Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23379
Total
1666
Critical
7346
High
7432
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45758 | CRITICAL | 9.6 | Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious … | Jun 05, 2026 |
| CVE-2026-45300 | HIGH | 7.4 | The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 … | Jun 05, 2026 |
| CVE-2026-25624 | MEDIUM | 5.7 | An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). … | Jun 05, 2026 |
| CVE-2026-25623 | MEDIUM | 6.0 | An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators … | Jun 05, 2026 |
| CVE-2026-25622 | MEDIUM | 6.0 | A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative … | Jun 05, 2026 |
| CVE-2026-25621 | MEDIUM | 6.0 | A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely … | Jun 05, 2026 |
| CVE-2026-25620 | MEDIUM | 6.0 | An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This … | Jun 05, 2026 |
| CVE-2026-11420 | UNKNOWN | — | Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any … | Jun 05, 2026 |
| CVE-2026-11419 | UNKNOWN | — | A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload … | Jun 05, 2026 |
| CVE-2026-11414 | UNKNOWN | — | A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across … | Jun 05, 2026 |
| CVE-2026-11401 | HIGH | 8.0 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor … | Jun 05, 2026 |
| CVE-2026-11400 | HIGH | 8.0 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor … | Jun 05, 2026 |
| CVE-2026-5415 | HIGH | 8.8 | The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication … | Jun 05, 2026 |
| CVE-2026-5411 | HIGH | 8.8 | The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary … | Jun 05, 2026 |
| CVE-2026-46511 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure … | Jun 05, 2026 |
| CVE-2026-46496 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to … | Jun 05, 2026 |
| CVE-2026-46399 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file … | Jun 05, 2026 |
| CVE-2026-46396 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to … | Jun 05, 2026 |
| CVE-2026-46395 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two … | Jun 05, 2026 |
| CVE-2026-46394 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library … | Jun 05, 2026 |
| CVE-2026-46393 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated … | Jun 05, 2026 |
| CVE-2026-46392 | HIGH | 8.7 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions … | Jun 05, 2026 |
| CVE-2026-46391 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct … | Jun 05, 2026 |
| CVE-2026-46390 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed … | Jun 05, 2026 |
| CVE-2026-46389 | CRITICAL | 10.0 | UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a … | Jun 05, 2026 |