Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
10.0 CRITICAL
CVE-2026-62422 — JetBrains YouTrack Authentication Bypass via Database Access

In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access …

youtrack | Remote | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-58319 — Apache Doris: Improper Authentication in Frontend HTTP API

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized …

doris | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
10.0 CRITICAL
CVE-2026-56451 — Opcenter X JWT Algorithm Confusion Vulnerability

A vulnerability has been identified in Opcenter X (All versions < V2604). Affected applications do not properly validate the algorithm specified in the JSON Web Token (JWT) header. This could allow …

Remote | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.4 HIGH
CVE-2026-54429 — SIMATIC S7-PLCSIM Advanced Denial of Service Vulnerability

A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory res…

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.1 CRITICAL
CVE-2026-3014 — Remote Code Execution by administrative user on the Management Server

Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API.  The vulnerability causes users with edit permis…

Remote | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-15043 — DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted <= and >= SQL opera…

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted <= and >= SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some …

| Injection
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.2 MEDIUM
CVE-2026-14852 — mk_sap_hana: Privilege escalation via crafted sapstartsrv process name

Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 (EOL) allows a local unprivileged user to execute arbitrary commands as root by …

| Authorization
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
4.8 MEDIUM
CVE-2026-12478 — Libsoup: incomplete fix for cve-2026-0716: out-of-bounds read in libsoup websocket frame …

The fix for CVE-2026-0716 (commit 6ff7ef0, libsoup 3.6.6) placed the integer overflow guard inside the if (masked) block, leaving unmasked server-to-client frames unprotected. A malicious WebSocket s…

enterprise_linux enterprise_linux | Remote | Memory Corruption
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.5 HIGH
CVE-2025-40945 — Siemens IAM Client SDK Untrusted Search Path Privilege Escalation Vulnerability

A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V251…

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.7 HIGH
CVE-2026-15389 — Inadequate access control in Sesame Time session management

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system…

Remote | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.8 HIGH
CVE-2026-9561 — Eclipse Kura IP Address Spoofing Vulnerability

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 (Web Co…

kura | Remote | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.3 MEDIUM
CVE-2026-8384 — Eclipse Jetty Path Normalization Vulnerability

In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/s…

jetty | Remote | Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.3 MEDIUM
CVE-2026-6790 — Eclipse Jetty Host Header Validation Mismatch Vulnerability

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority (host and port) matches what provided in the Host header (if present). This was not e…

jetty | Remote | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.3 MEDIUM
CVE-2026-59246 — Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhau…

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handle_conti…

mint | Remote | Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-59084 — Apache Tomcat: EncryptInterceptor requirements not clearly documented

Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat:…

tomcat | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-59083 — Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass

Improper Handling of URL Encoding (Hex Encoding) vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.…

tomcat | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.2 HIGH
CVE-2026-58229 — Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-e…

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decode_headers…

mint | Remote | Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.0 CRITICAL
CVE-2026-57898 — Eclipse BaSyx Java Server SDK Arbitrary File Write

In Eclipse BaSyx Java Server SDK versions 2.0.0-milestone-05 to 2.0.0-milestone-12, deployments using the MongoDB backend are vulnerable to an unauthenticated arbitrary file write through the AAS thu…

Remote | Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.9 HIGH
CVE-2026-15416 — Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifes…

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote cod…

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.2 CRITICAL
CVE-2026-15183 — Input Validation Vulnerabilities in Snowflake Spark Connector

Multiple input validation vulnerabilities in the Snowflake Spark Connector (spark-snowflake) versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL …

Remote | Injection
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
Showing 20 of 7461 Results