Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-44646 |
5.3 (3.1)
|
LiquidJS: `{% render %}` tag silently bypasses per-ren… |
harttle |
liquidjs |
2026-06-17T22:25:15.319Z | 2026-06-17T22:25:15.319Z |
| CVE-2026-54533 |
6.9 (4.0)
|
vantage6 node has an Improper Access Control issue |
vantage6 |
vantage6 |
2026-06-17T22:17:08.550Z | 2026-06-17T22:17:08.550Z |
| CVE-2026-54445 |
6.9 (4.0)
|
Vantage6: Set admin user and password from environment… |
vantage6 |
vantage6 |
2026-06-17T22:14:51.461Z | 2026-06-17T22:14:51.461Z |
| CVE-2026-45617 |
7.5 (3.1)
|
LiquidJS: ReDoS via Quadratic Backtracking in `strip_h… |
harttle |
liquidjs |
2026-06-17T22:14:38.396Z | 2026-06-17T22:14:38.396Z |
| CVE-2024-27928 |
5.9 (4.0)
|
Vantage6: 2FA can be circumvented with hacked email access |
vantage6 |
vantage6 |
2026-06-17T22:12:36.791Z | 2026-06-17T22:12:36.791Z |
| CVE-2026-44645 |
6.5 (3.1)
|
LiquidJS has a renderLimit DoS guard bypass via empty … |
harttle |
liquidjs |
2026-06-17T22:08:19.354Z | 2026-06-17T22:08:19.354Z |
| CVE-2024-24769 |
2.1 (4.0)
|
Vantage6: No limit on emails sent for password/MFA reset |
vantage6 |
vantage6 |
2026-06-17T22:07:59.310Z | 2026-06-17T22:07:59.310Z |
| CVE-2026-50268 |
1.9 (3.1)
|
Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding |
SteeltoeOSS |
Steeltoe.Configuration.Encryption |
2026-06-17T22:01:19.712Z | 2026-06-17T22:01:19.712Z |
| CVE-2026-5265 |
6.5 (3.1)
|
Ovn: ovn: heap over-read in icmp error response generation |
Red Hat |
Fast Datapath for Red Hat Enterprise Linux 10 |
2026-04-24T12:25:06.808Z | 2026-06-17T22:00:07.950Z |
| CVE-2026-50267 |
4.7 (3.1)
|
Steeltoe: TLS private keys written to /tmp with defaul… |
SteeltoeOSS |
Steeltoe.Configuration.Abstractions |
2026-06-17T21:57:09.043Z | 2026-06-17T21:57:09.043Z |
| CVE-2026-48759 |
7.1 (3.1)
|
TypeBot: Cross-Workspace Theme Template IDOR (Modifica… |
baptisteArno |
typebot.io |
2026-06-17T21:56:35.844Z | 2026-06-17T21:56:35.844Z |
| CVE-2026-12568 |
6.5 (3.1)
|
Arbitrary File Write in postman_download module |
Black Lantern Security |
BBOT |
2026-06-17T21:53:47.543Z | 2026-06-17T21:53:47.543Z |
| CVE-2026-50202 |
5.9 (3.1)
|
Steeltoe's static JWKS cache shared across schemes and… |
SteeltoeOSS |
Steeltoe.Security.Authentication.CloudFoundryBase |
2026-06-17T21:53:38.208Z | 2026-06-17T21:53:38.208Z |
| CVE-2026-12567 |
2.2 (3.1)
|
Symlink-following arbitrary write via github_workflows… |
Black Lantern Security |
BBOT |
2026-06-17T21:51:35.593Z | 2026-06-17T21:51:35.593Z |
| CVE-2026-44644 |
6.1 (3.1)
|
LiquidJS's strip_html filter bypass via newline charac… |
harttle |
liquidjs |
2026-06-17T21:50:24.743Z | 2026-06-17T21:50:24.743Z |
| CVE-2026-12566 |
3.1 (3.1)
|
SSRF via unvalidated WWW-Authenticate realm in docker_… |
Black Lantern Security |
BBOT |
2026-06-17T21:48:57.632Z | 2026-06-17T21:48:57.632Z |
| CVE-2026-50201 |
6.5 (3.1)
|
Steeltoe's sensitive actuators (heapdump/env) only req… |
SteeltoeOSS |
Steeltoe.Management.Endpoint |
2026-06-17T21:46:18.114Z | 2026-06-17T21:46:18.114Z |
| CVE-2026-12565 |
5.3 (3.1)
|
Path Traversal (Zip-Slip) in unarchive module |
Black Lantern Security |
BBOT |
2026-06-17T21:45:48.232Z | 2026-06-17T21:45:48.232Z |
| CVE-2026-50200 |
7.5 (3.1)
|
Steeltoe's env sanitizer misses connection strings — l… |
SteeltoeOSS |
Steeltoe.Management.Endpoint |
2026-06-17T21:44:21.586Z | 2026-06-17T21:44:21.586Z |
| CVE-2026-48997 |
7.1 (3.1)
|
e107: Command Injection via shell expansion in ImageMa… |
e107inc |
e107 |
2026-06-17T21:42:59.679Z | 2026-06-17T21:42:59.679Z |
| CVE-2026-54386 |
5.1 (4.0)
6.1 (3.1)
|
marimo < 0.23.9 XSS via file Query Parameter in assets.py |
marimo-team |
marimo |
2026-06-17T21:37:00.583Z | 2026-06-17T21:37:00.583Z |
| CVE-2026-48991 |
5.5 (3.1)
|
XianYuLauncher: Legacy Microsoft account OAuth sign-in… |
XianYuLauncher |
XianYuLauncher |
2026-06-17T21:32:41.402Z | 2026-06-17T21:32:41.402Z |
| CVE-2026-48820 |
6.3 (4.0)
|
CakePHP: View::element() is missing a path containment check |
cakephp |
cakephp |
2026-06-17T21:19:44.238Z | 2026-06-17T21:19:44.238Z |
| CVE-2026-50196 |
7.5 (3.1)
|
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo… |
SteeltoeOSS |
Steeltoe.Discovery.Eureka |
2026-06-17T21:18:42.651Z | 2026-06-17T21:18:42.651Z |
| CVE-2026-48990 |
5.3 (3.1)
|
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegi… |
authlib |
joserfc |
2026-06-17T21:08:10.534Z | 2026-06-17T21:08:10.534Z |
| CVE-2026-8050 |
N/A
|
CVE-2026-8050 |
SignalRGB |
SignalRGB kernel driver |
2026-06-17T21:05:32.448Z | 2026-06-17T21:05:32.448Z |
| CVE-2026-8049 |
N/A
|
CVE-2026-8049 |
SignalRGB |
SignalRGB kernel driver |
2026-06-17T21:05:25.402Z | 2026-06-17T21:05:25.402Z |
| CVE-2026-12530 |
8.4 (4.0)
7.3 (3.1)
|
Improper neutralization of argument delimiters in AWS … |
AWS |
bedrock-agentcore |
2026-06-17T21:05:00.616Z | 2026-06-17T21:05:00.616Z |
| CVE-2026-50194 |
8.2 (3.1)
|
Steeltoe vulnerable to management-port isolation bypas… |
SteeltoeOSS |
Steeltoe.Management.Endpoint |
2026-06-17T21:03:26.756Z | 2026-06-17T21:03:26.756Z |
| CVE-2026-48989 |
8.9 (4.0)
|
Windows-MCP: HTTP transports expose unauthenticated Po… |
CursorTouch |
Windows-MCP |
2026-06-17T21:02:15.047Z | 2026-06-17T21:02:15.047Z |