Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,387
Quick preset (or use dates below)
Clear Filters
Showing 481 - 500 of 143,377 CVEs
CVE-2026-58209 MEDIUM - 4.3

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these delive...

Vendor: nats-io
Product: nats-server
Published: Jul 08, 2026
Source: NVD

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via [...toArray(v)] without calling this.context.memoryLimit.use(...), allowing a template render such as {{ hu...

Vendor: harttle
Product: liquidjs
Published: Jul 08, 2026
Source: NVD
CVE-2026-55404 HIGH - 7.5

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpage_url or filename metadata without sufficient validation or escaping, allo...

Vendor: yt-dlp
Product: yt-dlp
Published: Jul 08, 2026
Source: NVD
CVE-2026-36028 MEDIUM - 6.8

A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset

Published: Jul 08, 2026
Source: NVD
CVE-2026-36027 MEDIUM - 6.8

An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge components

Published: Jul 08, 2026
Source: NVD
CVE-2026-15154 MEDIUM - 6.5

A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...

Vendor: Red Hat
Product: Red Hat OpenShift AI (RHOAI)
Published: Jul 08, 2026
Source: NVD
CVE-2026-14891 HIGH - 8.7

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability, CVE...

Vendor: HashiCorp
Product: Nomad, Nomad Enterprise
Published: Jul 08, 2026
Source: NVD
CVE-2026-14373 HIGH - 7.7

HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads...

Vendor: HashiCorp
Product: Nomad, Nomad Enterprise
Published: Jul 08, 2026
Source: NVD
CVE-2026-14361 MEDIUM - 4.7

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability (CVE-2026-14361) is fixed in consul-template...

Vendor: HashiCorp
Product: Tooling
Published: Jul 08, 2026
Source: NVD
CVE-2026-59938 MEDIUM - 5.3

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0.

Vendor: py-pdf
Product: pypdf
Published: Jul 08, 2026
Source: NVD
CVE-2026-59937 HIGH - 7.5

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0.

Vendor: py-pdf
Product: pypdf
Published: Jul 08, 2026
Source: NVD
CVE-2026-50813 MEDIUM - 6.1

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path

Published: Jul 08, 2026
Source: NVD
CVE-2026-50812 MEDIUM - 5.5

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changeset_apply_v3() applies a corrupt changese...

Published: Jul 08, 2026
Source: NVD
CVE-2026-14362 MEDIUM - 4.9

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability (CVE-2026-14362) is fixe...

Vendor: HashiCorp
Product: Shared library
Published: Jul 08, 2026
Source: NVD
CVE-2026-60102 HIGH - 8.8

Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability in the Horde_Vfs_Smb driver where the _escapeShellCommand() method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-contro...

Vendor: horde
Product: Vfs
Published: Jul 08, 2026
Source: NVD
CVE-2026-59930 MEDIUM - 4.3

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with generated ancho...

Vendor: lepture
Product: mistune
Published: Jul 08, 2026
Source: NVD
CVE-2026-59929 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:, ...

Vendor: lepture
Product: mistune
Published: Jul 08, 2026
Source: NVD
CVE-2026-59928 HIGH - 7.5

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block_parser.py and the ref_links environment dictionary handling, allowing denial of service throu...

Vendor: lepture
Product: mistune
Published: Jul 08, 2026
Source: NVD
CVE-2026-59927 MEDIUM - 5.3

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise RecursionErr...

Vendor: lepture
Product: mistune
Published: Jul 08, 2026
Source: NVD
CVE-2026-59926 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even ...

Vendor: lepture
Product: mistune
Published: Jul 08, 2026
Source: NVD