Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20470
Total
1466
Critical
6212
High
6509
Medium
CVE ID Severity Score Description Published
CVE-2025-71349 HIGH 8.1 picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft … Jun 30, 2026
CVE-2026-58450 MEDIUM 4.3 Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external … Jun 30, 2026
CVE-2026-58449 CRITICAL 9.8 txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs __import__ and getattr … Jun 30, 2026
CVE-2026-58448 MEDIUM 6.5 yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by … Jun 30, 2026
CVE-2026-58447 MEDIUM 6.5 Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists … Jun 30, 2026
CVE-2026-58446 MEDIUM 6.5 Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PASSWORD), is reachable unauthenticated at /mcp because the nginx front-end … Jun 30, 2026
CVE-2026-57585 HIGH 7.5 MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading … Jun 30, 2026
CVE-2026-57204 UNKNOWN pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability … Jun 30, 2026
CVE-2026-52868 HIGH 8.2 An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental … Jun 30, 2026
CVE-2026-52196 HIGH 7.5 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_416f28 component Jun 30, 2026
CVE-2026-50254 HIGH 7.5 An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly … Jun 30, 2026
CVE-2026-50003 CRITICAL 9.8 A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative … Jun 30, 2026
CVE-2026-37106 CRITICAL 9.8 An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed … Jun 30, 2026
CVE-2026-35505 HIGH 7.5 An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and … Jun 30, 2026
CVE-2026-11541 HIGH 7.4 IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability. Jun 30, 2026
CVE-2026-10585 UNKNOWN A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by … Jun 30, 2026
CVE-2026-9132 UNKNOWN A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not … Jun 30, 2026
CVE-2026-9106 UNKNOWN A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An … Jun 30, 2026
CVE-2026-44628 HIGH 7.5 An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, … Jun 30, 2026
CVE-2026-13207 HIGH 7.5 FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment … Jun 30, 2026
CVE-2026-11594 HIGH 8.5 IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console. Jun 30, 2026
CVE-2026-10562 UNKNOWN An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An … Jun 30, 2026
CVE-2025-36359 HIGH 8.1 IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another … Jun 30, 2026
CVE-2025-36336 MEDIUM 5.9 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the … Jun 30, 2026
CVE-2025-36333 MEDIUM 4.3 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow. Jun 30, 2026