Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20322
Total
1466
Critical
6160
High
6453
Medium
CVE ID Severity Score Description Published
CVE-2026-20896 CRITICAL 9.8 Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers … Jul 03, 2026
CVE-2026-20779 HIGH 7.1 Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across … Jul 03, 2026
CVE-2026-20706 UNKNOWN Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint. Jul 03, 2026
CVE-2026-14611 MEDIUM 4.3 A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component … Jul 03, 2026
CVE-2026-14610 MEDIUM 5.3 A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the … Jul 03, 2026
CVE-2026-14609 MEDIUM 5.6 A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This issue affects some unknown processing. The manipulation results in … Jul 03, 2026
CVE-2026-14355 MEDIUM 5.6 In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer … Jul 03, 2026
CVE-2026-12481 HIGH 8.8 A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function … Jul 03, 2026
CVE-2026-14608 MEDIUM 4.3 A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file … Jul 03, 2026
CVE-2026-14607 MEDIUM 5.5 A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument … Jul 03, 2026
CVE-2026-14606 HIGH 7.8 A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the … Jul 03, 2026
CVE-2026-14605 HIGH 7.8 A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c … Jul 03, 2026
CVE-2026-58379 HIGH 7.3 A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary … Jul 03, 2026
CVE-2026-14604 MEDIUM 6.3 A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component … Jul 03, 2026
CVE-2026-14631 MEDIUM 5.3 webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header … Jul 03, 2026
CVE-2026-14620 MEDIUM 4.7 webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the … Jul 03, 2026
CVE-2026-14615 MEDIUM 4.3 A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to … Jul 03, 2026
CVE-2026-14614 MEDIUM 5.4 A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated … Jul 03, 2026
CVE-2026-14613 MEDIUM 4.3 A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new … Jul 03, 2026
CVE-2026-14612 MEDIUM 4.2 Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured … Jul 03, 2026
CVE-2026-53478 HIGH 7.2 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … Jul 03, 2026
CVE-2026-49815 HIGH 7.2 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … Jul 03, 2026
CVE-2026-49814 HIGH 7.2 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … Jul 03, 2026
CVE-2026-49813 MEDIUM 6.7 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … Jul 03, 2026
CVE-2026-14460 HIGH 8.8 Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5. Jul 03, 2026