Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.5 HIGH
CVE-2026-12957 — Arbitrary Code Execution in Language Servers for AWS

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted …

| Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.8 HIGH
CVE-2026-11940 — tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself.  The extraction …

python cpython cpython | Remote | Path Traversal
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2025-61028 — openlink virtuoso-opensource: time_t_to_dt DoS

An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2025-61027 — openlink virtuoso-opensource t_set_push DoS

An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.5 HIGH
CVE-2025-61025 — openlink virtuoso-opensource: Integer Overflow in sslr_qst_get

An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.5 HIGH
CVE-2025-61023 — OpenLink Virtuoso Denial of Service

An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2025-61022 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.5 HIGH
CVE-2025-61021 — OpenLink Virtuoso DoS

An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.5 HIGH
CVE-2025-61020 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2025-61019 — OpenLink Virtuoso-Opensource DoS via Crafted SQL

An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.5 HIGH
CVE-2025-61018 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
4.4 MEDIUM
CVE-2025-13162 — Advant Master Online Builder DLL vulnerability

Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, t…

| Path Traversal
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
5.4 MEDIUM
CVE-2026-56696 — OpenHarness - Prompt Injection via /issue and /pr_comments Slash Commands

OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted r…

openharness | Remote | Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.1 HIGH
CVE-2026-56695 — OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can …

openharness | Remote | Authentication
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
5.4 MEDIUM
CVE-2026-56694 — NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent …

Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.8 MEDIUM
CVE-2026-56693 — NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization check…

| Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.8 MEDIUM
CVE-2026-56692 — NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment file…

| Path Traversal
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
7.1 HIGH
CVE-2026-56402 — NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can a…

Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
5.8 MEDIUM
CVE-2026-55767 — Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain() removes lea…

guzzle | Remote | Misconfiguration
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
4.8 MEDIUM
CVE-2026-55766 — guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request meth…

psr-7 | Remote | Misconfiguration
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
Showing 20 of 7990 Results