Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.1 HIGH
CVE-2026-12760 — Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo…

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent atta…

tapo_c200_firmware tapo_c200 | Denial of Service
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
5.5 MEDIUM
CVE-2025-60471 — GPAC MP4Box Use-After-Free Denial-of-Service

A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via suppl…

gpac | Memory Corruption
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
0.0 NONE
CVE-2026-55611 — AnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership sc…

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files re…

anythingllm | Remote | Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-54699 — Warp: OS command injection when opening terminal links from WSL

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. …

| Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.3 MEDIUM
CVE-2026-54686 — Warp: DCS lifecycle hook spoofing can alter terminal session metadata

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream wit…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.7 HIGH
CVE-2026-49851 — Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. Whe…

mistune | Remote | Denial of Service
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
4.3 MEDIUM
CVE-2026-48789 — AnythingLLM: Windows path containment bypass in document folder route

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept a…

anythingllm | Remote | Path Traversal
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-48732 — Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Wa…

Remote | Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.8 HIGH
CVE-2026-48731 — Warp: Linux external editor command injection

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp e…

| Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.1 HIGH
CVE-2026-48725 — Warp may allow terminal output to access the local clipboard through OSC 52

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malici…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.6 HIGH
CVE-2026-48721 — Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed …

| Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-48720 — Warp: SSH remote output can lead to local file overwrite and persistence

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.0 HIGH
CVE-2026-48719 — Warp branch selector command injection via Git branch names

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publi…

Remote | Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-48704 — Warp Markdown notebook links may open executable local files

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handle…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.8 HIGH
CVE-2026-48703 — Warp: Command Injection via Warp code search tool arguments

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution policy bypass in Agent code search tools. The affec…

| Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
5.5 MEDIUM
CVE-2026-44022 — Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphic…

docling | Path Traversal
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
9.4 CRITICAL
CVE-2026-44020 — Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard …

docling | Remote | XML External Entity
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
8.3 HIGH
CVE-2026-44017 — Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP …

docling | Remote | Supply Chain
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
8.2 HIGH
CVE-2026-44016 — Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly con…

docling | Remote | Server-Side Request Forgery
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
9.8 CRITICAL
CVE-2026-54906 — concurrent-ruby: ReadWriteLock allows wrong-thread write release and stray read-release c…

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with a…

concurrent_ruby | Remote | Race Condition
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
Showing 20 of 7989 Results