Total CVEs

138,363

Critical Severity

3,557

High Severity

12,776

Last 7 Days

1,903
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 1 - 20 of 12,906 CVEs
CVE-2026-49359 MEDIUM - 6.5

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the content of option values server-side via `file_get_contents()` when the value looks like a URL, without restricting the URL scheme. The `attachment` opt...

Vendor: pontedilana
Product: php-weasyprint
Published: Jun 19, 2026
Source: NVD
CVE-2026-49271 MEDIUM - 6.5

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector fr...

Vendor: strukturag
Product: libheif
Published: Jun 19, 2026
Source: NVD
CVE-2019-25760 MEDIUM - 6.2

Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to com_easyshop, task set to ajax.loadImage...

Vendor: Joomtech
Product: Easy Shop
Published: Jun 19, 2026
Source: NVD
CVE-2026-3196 MEDIUM - 5.5

An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.

Published: Jun 19, 2026
Source: NVD
CVE-2026-21768 MEDIUM - 6.3

The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.

Vendor: HCLSoftware
Product: Verse for Android
Published: Jun 19, 2026
Source: NVD
CVE-2026-55832 MEDIUM - 6.1

tract: Arbitrary file read via unsanitized ONNX external_data `location` (path traversal) on model load in tract-onnx

Vendor: rust
Product: tract-onnx
Published: Jun 19, 2026
Source: GitHub
CVE-2026-55767 MEDIUM - 5.8

guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts

Vendor: composer
Product: guzzlehttp/guzzle
Published: Jun 19, 2026
Source: GitHub
CVE-2026-55766 MEDIUM - 4.8

guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

Vendor: composer
Product: guzzlehttp/psr7
Published: Jun 19, 2026
Source: GitHub
CVE-2026-55689 MEDIUM - 6.8

OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset

Vendor: go
Product: github.com/openfga/openfga
Published: Jun 19, 2026
Source: GitHub
CVE-2026-55568 MEDIUM - 5.9

guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext

Vendor: composer
Product: guzzlehttp/guzzle
Published: Jun 19, 2026
Source: GitHub
CVE-2026-55414 MEDIUM - 5.3

NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)

Vendor: maven
Product: nl.nl-portal:form
Published: Jun 19, 2026
Source: GitHub
CVE-2026-55375 MEDIUM - 5.3

canto-saas-api: OAuth credentials exposed in URL query string and exception messages

Vendor: composer
Product: jleehr/canto-saas-api
Published: Jun 19, 2026
Source: GitHub
CVE-2026-48141 MEDIUM - 5.3

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.  This affects NI grpc-device 2.17.0 and prior versions.

Vendor: NI
Product: grpc-device, InstrumentStudio
Published: Jun 19, 2026
Source: NVD
CVE-2026-48140 MEDIUM - 6.5

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message conta...

Vendor: NI
Product: grpc-device, InstrumentStudio
Published: Jun 19, 2026
Source: NVD
CVE-2026-55374 MEDIUM - 4.8

canto-saas-api: Authenticated API requests can be redirected via unencoded path variables

Vendor: composer
Product: jleehr/canto-saas-api
Published: Jun 19, 2026
Source: GitHub
CVE-2026-12706 MEDIUM - 6.5

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this b...

Vendor: Red Hat
Product: Red Hat Enterprise Linux AI (RHEL AI) 3, Red Hat OpenShift AI (RHOAI)
Published: Jun 19, 2026
Source: NVD
CVE-2026-11941 MEDIUM - 5.6

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_next” and “quiche_conn_retired_scid_next” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned “...

Vendor: Cloudflare
Product: Quiche
Published: Jun 19, 2026
Source: NVD
CVE-2026-6798 MEDIUM - 5.3

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers...

Published: Jun 19, 2026
Source: NVD
CVE-2026-3640 MEDIUM - 5.3

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permission_callback of __return_true, which allows all incoming requests wit...

Published: Jun 19, 2026
Source: NVD
CVE-2026-9013 MEDIUM - 4.3

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogo_rest_create_post_translation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

Published: Jun 19, 2026
Source: NVD