Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20412
Total
1466
Critical
6188
High
6493
Medium
CVE ID Severity Score Description Published
CVE-2026-54900 UNKNOWN Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with … Jul 01, 2026
CVE-2026-54899 UNKNOWN Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbol_keys on a reused Oj::Parser … Jul 01, 2026
CVE-2026-54898 UNKNOWN Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a heap … Jul 01, 2026
CVE-2026-54897 UNKNOWN Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators (each_value, each_child, each_leaf) were vulnerable … Jul 01, 2026
CVE-2026-54896 UNKNOWN Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump … Jul 01, 2026
CVE-2026-54592 HIGH 7.5 Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked recursively over … Jul 01, 2026
CVE-2026-54502 UNKNOWN Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a … Jul 01, 2026
CVE-2026-54500 MEDIUM 5.3 Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads … Jul 01, 2026
CVE-2026-57995 HIGH 8.8 phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to grant arbitrary rights to groups without verifying they hold those … Jun 30, 2026
CVE-2026-56777 MEDIUM 5.0 n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticated user with … Jun 30, 2026
CVE-2026-56700 CRITICAL 9.8 Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed … Jun 30, 2026
CVE-2026-56415 CRITICAL 10.0 Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a … Jun 30, 2026
CVE-2026-56413 CRITICAL 10.0 Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom … Jun 30, 2026
CVE-2026-56399 MEDIUM 5.0 Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate … Jun 30, 2026
CVE-2026-56377 LOW 3.3 ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path … Jun 30, 2026
CVE-2026-56369 LOW 3.7 ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher … Jun 30, 2026
CVE-2026-56365 LOW 3.7 ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust … Jun 30, 2026
CVE-2026-56364 LOW 1.9 ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with … Jun 30, 2026
CVE-2026-56363 LOW 3.3 ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply … Jun 30, 2026
CVE-2026-56361 LOW 3.3 ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology … Jun 30, 2026
CVE-2026-56356 MEDIUM 5.4 n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases … Jun 30, 2026
CVE-2026-56350 MEDIUM 6.3 n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials … Jun 30, 2026
CVE-2026-56334 MEDIUM 4.3 Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can … Jun 30, 2026
CVE-2026-56333 MEDIUM 4.3 Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers … Jun 30, 2026
CVE-2026-56331 MEDIUM 5.3 Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint that returns HTTP 500 instead of safe 4xx errors when magic_invite_string is invalid. Attackers … Jun 30, 2026