Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.7 HIGH
CVE-2026-13007 — Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration,…

identity_exposure | Remote | Information Disclosure
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
8.5 HIGH
CVE-2026-12958 — Arbitrary file write in Language Servers for AWS

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously…

| Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.5 HIGH
CVE-2026-12957 — Arbitrary Code Execution in Language Servers for AWS

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted …

| Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.8 HIGH
CVE-2026-11940 — tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself.  The extraction …

python cpython cpython | Remote | Path Traversal
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2025-61028 — openlink virtuoso-opensource: time_t_to_dt DoS

An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2025-61027 — openlink virtuoso-opensource t_set_push DoS

An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.5 HIGH
CVE-2025-61025 — openlink virtuoso-opensource: Integer Overflow in sslr_qst_get

An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.5 HIGH
CVE-2025-61023 — OpenLink Virtuoso Denial of Service

An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2025-61022 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.5 HIGH
CVE-2025-61021 — OpenLink Virtuoso DoS

An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.5 HIGH
CVE-2025-61020 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
7.5 HIGH
CVE-2025-61019 — OpenLink Virtuoso-Opensource DoS via Crafted SQL

An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.5 HIGH
CVE-2025-61018 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 30, 2026
Jun 23, 2026
Jun 30, 2026
4.4 MEDIUM
CVE-2025-13162 — Advant Master Online Builder DLL vulnerability

Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, t…

| Path Traversal
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
5.4 MEDIUM
CVE-2026-56696 — OpenHarness - Prompt Injection via /issue and /pr_comments Slash Commands

OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted r…

openharness | Remote | Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.1 HIGH
CVE-2026-56695 — OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can …

openharness | Remote | Authentication
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
5.4 MEDIUM
CVE-2026-56694 — NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent …

Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.8 MEDIUM
CVE-2026-56693 — NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization check…

| Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.8 MEDIUM
CVE-2026-56692 — NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment file…

| Path Traversal
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
7.1 HIGH
CVE-2026-56402 — NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can a…

Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Showing 20 of 7988 Results