Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-50200 |
7.5 (3.1)
|
Steeltoe's env sanitizer misses connection strings — l… |
SteeltoeOSS |
Steeltoe.Management.Endpoint |
2026-06-17T21:44:21.586Z | 2026-06-17T21:44:21.586Z |
| CVE-2026-48997 |
7.1 (3.1)
|
e107: Command Injection via shell expansion in ImageMa… |
e107inc |
e107 |
2026-06-17T21:42:59.679Z | 2026-06-17T21:42:59.679Z |
| CVE-2026-54386 |
5.1 (4.0)
6.1 (3.1)
|
marimo < 0.23.9 XSS via file Query Parameter in assets.py |
marimo-team |
marimo |
2026-06-17T21:37:00.583Z | 2026-06-17T21:37:00.583Z |
| CVE-2026-48991 |
5.5 (3.1)
|
XianYuLauncher: Legacy Microsoft account OAuth sign-in… |
XianYuLauncher |
XianYuLauncher |
2026-06-17T21:32:41.402Z | 2026-06-17T21:32:41.402Z |
| CVE-2026-48820 |
6.3 (4.0)
|
CakePHP: View::element() is missing a path containment check |
cakephp |
cakephp |
2026-06-17T21:19:44.238Z | 2026-06-17T21:19:44.238Z |
| CVE-2026-50196 |
7.5 (3.1)
|
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo… |
SteeltoeOSS |
Steeltoe.Discovery.Eureka |
2026-06-17T21:18:42.651Z | 2026-06-17T21:18:42.651Z |
| CVE-2026-48990 |
5.3 (3.1)
|
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegi… |
authlib |
joserfc |
2026-06-17T21:08:10.534Z | 2026-06-17T21:08:10.534Z |
| CVE-2026-8050 |
N/A
|
CVE-2026-8050 |
SignalRGB |
SignalRGB kernel driver |
2026-06-17T21:05:32.448Z | 2026-06-17T21:05:32.448Z |
| CVE-2026-8049 |
N/A
|
CVE-2026-8049 |
SignalRGB |
SignalRGB kernel driver |
2026-06-17T21:05:25.402Z | 2026-06-17T21:05:25.402Z |
| CVE-2026-12530 |
8.4 (4.0)
7.3 (3.1)
|
Improper neutralization of argument delimiters in AWS … |
AWS |
bedrock-agentcore |
2026-06-17T21:05:00.616Z | 2026-06-17T21:05:00.616Z |
| CVE-2026-50194 |
8.2 (3.1)
|
Steeltoe vulnerable to management-port isolation bypas… |
SteeltoeOSS |
Steeltoe.Management.Endpoint |
2026-06-17T21:03:26.756Z | 2026-06-17T21:03:26.756Z |
| CVE-2026-48989 |
8.9 (4.0)
|
Windows-MCP: HTTP transports expose unauthenticated Po… |
CursorTouch |
Windows-MCP |
2026-06-17T21:02:15.047Z | 2026-06-17T21:02:15.047Z |
| CVE-2026-48988 |
5.3 (3.1)
|
markdown-it: Quadratic complexity DoS in smartquotes r… |
markdown-it |
markdown-it |
2026-06-17T20:54:06.641Z | 2026-06-17T20:54:06.641Z |
| CVE-2026-48979 |
7.5 (3.1)
|
PHP Standard Library: HTTP/2 server-side missing conte… |
php-standard-library |
php-standard-library |
2026-06-17T20:43:25.971Z | 2026-06-17T20:43:25.971Z |
| CVE-2026-49133 |
7.1 (4.0)
6.5 (3.1)
|
Typemill < 2.24.0 Path Traversal via ControllerApiImag… |
typemill |
typemill |
2026-06-17T20:39:47.965Z | 2026-06-17T20:39:47.965Z |
| CVE-2026-48821 |
5.8 (3.1)
|
Shaarli: DOM-based Cross-Site Scripting (XSS) in Thumb… |
shaarli |
Shaarli |
2026-06-17T20:33:31.230Z | 2026-06-17T20:33:31.230Z |
| CVE-2026-50263 |
5.5 (3.1)
|
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-se… |
Red Hat |
Red Hat Enterprise Linux 8 |
2026-06-05T10:36:46.377Z | 2026-06-17T20:22:39.068Z |
| CVE-2026-50262 |
5.5 (3.1)
|
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-se… |
Red Hat |
Red Hat Enterprise Linux 8 |
2026-06-05T10:36:43.916Z | 2026-06-17T20:22:37.188Z |
| CVE-2026-11407 |
8.6 (4.0)
7.2 (3.1)
|
Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPol… |
Pimcore GmbH |
Pimcore CMS/DXP |
2026-06-17T20:07:50.407Z | 2026-06-17T20:07:50.407Z |
| CVE-2026-48823 |
4.8 (3.1)
|
Shaarli has Stored Cross-Site Scripting (XSS) via Tags… |
shaarli |
Shaarli |
2026-06-17T20:06:05.616Z | 2026-06-17T20:06:05.616Z |
| CVE-2026-32682 |
6.5 (3.1)
7.1 (4.0)
|
NGINX Gateway Fabric vulnerability |
F5 |
NGINX Gateway Fabric |
2026-06-17T20:05:17.808Z | 2026-06-17T20:05:17.808Z |
| CVE-2026-50107 |
8.1 (3.1)
8.6 (4.0)
|
NGINX Gateway Fabric vulnerability |
F5 |
NGINX Gateway Fabric |
2026-06-17T20:04:44.518Z | 2026-06-17T20:04:44.518Z |
| CVE-2026-48822 |
5.8 (3.1)
|
Shaarli has Stored Cross-Site Scripting (XSS) via Mark… |
shaarli |
Shaarli |
2026-06-17T19:59:34.277Z | 2026-06-17T19:59:34.277Z |
| CVE-2026-54388 |
9.3 (4.0)
9.1 (3.1)
|
Tinyproxy - HTTP Request Smuggling via Duplicate Conte… |
tinyproxy |
tinyproxy |
2026-06-17T19:59:00.000Z | 2026-06-17T19:59:00.000Z |
| CVE-2026-9064 |
7.5 (3.1)
|
389-ds-base: 389-ds-base: unbounded ldap controls coun… |
Red Hat |
Red Hat Directory Server 11.5 E4S for RHEL 8 |
2026-05-20T09:00:42.557Z | 2026-06-17T19:54:54.376Z |
| CVE-2026-54387 |
9.3 (4.0)
9.1 (3.1)
|
Tinyproxy - HTTP Request Smuggling via CL/TE Desynchro… |
tinyproxy |
tinyproxy |
2026-06-17T19:48:37.904Z | 2026-06-17T19:54:12.831Z |
| CVE-2026-50264 |
7.8 (3.1)
|
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-se… |
Red Hat |
Red Hat Enterprise Linux 8 |
2026-06-05T10:36:37.352Z | 2026-06-17T19:53:51.630Z |
| CVE-2026-50261 |
7.8 (3.1)
|
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-se… |
Red Hat |
Red Hat Enterprise Linux 8 |
2026-06-05T10:36:33.418Z | 2026-06-17T19:53:45.308Z |
| CVE-2026-50260 |
7.8 (3.1)
|
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-se… |
Red Hat |
Red Hat Enterprise Linux 8 |
2026-06-05T10:36:30.319Z | 2026-06-17T19:53:34.874Z |
| CVE-2026-50259 |
7.8 (3.1)
|
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-se… |
Red Hat |
Red Hat Enterprise Linux 8 |
2026-06-05T10:31:39.152Z | 2026-06-17T19:53:22.907Z |