Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20648
Total
1489
Critical
6270
High
6549
Medium
CVE ID Severity Score Description Published
CVE-2026-57231 HIGH 7.5 Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a … Jun 26, 2026
CVE-2026-56823 MEDIUM 5.4 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /api/integrations/webhooks/{webhook_id}/ping` endpoint fetches the target … Jun 26, 2026
CVE-2026-56663 HIGH 8.5 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF … Jun 26, 2026
CVE-2026-55686 MEDIUM 5.3 Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a … Jun 26, 2026
CVE-2026-55677 HIGH 7.5 Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches … Jun 26, 2026
CVE-2026-54636 CRITICAL 9.0 Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku … Jun 26, 2026
CVE-2026-48529 MEDIUM 6.0 GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as … Jun 26, 2026
CVE-2026-45408 CRITICAL 9.0 Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authenticated user pushes to a git … Jun 26, 2026
CVE-2026-45407 MEDIUM 5.0 Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This … Jun 26, 2026
CVE-2026-45406 CRITICAL 9.0 Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then … Jun 26, 2026
CVE-2026-45405 CRITICAL 9.0 Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or … Jun 26, 2026
CVE-2026-28385 MEDIUM 5.0 In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement … Jun 26, 2026
CVE-2026-13434 MEDIUM 4.9 A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is … Jun 26, 2026
CVE-2026-11779 UNKNOWN An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation. Jun 26, 2026
CVE-2025-32423 UNKNOWN AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock. … Jun 26, 2026
CVE-2025-32394 UNKNOWN AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. … Jun 26, 2026
CVE-2026-9640 HIGH 7.2 A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during … Jun 26, 2026
CVE-2026-9639 MEDIUM 6.5 Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial … Jun 26, 2026
CVE-2026-5757 HIGH 7.5 Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive … Jun 26, 2026
CVE-2026-47214 HIGH 7.1 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI … Jun 26, 2026
CVE-2026-45195 HIGH 7.8 Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside … Jun 26, 2026
CVE-2026-44018 MEDIUM 5.5 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing … Jun 26, 2026
CVE-2026-21734 HIGH 7.7 A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in … Jun 26, 2026
CVE-2026-12411 HIGH 8.4 Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via … Jun 26, 2026
CVE-2026-0828 HIGH 7.5 Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes. Jun 26, 2026