Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-48995 — pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile do…

pnpm | Remote | Supply Chain
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
6.8 MEDIUM
CVE-2026-47770 — jq: stack overflow in deep structural equality

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in deni…

jq | Denial of Service
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.2 HIGH
CVE-2026-11999 — X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application …

wolfssl | Remote | Authentication
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.1 HIGH
CVE-2026-9800 — Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect ur…

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission ch…

Jun 25, 2026 Jul 02, 2026
Jun 25, 2026
Jul 02, 2026
4.6 MEDIUM
CVE-2026-9799 — Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can exploit this by using a specific permission reque…

build_of_keycloak | Remote | Authorization
Jun 25, 2026 Jul 01, 2026
Jun 25, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-9705 — Keycloak: keycloak: attacker can re-enable and take over disabled clients via registratio…

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could exploit this vulnerability to re-enable a client t…

build_of_keycloak | Remote | Authorization
Jun 25, 2026 Jul 01, 2026
Jun 25, 2026
Jul 01, 2026
7.7 HIGH
CVE-2026-9099 — Keycloak: group-admin escalation to realm-admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to r…

build_of_keycloak | Remote | Authorization
Jun 25, 2026 Jul 01, 2026
Jun 25, 2026
Jul 01, 2026
7.3 HIGH
CVE-2026-9086 — Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Unif…

build_of_keycloak | Remote | Cross-Site Scripting
Jun 25, 2026 Jul 01, 2026
Jun 25, 2026
Jul 01, 2026
4.9 MEDIUM
CVE-2026-9083 — Keycloak: keycloak: information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key …

build_of_keycloak | Remote | Information Disclosure
Jun 25, 2026 Jul 01, 2026
Jun 25, 2026
Jul 01, 2026
9.8 CRITICAL
CVE-2026-56123 — socat 1.8.0.0 - 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply Parser

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension …

socat | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
5.5 MEDIUM
CVE-2026-55439 — Halo: Path Traversal in Backup Download Leads to Arbitrary File Read

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the serv…

halo | Remote | Path Traversal
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.4 CRITICAL
CVE-2026-55413 — ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role (free t…

tooljet | Remote | Supply Chain
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.3 HIGH
CVE-2026-55412 — ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source compo…

tooljet | Remote | Server-Side Request Forgery
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
6.8 MEDIUM
CVE-2026-55411 — ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — an…

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sourc…

tooljet | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-55092 — Trivy: Path traversal via a crafted vulnerability database or other downloaded artifacts

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename withou…

trivy | Remote | Path Traversal
Jun 25, 2026 Jun 27, 2026
Jun 25, 2026
Jun 27, 2026
5.3 MEDIUM
CVE-2026-54573 — Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the requi…

outline | Remote | Authentication
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
6.9 MEDIUM
CVE-2026-54448 — Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAll(tr) and no size limit. An attacker who can place a…

trivy | Remote | Denial of Service
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-54040 — LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring an…

librechat | Remote | Authentication
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-54037 — LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting A…

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/for…

librechat | Remote | Denial of Service
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
7.7 HIGH
CVE-2026-54033 — LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on u…

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This U…

librechat | Remote | Server-Side Request Forgery
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
Showing 20 of 7970 Results