Recent vulnerabilities


ID CVSS Description Vendor Product Published Updated
CVE-2026-54424
8.4 (3.1)
An Incorrect Use of Privileged APIs vulnerability… Unity
Parsec
2026-07-04T00:45:24.208Z 2026-07-04T00:45:24.208Z
CVE-2026-14617
2.3 (4.0)
3.1 (3.1)
3.1 (3.0)
NousResearch hermes-agent Streaming Reasoning Tag Filt… NousResearch
hermes-agent
2026-07-03T21:45:10.246Z 2026-07-03T21:45:10.246Z
CVE-2026-58523
6.5 (3.1)
Microsoft Edge for Android Security Feature Bypass Vul… Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T21:26:27.550Z 2026-07-03T21:26:27.550Z
CVE-2026-58291
6.1 (3.1)
Microsoft Edge (Chromium-based) Information Disclosure… Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:37.453Z 2026-07-03T21:26:27.026Z
CVE-2026-45489
6.5 (3.1)
Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:36.906Z 2026-07-03T21:26:26.488Z
CVE-2026-54998
8.8 (3.1)
Microsoft Exchange Online Elevation of Privilege Vulne… Microsoft
Microsoft Exchange Online
2026-07-02T22:18:58.222Z 2026-07-03T21:26:25.955Z
CVE-2026-58597
4.3 (3.1)
Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:35.815Z 2026-07-03T21:26:25.344Z
CVE-2026-58524
5.4 (3.1)
Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:35.191Z 2026-07-03T21:26:24.809Z
CVE-2026-58300
6.2 (3.1)
Microsoft Edge for Android Information Disclosure Vuln… Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:34.726Z 2026-07-03T21:26:24.282Z
CVE-2026-58298
7.2 (3.1)
Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:34.186Z 2026-07-03T21:26:23.651Z
CVE-2026-58297
7.1 (3.1)
Microsoft Edge for Android Information Disclosure Vuln… Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:33.630Z 2026-07-03T21:26:23.184Z
CVE-2026-58296
7.1 (3.1)
Microsoft Edge for Android Information Disclosure Vuln… Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:33.018Z 2026-07-03T21:26:22.643Z
CVE-2026-58295
8.3 (3.1)
Microsoft Edge (Chromium-based) Security Feature Bypas… Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:32.479Z 2026-07-03T21:26:22.183Z
CVE-2026-58294
7.5 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:31.928Z 2026-07-03T21:26:21.641Z
CVE-2026-58293
8.1 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:31.401Z 2026-07-03T21:26:21.026Z
CVE-2026-58292
7.5 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:30.853Z 2026-07-03T21:26:20.487Z
CVE-2026-58290
7.5 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:30.311Z 2026-07-03T21:26:19.954Z
CVE-2026-58289
9 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:29.711Z 2026-07-03T21:26:19.336Z
CVE-2026-58288
8.3 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:24.560Z 2026-07-03T21:26:18.728Z
CVE-2026-58286
8.1 (3.1)
Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:24.011Z 2026-07-03T21:26:18.193Z
CVE-2026-58285
8.3 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:23.474Z 2026-07-03T21:26:17.576Z
CVE-2026-58284
8.3 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:22.999Z 2026-07-03T21:26:16.960Z
CVE-2026-58278
5.4 (3.1)
Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:22.461Z 2026-07-03T21:26:16.499Z
CVE-2026-58276
7.5 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:22.006Z 2026-07-03T21:26:15.883Z
CVE-2026-57991
7.4 (3.1)
Microsoft Edge (Chromium-based) Information Disclosure… Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:21.276Z 2026-07-03T21:26:15.402Z
CVE-2026-57986
7.5 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:20.815Z 2026-07-03T21:26:14.864Z
CVE-2026-57981
8.8 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:20.280Z 2026-07-03T21:26:14.356Z
CVE-2026-57977
7.1 (3.1)
Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:19.684Z 2026-07-03T21:26:13.646Z
CVE-2026-57974
8.8 (3.1)
Microsoft Edge (Chromium-based) Remote Code Execution … Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:19.152Z 2026-07-03T21:26:13.106Z
CVE-2026-45488
5.4 (3.1)
Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft
Microsoft Edge (Chromium-based)
2026-07-03T20:35:18.605Z 2026-07-03T21:26:12.565Z
ID CVSS Description Vendor Product Published Updated
ID Description Published Updated
fkie_cve-2026-58523 Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a s… 2026-07-03T22:16:55.740 2026-07-03T22:16:55.740
fkie_cve-2026-14617 A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected i… 2026-07-03T22:16:52.943 2026-07-03T22:16:52.943
fkie_cve-2026-58597 Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauth… 2026-07-03T21:17:06.127 2026-07-03T21:17:06.127
fkie_cve-2026-58524 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft E… 2026-07-03T21:17:06.000 2026-07-03T21:17:06.000
fkie_cve-2026-58522 Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose i… 2026-07-03T21:17:05.883 2026-07-03T21:17:05.883
fkie_cve-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cros… 2026-07-03T21:17:05.770 2026-07-03T21:17:05.770
fkie_cve-2026-58424 Permanent Fork PR Workflow Approval Gate Bypass 2026-07-03T21:17:05.660 2026-07-03T21:17:05.660
fkie_cve-2026-58423 LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private rep… 2026-07-03T21:17:05.550 2026-07-03T21:17:05.550
fkie_cve-2026-58422 Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts 2026-07-03T21:17:05.447 2026-07-03T21:17:05.447
fkie_cve-2026-58421 Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service 2026-07-03T21:17:05.347 2026-07-03T21:17:05.347
fkie_cve-2026-58419 Notification API leaks private issue metadata after access revocation 2026-07-03T21:17:05.243 2026-07-03T21:17:05.243
fkie_cve-2026-58418 SSRF via HTTP Redirect in Repository Migration 2026-07-03T21:17:05.140 2026-07-03T21:17:05.140
fkie_cve-2026-58300 Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose i… 2026-07-03T21:17:05.023 2026-07-03T21:17:05.023
fkie_cve-2026-58299 Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthori… 2026-07-03T21:17:04.907 2026-07-03T21:17:04.907
fkie_cve-2026-58298 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft E… 2026-07-03T21:17:04.790 2026-07-03T21:17:04.790
fkie_cve-2026-58297 Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android all… 2026-07-03T21:17:04.663 2026-07-03T21:17:04.663
fkie_cve-2026-58296 Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android all… 2026-07-03T21:17:04.547 2026-07-03T21:17:04.547
fkie_cve-2026-58295 Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:17:04.417 2026-07-03T21:17:04.417
fkie_cve-2026-58294 Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… 2026-07-03T21:17:04.293 2026-07-03T21:17:04.293
fkie_cve-2026-58293 External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized att… 2026-07-03T21:17:04.143 2026-07-03T21:17:04.143
fkie_cve-2026-58292 Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to exe… 2026-07-03T21:17:04.013 2026-07-03T21:17:04.013
fkie_cve-2026-58291 Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an un… 2026-07-03T21:17:03.890 2026-07-03T21:17:03.890
fkie_cve-2026-58290 Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:17:03.770 2026-07-03T21:17:03.770
fkie_cve-2026-58289 Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:17:03.640 2026-07-03T21:17:03.640
fkie_cve-2026-58288 Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… 2026-07-03T21:17:03.523 2026-07-03T21:17:03.523
fkie_cve-2026-58287 Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… 2026-07-03T21:17:03.413 2026-07-03T21:17:03.413
fkie_cve-2026-58286 Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perfo… 2026-07-03T21:17:03.293 2026-07-03T21:17:03.293
fkie_cve-2026-58285 Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:17:03.180 2026-07-03T21:17:03.180
fkie_cve-2026-58284 Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execut… 2026-07-03T21:17:03.057 2026-07-03T21:17:03.057
fkie_cve-2026-58283 Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:17:02.943 2026-07-03T21:17:02.943
ID Severity Description Published Updated
ghsa-pxqg-8rwp-q2x2
3.1 (3.1)
1.3 (4.0)
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected i… 2026-07-04T00:31:23Z 2026-07-04T00:31:23Z
ghsa-49m2-v6xm-3fhr
6.5 (3.1)
Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a s… 2026-07-04T00:31:23Z 2026-07-04T00:31:23Z
ghsa-v5h7-6v7v-x933
6.8 (3.1)
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose i… 2026-07-03T21:31:41Z 2026-07-03T21:31:41Z
ghsa-h677-5v32-7m48
6.2 (3.1)
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose i… 2026-07-03T21:31:41Z 2026-07-03T21:31:41Z
ghsa-g4pq-v493-r36h
7.5 (3.1)
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthori… 2026-07-03T21:31:41Z 2026-07-03T21:31:41Z
ghsa-8ghg-xp59-w7pg
7.2 (3.1)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft E… 2026-07-03T21:31:41Z 2026-07-03T21:31:41Z
ghsa-443f-8vj4-c2c4
5.4 (3.1)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft E… 2026-07-03T21:31:41Z 2026-07-03T21:31:41Z
ghsa-3p86-rw86-vj98
4.3 (3.1)
Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauth… 2026-07-03T21:31:41Z 2026-07-03T21:31:41Z
ghsa-x7pj-r739-2qv7
8.3 (3.1)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-wrqp-3qp3-gqcj
7.5 (3.1)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-vfc9-fgwm-8mwp
7.1 (3.1)
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android all… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-rp87-gqr5-74pm
7.5 (3.1)
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to exe… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-qqhm-6qqw-68j4
7.5 (3.1)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-pp6w-gfj2-hq6c
7.1 (3.1)
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android all… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-mm5h-w49f-qxp5
8.1 (3.1)
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized att… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-jjfj-r463-g4c7
8.3 (3.1)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-7xpx-9crg-rx5q
8.3 (3.1)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-6p36-3w3p-mr82
8.1 (3.1)
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perfo… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-4prc-gc25-x2h7
8.3 (3.1)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-39f3-ggrp-rph3
9.0 (3.1)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-36w9-qq4h-pv36
6.1 (3.1)
Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an un… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-28f5-cgmh-4pfj
8.3 (3.1)
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execut… 2026-07-03T21:31:40Z 2026-07-03T21:31:40Z
ghsa-vw2p-73gr-hwh5
7.5 (3.1)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… 2026-07-03T21:31:39Z 2026-07-03T21:31:39Z
ghsa-vfww-fwcc-xcp7
8.1 (3.1)
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perfo… 2026-07-03T21:31:39Z 2026-07-03T21:31:39Z
ghsa-pwgr-7g5c-fjgv
7.5 (3.1)
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… 2026-07-03T21:31:39Z 2026-07-03T21:31:39Z
ghsa-pgfj-jh8g-79g5
6.5 (3.1)
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attack… 2026-07-03T21:31:38Z 2026-07-03T21:31:39Z
ghsa-mp46-jq23-75j9
7.6 (3.1)
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to exe… 2026-07-03T21:31:38Z 2026-07-03T21:31:39Z
ghsa-hq62-8562-72xh
7.4 (3.1)
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attack… 2026-07-03T21:31:39Z 2026-07-03T21:31:39Z
ghsa-c7hg-fxjp-q9jp
7.4 (3.1)
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) a… 2026-07-03T21:31:39Z 2026-07-03T21:31:39Z
ghsa-9h2j-pmwx-xhhx
8.1 (3.1)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… 2026-07-03T21:31:39Z 2026-07-03T21:31:39Z
ID Severity Description Package Published Updated
pysec-2026-616
7.3 (3.1)
Wagtail is an open source content management system built on Django. In versions prior to… wagtail 2026-07-01T22:16:49.917Z 2026-07-03T12:58:59.937124Z
pysec-2026-615
4.3 (3.1)
Wagtail is an open source content management system built on Django. In versions prior to… wagtail 2026-07-01T22:16:49.787Z 2026-07-03T12:58:59.841624Z
pysec-2026-614
6.5 (3.1)
Wagtail is an open source content management system built on Django. In versions prior to… wagtail 2026-07-01T22:16:49.653Z 2026-07-03T12:58:59.721161Z
pysec-2026-613
2.7 (3.1)
Wagtail is an open source content management system built on Django. In versions prior to… wagtail 2026-07-01T22:16:49.523Z 2026-07-03T12:58:59.603248Z
pysec-2026-612
4.3 (3.1)
Wagtail is an open source content management system built on Django. In versions prior to… wagtail 2026-07-01T22:16:49.297Z 2026-07-03T12:58:59.464451Z
pysec-2025-102
6.6 (3.1)
Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows at… dagster-ge 2025-07-22T17:15:33.543Z 2026-07-02T16:38:31.076371Z
pysec-2026-564
9.1 (3.1)
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a use… vitrage 2026-06-29T11:50:51.052829Z 2026-07-02T12:46:52.359910Z
pysec-2026-529
9.6 (3.1)
Directory traversal vulnerability in recv_file method allows arbitrary files to be writte… salt 2026-06-29T11:50:38.396059Z 2026-07-02T12:46:49.599506Z
pysec-2026-528
9.9 (3.1)
9.4 (4.0)
### Summary A SQL injection vulnerability in the Oracle path of `FilterEngine.create_sql… rucio 2026-06-29T11:50:50.519440Z 2026-07-02T12:46:49.461769Z
pysec-2026-527
9.9 (3.1)
9.0 (4.0)
### Summary A SQL injection vulnerability in `FilterEngine.create_postgres_query` allows… rucio 2026-06-29T11:50:49.082878Z 2026-07-02T12:46:49.308804Z
pysec-2026-510
9.8 (3.1)
### Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedde… qiskit 2026-06-29T11:50:34.769394Z 2026-07-02T12:46:47.918376Z
pysec-2026-461
9.6 (3.1)
The `execute_command` function and workflow shell execution are exposed to user-controlle… praisonai 2026-06-29T11:50:47.321761Z 2026-07-02T12:46:43.492217Z
pysec-2026-440
9.1 (3.1)
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 di… os-vif 2026-06-29T11:50:32.870631Z 2026-07-02T12:46:41.101315Z
pysec-2026-433
9.1 (3.1)
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allow… octavia 2026-06-29T11:50:32.761316Z 2026-07-02T12:46:40.385416Z
pysec-2026-431
9.1 (3.1)
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows re… neutron 2026-06-29T11:50:32.602905Z 2026-07-02T12:46:40.013240Z
pysec-2026-373
9.3 (3.1)
## Summary A serialization injection vulnerability exists in LangChain's `dumps()` and `… langchain-core 2026-06-29T11:50:38.732432Z 2026-07-02T12:46:34.720444Z
pysec-2026-361
9.2 (4.0)
### Summary The `ExceededSizeError` exception messages are embedded with non-decoded JWT … joserfc 2026-06-29T11:50:36.396676Z 2026-07-02T12:46:33.470203Z
pysec-2026-360
9.1 (3.1)
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 … ipsilon 2026-06-29T11:50:32.271750Z 2026-07-02T12:46:33.387299Z
pysec-2026-344
9.3 (4.0)
A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit… google-adk 2026-06-29T11:50:47.550836Z 2026-07-02T12:46:31.941760Z
pysec-2026-316
9.8 (3.1)
### Summary utils.get_shared_secret() always returns -1 - allows anyone to connect to co… cobbler 2026-06-29T11:50:40.621509Z 2026-07-02T12:46:28.475482Z
pysec-2026-312
9.8 (3.1)
Specific vulnerabilities: * Arbitrary file write in `resource_create` and `package_updat… ckan 2026-06-29T11:50:42.696551Z 2026-07-02T12:46:28.203386Z
pysec-2026-290
9.8 (3.1)
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary… backend-ai 2026-06-29T11:50:38.333670Z 2026-07-02T12:46:26.496828Z
pysec-2026-284
9.9 (3.1)
### Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Da… aries-cloudagent 2026-06-29T11:50:41.397353Z 2026-07-02T12:46:25.890941Z
pysec-2026-265
9.1 (3.1)
## 1. Summary The Binary Stream Capture (BSC) component exposes an unauthenticated HTTP … ait-core 2026-06-29T11:50:52.843259Z 2026-07-02T12:46:24.494788Z
pysec-2026-508
9.8 (3.1)
9.3 (4.0)
# Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions **Published:… pytorch-lightning 2026-06-29T11:50:50.913630Z 2026-07-02T12:33:00Z
pysec-2026-432
9.8 (3.1)
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14… nova 2026-06-29T11:50:32.179235Z 2026-07-02T12:33:00Z
pysec-2009-13
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to… moin 2009-04-03T18:30:00Z 2026-07-02T12:33:00Z
pysec-2007-4
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrar… plone 2007-11-07T21:46:00Z 2026-07-02T12:33:00Z
pysec-2026-603
8.1 (3.1)
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token… keystone 2026-05-28T19:16:38.223Z 2026-07-02T12:26:33.242409Z
pysec-2026-602
8.0 (3.1)
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not… keystone 2026-05-01T09:16:17.273Z 2026-07-02T12:26:33.147876Z
ID Description Type
ID Description Updated
gsd-2024-33901 The format of the source doesn't require a description, click on the link for more details. 2024-04-29T05:02:07.525896Z
gsd-2024-33902 The format of the source doesn't require a description, click on the link for more details. 2024-04-29T05:02:07.486429Z
gsd-2024-33885 The format of the source doesn't require a description, click on the link for more details. 2024-04-29T05:02:07.441746Z
gsd-2024-33893 The format of the source doesn't require a description, click on the link for more details. 2024-04-29T05:02:07.381761Z
gsd-2024-33892 The format of the source doesn't require a description, click on the link for more details. 2024-04-29T05:02:07.378170Z
gsd-2024-33903 In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pede… 2024-04-29T05:02:07.295775Z
gsd-2024-33898 The format of the source doesn't require a description, click on the link for more details. 2024-04-29T05:02:07.287632Z
gsd-2024-33897 The format of the source doesn't require a description, click on the link for more details. 2024-04-29T05:02:07.283756Z
gsd-2024-33883 The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certa… 2024-04-29T05:02:07.271727Z
gsd-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remo… 2024-04-29T05:02:05.715239Z
gsd-2024-4297 The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlo… 2024-04-29T05:02:05.700888Z
gsd-2024-4302 The format of the source doesn't require a description, click on the link for more details. 2024-04-29T05:02:05.603637Z
gsd-2024-33874 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.959238Z
gsd-2024-33850 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.952536Z
gsd-2024-33856 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.944669Z
gsd-2024-33854 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.916266Z
gsd-2024-33875 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.862083Z
gsd-2024-33858 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.848478Z
gsd-2024-33872 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.839468Z
gsd-2024-33853 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.825026Z
gsd-2024-33863 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.824810Z
gsd-2024-33867 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.808129Z
gsd-2024-33871 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.800751Z
gsd-2024-33862 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.799465Z
gsd-2024-33869 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.784255Z
gsd-2024-33851 phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point… 2024-04-28T05:02:07.732559Z
gsd-2024-33879 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:07.727068Z
gsd-2024-4295 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:02:06.068263Z
gsd-2023-52722 An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER … 2024-04-28T05:01:28.746814Z
gsd-2022-48684 The format of the source doesn't require a description, click on the link for more details. 2024-04-28T05:00:27.715598Z
ID Description Published Updated
mal-2026-6750 Malicious code in procwire (PyPI) 2026-07-03T23:38:06Z 2026-07-04T00:46:41Z
mal-2026-6749 Malicious code in ipa-user-collector (PyPI) 2026-07-03T22:45:17Z 2026-07-03T23:53:28Z
mal-2026-6748 Malicious code in haproxy-config-client (PyPI) 2026-07-03T22:43:15Z 2026-07-03T23:53:28Z
mal-2026-6751 Malicious code in bytekit (PyPI) 2026-07-03T23:50:32Z 2026-07-03T23:50:32Z
mal-2026-6753 Malicious code in schemavault (PyPI) 2026-07-03T23:47:04Z 2026-07-03T23:47:04Z
mal-2026-6752 Malicious code in confighub (PyPI) 2026-07-03T23:44:02Z 2026-07-03T23:44:02Z
mal-2026-5188 Malicious code in hello244a (npm) 2026-06-04T20:49:51Z 2026-07-03T21:55:02Z
mal-2026-5396 Malicious code in @sqlite-node/createsql (npm) 2026-06-09T15:59:00Z 2026-07-03T16:47:39Z
mal-2026-5395 Malicious code in @sql-trigger/nodesql (npm) 2026-06-09T15:46:48Z 2026-07-03T16:47:39Z
mal-2026-5394 Malicious code in @sql-access/nodesql (npm) 2026-06-09T15:58:52Z 2026-07-03T16:47:39Z
mal-2026-6209 Malicious code in @antoncarlos1/nodelamp (npm) 2026-06-19T15:02:53Z 2026-07-03T16:47:38Z
mal-2026-6746 Malicious code in typescript-util-core (npm) 2026-07-03T16:06:55Z 2026-07-03T16:06:58Z
mal-2026-6747 Malicious code in web-api-node (npm) 2026-07-03T16:06:55Z 2026-07-03T16:06:55Z
mal-2026-6745 Malicious code in ts-node-utils (npm) 2026-07-03T16:06:55Z 2026-07-03T16:06:55Z
mal-2026-6744 Malicious code in api-ts-utils (npm) 2026-07-03T16:06:54Z 2026-07-03T16:06:55Z
mal-2026-6743 Malicious code in api-node-utils (npm) 2026-07-03T16:06:54Z 2026-07-03T16:06:55Z
mal-2026-6742 Malicious code in alder_morrgan (npm) 2026-07-03T16:00:00Z 2026-07-03T16:00:00Z
mal-2026-6741 Malicious code in @node-cloud/create (npm) 2026-07-03T15:59:09Z 2026-07-03T15:59:09Z
mal-2026-6739 Malicious code in @lodash-en/lodash-en (npm) 2026-07-03T15:44:35Z 2026-07-03T15:44:36Z
mal-2026-6740 Malicious code in decode-sdks (npm) 2026-07-03T15:37:44Z 2026-07-03T15:37:44Z
mal-2026-6738 Malicious code in @jacobtan/decode-sdk (npm) 2026-07-03T15:37:43Z 2026-07-03T15:37:44Z
mal-2026-6737 Malicious code in epic-internal-tools (npm) 2026-07-02T21:32:03Z 2026-07-02T21:32:03Z
mal-2026-6734 Malicious code in horde-python-client (PyPI) 2026-07-02T21:23:53Z 2026-07-02T21:23:53Z
mal-2026-6733 Malicious code in epic-build-scripts (PyPI) 2026-07-02T21:23:22Z 2026-07-02T21:23:22Z
mal-2026-6735 Malicious code in ue-python-tools (PyPI) 2026-07-02T21:22:54Z 2026-07-02T21:22:54Z
mal-2026-6736 Malicious code in unreal-mladapter (PyPI) 2026-07-02T21:22:11Z 2026-07-02T21:22:11Z
mal-2026-6730 Malicious code in ue-automation-scripts (npm) 2026-07-02T21:20:58Z 2026-07-02T21:20:58Z
mal-2026-6729 Malicious code in robomerge (npm) 2026-07-02T21:12:05Z 2026-07-02T21:12:05Z
mal-2026-6732 Malicious code in unreal-horde-dashboard (npm) 2026-07-02T21:11:59Z 2026-07-02T21:11:59Z
mal-2026-6731 Malicious code in ue-jenkins-buildkite (npm) 2026-07-02T21:11:58Z 2026-07-02T21:11:58Z
ID Description Published Updated
bit-seaweedfs-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access 2026-06-30T23:51:29.287Z 2026-07-01T00:07:50.168Z
bit-rclone-2026-49980 Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix 2026-06-30T23:50:55.025Z 2026-07-01T00:07:50.168Z
bit-jre-2025-10911 Libxslt: use-after-free with key data stored cross-rvt 2026-05-08T05:46:52.544Z 2026-07-01T00:07:50.168Z
bit-java-2025-10911 Libxslt: use-after-free with key data stored cross-rvt 2026-05-06T14:45:14.224Z 2026-07-01T00:07:50.168Z
bit-haproxy-2026-33555 2026-06-30T23:39:33.320Z 2026-07-01T00:07:50.168Z
bit-ghost-2026-53950 @tryghost/activitypub: XSS in Ghost's ActivityPub client 2026-06-30T23:39:27.609Z 2026-07-01T00:07:50.168Z
bit-ghost-2026-53949 Ghost Content API filter bypass reveals private fields 2026-06-30T23:39:26.128Z 2026-07-01T00:07:50.168Z
bit-ghost-2026-53948 Ghost: File Upload Content-Type Spoofing 2026-06-30T23:39:24.628Z 2026-07-01T00:07:50.168Z
bit-ghost-2026-53947 Ghost: Member existence leak via magic link sign-in response 2026-06-30T23:39:23.088Z 2026-07-01T00:07:50.168Z
bit-ghost-2026-53946 Ghost: Mobiledoc image-size fetch SSRF 2026-06-30T23:39:21.576Z 2026-07-01T00:07:50.168Z
bit-ghost-2026-53945 Ghost: Server-side request forgery via DNS rebinding in external request handling 2026-06-30T23:39:20.070Z 2026-07-01T00:07:50.168Z
bit-ghost-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services 2026-06-30T23:39:18.559Z 2026-07-01T00:07:50.168Z
bit-ghost-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header 2026-06-30T23:39:17.098Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-48743 Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length 2026-06-30T23:39:39.412Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink 2026-06-30T23:39:38.029Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-48497 Envoy: Abnormal process termination in DNS UDP filter 2026-06-30T23:39:36.641Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk) 2026-06-30T23:39:35.098Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion 2026-06-30T23:39:33.609Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-48042 Envoy: Stack overflow in destructor of highly nested JSON 2026-06-30T23:39:32.025Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-47778 Envoy: Embedded NUL in TLS DNS SAN Truncation in the Default TLS Certificate Validator. (Auth Bypass) 2026-06-30T23:39:30.542Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption 2026-06-30T23:39:29.055Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format 2026-06-30T23:39:23.144Z 2026-07-01T00:07:50.168Z
bit-envoy-2026-47205 Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides 2026-06-30T23:39:20.226Z 2026-07-01T00:07:50.168Z
bit-appsmith-2026-49979 Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter 2026-06-30T23:35:48.224Z 2026-07-01T00:07:50.168Z
bit-grafana-2026-42127 Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler 2026-06-26T08:43:07.401Z 2026-06-29T14:45:12.993Z
bit-python-2026-11972 tarfile opened in streaming mode mishandles EOF 2026-06-29T11:14:51.652Z 2026-06-29T11:33:52.451Z
bit-python-2026-11940 tarfile extraction filter bypass allows escaping the destination directory 2026-06-29T11:14:50.493Z 2026-06-29T11:33:52.451Z
bit-python-2026-0864 Configuration Injection via Carriage Return (\r) in write() method 2026-06-29T11:14:48.032Z 2026-06-29T11:33:52.451Z
bit-libpython-2026-11972 tarfile opened in streaming mode mishandles EOF 2026-06-29T11:10:24.594Z 2026-06-29T11:33:52.451Z
bit-libpython-2026-11940 tarfile extraction filter bypass allows escaping the destination directory 2026-06-29T11:10:23.524Z 2026-06-29T11:33:52.451Z
ID Description Published Updated
cleanstart-2026-wa48911 authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users 2026-06-11T00:51:16.571546Z 2026-06-10T14:18:06Z
cleanstart-2026-kv53168 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU 2026-06-11T00:37:12.717829Z 2026-06-10T12:58:45Z
cleanstart-2026-xw33274 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU 2026-06-11T00:37:12.627665Z 2026-06-10T12:56:13Z
cleanstart-2026-lo88261 Within HostnameError 2026-06-11T00:37:42.858635Z 2026-06-10T12:54:57Z
cleanstart-2026-gu65783 Within HostnameError 2026-06-11T00:37:42.823413Z 2026-06-10T12:53:55Z
cleanstart-2026-nm83456 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python 2026-06-11T00:58:47.477773Z 2026-06-10T12:40:12Z
cleanstart-2026-kn74022 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU 2026-06-11T00:37:42.722881Z 2026-06-10T12:36:28Z
cleanstart-2026-yp53663 Security fixes for ghsa-m5vv-6r4h-3vj9 applied in versions: 1.8.1-r2 2026-06-11T00:37:43.523332Z 2026-06-10T12:34:40Z
cleanstart-2026-jy46135 Security fixes for ghsa-m5vv-6r4h-3vj9 applied in versions: 0.12.0-r3 2026-06-11T00:37:43.592316Z 2026-06-10T12:33:26Z
cleanstart-2026-xc13942 Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service 2026-06-11T00:53:46.780652Z 2026-06-10T12:31:48Z
cleanstart-2026-ym13650 Netty is an asynchronous, event-driven network application framework 2026-06-11T00:38:12.802983Z 2026-06-10T11:02:26Z
cleanstart-2026-hw72470 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 2026-06-11T00:40:14.004644Z 2026-06-10T11:02:26Z
cleanstart-2026-gb30250 Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 2026-06-11T00:37:44.484382Z 2026-06-10T11:02:26Z
cleanstart-2026-cc73064 In Eclipse Jetty, the HTTP/1 2026-06-11T00:40:13.261602Z 2026-06-10T11:02:26Z
cleanstart-2026-ao11810 Netty is an asynchronous, event-driven network application framework 2026-06-11T00:41:43.575059Z 2026-06-10T11:02:26Z
cleanstart-2026-ok35650 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ... 2026-06-11T00:41:13.291496Z 2026-06-10T10:37:02Z
cleanstart-2026-bm78291 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU 2026-06-11T00:59:17.738426Z 2026-06-10T10:16:46Z
cleanstart-2026-sq76279 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU 2026-06-11T00:58:17.245789Z 2026-06-10T10:10:23Z
cleanstart-2026-eg39405 Netty is an asynchronous, event-driven network application framework 2026-06-11T01:01:54.682665Z 2026-06-10T07:43:19Z
cleanstart-2026-eu52554 In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files 2026-06-10T01:02:24.789269Z 2026-06-09T13:34:51Z
cleanstart-2026-tl44561 (*x509 2026-06-10T00:38:54.116504Z 2026-06-09T13:30:46Z
cleanstart-2026-my46883 (*x509 2026-06-10T00:38:54.111064Z 2026-06-09T13:30:06Z
cleanstart-2026-bd44609 On Unix platforms, when listing the contents of a directory using File 2026-06-10T00:39:54.267778Z 2026-06-09T12:29:26Z
cleanstart-2026-xg53366 Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 2026-06-10T00:38:54.873637Z 2026-06-09T11:22:37Z
cleanstart-2026-vg07087 In Eclipse Jetty, the HTTP/1 2026-06-10T00:43:24.120927Z 2026-06-09T11:22:37Z
cleanstart-2026-lb01734 Netty is an asynchronous, event-driven network application framework 2026-06-10T00:39:24.166306Z 2026-06-09T11:22:37Z
cleanstart-2026-jr82778 Netty is an asynchronous, event-driven network application framework 2026-06-10T00:41:54.655147Z 2026-06-09T11:22:37Z
cleanstart-2026-la96053 ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label 2026-06-10T00:57:24.592105Z 2026-06-09T10:09:47Z
cleanstart-2026-rf77222 ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label 2026-06-10T01:02:24.689199Z 2026-06-09T10:08:47Z
cleanstart-2026-en66750 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing 2026-06-10T00:46:54.779122Z 2026-06-09T08:06:55Z
ID Description Published Updated
drupal-contrib-2026-069 2026-07-01T17:24:05.000Z 2026-07-01T18:36:44.000Z
drupal-contrib-2026-068 2026-07-01T17:22:46.000Z 2026-07-01T17:22:46.000Z
drupal-contrib-2026-067 2026-07-01T17:21:57.000Z 2026-07-01T17:21:57.000Z
drupal-contrib-2026-066 2026-07-01T17:21:09.000Z 2026-07-01T17:21:09.000Z
drupal-contrib-2026-065 2026-07-01T17:20:16.000Z 2026-07-01T17:20:16.000Z
drupal-contrib-2026-064 2026-06-26T15:27:49.000Z 2026-06-26T15:56:05.000Z
drupal-contrib-2026-058 2026-06-24T18:40:07.000Z 2026-06-25T07:10:08.000Z
drupal-contrib-2026-063 2026-06-24T18:48:15.000Z 2026-06-24T18:48:15.000Z
drupal-contrib-2026-062 2026-06-24T18:46:12.000Z 2026-06-24T18:46:12.000Z
drupal-contrib-2026-061 2026-06-24T18:43:16.000Z 2026-06-24T18:43:16.000Z
drupal-contrib-2026-060 2026-06-24T18:42:30.000Z 2026-06-24T18:42:30.000Z
drupal-contrib-2026-059 2026-06-24T18:40:57.000Z 2026-06-24T18:40:57.000Z
drupal-contrib-2026-057 2026-06-24T18:39:24.000Z 2026-06-24T18:39:24.000Z
drupal-contrib-2026-056 2026-06-24T18:38:33.000Z 2026-06-24T18:38:33.000Z
drupal-contrib-2026-055 2026-06-24T18:37:45.000Z 2026-06-24T18:37:45.000Z
drupal-contrib-2026-054 2026-06-24T18:36:54.000Z 2026-06-24T18:36:54.000Z
drupal-contrib-2026-053 2026-06-24T18:36:06.000Z 2026-06-24T18:36:06.000Z
drupal-contrib-2026-052 2026-06-24T18:35:16.000Z 2026-06-24T18:35:16.000Z
drupal-contrib-2026-051 2026-06-24T18:32:15.000Z 2026-06-24T18:32:15.000Z
drupal-contrib-2026-050 2026-06-17T18:40:21.000Z 2026-06-17T18:40:21.000Z
drupal-contrib-2026-049 2026-06-17T18:39:26.000Z 2026-06-17T18:39:26.000Z
drupal-contrib-2026-048 2026-06-17T18:38:38.000Z 2026-06-17T18:38:38.000Z
drupal-contrib-2026-047 2026-06-10T17:10:26.000Z 2026-06-10T17:10:26.000Z
drupal-contrib-2026-046 2026-06-10T17:09:45.000Z 2026-06-10T17:09:45.000Z
drupal-contrib-2026-045 2026-06-10T17:08:53.000Z 2026-06-10T17:08:53.000Z
drupal-contrib-2026-044 2026-06-10T17:07:55.000Z 2026-06-10T17:07:55.000Z
drupal-contrib-2026-043 2026-06-10T17:07:12.000Z 2026-06-10T17:07:12.000Z
drupal-contrib-2026-040 2026-06-03T16:11:51.000Z 2026-06-03T19:47:39.000Z
drupal-contrib-2026-042 2026-06-03T16:14:56.000Z 2026-06-03T16:14:56.000Z
drupal-contrib-2026-041 2026-06-03T16:13:55.000Z 2026-06-03T16:13:55.000Z
ID Description Updated
ID Description Updated
ts-2026-003 TS-2026-003 2026-05-29T00:00
ts-2026-002 TS-2026-002 2026-05-13T00:00
ts-2026-001 TS-2026-001 2026-01-15T00:00
ts-2025-008 TS-2025-008 2025-11-19T00:00
ts-2025-007 TS-2025-007 2025-11-07T00:00
ts-2025-006 TS-2025-006 2025-10-28T00:00
ts-2025-005 TS-2025-005 2025-08-07T00:00
ts-2025-004 TS-2025-004 2025-05-27T00:00
ts-2025-003 TS-2025-003 2025-05-21T00:00
ts-2025-002 TS-2025-002 2025-05-15T00:00
ts-2025-001 TS-2025-001 2025-03-07T00:00
ts-2024-013 TS-2024-013 2024-12-04T00:00
ts-2024-012 TS-2024-012 2024-10-02T00:00
ts-2024-011 TS-2024-011 2024-07-22T00:00
ts-2024-010 TS-2024-010 2024-07-19T00:00
ts-2024-009 TS-2024-009 2024-06-27T00:00
ts-2024-008 TS-2024-008 2024-06-14T00:00
ts-2024-007 TS-2024-007 2024-06-12T00:00
ts-2024-006 TS-2024-006 2024-05-22T00:00
ts-2024-005 TS-2024-005 2024-05-08T00:00
ts-2024-004 TS-2024-004 2024-05-06T00:00
ts-2024-003 TS-2024-003 2024-04-23T00:00
ts-2024-002 TS-2024-002 2024-01-30T00:00
ts-2024-001 TS-2024-001 2024-01-08T00:00
ts-2023-009 TS-2023-009 2023-12-22T00:00
ts-2023-008 TS-2023-008 2023-11-01T00:00
ts-2023-007 TS-2023-007 2023-10-26T00:00
ts-2023-006 TS-2023-006 2023-08-22T00:00
ts-2023-005 TS-2023-005 2023-04-28T00:00
ts-2023-004 TS-2023-004 2023-04-04T00:00
ID Description
ID Description Published Updated
cnvd-2026-25470 WordPress插件Formidable Kinetic跨站脚本漏洞 2026-05-29 2026-06-26
cnvd-2026-25465 WordPress插件Firebase Support and Chat Management存在未明漏洞 2026-05-29 2026-06-26
cnvd-2026-25456 WordPress插件Felan Framework跨站脚本漏洞 2026-05-29 2026-06-26
cnvd-2026-25450 WordPress插件Events In City跨站脚本漏洞 2026-05-29 2026-06-26
cnvd-2026-25444 WordPress插件Endless Scroll跨站脚本漏洞 2026-05-29 2026-06-26
cnvd-2026-25438 WordPress插件Easy Prism Syntax Highlighter跨站脚本漏洞 2026-05-29 2026-06-26
cnvd-2026-25434 WordPress插件Dideo跨站脚本漏洞 2026-05-29 2026-06-26
cnvd-2026-25433 WordPress插件Cryptocurrency Prijsvergelijking Widget跨站脚本漏洞 2026-05-29 2026-06-26
cnvd-2026-25432 WordPress插件Content Slideshow跨站脚本漏洞 2026-05-29 2026-06-26
cnvd-2026-25431 WordPress插件CM Ad Changer跨站请求伪造漏洞 2026-05-29 2026-06-26
cnvd-2026-25396 NVIDIA Display Driver拒绝服务漏洞 2026-05-29 2026-06-25
cnvd-2026-25395 NVIDIA DALI堆缓冲区溢出漏洞 2026-06-11 2026-06-25
cnvd-2026-25394 NVIDIA NeMo Framework反序列化漏洞(CNVD-2026-25394) 2026-06-22 2026-06-25
cnvd-2026-25393 NVIDIA NeMo Framework任意代码执行漏洞 2026-06-22 2026-06-25
cnvd-2026-25389 Huawei HarmonyOS缓冲区溢出漏洞(CNVD-2026-25389) 2023-11-06 2026-06-25
cnvd-2026-25388 Huawei HarmonyOS授权问题漏洞(CNVD-2026-25388) 2023-12-07 2026-06-25
cnvd-2026-25136 Online Product Reservation System /left_cart.php文件SQL注入漏洞 2026-01-09 2026-06-25
cnvd-2026-25135 Tenda W15E formPortalAuth函数缓冲区溢出漏洞 2026-06-11 2026-06-25
cnvd-2026-25134 Textpattern CMS文件上传漏洞 2026-05-18 2026-06-25
cnvd-2026-25133 CouchCMS跨站脚本漏洞 2026-05-20 2026-06-25
cnvd-2026-25132 Cisco Integrated Management Controller命令注入漏洞 2026-04-10 2026-06-25
cnvd-2026-25131 Cisco IoT Field Network Director路径遍历漏洞 2026-05-07 2026-06-25
cnvd-2026-25130 Cisco IoT Field Network Director命令注入漏洞 2026-05-07 2026-06-25
cnvd-2026-25129 Cisco Enterprise Chat and Email跨站脚本漏洞 2026-05-07 2026-06-25
cnvd-2026-25128 Cisco Catalyst SD-WAN Manager XML外部实体注入漏洞 2026-05-20 2026-06-25
cnvd-2026-25127 Cisco ThousandEyes Enterprise Agent BrowserBot组件命令注入漏洞 2026-05-21 2026-06-25
cnvd-2026-25126 Cisco Secure Workload访问控制错误漏洞 2026-05-21 2026-06-25
cnvd-2026-25125 Cisco Webex Meetings跨站脚本漏洞(CNVD-2026-25125) 2026-06-04 2026-06-25
cnvd-2026-25142 Zyxel DX3301-T0资源管理错误漏洞 2025-11-20 2026-06-24
cnvd-2026-25141 Zyxel DX3300-T0操作系统命令注入漏洞 2025-11-20 2026-06-24
ID Description Published Updated
bdu:2026-01844 Уязвимость сервиса безопасности Advanced DNS Security (ADNS) операционной системы PAN-OS,… 16.02.2026 16.02.2026
bdu:2026-01843 Уязвимость функции loadRLE() загрузчика TGA-изображений (PluginTARGA.cpp) графической биб… 16.02.2026 16.02.2026
bdu:2026-01842 Уязвимость функции ws_user_gerList() сценария pwg.users.php системы управления контентом … 16.02.2026 16.02.2026
bdu:2026-01841 Уязвимость компонента Updater облачной платформы управления контейнерами Arcane, позволяю… 16.02.2026 16.02.2026
bdu:2026-01840 Уязвимость ИИ-агента OpenClaw (ранее - ClawdBot или MoltBot), связанная с отсутствием про… 16.02.2026 16.02.2026
bdu:2026-01839 Уязвимость функции blocked_path() пакета Python для создания приложений для моделей машин… 16.02.2026 16.02.2026
bdu:2026-01838 Уязвимость драйверов графических процессоров NVIDIA NVS, Quadro, NVIDIA RTX, GeForce, свя… 16.02.2026 16.02.2026
bdu:2026-01837 Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… 16.02.2026 16.02.2026
bdu:2026-01836 Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… 16.02.2026 16.02.2026
bdu:2026-01835 Уязвимость драйвера ESXi base микропрограммного обеспечения сетевых контроллеров Intel 80… 16.02.2026 16.02.2026
bdu:2026-01834 Уязвимость микропрограммного обеспечения контроллеров Intel Ethernet серии E810, связанна… 16.02.2026 16.02.2026
bdu:2026-01833 Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… 16.02.2026 16.02.2026
bdu:2026-01832 Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… 16.02.2026 16.02.2026
bdu:2026-01831 Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… 16.02.2026 16.02.2026
bdu:2026-01830 Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществи… 16.02.2026 16.02.2026
bdu:2026-01829 Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю ока… 16.02.2026 16.02.2026
bdu:2026-01828 Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать во… 16.02.2026 16.02.2026
bdu:2026-01827 Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая н… 16.02.2026 16.02.2026
bdu:2026-01826 Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ… 16.02.2026 16.02.2026
bdu:2026-01825 Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… 16.02.2026 16.02.2026
bdu:2026-01824 Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… 16.02.2026 16.02.2026
bdu:2026-01823 Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… 16.02.2026 16.02.2026
bdu:2026-01822 Уязвимость операционных систем Fortinet FortiOS, связанная с недостаточной проверкой исто… 16.02.2026 16.02.2026
bdu:2026-01821 Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… 16.02.2026 16.02.2026
bdu:2026-01820 Уязвимость интерфейса командной строки операционных систем Fortinet FortiOS, позволяющая … 16.02.2026 16.02.2026
bdu:2026-01819 Уязвимость графического пользовательского интерфейса операционных систем Fortinet FortiOS… 16.02.2026 16.02.2026
bdu:2026-01818 Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … 16.02.2026 16.02.2026
bdu:2026-01817 Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … 16.02.2026 16.02.2026
bdu:2026-01816 Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … 16.02.2026 16.02.2026
bdu:2026-01815 Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с не… 16.02.2026 16.02.2026
ID Description Published Updated
certfr-2026-avi-0829 Multiples vulnérabilités dans Google Chrome 2026-07-02T00:00:00.000000 2026-07-02T00:00:00.000000
certfr-2026-avi-0828 Vulnérabilité dans CPython 2026-07-02T00:00:00.000000 2026-07-02T00:00:00.000000
certfr-2026-avi-0827 Multiples vulnérabilités dans Mozilla Thunderbird 2026-07-02T00:00:00.000000 2026-07-02T00:00:00.000000
certfr-2026-avi-0826 Multiples vulnérabilités dans les produits Elastic 2026-07-02T00:00:00.000000 2026-07-02T00:00:00.000000
certfr-2026-avi-0825 Multiples vulnérabilités dans les produits Cisco 2026-07-02T00:00:00.000000 2026-07-02T00:00:00.000000
certfr-2026-avi-0824 Multiples vulnérabilités dans ClamAV 2026-07-02T00:00:00.000000 2026-07-02T00:00:00.000000
certfr-2026-avi-0823 Multiples vulnérabilités dans Traefik 2026-07-02T00:00:00.000000 2026-07-02T00:00:00.000000
certfr-2026-avi-0822 Multiples vulnérabilités dans les produits Citrix 2026-07-01T00:00:00.000000 2026-07-01T00:00:00.000000
certfr-2026-avi-0821 Multiples vulnérabilités dans Adobe ColdFusion 2026-07-01T00:00:00.000000 2026-07-01T00:00:00.000000
certfr-2026-avi-0820 Vulnérabilité dans Mozilla Firefox 2026-07-01T00:00:00.000000 2026-07-01T00:00:00.000000
certfr-2026-avi-0819 Multiples vulnérabilités dans Synology MailPlus Server 2026-06-30T00:00:00.000000 2026-06-30T00:00:00.000000
certfr-2026-avi-0818 Multiples vulnérabilités dans les produits Apple 2026-06-30T00:00:00.000000 2026-06-30T00:00:00.000000
certfr-2026-avi-0817 Multiples vulnérabilités dans Apache Tomcat 2026-06-30T00:00:00.000000 2026-06-30T00:00:00.000000
certfr-2026-avi-0816 Multiples vulnérabilités dans Stormshield Management Center 2026-06-29T00:00:00.000000 2026-06-29T00:00:00.000000
certfr-2026-avi-0815 Multiples vulnérabilités dans KeyCloak 2026-06-29T00:00:00.000000 2026-06-29T00:00:00.000000
certfr-2026-avi-0814 Vulnérabilité dans HAProxy 2026-06-29T00:00:00.000000 2026-06-29T00:00:00.000000
certfr-2026-avi-0813 Multiples vulnérabilités dans Mattermost Server 2026-06-29T00:00:00.000000 2026-06-29T00:00:00.000000
certfr-2026-avi-0812 Multiples vulnérabilités dans Microsoft Azure Linux 2026-06-29T00:00:00.000000 2026-06-29T00:00:00.000000
certfr-2026-avi-0811 Multiples vulnérabilités dans Microsoft Edge 2026-06-29T00:00:00.000000 2026-06-29T00:00:00.000000
certfr-2026-avi-0810 Multiples vulnérabilités dans les produits IBM 2026-06-26T00:00:00.000000 2026-06-26T00:00:00.000000
certfr-2026-avi-0809 Multiples vulnérabilités dans le noyau Linux de Debian 2026-06-26T00:00:00.000000 2026-06-26T00:00:00.000000
certfr-2026-avi-0808 Multiples vulnérabilités dans le noyau Linux de Red Hat 2026-06-26T00:00:00.000000 2026-06-26T00:00:00.000000
certfr-2026-avi-0807 Multiples vulnérabilités dans le noyau Linux de SUSE 2026-06-26T00:00:00.000000 2026-06-26T00:00:00.000000
certfr-2026-avi-0806 Multiples vulnérabilités dans le noyau Linux d'Ubuntu 2026-06-26T00:00:00.000000 2026-06-26T00:00:00.000000
certfr-2026-avi-0805 Multiples vulnérabilités dans Asterisk 2026-06-26T00:00:00.000000 2026-06-26T00:00:00.000000
certfr-2026-avi-0804 Multiples vulnérabilités dans Tenable Nessus 2026-06-26T00:00:00.000000 2026-06-26T00:00:00.000000
certfr-2026-avi-0803 Multiples vulnérabilités dans Google Chrome 2026-06-26T00:00:00.000000 2026-06-26T00:00:00.000000
certfr-2026-avi-0802 Multiples vulnérabilités dans Microsoft Azure Linux 2026-06-25T00:00:00.000000 2026-06-25T00:00:00.000000
certfr-2026-avi-0801 Multiples vulnérabilités dans Google Chrome 2026-06-25T00:00:00.000000 2026-06-25T00:00:00.000000
certfr-2026-avi-0800 Multiples vulnérabilités dans CPython 2026-06-25T00:00:00.000000 2026-06-25T00:00:00.000000
ID Description Published Updated
certfr-2026-ale-003 Note d’alerte – Ciblage des messageries instantanées 2026-03-20T00:00:00.000000 2026-06-18T00:00:00.000000
certfr-2026-ale-005 [Màj] Vulnérabilité dans Microsoft Exchange Server 2026-05-15T00:00:00.000000 2026-06-11T00:00:00.000000
certfr-2026-ale-004 Vulnérabilité dans F5 BIG-IP Access Policy Manager 2026-03-31T00:00:00.000000 2026-03-31T00:00:00.000000
certfr-2026-ale-002 [MàJ] Vulnérabilité dans Cisco Catalyst SD-WAN 2026-02-25T00:00:00.000000 2026-03-26T00:00:00.000000
certfr-2025-ale-014 [MàJ] Vulnérabilité dans React Server Components 2025-12-05T00:00:00.000000 2026-02-12T00:00:00.000000
certfr-2026-ale-001 [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile 2026-01-30T00:00:00.000000 2026-02-09T00:00:00.000000
certfr-2025-ale-013 [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD 2025-09-25T00:00:00.000000 2025-12-09T00:00:00.000000
certfr-2025-ale-012 Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway 2025-08-26T00:00:00.000000 2025-09-26T00:00:00.000000
certfr-2025-ale-010 [MàJ] Multiples vulnérabilités dans Microsoft SharePoint 2025-07-21T00:00:00.000000 2025-08-26T00:00:00.000000
certfr-2025-ale-011 Incidents de sécurité dans les pare-feux SonicWall 2025-08-05T00:00:00.000000 2025-08-18T00:00:00.000000
certfr-2025-ale-009 Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway 2025-07-01T00:00:00.000000 2025-08-18T00:00:00.000000
certfr-2025-ale-004 Activités de post-exploitation dans Fortinet FortiGate 2025-04-11T00:00:00.000000 2025-08-07T00:00:00.000000
certfr-2025-ale-008 [MàJ] Vulnérabilité dans Roundcube 2025-06-05T00:00:00.000000 2025-07-21T00:00:00.000000
certfr-2025-ale-007 Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) 2025-05-14T00:00:00.000000 2025-06-24T00:00:00.000000
certfr-2025-ale-006 Vulnérabilité dans les produits Fortinet 2025-05-13T00:00:00.000000 2025-06-24T00:00:00.000000
certfr-2025-ale-005 Vulnérabilité dans SAP NetWeaver 2025-04-28T00:00:00.000000 2025-06-24T00:00:00.000000
certfr-2025-ale-003 [MàJ] Vulnérabilité dans les produits Ivanti 2025-04-03T00:00:00.000000 2025-06-24T00:00:00.000000
certfr-2025-ale-002 [MàJ] Vulnérabilité dans les produits Fortinet 2025-01-14T00:00:00.000000 2025-05-07T00:00:00.000000
certfr-2025-ale-001 [MàJ] Vulnérabilité dans les produits Ivanti 2025-01-09T00:00:00.000000 2025-05-07T00:00:00.000000
certfr-2024-ale-014 [MàJ] Multiples vulnérabilités dans Fortinet FortiManager 2024-10-23T00:00:00.000000 2025-03-31T00:00:00.000000
certfr-2024-ale-013 Exploitations de vulnérabilités dans Ivanti Cloud Services Appliance (CSA) 2024-10-22T00:00:00.000000 2025-03-31T00:00:00.000000
certfr-2024-ale-015 [MàJ] Multiples vulnérabilités sur l'interface d'administration des équipements Palo Alto Networks 2024-11-15T00:00:00.000000 2025-01-27T00:00:00.000000
certfr-2024-ale-012 [MàJ] Vulnérabilités affectant OpenPrinting CUPS 2024-09-27T00:00:00.000000 2024-11-21T00:00:00.000000
certfr-2024-ale-011 Vulnérabilité dans SonicWall 2024-09-10T00:00:00.000000 2024-11-21T00:00:00.000000
certfr-2024-ale-010 Multiples vulnérabilités dans Roundcube 2024-08-09T00:00:00.000000 2024-10-07T00:00:00.000000
certfr-2024-ale-009 Vulnérabilité dans OpenSSH 2024-07-01T00:00:00.000000 2024-10-07T00:00:00.000000
certfr-2024-ale-008 [MàJ] Vulnérabilité dans les produits Check Point 2024-05-30T00:00:00.000000 2024-07-01T00:00:00.000000
certfr-2024-ale-007 Multiples vulnérabilités dans les produits Cisco 2024-04-25T00:00:00.000000 2024-07-01T00:00:00.000000
certfr-2024-ale-006 [MàJ] Vulnérabilité dans Palo Alto Networks GlobalProtect 2024-04-12T00:00:00.000000 2024-07-01T00:00:00.000000
certfr-2024-ale-004 [MàJ] Vulnérabilité dans Fortinet FortiOS 2024-02-09T00:00:00.000000 2024-07-01T00:00:00.000000
ID Description Published Updated
osv-2026-521 UNKNOWN READ in unsigned long Assimp::StreamReader<true, true>::Get<unsigned long> 2026-04-04T00:05:03.478370Z 2026-07-03T14:33:49.012945Z
osv-2024-679 Heap-buffer-overflow in readImage4v2 2024-07-25T00:14:34.485446Z 2026-07-03T14:30:45.965049Z
osv-2023-307 Heap-buffer-overflow in bit_read_BB 2023-04-13T14:02:09.774988Z 2026-07-03T14:29:50.647286Z
osv-2022-714 Heap-buffer-overflow in dynapi_set_helper 2022-08-15T00:00:47.794062Z 2026-07-03T14:28:06.190186Z
osv-2023-800 Heap-buffer-overflow in XCFImageFormat::loadTileRLE 2023-09-07T14:00:27.693270Z 2026-07-03T14:26:48.988394Z
osv-2023-55 Index-out-of-bounds in LibRaw::apply_tiff 2023-02-07T13:00:07.438565Z 2026-07-03T14:26:43.914162Z
osv-2022-653 Heap-double-free in dwg_free_common_entity_data 2022-07-30T00:01:52.491112Z 2026-07-03T14:26:30.753720Z
osv-2022-379 Segv on unknown address in bit_write_TV 2022-04-27T00:00:44.539231Z 2026-07-03T14:25:41.977091Z
osv-2022-372 Heap-buffer-overflow in dwg_encode_VERTEX_2D 2022-04-26T00:00:09.352798Z 2026-07-03T14:25:39.667564Z
osv-2022-400 Heap-double-free in dwg_free_XRECORD_private 2022-05-08T00:00:40.782520Z 2026-07-03T14:25:30.517073Z
osv-2022-388 Segv on unknown address in dwg_ref_get_object 2022-05-01T00:01:54.904711Z 2026-07-03T14:25:20.846223Z
osv-2022-1176 Heap-double-free in dwg_free 2022-11-18T13:00:26.857477Z 2026-07-03T14:25:19.477988Z
osv-2022-1198 Heap-buffer-overflow in dwg_json_LTYPE 2022-11-23T13:02:06.623044Z 2026-07-03T14:25:08.407786Z
osv-2022-1259 Heap-buffer-overflow in dwg_decode_INSERT_private 2022-12-13T13:00:46.870838Z 2026-07-03T14:25:06.327217Z
osv-2021-1343 Heap-buffer-overflow in get_next_owned_entity 2021-09-21T00:01:33.177403Z 2026-07-03T14:24:50.304929Z
osv-2021-1086 Heap-buffer-overflow in dwg_convert_SAB_to_SAT1 2021-08-02T00:00:31.888461Z 2026-07-03T14:24:47.299427Z
osv-2022-1018 Index-out-of-bounds in LibRaw::kodak_radc_load_raw 2022-10-06T00:02:27.511658Z 2026-07-03T14:21:32.924619Z
osv-2021-948 Use-of-uninitialized-value in residual_coding 2021-07-10T00:01:12.890029Z 2026-07-03T14:21:32.786484Z
osv-2021-735 Use-of-uninitialized-value in decode_CABAC_FL_bypass 2021-05-08T00:00:14.355747Z 2026-07-03T14:21:28.344483Z
osv-2020-876 Use-of-uninitialized-value in XCFImageFormat::mergeRGBToRGB 2020-07-14T22:13:55.541274Z 2026-07-03T14:21:12.031817Z
osv-2021-525 Use-of-uninitialized-value in void edge_filtering_chroma_internal<unsigned char> 2021-03-16T00:00:19.176877Z 2026-07-03T14:21:10.014691Z
osv-2022-94 Heap-buffer-overflow in cli_strlcat 2022-01-27T00:02:12.465969Z 2026-07-02T14:18:53.169872Z
osv-2022-636 UNKNOWN READ in fp_cmp_mag 2022-07-27T00:00:35.300337Z 2026-07-02T14:18:38.394740Z
osv-2022-725 Heap-buffer-overflow in jxl::N_EMU128::WriteToU8Stage::ProcessRow 2022-08-18T00:01:05.918943Z 2026-07-02T14:15:24.884839Z
osv-2022-608 Heap-use-after-free in jxl::WriteToPixelCallbackStage::ProcessRow 2022-07-21T00:01:50.967627Z 2026-07-02T14:14:37.672111Z
osv-2022-1068 UNKNOWN READ in fp_cmp_mag 2022-10-21T00:00:11.246872Z 2026-07-02T14:14:24.006556Z
osv-2023-1328 Stack-buffer-overflow in icu_75::TZDBTimeZoneNames::getMetaZoneNames 2023-12-18T00:13:09.643640Z 2026-07-01T17:45:35.791405Z
osv-2026-987 Index-out-of-bounds in print_insn_tic6x 2026-06-28T00:11:41.291924Z 2026-06-30T17:41:55.689855Z
osv-2026-995 Heap-double-free in dxf_entities_read 2026-06-29T00:21:08.898692Z 2026-06-30T14:52:30.093783Z
osv-2026-973 Heap-buffer-overflow in bfd_getl16 2026-06-27T00:10:11.183882Z 2026-06-29T20:05:30.805716Z
ID Description Published Updated
rustsec-2026-0198 `Report::frames_mut` allows aliased mutable references 2026-07-03T12:00:00Z 2026-07-03T14:33:41Z
rustsec-2026-0197 `Matrix{2,3,4}::swap_columns` can trigger undefined behavior for identical indices 2026-03-11T12:00:00Z 2026-07-03T13:44:38Z
rustsec-2026-0196 `cgmath` is unmaintained 2026-07-01T12:00:00Z 2026-07-03T13:44:38Z
rustsec-2026-0151 Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms 2026-05-29T12:00:00Z 2026-07-03T06:12:08Z
rustsec-2026-0195 Unbounded namespace-declaration allocation in `NsReader` enables memory-exhaustion denial of service 2026-06-29T12:00:00Z 2026-07-02T08:52:02Z
rustsec-2026-0194 Quadratic run time when checking a start tag for duplicate attribute names 2026-06-29T12:00:00Z 2026-07-02T07:59:25Z
rustsec-2025-0166 Multiple soundness issues in `stackvector` 2025-10-23T12:00:00Z 2026-07-02T07:59:25Z
rustsec-2026-0193 mXSS in ammonia via MathML `annotation-xml` encoding strip 2026-06-30T12:00:00Z 2026-07-01T05:03:44Z
rustsec-2026-0189 DNS rebinding vulnerability in rmcp Streamable HTTP server transport 2026-04-29T12:00:00Z 2026-06-30T07:16:56Z
rustsec-2026-0192 `ttf-parser` is unmaintained 2026-06-28T12:00:00Z 2026-06-29T20:59:47Z
rustsec-2025-0165 i_tree allowed out-of-bounds access through safe public node accessors 2025-07-04T12:00:00Z 2026-06-29T15:03:09Z
rustsec-2026-0191 `EbpfVm::invoke_function` performs out-of-bounds pointer arithmetic 2026-05-28T12:00:00Z 2026-06-29T14:39:58Z
rustsec-2026-0190 Unsoundness in `Error::downcast_mut()` 2026-06-25T12:00:00Z 2026-06-29T14:05:53Z
rustsec-2026-0188 WASI hard links and renames bypass wasmtime-wasi's FilePerms for destination 2026-06-24T12:00:00Z 2026-06-29T12:36:02Z
rustsec-2026-0187 Stack overflow in lopdf via deeply nested PDF objects 2026-06-21T12:00:00Z 2026-06-26T09:58:24Z
rustsec-2025-0164 `DTriangle` accessors may read out of bounds in affected versions 2025-04-24T12:00:00Z 2026-06-23T11:22:47Z
rustsec-2026-0186 Unchecked pointer offset in crate `memmap2` 2026-06-20T12:00:00Z 2026-06-22T18:11:20Z
rustsec-2026-0185 Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly 2026-06-22T12:00:00Z 2026-06-22T18:11:20Z
rustsec-2022-0104 `structopt` is in maintenance mode 2022-02-08T12:00:00Z 2026-06-22T09:22:04Z
rustsec-2026-0184 Potential undefined behavior with Signature from a buffer-created BlameHunk 2026-05-13T12:00:00Z 2026-06-17T13:50:20Z
rustsec-2026-0183 Potential undefined behavior when calling Remote::list() 2026-05-12T12:00:00Z 2026-06-17T12:56:48Z
rustsec-2026-0182 Leak in WASIp1 `fd_renumber` implementation 2026-06-15T12:00:00Z 2026-06-15T23:29:39Z
rustsec-2026-0181 DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths 2026-06-06T12:00:00Z 2026-06-13T08:34:52Z
rustsec-2026-0177 Missing `Sync` bound on `PyCFunction::new_closure` closures 2026-06-11T12:00:00Z 2026-06-13T06:16:34Z
rustsec-2026-0176 Out-of-bounds read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators 2026-06-11T12:00:00Z 2026-06-13T06:16:34Z
rustsec-2026-0180 Panic decoding a malformed `hstore` value allows denial of service 2026-06-12T12:00:00Z 2026-06-12T17:27:58Z
rustsec-2026-0179 Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service 2026-06-12T12:00:00Z 2026-06-12T17:27:58Z
rustsec-2026-0178 Panic on a `DataRow` with fewer fields than columns allows denial of service 2026-06-12T12:00:00Z 2026-06-12T17:27:58Z
rustsec-2021-0156 Triton VM Soundness Vulnerability due to Missing Constraint 2021-06-11T12:00:00Z 2026-06-11T11:35:08Z
rustsec-2026-0175 `onering` 1.4.1 was removed from crates.io for malicious code 2026-06-10T12:00:00Z 2026-06-10T19:02:16Z
ID Description Published Updated
osec-2026-05 Windows command execution via filename quotes. 2026-06-18T13:45:00Z 2026-06-18T13:45:00Z
osec-2026-04 Bigarray.reshape integer overflow 2026-06-18T13:20:00Z 2026-06-18T13:20:00Z
osec-2026-09 Albatross-console memory exhaustion 2026-05-28T08:59:44Z
osec-2026-08 Path traversal vulnerability in ocaml-tar 2026-05-22T20:55:00Z 2026-05-22T20:55:00Z
osec-2026-07 TLS-server does insufficient client certificate checks (missing KeyUsage and ExtendedKeyUsage validation) 2026-05-20T13:50:00Z 2026-05-20T13:50:00Z
osec-2026-06 TLS-client (with TLS 1.3) does insufficient certificate checks (missing KeyUsage and ExtendedKeyUsage validation) 2026-05-20T13:50:00Z 2026-05-20T13:50:00Z
osec-2026-03 opam install sandbox escape 2026-04-15T22:00:00Z 2026-04-16T21:00:00Z
osec-2026-01 Buffer Over-Read in OCaml Marshal Deserialization 2026-02-17T13:30:00Z 2026-02-27T09:30:00Z
osec-2026-02 ARP unbounded memory usage 2026-02-18T10:30:00Z 2026-02-18T10:30:00Z
osec-2022-01 Infinite loop in console output on xen 2022-12-07T00:00:00Z 2026-02-18T09:30:00Z
osec-2025-01 Albatross console out of memory 2025-08-15T00:18:22Z 2026-01-13T12:00:00Z
osec-2019-02 Grant unshare vulnerability in mirage-xen 2019-04-26T00:00:00Z 2026-01-13T12:00:00Z
osec-2019-01 Memory disclosure in mirage-net-xen 2019-03-21T00:00:00Z 2026-01-13T12:00:00Z
osec-2016-02 Memory disclosure in mirage-net-xen 2016-05-03T00:00:00Z 2026-01-13T12:00:00Z
osec-2023-01 Time of check time of use issue in opam's cache 2023-05-25T12:00:00Z 2026-01-09T12:00:00Z
osec-2016-01 Buffer overflow and information leak in OCaml < 4.03.0 2016-04-29T00:18:22Z 2026-01-01T12:00:00Z
osec-2018-01 An integer overflow in the `bigarray` serialization module leads to arbitrary code execution 2018-04-06T18:29:00Z 2025-12-16T12:00:00Z
osec-2017-01 Local privilege escalation issue with ocaml binaries 2017-06-23T15:19:47Z 2025-12-16T12:00:00Z