Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,280
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 341 - 360 of 39,613 CVEs
CVE-2026-59887 HIGH - 7.5

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test() and .match() can be invoked at every mailto: occurrence and scan the remaining input through src_email_name in lib/re.mjs, causing O(n^2) CPU consumption on crafted user ...

Vendor: markdown-it
Product: linkify-it
Published: Jul 08, 2026
Source: NVD
CVE-2026-59883 MEDIUM - 4.7

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain() applied ordinary suffix matching to domains such as 192.168.0.1, [::1], or 1, allowing c...

Vendor: guzzle
Product: guzzle
Published: Jul 08, 2026
Source: NVD
CVE-2026-59882 MEDIUM - 4.2

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost() to disagree with the URI authority used for security...

Vendor: guzzle
Product: psr7
Published: Jul 08, 2026
Source: NVD

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 ** 31 in setListBounds in src/List.js, causing an empty List ...

Vendor: immutable-js
Product: immutable-js
Published: Jul 08, 2026
Source: NVD
CVE-2026-59731 HIGH - 8.2

Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI() operation and can resolve the request to a protec...

Vendor: withastro
Product: astro
Published: Jul 08, 2026
Source: NVD
CVE-2026-59261 HIGH - 7.1

OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries.

Vendor: OpenClaw
Product: OpenClaw
Published: Jul 08, 2026
Source: NVD
CVE-2026-42505 MEDIUM - 5.3

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Vendor: Go standard library
Product: crypto/tls
Published: Jul 08, 2026
Source: NVD
CVE-2026-39822 HIGH - 7.8

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "sym...

Vendor: Go standard library
Product: os
Published: Jul 08, 2026
Source: NVD
CVE-2026-29009 HIGH - 8.2

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net/nfs-common.c) when CONFIG_CMD_NFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfs_path_buff buffer by returning multiple relative symlink targets that are appende...

Vendor: u-boot
Product: u-boot
Published: Jul 08, 2026
Source: NVD
CVE-2026-29008 HIGH - 7.5

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payload_len to become negat...

Vendor: u-boot
Product: u-boot
Published: Jul 08, 2026
Source: NVD
CVE-2026-29007 MEDIUM - 5.3

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. A...

Vendor: u-boot
Product: u-boot
Published: Jul 08, 2026
Source: NVD

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy

Published: Jul 08, 2026
Source: NVD
CVE-2026-9074 CRITICAL - 9.1

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.

Published: Jul 08, 2026
Source: NVD

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such as t...

Vendor: immutable-js
Product: immutable-js
Published: Jul 08, 2026
Source: NVD
CVE-2026-59877 MEDIUM - 5.3

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends prema...

Vendor: protobufjs
Product: protobuf.js
Published: Jul 08, 2026
Source: NVD
CVE-2026-59876 MEDIUM - 4.8

protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key __proto__ to change the prototype of the returned map object instead...

Vendor: protobufjs
Product: protobuf.js
Published: Jul 08, 2026
Source: NVD
CVE-2026-59875 MEDIUM - 5.3

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is fix...

Vendor: isaacs
Product: node-tar
Published: Jul 08, 2026
Source: NVD

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18.

Vendor: isaacs
Product: node-tar
Published: Jul 08, 2026
Source: NVD

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk space a...

Vendor: isaacs
Product: node-tar
Published: Jul 08, 2026
Source: NVD
CVE-2026-59871 MEDIUM - 5.3

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. Thi...

Vendor: isaacs
Product: node-tar
Published: Jul 08, 2026
Source: NVD