Total CVEs

138,500

Critical Severity

3,573

High Severity

12,821

Last 7 Days

2,016
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,381 - 1,400 of 34,905 CVEs
CVE-2024-39575 HIGH - 7.4

update_disk_psu_baseline.sh requires password in plain text

Vendor: Dell
Product: Dell EMC VxRail Appliance
Published: Jun 16, 2026
Source: NVD
CVE-2026-49401 MEDIUM - 5.2

Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Vendor: rust
Product: deno
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49406 MEDIUM - 5.5

Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Vendor: rust
Product: deno
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49411 MEDIUM - 6.5

Deno: Node TCPWrap numeric hostname aliases bypass --deny-net resolved-IP deny checks

Vendor: rust
Product: deno
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49440 HIGH - 7.4

Deno: Miller-Rabin Primality Test Allows Zero Rounds

Vendor: rust
Product: deno
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49402 HIGH - 8.1

Deno: Command Injection via spawnSync & spawn on Windows

Vendor: rust
Product: deno
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49983 MEDIUM - 5.2

Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access

Vendor: rust
Product: deno
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49860 MEDIUM - 5.2

Deno: WebSocket API sandbox bypass via missing post-DNS check

Vendor: rust
Product: deno
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49859 MEDIUM - 5.2

Deno: `fetch()` API sandbox bypass via missing DNS resolution check

Vendor: rust
Product: deno
Published: Jun 16, 2026
Source: GitHub
CVE-2026-48491 HIGH

Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Vendor: go
Product: Traefik
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54311 MEDIUM - 6.3

n8n: Merge Node SQL Mode Prototype Pollution

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54306 MEDIUM - 5.4

n8n: Prototype Pollution enables confused-deputy execution via public webhooks

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54301 HIGH - 7.6

n8n: Same-Origin XSS in Respond to Webhook Node

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54308 MEDIUM - 7.2

n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54313 MEDIUM - 7.7

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54310 MEDIUM - 9.9

n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49465 MEDIUM - 7.7

n8n: Git Node Clone and Push Operations Bypass File Sandbox

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49444 HIGH - 8.5

n8n: Python sandbox escape

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-48746 CRITICAL - 9.1

vLLM: OpenAI auth bypass

Vendor: pip
Product: vllm
Published: Jun 16, 2026
Source: GitHub
CVE-2026-48520 MEDIUM - 6.1

Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read

Vendor: pip
Product: langflow
Published: Jun 16, 2026
Source: GitHub