Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-52870 — MCP Python SDK: Experimental task handlers allow any client to access and cancel other cl…

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enable_tasks() for …

| Authorization
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
7.1 HIGH
CVE-2026-33443 — Memory management error in Secure Access servers prior to 14.55

CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS aga…

secure_access | Remote | Denial of Service
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-52869 — MCP Python SDK: HTTP transports serve session requests without verifying the authenticate…

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransp…

| Authentication
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-50144 — ncnn: Out-of-bounds heap write in ParamDict::load_param via unchecked negative parameter …

ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap writ…

| Memory Corruption
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
2.3 LOW
CVE-2026-40958 — Input validation error in Secure Access clients prior to 14.55

CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS aga…

secure_access | Remote | Denial of Service
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-45737 — Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubect…

| Information Disclosure
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
6.1 MEDIUM
CVE-2026-40957 — Frameable content vulnerability in the Secure Access server login page

o   CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credent…

secure_access | Remote | Cross-Site Request Forgery
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
2.1 LOW
CVE-2026-40956 — Memory disclosure in Secure Access Clients

CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a small …

secure_access | Remote | Information Disclosure
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-45738 — Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege …

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/* annotations…

| Cross-Site Scripting
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
2.1 LOW
CVE-2026-40955 — Integer underflow vulnerability in Secure Access clients

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel pr…

secure_access | Remote | Denial of Service
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
2.1 LOW
CVE-2026-40954 — Integer underflow in Secure Access clients prior to 14.55

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel pr…

secure_access | Remote | Denial of Service
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-49867 — DataEase: Authenticated Stored XSS in DataEase Template Static Resources

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST …

| Cross-Site Scripting
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-46684 — DataEase: Unauthorized Command Execution Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilter#doFilter() pass X-DE-TOKEN values to TokenUtils.validate(), w…

| Authentication
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
6.7 MEDIUM
CVE-2026-40953 — Heap overflow in Secure Access clients

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service…

secure_access | Memory Corruption
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-45320 — DataEase Data Dashboard SqlVariable transFilter Unfiltered SQL Injection

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch…

| Injection
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-45535 — DataEase: Stored SQL Injection Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as ${var} and SqlparserU…

| Injection
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-45533 — DataEase: Path Traversal Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and …

| Path Traversal
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-50124 — DataEase: Remote Code Execution (RCE) via Zip Protocol & File Dropper

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 d…

| Injection
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
8.5 HIGH
CVE-2026-40952 — Privilge misconfiguration in Secure Access installers

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it …

secure_access | Misconfiguration
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
0.0 NA
CVE-2026-50030 — DataEase: Arbitrary SQL execution in preview path (direct data disclosure)

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accep…

| Injection
Jul 15, 2026 Jul 15, 2026
Jul 15, 2026
Jul 15, 2026
Showing 20 of 8424 Results