Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20528
Total
1468
Critical
6215
High
6518
Medium
CVE ID Severity Score Description Published
CVE-2026-57943 MEDIUM 5.9 LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' … Jun 29, 2026
CVE-2026-57942 MEDIUM 5.3 LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unauthenticated attackers to spoof client IP addresses … Jun 29, 2026
CVE-2026-56783 MEDIUM 6.5 Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out … Jun 29, 2026
CVE-2026-56782 CRITICAL 9.8 Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is … Jun 29, 2026
CVE-2026-56781 MEDIUM 5.3 Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the … Jun 29, 2026
CVE-2026-56780 HIGH 7.5 Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/{pk}/password/ endpoint that allows domain administrators to change any user's password. Attackers … Jun 29, 2026
CVE-2026-56285 HIGH 8.6 Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute … Jun 29, 2026
CVE-2026-36848 HIGH 7.5 Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem. Jun 29, 2026
CVE-2026-13592 HIGH 7.3 A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. … Jun 29, 2026
CVE-2026-11720 UNKNOWN A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into … Jun 29, 2026
CVE-2026-13752 MEDIUM 6.0 Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to … Jun 29, 2026
CVE-2026-13751 MEDIUM 4.1 Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference … Jun 29, 2026
CVE-2026-13591 MEDIUM 5.0 A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation … Jun 29, 2026
CVE-2026-13590 MEDIUM 5.6 A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. … Jun 29, 2026
CVE-2026-13589 MEDIUM 5.6 A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The … Jun 29, 2026
CVE-2026-13588 MEDIUM 5.6 A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. … Jun 29, 2026
CVE-2026-12912 HIGH 7.3 A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when … Jun 29, 2026
CVE-2026-12672 UNKNOWN Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … Jun 29, 2026
CVE-2026-9105 UNKNOWN An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests … Jun 29, 2026
CVE-2026-41052 UNKNOWN Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and … Jun 29, 2026
CVE-2026-13750 MEDIUM 5.5 Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. … Jun 29, 2026
CVE-2026-13749 HIGH 8.8 Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. … Jun 29, 2026
CVE-2026-13748 MEDIUM 6.3 Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake … Jun 29, 2026
CVE-2026-13746 LOW 3.6 Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying … Jun 29, 2026
CVE-2026-13744 HIGH 8.3 Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, … Jun 29, 2026