Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22296
Total
1591
Critical
6822
High
7139
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-48110 | HIGH | 7.5 | Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled … | Jun 10, 2026 |
| CVE-2026-48108 | MEDIUM | 5.3 | Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as … | Jun 10, 2026 |
| CVE-2026-48107 | MEDIUM | 6.5 | Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious … | Jun 10, 2026 |
| CVE-2026-48011 | LOW | 3.7 | Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing … | Jun 10, 2026 |
| CVE-2026-46705 | MEDIUM | 5.3 | Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state … | Jun 10, 2026 |
| CVE-2026-46702 | HIGH | 7.5 | Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets … | Jun 10, 2026 |
| CVE-2026-46689 | UNKNOWN | — | Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a … | Jun 10, 2026 |
| CVE-2026-46679 | HIGH | 7.5 | libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust … | Jun 10, 2026 |
| CVE-2026-46673 | HIGH | 7.5 | Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. … | Jun 10, 2026 |
| CVE-2026-46669 | UNKNOWN | — | OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem … | Jun 10, 2026 |
| CVE-2026-46668 | UNKNOWN | — | SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested … | Jun 10, 2026 |
| CVE-2026-46654 | UNKNOWN | — | Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce … | Jun 10, 2026 |
| CVE-2026-46625 | HIGH | 7.5 | JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. … | Jun 10, 2026 |
| CVE-2026-46523 | MEDIUM | 6.2 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger … | Jun 10, 2026 |
| CVE-2026-46522 | HIGH | 7.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in … | Jun 10, 2026 |
| CVE-2026-46520 | HIGH | 7.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different … | Jun 10, 2026 |
| CVE-2026-45783 | HIGH | 7.5 | libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht … | Jun 10, 2026 |
| CVE-2026-45664 | MEDIUM | 5.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in … | Jun 10, 2026 |
| CVE-2026-45624 | MEDIUM | 5.1 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an … | Jun 10, 2026 |
| CVE-2026-45384 | MEDIUM | 6.1 | bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability … | Jun 10, 2026 |
| CVE-2026-45380 | LOW | 3.6 | bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows … | Jun 10, 2026 |
| CVE-2026-45359 | MEDIUM | 5.7 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result … | Jun 10, 2026 |
| CVE-2026-45358 | MEDIUM | 5.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the … | Jun 10, 2026 |
| CVE-2026-45031 | MEDIUM | 5.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in … | Jun 10, 2026 |
| CVE-2026-44692 | HIGH | 7.7 | Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access … | Jun 10, 2026 |