Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22296
Total
1591
Critical
6822
High
7139
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53661 | UNKNOWN | — | Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta … | Jun 11, 2026 |
| CVE-2026-38581 | CRITICAL | 9.8 | SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) … | Jun 11, 2026 |
| CVE-2026-11816 | HIGH | 8.1 | Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils.py`. The functions `filter_safe_tarinfos()` and `filter_safe_zipinfos()` … | Jun 11, 2026 |
| CVE-2026-10847 | HIGH | 7.8 | A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary … | Jun 11, 2026 |
| CVE-2026-7852 | CRITICAL | 9.8 | Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9. | Jun 11, 2026 |
| CVE-2026-49214 | MEDIUM | 5.3 | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party … | Jun 11, 2026 |
| CVE-2026-48998 | MEDIUM | 5.3 | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages … | Jun 11, 2026 |
| CVE-2026-11956 | LOW | 3.7 | A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing … | Jun 11, 2026 |
| CVE-2026-11561 | CRITICAL | 9.8 | Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows … | Jun 11, 2026 |
| CVE-2026-9694 | LOW | 2.6 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-9204 | MEDIUM | 5.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-8589 | HIGH | 7.3 | GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-8464 | UNKNOWN | — | Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files … | Jun 11, 2026 |
| CVE-2026-7250 | HIGH | 7.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-6976 | LOW | 3.7 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-6552 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-6277 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-6269 | MEDIUM | 5.4 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-53912 | UNKNOWN | — | Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This … | Jun 11, 2026 |
| CVE-2026-53423 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane_mp4_plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts … | Jun 11, 2026 |
| CVE-2026-4764 | UNKNOWN | — | A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate … | Jun 11, 2026 |
| CVE-2026-3553 | LOW | 3.1 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-1500 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |
| CVE-2026-10733 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have … | Jun 11, 2026 |
| CVE-2026-10087 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … | Jun 11, 2026 |