Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22296
Total
1591
Critical
6822
High
7139
Medium
CVE ID Severity Score Description Published
CVE-2026-48110 HIGH 7.5 Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled … Jun 10, 2026
CVE-2026-48108 MEDIUM 5.3 Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as … Jun 10, 2026
CVE-2026-48107 MEDIUM 6.5 Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious … Jun 10, 2026
CVE-2026-48011 LOW 3.7 Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing … Jun 10, 2026
CVE-2026-46705 MEDIUM 5.3 Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state … Jun 10, 2026
CVE-2026-46702 HIGH 7.5 Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets … Jun 10, 2026
CVE-2026-46689 UNKNOWN Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a … Jun 10, 2026
CVE-2026-46679 HIGH 7.5 libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust … Jun 10, 2026
CVE-2026-46673 HIGH 7.5 Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. … Jun 10, 2026
CVE-2026-46669 UNKNOWN OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem … Jun 10, 2026
CVE-2026-46668 UNKNOWN SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested … Jun 10, 2026
CVE-2026-46654 UNKNOWN Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce … Jun 10, 2026
CVE-2026-46625 HIGH 7.5 JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. … Jun 10, 2026
CVE-2026-46523 MEDIUM 6.2 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger … Jun 10, 2026
CVE-2026-46522 HIGH 7.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in … Jun 10, 2026
CVE-2026-46520 HIGH 7.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different … Jun 10, 2026
CVE-2026-45783 HIGH 7.5 libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht … Jun 10, 2026
CVE-2026-45664 MEDIUM 5.3 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in … Jun 10, 2026
CVE-2026-45624 MEDIUM 5.1 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an … Jun 10, 2026
CVE-2026-45384 MEDIUM 6.1 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability … Jun 10, 2026
CVE-2026-45380 LOW 3.6 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows … Jun 10, 2026
CVE-2026-45359 MEDIUM 5.7 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result … Jun 10, 2026
CVE-2026-45358 MEDIUM 5.3 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the … Jun 10, 2026
CVE-2026-45031 MEDIUM 5.3 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in … Jun 10, 2026
CVE-2026-44692 HIGH 7.7 Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access … Jun 10, 2026