Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20560
Total
1471
Critical
6231
High
6522
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-13493 | LOW | 3.1 | A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow … | Jun 28, 2026 |
| CVE-2026-13491 | LOW | 3.7 | A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqtt_protocol.cc of the component MQTT Goodbye … | Jun 28, 2026 |
| CVE-2026-13490 | LOW | 3.7 | A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such … | Jun 28, 2026 |
| CVE-2026-13489 | LOW | 3.1 | A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the … | Jun 28, 2026 |
| CVE-2026-13488 | HIGH | 7.3 | A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file … | Jun 28, 2026 |
| CVE-2026-13487 | HIGH | 7.3 | A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the … | Jun 28, 2026 |
| CVE-2026-13486 | HIGH | 7.3 | A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of … | Jun 28, 2026 |
| CVE-2026-13485 | HIGH | 7.3 | A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of … | Jun 28, 2026 |
| CVE-2026-13484 | MEDIUM | 5.0 | A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. … | Jun 28, 2026 |
| CVE-2026-13483 | LOW | 3.1 | A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_credentials of the file application/security/encryption.py of the component … | Jun 28, 2026 |
| CVE-2026-13482 | LOW | 3.7 | A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. … | Jun 28, 2026 |
| CVE-2026-10646 | HIGH | 7.4 | Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocated state object (struct getaddrinfo_state ai_state) as the user_data of an asynchronous DNS resolver query. … | Jun 28, 2026 |
| CVE-2026-10644 | MEDIUM | 4.2 | The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous (DMA) receive path. When uart_rx_enable() is … | Jun 28, 2026 |
| CVE-2026-10593 | MEDIUM | 6.5 | The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE state notifications. In unicast_client_ep_qos_state() (subsys/bluetooth/audio/bap_unicast_client.c), the handler writes attacker-controlled QoS fields … | Jun 28, 2026 |
| CVE-2026-58058 | MEDIUM | 6.5 | Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and … | Jun 28, 2026 |
| CVE-2026-58057 | MEDIUM | 5.0 | Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying … | Jun 28, 2026 |
| CVE-2026-58056 | HIGH | 7.6 | RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. … | Jun 28, 2026 |
| CVE-2026-58055 | MEDIUM | 5.4 | nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the … | Jun 28, 2026 |
| CVE-2026-58054 | HIGH | 7.2 | MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the … | Jun 28, 2026 |
| CVE-2026-58053 | CRITICAL | 9.9 | Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: … | Jun 28, 2026 |
| CVE-2026-58052 | LOW | 3.3 | 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream … | Jun 28, 2026 |
| CVE-2026-58051 | MEDIUM | 6.5 | libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the … | Jun 28, 2026 |
| CVE-2026-58050 | HIGH | 7.0 | libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, … | Jun 28, 2026 |
| CVE-2026-58049 | HIGH | 8.6 | FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA … | Jun 28, 2026 |
| CVE-2026-8095 | HIGH | 8.1 | The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due … | Jun 28, 2026 |