Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,380
Quick preset (or use dates below)
Clear Filters
Showing 501 - 520 of 143,377 CVEs
CVE-2026-59925 HIGH - 7.5

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching close markers from eve...

Vendor: lepture
Product: mistune
Published: Jul 08, 2026
Source: NVD
CVE-2026-59924 MEDIUM - 5.9

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory whe...

Vendor: lepture
Product: mistune
Published: Jul 08, 2026
Source: NVD
CVE-2026-59923 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version 3....

Vendor: lepture
Product: mistune
Published: Jul 08, 2026
Source: NVD
CVE-2026-59922 HIGH - 7.5

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from each ...

Vendor: lepture
Product: mistune
Published: Jul 08, 2026
Source: NVD
CVE-2026-59897 MEDIUM - 4.8

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware or a...

Vendor: honojs
Product: hono
Published: Jul 08, 2026
Source: NVD
CVE-2026-59896 MEDIUM - 6.5

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight re...

Vendor: honojs
Product: hono
Published: Jul 08, 2026
Source: NVD
CVE-2026-59895 MEDIUM - 6.1

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx() in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class a...

Vendor: honojs
Product: hono
Published: Jul 08, 2026
Source: NVD
CVE-2026-59892 HIGH - 7.5

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx-* HTTP header values with decodeURIComponent() without handling decode errors, allowing an unauthenticated remote attacker to send a malformed ...

Vendor: open-telemetry
Product: opentelemetry-js
Published: Jul 08, 2026
Source: NVD
CVE-2026-59890 MEDIUM - 6.1

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode ...

Vendor: pypa
Product: setuptools
Published: Jul 08, 2026
Source: NVD
CVE-2026-59887 HIGH - 7.5

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test() and .match() can be invoked at every mailto: occurrence and scan the remaining input through src_email_name in lib/re.mjs, causing O(n^2) CPU consumption on crafted user ...

Vendor: markdown-it
Product: linkify-it
Published: Jul 08, 2026
Source: NVD
CVE-2026-59883 MEDIUM - 4.7

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain() applied ordinary suffix matching to domains such as 192.168.0.1, [::1], or 1, allowing c...

Vendor: guzzle
Product: guzzle
Published: Jul 08, 2026
Source: NVD
CVE-2026-59882 MEDIUM - 4.2

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost() to disagree with the URI authority used for security...

Vendor: guzzle
Product: psr7
Published: Jul 08, 2026
Source: NVD

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 ** 31 in setListBounds in src/List.js, causing an empty List ...

Vendor: immutable-js
Product: immutable-js
Published: Jul 08, 2026
Source: NVD
CVE-2026-59731 HIGH - 8.2

Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI() operation and can resolve the request to a protec...

Vendor: withastro
Product: astro
Published: Jul 08, 2026
Source: NVD
CVE-2026-59261 HIGH - 7.1

OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries.

Vendor: OpenClaw
Product: OpenClaw
Published: Jul 08, 2026
Source: NVD
CVE-2026-42505 MEDIUM - 5.3

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Vendor: Go standard library
Product: crypto/tls
Published: Jul 08, 2026
Source: NVD
CVE-2026-39822 HIGH - 7.8

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "sym...

Vendor: Go standard library
Product: os
Published: Jul 08, 2026
Source: NVD
CVE-2026-29009 HIGH - 8.2

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net/nfs-common.c) when CONFIG_CMD_NFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfs_path_buff buffer by returning multiple relative symlink targets that are appende...

Vendor: u-boot
Product: u-boot
Published: Jul 08, 2026
Source: NVD
CVE-2026-29008 HIGH - 7.5

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payload_len to become negat...

Vendor: u-boot
Product: u-boot
Published: Jul 08, 2026
Source: NVD
CVE-2026-29007 MEDIUM - 5.3

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. A...

Vendor: u-boot
Product: u-boot
Published: Jul 08, 2026
Source: NVD