Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,564
Quick preset (or use dates below)
Clear Filters
Showing 781 - 800 of 143,744 CVEs
CVE-2026-54528 HIGH - 7.1

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded dire...

Vendor: jupyterlab
Product: jupyterlab-git
Published: Jul 08, 2026
Source: NVD

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader() method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff i...

Vendor: jupyterlab
Product: jupyterlab-git
Published: Jul 08, 2026
Source: NVD
CVE-2026-49866 HIGH - 7.5

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronously i...

Vendor: libp2p
Product: js-libp2p
Published: Jul 08, 2026
Source: NVD
CVE-2026-35211 MEDIUM - 6.5

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied Elastic...

Vendor: OpenCTI-Platform
Product: opencti
Published: Jul 08, 2026
Source: NVD
CVE-2026-35210 HIGH - 7.1

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restric...

Vendor: OpenCTI-Platform
Product: opencti
Published: Jul 08, 2026
Source: NVD
CVE-2026-15174 MEDIUM - 5.5

Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-15173 MEDIUM - 4.7

pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-15172 MEDIUM - 5.5

FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-15171 MEDIUM - 5.5

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-15170 MEDIUM - 5.5

Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-15169 MEDIUM - 5.5

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-15167 HIGH - 7.5

DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-15166 MEDIUM - 5.5

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-15165 MEDIUM - 5.5

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-15164 MEDIUM - 5.5

Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Vendor: Wireshark Foundation
Product: ciscodump
Published: Jul 08, 2026
Source: NVD
CVE-2026-15163 MEDIUM - 5.5

Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-14896 MEDIUM - 4.2

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This vulner...

Vendor: HashiCorp
Product: Nomad, Nomad Enterprise
Published: Jul 08, 2026
Source: NVD
CVE-2026-13320 HIGH - 7.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper saniti...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorizati...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD
CVE-2026-11827 MEDIUM - 4.9

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to impro...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD