Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-49120 | HIGH | 8.5 | Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating … | Jun 02, 2026 |
| CVE-2026-48682 | UNKNOWN | — | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) … | Jun 02, 2026 |
| CVE-2026-48598 | UNKNOWN | — | Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.part_headers_for_disposition/1 interpolates each disposition parameter … | Jun 02, 2026 |
| CVE-2026-48597 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.open_conn/2 converts the URL … | Jun 02, 2026 |
| CVE-2026-48596 | UNKNOWN | — | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_param/2. Tesla.Multipart.add_content_type_param/2 appends caller-supplied strings … | Jun 02, 2026 |
| CVE-2026-48595 | UNKNOWN | — | Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin … | Jun 02, 2026 |
| CVE-2026-48594 | UNKNOWN | — | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When … | Jun 02, 2026 |
| CVE-2026-47265 | UNKNOWN | — | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent … | Jun 02, 2026 |
| CVE-2026-42342 | HIGH | 7.5 | React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can … | Jun 02, 2026 |
| CVE-2026-42211 | HIGH | 8.1 | React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote … | Jun 02, 2026 |
| CVE-2026-41577 | UNKNOWN | — | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on … | Jun 02, 2026 |
| CVE-2026-40181 | UNKNOWN | — | React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger … | Jun 02, 2026 |
| CVE-2026-38967 | UNKNOWN | — | CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values. | Jun 02, 2026 |
| CVE-2026-35202 | UNKNOWN | — | Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass … | Jun 02, 2026 |
| CVE-2026-35049 | MEDIUM | 6.5 | wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an … | Jun 02, 2026 |
| CVE-2026-34993 | MEDIUM | 6.4 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. … | Jun 02, 2026 |
| CVE-2026-34077 | HIGH | 7.5 | React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a … | Jun 02, 2026 |
| CVE-2026-33553 | UNKNOWN | — | Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS. | Jun 02, 2026 |
| CVE-2026-33245 | HIGH | 8.0 | React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a … | Jun 02, 2026 |
| CVE-2026-30586 | UNKNOWN | — | Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo … | Jun 02, 2026 |
| CVE-2026-28299 | HIGH | 8.2 | SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash … | Jun 02, 2026 |
| CVE-2026-1829 | HIGH | 8.8 | The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the … | Jun 02, 2026 |
| CVE-2026-10702 | MEDIUM | 4.3 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. | Jun 02, 2026 |
| CVE-2026-10701 | UNKNOWN | — | Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3. | Jun 02, 2026 |
| CVE-2026-10617 | HIGH | 7.3 | A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook … | Jun 02, 2026 |