Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
3.7 LOW
CVE-2026-13758 — CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constan…

CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path. The decrypt_done($tag) form compares it against the computed tag w…

cryptx | Remote | Cryptography
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.3 HIGH
CVE-2026-55957 — Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the corr…

tomcat | Remote | Authentication
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-55956 — Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. Thi…

tomcat | Remote | Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-55955 — Apache Tomcat: EncryptInterceptor not protected against replay attacks

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11…

tomcat | Remote | Authentication
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
9.1 CRITICAL
CVE-2026-55276 — Apache Tomcat: Logged effective web.xml is incomplete

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This…

tomcat | Remote | Authorization
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
9.1 CRITICAL
CVE-2026-53434 — Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.…

tomcat | Remote | Misconfiguration
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.3 HIGH
CVE-2026-53404 — Apache Tomcat: Bad ornext processing in RewriteValve

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This …

tomcat | Remote | Misconfiguration
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
6.1 MEDIUM
CVE-2026-50229 — Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11…

tomcat | Remote | Cross-Site Scripting
Jun 29, 2026 Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
7.8 HIGH
CVE-2026-57919 — Matrix42 Empirum SYSTEM Privilege Escalation via Named Pipe Manipulation

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated …

| Misconfiguration
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
9.6 CRITICAL
CVE-2026-57498 — Coolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uu…

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Serv…

coolify coolify | Remote | Authorization
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-56018 — JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minif…

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs) the cleanup frees only the NodeSet structures and …

Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-56017 — JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer derefere…

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTo…

Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
5.1 MEDIUM
CVE-2026-54889 — Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':to_delt…

mdex | Remote | Cross-Site Scripting
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.9 MEDIUM
CVE-2026-54888 — Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document{} struct and Comrak's internal AST us…

mdex mdex_native | Denial of Service
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.9 MEDIUM
CVE-2026-53429 — Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial…

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered document to cause a denial of service through unbounded n…

mdex mdex_native | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
8.2 HIGH
CVE-2026-53426 — Atom-table exhaustion denial-of-service via JSON parse_document in MDEx

Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parse_document/2 accepts a {:json, json} source. In lib/mdex.ex, the private js…

mdex | Denial of Service
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-43746 — Apple Safari Use-After-Free

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web conten…

macos iphone_os safari ipados safari macos | Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-43745 — Safari Out-of-Bounds Write

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web c…

macos iphone_os safari ipados safari macos | Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
4.7 MEDIUM
CVE-2026-43743 — Apple iOS/iPadOS/macOS Race Condition Denial-of-Service

A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination.

macos iphone_os ipados macos | Race Condition
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-43742 — Safari Use-After-Free

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web conten…

macos iphone_os safari ipados safari macos | Remote | Memory Corruption
Jun 29, 2026 Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
Showing 20 of 7990 Results