Total CVEs

143,126

Critical Severity

4,045

High Severity

14,563

Last 7 Days

1,273
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 181 - 200 of 39,531 CVEs

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorizati...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD
CVE-2026-11827 MEDIUM - 4.9

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to impro...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted ne...

Published: Jul 08, 2026
Source: NVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from the ...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD
CVE-2026-49464 HIGH - 8.1

NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak

Vendor: maven
Product: nl.nl-portal:taak
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49463 MEDIUM - 6.5

NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries

Vendor: maven
Product: nl.nl-portal:documenten-api
Published: Jul 08, 2026
Source: GitHub

Waku has an Open Redirect via `unstable_redirect` Helper

Vendor: npm
Product: waku
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49455 MEDIUM - 6.5

Waku: Cross-Origin CSRF on RSC Server Action Dispatch

Vendor: npm
Product: waku
Published: Jul 08, 2026
Source: GitHub
CVE-2026-53649 CRITICAL - 9.6

Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE

Vendor: go
Product: github.com/BishopFox/joro
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49833 MEDIUM - 5.5

DSpace: Path Traversal is possible through LDN message generation

Vendor: maven
Product: org.dspace:dspace-api
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49830 MEDIUM - 4.4

DSpace: ORE resource URI does not validate scheme for non-web resources

Vendor: maven
Product: org.dspace:dspace-api
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49831 MEDIUM - 5.5

DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path

Vendor: maven
Product: org.dspace:dspace-api
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49832 HIGH - 8.0

DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN

Vendor: maven
Product: org.dspace:dspace-api
Published: Jul 08, 2026
Source: GitHub
CVE-2026-52831 CRITICAL - 10.0

Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE

Vendor: go
Product: github.com/nuclio/nuclio
Published: Jul 08, 2026
Source: GitHub

async-tar PAX extension-header desync enables tar entry/content smuggling

Vendor: rust
Product: async-tar
Published: Jul 08, 2026
Source: GitHub
CVE-2026-50197 HIGH - 8.7

Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding โ€” chunked / HTTP/2 requests

Vendor: go
Product: github.com/zalando/skipper
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49825 HIGH - 8.2

`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes

Vendor: pip
Product: lxml_html_clean
Published: Jul 08, 2026
Source: GitHub
CVE-2026-8801 LOW - 3.5

Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4.

Published: Jul 08, 2026
Source: NVD
CVE-2026-8800 LOW - 2.7

Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Published: Jul 08, 2026
Source: NVD
CVE-2026-8651 LOW - 3.7

Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Published: Jul 08, 2026
Source: NVD