Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20322
Total
1466
Critical
6160
High
6453
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-20896 | CRITICAL | 9.8 | Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers … | Jul 03, 2026 |
| CVE-2026-20779 | HIGH | 7.1 | Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across … | Jul 03, 2026 |
| CVE-2026-20706 | UNKNOWN | — | Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint. | Jul 03, 2026 |
| CVE-2026-14611 | MEDIUM | 4.3 | A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component … | Jul 03, 2026 |
| CVE-2026-14610 | MEDIUM | 5.3 | A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the … | Jul 03, 2026 |
| CVE-2026-14609 | MEDIUM | 5.6 | A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This issue affects some unknown processing. The manipulation results in … | Jul 03, 2026 |
| CVE-2026-14355 | MEDIUM | 5.6 | In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer … | Jul 03, 2026 |
| CVE-2026-12481 | HIGH | 8.8 | A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function … | Jul 03, 2026 |
| CVE-2026-14608 | MEDIUM | 4.3 | A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file … | Jul 03, 2026 |
| CVE-2026-14607 | MEDIUM | 5.5 | A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument … | Jul 03, 2026 |
| CVE-2026-14606 | HIGH | 7.8 | A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the … | Jul 03, 2026 |
| CVE-2026-14605 | HIGH | 7.8 | A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c … | Jul 03, 2026 |
| CVE-2026-58379 | HIGH | 7.3 | A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary … | Jul 03, 2026 |
| CVE-2026-14604 | MEDIUM | 6.3 | A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component … | Jul 03, 2026 |
| CVE-2026-14631 | MEDIUM | 5.3 | webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header … | Jul 03, 2026 |
| CVE-2026-14620 | MEDIUM | 4.7 | webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the … | Jul 03, 2026 |
| CVE-2026-14615 | MEDIUM | 4.3 | A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to … | Jul 03, 2026 |
| CVE-2026-14614 | MEDIUM | 5.4 | A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated … | Jul 03, 2026 |
| CVE-2026-14613 | MEDIUM | 4.3 | A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new … | Jul 03, 2026 |
| CVE-2026-14612 | MEDIUM | 4.2 | Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured … | Jul 03, 2026 |
| CVE-2026-53478 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 03, 2026 |
| CVE-2026-49815 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 03, 2026 |
| CVE-2026-49814 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 03, 2026 |
| CVE-2026-49813 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 03, 2026 |
| CVE-2026-14460 | HIGH | 8.8 | Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5. | Jul 03, 2026 |