Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20470
Total
1466
Critical
6212
High
6509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-48277 | CRITICAL | 10.0 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of … | Jun 30, 2026 |
| CVE-2026-48276 | CRITICAL | 10.0 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution … | Jun 30, 2026 |
| CVE-2026-44948 | UNKNOWN | — | A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 … | Jun 30, 2026 |
| CVE-2026-13455 | MEDIUM | 4.3 | PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash() function and collects (seed, hash_output) pairs to perform an offline … | Jun 30, 2026 |
| CVE-2026-4360 | UNKNOWN | — | In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could … | Jun 30, 2026 |
| CVE-2026-48192 | MEDIUM | 5.4 | A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix … | Jun 30, 2026 |
| CVE-2026-44949 | UNKNOWN | — | A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, … | Jun 30, 2026 |
| CVE-2026-44947 | UNKNOWN | — | A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed … | Jun 30, 2026 |
| CVE-2026-27957 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate … | Jun 30, 2026 |
| CVE-2026-27956 | MEDIUM | 4.3 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/servers/{server_uuid}/domains?uuid={app_uuid}` bypasses team scoping when the optional uuid … | Jun 30, 2026 |
| CVE-2026-27955 | MEDIUM | 6.6 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker() helper wraps commands in bash -c '{$command}' … | Jun 30, 2026 |
| CVE-2026-27883 | MEDIUM | 5.0 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deployments/{uuid}` endpoint allows any authenticated user to … | Jun 30, 2026 |
| CVE-2026-27882 | MEDIUM | 4.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison … | Jun 30, 2026 |
| CVE-2026-27881 | MEDIUM | 5.0 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/deployments/{uuid}` in DeployController.php retrieves deployment details without validating … | Jun 30, 2026 |
| CVE-2026-35098 | UNKNOWN | — | KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of … | Jun 30, 2026 |
| CVE-2026-35097 | UNKNOWN | — | KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. … | Jun 30, 2026 |
| CVE-2026-35096 | UNKNOWN | — | KTM System e-BOK is vulnerable to Cross‑Site Request Forgery (CSRF) in both the email-change and password-change functionalities. An attacker can craft a malicious website that, … | Jun 30, 2026 |
| CVE-2026-35095 | UNKNOWN | — | KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, … | Jun 30, 2026 |
| CVE-2026-14241 | UNKNOWN | — | Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of … | Jun 30, 2026 |
| CVE-2026-14178 | MEDIUM | 5.9 | openGauss 在处理带 NLS 参数的 to_timestamp 调用时,to_timestamp_with_fmt_nls() 会将 nls_fmt_str 保存到 u_sess->parser_cxt.nls_fmt_str。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestamp_out() 仍会通过 CheckNlsFormat() 访问 u_sess->parser_cxt.nls_fmt_str,导致访问已释放内存。攻击者在具备数据库 SQL … | Jun 30, 2026 |
| CVE-2025-53648 | MEDIUM | 5.4 | SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to … | Jun 30, 2026 |
| CVE-2026-8655 | UNKNOWN | — | Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured … | Jun 30, 2026 |
| CVE-2026-8452 | UNKNOWN | — | Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a … | Jun 30, 2026 |
| CVE-2026-8451 | UNKNOWN | — | Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP | Jun 30, 2026 |
| CVE-2026-8403 | MEDIUM | 6.1 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. … | Jun 30, 2026 |