Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20528
Total
1468
Critical
6215
High
6518
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57943 | MEDIUM | 5.9 | LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' … | Jun 29, 2026 |
| CVE-2026-57942 | MEDIUM | 5.3 | LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unauthenticated attackers to spoof client IP addresses … | Jun 29, 2026 |
| CVE-2026-56783 | MEDIUM | 6.5 | Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out … | Jun 29, 2026 |
| CVE-2026-56782 | CRITICAL | 9.8 | Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is … | Jun 29, 2026 |
| CVE-2026-56781 | MEDIUM | 5.3 | Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the … | Jun 29, 2026 |
| CVE-2026-56780 | HIGH | 7.5 | Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/{pk}/password/ endpoint that allows domain administrators to change any user's password. Attackers … | Jun 29, 2026 |
| CVE-2026-56285 | HIGH | 8.6 | Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute … | Jun 29, 2026 |
| CVE-2026-36848 | HIGH | 7.5 | Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem. | Jun 29, 2026 |
| CVE-2026-13592 | HIGH | 7.3 | A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. … | Jun 29, 2026 |
| CVE-2026-11720 | UNKNOWN | — | A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into … | Jun 29, 2026 |
| CVE-2026-13752 | MEDIUM | 6.0 | Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to … | Jun 29, 2026 |
| CVE-2026-13751 | MEDIUM | 4.1 | Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference … | Jun 29, 2026 |
| CVE-2026-13591 | MEDIUM | 5.0 | A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation … | Jun 29, 2026 |
| CVE-2026-13590 | MEDIUM | 5.6 | A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. … | Jun 29, 2026 |
| CVE-2026-13589 | MEDIUM | 5.6 | A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The … | Jun 29, 2026 |
| CVE-2026-13588 | MEDIUM | 5.6 | A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. … | Jun 29, 2026 |
| CVE-2026-12912 | HIGH | 7.3 | A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when … | Jun 29, 2026 |
| CVE-2026-12672 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Jun 29, 2026 |
| CVE-2026-9105 | UNKNOWN | — | An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests … | Jun 29, 2026 |
| CVE-2026-41052 | UNKNOWN | — | Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and … | Jun 29, 2026 |
| CVE-2026-13750 | MEDIUM | 5.5 | Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. … | Jun 29, 2026 |
| CVE-2026-13749 | HIGH | 8.8 | Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. … | Jun 29, 2026 |
| CVE-2026-13748 | MEDIUM | 6.3 | Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake … | Jun 29, 2026 |
| CVE-2026-13746 | LOW | 3.6 | Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying … | Jun 29, 2026 |
| CVE-2026-13744 | HIGH | 8.3 | Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, … | Jun 29, 2026 |