Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
Showing 1,381 - 1,400 of 143,768 CVEs
CVE-2026-40140 HIGH - 7.5

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting ap...

Vendor: BeyondTrust
Product: Remote Support, Privileged Remote Access
Published: Jul 06, 2026
Source: NVD
CVE-2026-40139 CRITICAL - 9.8

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts wi...

Vendor: BeyondTrust
Product: Remote Support, Privileged Remote Access
Published: Jul 06, 2026
Source: NVD
CVE-2026-40138 HIGH - 8.1

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, i...

Vendor: BeyondTrust
Product: Remote Support, Privileged Remote Access
Published: Jul 06, 2026
Source: NVD
CVE-2025-53831 HIGH - 8.2

DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage impr...

Vendor: owncloud
Product: DrawIO for ownCloud, ownCloud 10
Published: Jul 06, 2026
Source: NVD
CVE-2026-49445 CRITICAL - 9.2

Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Vendor: go
Product: github.com/cilium/cilium
Published: Jul 06, 2026
Source: GitHub
CVE-2026-49439 MEDIUM - 4.3

OpenRemote read-only asset users can write predicted datapoints

Vendor: maven
Product: io.openremote:openremote-manager
Published: Jul 06, 2026
Source: GitHub
CVE-2026-52889 CRITICAL - 9.8

Formie Hidden field defaults vulnerable to Server-Side Template Injection

Vendor: composer
Product: verbb/formie
Published: Jul 06, 2026
Source: GitHub
CVE-2022-46292 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge...

Vendor: pip
Product: openbabel
Published: Jul 06, 2026
Source: GitHub
CVE-2026-5268 CRITICAL - 9.1

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation co...

Published: Jul 06, 2026
Source: NVD
CVE-2026-59196 HIGH - 7.1

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fixe...

Vendor: pnpm
Product: pnpm
Published: Jul 06, 2026
Source: NVD
CVE-2026-59195 HIGH - 8.2

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under node_modules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml whose...

Vendor: pnpm
Product: pnpm
Published: Jul 06, 2026
Source: NVD
CVE-2026-59194 HIGH - 7.1

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0.

Vendor: pnpm
Product: pnpm
Published: Jul 06, 2026
Source: NVD
CVE-2026-59152 MEDIUM - 5.0

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the cont...

Vendor: langchain-ai
Product: langsmith-sdk
Published: Jul 06, 2026
Source: NVD
CVE-2026-58203 MEDIUM - 5.3

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry inside secrets_dir that is a symbolic link pointing outside secrets_dir ...

Vendor: pydantic
Product: pydantic-settings
Published: Jul 06, 2026
Source: NVD
CVE-2026-13122 MEDIUM - 5.3

OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled

Vendor: Openvpn
Product: OpenVPN
Published: Jul 06, 2026
Source: NVD
CVE-2025-53830 CRITICAL - 9.1

Anti-Virus for ownCloud is an anti-virus application for file storage, synchronization, and sharing application ownCloud. Versions of Anti-Virus for ownCloud before 1.2.3 are vulnerable to Server-Side Request Forgery (SSRF). This corresponds to versions of ownCloud 10 prior to 10.15.3. Upgrade ownCl...

Vendor: owncloud
Product: Anti-Virus for ownCloud, ownCloud 10
Published: Jul 06, 2026
Source: NVD
CVE-2025-53829 HIGH - 8.0

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive a p...

Vendor: owncloud
Product: ownCloud 10
Published: Jul 06, 2026
Source: NVD
CVE-2025-53828 HIGH - 8.5

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use a ...

Vendor: owncloud
Product: SharePoint, ownCloud 10
Published: Jul 06, 2026
Source: NVD
CVE-2025-53827 CRITICAL - 9.1

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage functi...

Vendor: owncloud
Product: ownCloud Core
Published: Jul 06, 2026
Source: NVD

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the sco...

Published: Jul 06, 2026
Source: NVD