Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2025-61022 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.5 HIGH
CVE-2025-61021 — OpenLink Virtuoso DoS

An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.5 HIGH
CVE-2025-61020 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2025-61019 — OpenLink Virtuoso-Opensource DoS via Crafted SQL

An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.5 HIGH
CVE-2025-61018 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
4.4 MEDIUM
CVE-2025-13162 — Advant Master Online Builder DLL vulnerability

Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, t…

| Path Traversal
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
5.4 MEDIUM
CVE-2026-56696 — OpenHarness - Prompt Injection via /issue and /pr_comments Slash Commands

OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted r…

openharness | Remote | Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.1 HIGH
CVE-2026-56695 — OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can …

openharness | Remote | Authentication
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
5.4 MEDIUM
CVE-2026-56694 — NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent …

Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.8 MEDIUM
CVE-2026-56693 — NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization check…

| Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.8 MEDIUM
CVE-2026-56692 — NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment file…

| Path Traversal
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
7.1 HIGH
CVE-2026-56402 — NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can a…

Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
5.8 MEDIUM
CVE-2026-55767 — Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain() removes lea…

guzzle | Remote | Misconfiguration
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
4.8 MEDIUM
CVE-2026-55766 — guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request meth…

psr-7 | Remote | Misconfiguration
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
5.9 MEDIUM
CVE-2026-55568 — Guzzle: Silent HTTPS-Proxy Downgrade to Cleartext

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication …

guzzle | Remote | Misconfiguration
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54314 — n8n: Denial of Service via ZIP decompression in webhook workflow

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompre…

n8n | Remote | Denial of Service
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-54313 — n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace opera…

n8n | Remote | Injection
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
8.5 HIGH
CVE-2026-54312 — n8n: Microsoft SQL Node Prototype Pollution

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL…

n8n | Remote | Injection
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-54311 — n8n: Merge Node SQL Mode Prototype Pollution

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's …

n8n | Remote | Misconfiguration
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
9.9 CRITICAL
CVE-2026-54310 — n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleD…

n8n | Remote | Injection
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
Showing 20 of 7989 Results