Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23813
Total
1705
Critical
7468
High
7599
Medium
CVE ID Severity Score Description Published
CVE-2026-49120 HIGH 8.5 Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating … Jun 02, 2026
CVE-2026-48682 UNKNOWN FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) … Jun 02, 2026
CVE-2026-48598 UNKNOWN Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.part_headers_for_disposition/1 interpolates each disposition parameter … Jun 02, 2026
CVE-2026-48597 UNKNOWN Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.open_conn/2 converts the URL … Jun 02, 2026
CVE-2026-48596 UNKNOWN Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_param/2. Tesla.Multipart.add_content_type_param/2 appends caller-supplied strings … Jun 02, 2026
CVE-2026-48595 UNKNOWN Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin … Jun 02, 2026
CVE-2026-48594 UNKNOWN Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When … Jun 02, 2026
CVE-2026-47265 UNKNOWN AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent … Jun 02, 2026
CVE-2026-42342 HIGH 7.5 React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can … Jun 02, 2026
CVE-2026-42211 HIGH 8.1 React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote … Jun 02, 2026
CVE-2026-41577 UNKNOWN authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on … Jun 02, 2026
CVE-2026-40181 UNKNOWN React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger … Jun 02, 2026
CVE-2026-38967 UNKNOWN CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values. Jun 02, 2026
CVE-2026-35202 UNKNOWN Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass … Jun 02, 2026
CVE-2026-35049 MEDIUM 6.5 wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an … Jun 02, 2026
CVE-2026-34993 MEDIUM 6.4 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. … Jun 02, 2026
CVE-2026-34077 HIGH 7.5 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a … Jun 02, 2026
CVE-2026-33553 UNKNOWN Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS. Jun 02, 2026
CVE-2026-33245 HIGH 8.0 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a … Jun 02, 2026
CVE-2026-30586 UNKNOWN Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo … Jun 02, 2026
CVE-2026-28299 HIGH 8.2 SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash … Jun 02, 2026
CVE-2026-1829 HIGH 8.8 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the … Jun 02, 2026
CVE-2026-10702 MEDIUM 4.3 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. Jun 02, 2026
CVE-2026-10701 UNKNOWN Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3. Jun 02, 2026
CVE-2026-10617 HIGH 7.3 A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook … Jun 02, 2026