Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-44726 — Deno: TLS retry copies stale upgrade hook, risking plaintext traffic

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext …

deno | Remote | Cryptography
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
4.1 MEDIUM
CVE-2026-0864 — Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and …

python cpython cpython | Injection
Jun 23, 2026 Jun 25, 2026
Jun 23, 2026
Jun 25, 2026
7.1 HIGH
CVE-2025-71382 — MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted …

mupdf | Remote | Denial of Service
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
7.5 HIGH
CVE-2025-61029 — OpenLink Virtuoso-Opensource Denial of Service

An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.5 HIGH
CVE-2025-61024 — OpenLink Virtuoso Denial of Service

An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Remote | Denial of Service
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
5.5 MEDIUM
CVE-2020-9713 — Acrobat Reader | Out-of-bounds Read (CWE-125)

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could…

Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
5.5 MEDIUM
CVE-2020-9711 — Acrobat Reader | Out-of-bounds Read (CWE-125)

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memor…

Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
7.8 HIGH
CVE-2020-9695 — Acrobat Reader | Out-of-bounds Write (CWE-787)

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution i…

Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-56968 — GNU SASL NTLM Client Memory Disclosure

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

debian_linux gnu_sasl sasl | Remote | Memory Corruption
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
5.7 MEDIUM
CVE-2026-56117 — dhcpcd Heap Use-After-Free via Control Socket Handling

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger me…

dhcpcd | Memory Corruption
Jun 23, 2026 Jun 28, 2026
Jun 23, 2026
Jun 28, 2026
7.1 HIGH
CVE-2026-56116 — dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to c…

dhcpcd | Denial of Service
Jun 23, 2026 Jul 01, 2026
Jun 23, 2026
Jul 01, 2026
8.8 HIGH
CVE-2026-56115 — Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the J…

dhcpcd bootimus | Remote | Memory Corruption
Jun 23, 2026 Jun 29, 2026
Jun 23, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-56114 — dhcpcd Stack Out-of-Bounds Write in dhcp6_makemessage()

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to wr…

dhcpcd | Memory Corruption
Jun 23, 2026 Jun 28, 2026
Jun 23, 2026
Jun 28, 2026
6.5 MEDIUM
CVE-2026-56113 — dhcpcd Heap Use-After-Free in dhcp6_deprecateaddrs via DHCPv6 RENEW

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW repl…

dhcpcd | Memory Corruption
Jun 23, 2026 Jun 28, 2026
Jun 23, 2026
Jun 28, 2026
9.3 CRITICAL
CVE-2026-55450 — Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for a…

langflow | Remote | Denial of Service
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
9.6 CRITICAL
CVE-2026-55447 — Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file …

langflow | Remote | Path Traversal
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
7.5 HIGH
CVE-2026-55446 — Langflow: Unauthenticated DoS through multipart form boundary file upload

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse…

langflow | Remote | Denial of Service
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
6.1 MEDIUM
CVE-2026-55423 — Langflow: Logout button does not clear session

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user expl…

langflow | Authentication
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
9.9 CRITICAL
CVE-2026-55255 — Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attacke…

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authent…

langflow | Remote | Authorization
Jun 23, 2026 Jun 24, 2026
Jun 23, 2026
Jun 24, 2026
7.2 HIGH
CVE-2026-54308 — n8n: Missing Token Validation on Microsoft Agent 365 Trigger Node

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthentic…

n8n | Remote | Authentication
Jun 23, 2026 Jun 26, 2026
Jun 23, 2026
Jun 26, 2026
Showing 20 of 7989 Results