Total CVEs

145,909

Critical Severity

4,292

High Severity

15,777

Last 7 Days

2,186
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 6,141 - 6,160 of 42,314 CVEs
CVE-2026-50014 MEDIUM - 6.4

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-chara...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD
CVE-2026-49839 HIGH - 7.1

jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jv_load_file(raw=1) reads an attacker-controlled file, it repeatedly appends file chunks to th...

Vendor: jqlang
Product: jq
Published: Jun 25, 2026
Source: NVD
CVE-2026-48995 MEDIUM - 7.5

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this s...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD
CVE-2026-47770 MEDIUM - 5.5

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion (uncontrolled recursion). The crash occurs in jq's recur...

Vendor: jqlang
Product: jq
Published: Jun 25, 2026
Source: NVD
CVE-2026-11999 HIGH - 7.5

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical...

Vendor: wolfSSL
Product: wolfSSL
Published: Jun 25, 2026
Source: NVD
CVE-2026-46560 HIGH - 7.5

OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing

Vendor: maven
Product: org.openidentityplatform.openam:openam-radius
Published: Jun 25, 2026
Source: GitHub
CVE-2026-9800 HIGH - 8.1

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segm...

Vendor: redhat
Product: build_of_keycloak
Published: Jun 25, 2026
Source: NVD
CVE-2026-9799 MEDIUM - 4.6

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to ...

Vendor: redhat
Product: build_of_keycloak
Published: Jun 25, 2026
Source: NVD
CVE-2026-9705 MEDIUM - 6.5

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the atta...

Vendor: redhat
Product: build_of_keycloak
Published: Jun 25, 2026
Source: NVD
CVE-2026-9099 HIGH - 7.7

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker w...

Vendor: redhat
Product: build_of_keycloak
Published: Jun 25, 2026
Source: NVD
CVE-2026-9086 HIGH - 7.3

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a s...

Vendor: redhat
Product: build_of_keycloak
Published: Jun 25, 2026
Source: NVD
CVE-2026-9083 MEDIUM - 4.9

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, dete...

Vendor: redhat
Product: build_of_keycloak
Published: Jun 25, 2026
Source: NVD
CVE-2026-56123 HIGH - 8.1

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read thr...

Vendor: socat
Product: socat
Published: Jun 25, 2026
Source: NVD
CVE-2026-55439 MEDIUM - 5.5

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint (GET /apis/console.api.migration.halo.run/v1alpha1/backup...

Vendor: halo-dev
Product: halo
Published: Jun 25, 2026
Source: NVD

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role (free tier) can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes serve...

Vendor: ToolJet
Product: ToolJet
Published: Jun 25, 2026
Source: NVD
CVE-2026-55412 HIGH - 8.3

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

Vendor: ToolJet
Product: ToolJet
Published: Jun 25, 2026
Source: NVD
CVE-2026-55411 MEDIUM - 6.8

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credential_id is supplied in the ...

Vendor: ToolJet
Product: ToolJet
Published: Jun 25, 2026
Source: NVD
CVE-2026-55092 HIGH - 7.5

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a craft...

Vendor: aquasecurity
Product: trivy
Published: Jun 25, 2026
Source: NVD

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last segm...

Vendor: outline
Product: outline
Published: Jun 25, 2026
Source: NVD
CVE-2026-54448 MEDIUM - 6.5

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAll(tr) and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to gi...

Vendor: aquasecurity
Product: trivy
Published: Jun 25, 2026
Source: NVD