Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20412
Total
1466
Critical
6188
High
6493
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-54900 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with … | Jul 01, 2026 |
| CVE-2026-54899 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbol_keys on a reused Oj::Parser … | Jul 01, 2026 |
| CVE-2026-54898 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a heap … | Jul 01, 2026 |
| CVE-2026-54897 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators (each_value, each_child, each_leaf) were vulnerable … | Jul 01, 2026 |
| CVE-2026-54896 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump … | Jul 01, 2026 |
| CVE-2026-54592 | HIGH | 7.5 | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked recursively over … | Jul 01, 2026 |
| CVE-2026-54502 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a … | Jul 01, 2026 |
| CVE-2026-54500 | MEDIUM | 5.3 | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads … | Jul 01, 2026 |
| CVE-2026-57995 | HIGH | 8.8 | phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to grant arbitrary rights to groups without verifying they hold those … | Jun 30, 2026 |
| CVE-2026-56777 | MEDIUM | 5.0 | n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticated user with … | Jun 30, 2026 |
| CVE-2026-56700 | CRITICAL | 9.8 | Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed … | Jun 30, 2026 |
| CVE-2026-56415 | CRITICAL | 10.0 | Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a … | Jun 30, 2026 |
| CVE-2026-56413 | CRITICAL | 10.0 | Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom … | Jun 30, 2026 |
| CVE-2026-56399 | MEDIUM | 5.0 | Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate … | Jun 30, 2026 |
| CVE-2026-56377 | LOW | 3.3 | ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path … | Jun 30, 2026 |
| CVE-2026-56369 | LOW | 3.7 | ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher … | Jun 30, 2026 |
| CVE-2026-56365 | LOW | 3.7 | ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust … | Jun 30, 2026 |
| CVE-2026-56364 | LOW | 1.9 | ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with … | Jun 30, 2026 |
| CVE-2026-56363 | LOW | 3.3 | ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply … | Jun 30, 2026 |
| CVE-2026-56361 | LOW | 3.3 | ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology … | Jun 30, 2026 |
| CVE-2026-56356 | MEDIUM | 5.4 | n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases … | Jun 30, 2026 |
| CVE-2026-56350 | MEDIUM | 6.3 | n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials … | Jun 30, 2026 |
| CVE-2026-56334 | MEDIUM | 4.3 | Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can … | Jun 30, 2026 |
| CVE-2026-56333 | MEDIUM | 4.3 | Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers … | Jun 30, 2026 |
| CVE-2026-56331 | MEDIUM | 5.3 | Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint that returns HTTP 500 instead of safe 4xx errors when magic_invite_string is invalid. Attackers … | Jun 30, 2026 |