Total CVEs

137,266

Critical Severity

3,307

High Severity

12,261

Last 7 Days

1,385
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 241 - 260 of 11,958 CVEs
CVE-2025-56814 HIGH - 7.8

A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters.

Published: Jun 15, 2026
Source: NVD
CVE-2026-54271 HIGH - 8.2

protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

Vendor: npm
Product: protobufjs-cli
Published: Jun 15, 2026
Source: GitHub
CVE-2026-47777 HIGH - 7.5

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the FeatureAuth...

Vendor: mastodon
Product: mastodon
Published: Jun 15, 2026
Source: NVD
CVE-2026-48712 HIGH - 7.5

protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Vendor: npm
Product: protobufjs
Published: Jun 15, 2026
Source: GitHub

Symfony: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

Vendor: composer
Product: symfony/security-http
Published: Jun 15, 2026
Source: GitHub

@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Vendor: npm
Product: @angular/service-worker
Published: Jun 15, 2026
Source: GitHub

@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

Vendor: npm
Product: @angular/common
Published: Jun 15, 2026
Source: GitHub

@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Vendor: npm
Product: @angular/common
Published: Jun 15, 2026
Source: GitHub

@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

Vendor: npm
Product: @angular/platform-server
Published: Jun 15, 2026
Source: GitHub

@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vendor: npm
Product: @angular/platform-server
Published: Jun 15, 2026
Source: GitHub

vite: `server.fs.deny` bypass on Windows alternate paths

Vendor: npm
Product: vite
Published: Jun 15, 2026
Source: GitHub

@angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

Vendor: npm
Product: @angular/common
Published: Jun 15, 2026
Source: GitHub

@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

Vendor: npm
Product: @angular/common
Published: Jun 15, 2026
Source: GitHub

@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

Vendor: npm
Product: @angular/platform-server
Published: Jun 15, 2026
Source: GitHub
CVE-2026-48779 HIGH - 7.5

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally sm...

Vendor: npm
Product: ws
Published: Jun 15, 2026
Source: GitHub
CVE-2026-9863 HIGH - 7.5

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Maste...

Published: Jun 15, 2026
Source: NVD

Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

Vendor: npm
Product: @angular/core
Published: Jun 15, 2026
Source: GitHub
CVE-2026-5242 HIGH - 8.8

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

Published: Jun 15, 2026
Source: NVD
CVE-2026-5233 HIGH - 7.1

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

Published: Jun 15, 2026
Source: NVD
CVE-2026-5230 HIGH - 7.1

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

Published: Jun 15, 2026
Source: NVD