jun 11, 2026
CVE-2026-44495 HIGH 7.0 Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request … Jun 11, 2026
CVE-2026-44494 HIGH 8.7 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype … Jun 11, 2026
CVE-2026-44492 HIGH 8.6 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When … Jun 11, 2026
CVE-2026-44490 MEDIUM 4.8 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype … Jun 11, 2026
CVE-2026-44489 LOW 3.7 Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are … Jun 11, 2026
CVE-2026-44488 HIGH 7.5 Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size … Jun 11, 2026
CVE-2026-44487 UNKNOWN Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization … Jun 11, 2026
CVE-2026-44486 HIGH 7.5 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials … Jun 11, 2026
CVE-2026-11945 MEDIUM 6.4 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular … Jun 11, 2026
CVE-2026-9648 CRITICAL 9.1 The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted … Jun 11, 2026
CVE-2026-7870 HIGH 8.8 IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could … Jun 11, 2026
CVE-2026-7787 HIGH 7.5 IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. Jun 11, 2026
CVE-2026-53777 HIGH 8.1 Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running … Jun 11, 2026
CVE-2026-4096 MEDIUM 6.5 IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow … Jun 11, 2026
CVE-2026-3341 MEDIUM 5.4 IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests … Jun 11, 2026
CVE-2026-11839 CRITICAL 9.9 Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue … Jun 11, 2026
CVE-2024-45636 MEDIUM 4.1 IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. Jun 11, 2026
CVE-2026-8406 UNKNOWN openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request … Jun 11, 2026
CVE-2026-6338 UNKNOWN A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a … Jun 11, 2026
CVE-2026-53723 MEDIUM 5.8 Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into … Jun 11, 2026