Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-15749 — mastergo-design mastergo-magic-mcp mcp__C2d get-c2d.ts execute path traversal

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcp__C2d. Performing a…

| Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.5 HIGH
CVE-2026-15738 — Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load …

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another …

Remote | Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.2 CRITICAL
CVE-2026-15643 — AWS HealthLake MCP Server SSRF via Pagination URL

AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) is a Model Context Protocol server that enables AI assistants to interact with AWS HealthLake FHIR datastores. A server-side request forgery …

Remote | Server-Side Request Forgery
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.8 CRITICAL
CVE-2026-53633 — Vitest: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp() API that forwarded raw Chrome DevTools Protocol methods without bei…

Remote | Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.5 MEDIUM
CVE-2026-50659 — .NET Spoofing Vulnerability

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50651 — .NET Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-50650 — .NET Framework Elevation of Privilege Vulnerability

Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-50649 — .NET Remote Code Execution Vulnerability

Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50648 — .NET Framework Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-50646 — .NET Framework Remote Code Execution Vulnerability

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.2 HIGH
CVE-2026-50528 — .NET Security Feature Bypass Vulnerability

Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50527 — .NET Framework Denial of Service Vulnerability

Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.0 HIGH
CVE-2026-50526 — .NET Tampering Vulnerability

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50525 — .NET Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50524 — .NET Framework Denial of Service Vulnerability

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.1 MEDIUM
CVE-2026-48784 — Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Gene…

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment enco…

symfony | Remote | Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.3 MEDIUM
CVE-2026-48761 — Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>,…

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlAttributeSanitizer::getSupportedAttributes() omitted …

symfony | Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.3 MEDIUM
CVE-2026-48760 — Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks a…

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse() rejected raw BiDi formatting chara…

symfony | Remote | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.3 MEDIUM
CVE-2026-48747 — Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signat…

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature() parsed X-MOM-Webhook-Signature…

symfony | Remote | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.9 MEDIUM
CVE-2026-48736 — Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-…

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATE_SUB…

symfony | Remote | Server-Side Request Forgery
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
Showing 20 of 8384 Results