Fri, May 22 · 04:16 AM CDTCVE-2026-46595
10.0/10 · Must read/watchNVDvuln
Summary
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
CVECVE-2026-46595
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedFri, Jul 10 · 12:17 PM CDT
Thu, Apr 09 · 03:16 PM CDTCVE-2025-62718
9.9/10 · Must read/watchNVDvuln
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the config
CVECVE-2025-62718
SeverityCRITICAL
TypeUPDATED
PublishedThu, Apr 09 · 03:16 PM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Mon, Nov 02 · 09:15 PM CSTCVE-2020-24881
9.8/10 · Must read/watchNVDvuln
Summary
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
CVECVE-2020-24881
SeverityCRITICAL
TypeUPDATED
PublishedMon, Nov 02 · 09:15 PM CST
ModifiedFri, Jul 10 · 06:20 PM CDT
Fri, Mar 06 · 07:16 PM CSTCVE-2026-29063
9.8/10 · Must read/watchNVDvuln
Summary
Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.
CVECVE-2026-29063
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 06 · 07:16 PM CST
ModifiedFri, Jul 10 · 12:16 PM CDT
Mon, Mar 16 · 02:19 PM CDTCVE-2026-32640
9.8/10 · Must read/watchNVDvuln
Summary
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as at
CVECVE-2026-32640
SeverityCRITICAL
TypeUPDATED
PublishedMon, Mar 16 · 02:19 PM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Wed, Apr 08 · 09:17 PM CDTCVE-2026-39892
9.8/10 · Must read/watchNVDvuln
Summary
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
CVECVE-2026-39892
SeverityCRITICAL
TypeUPDATED
PublishedWed, Apr 08 · 09:17 PM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Sat, Apr 18 · 05:16 PM CDTCVE-2026-41242
9.8/10 · Must read/watchNVDvuln
Summary
protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.
CVECVE-2026-41242
SeverityCRITICAL
TypeUPDATED
PublishedSat, Apr 18 · 05:16 PM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Fri, May 01 · 03:16 PM CDTCVE-2026-43037
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written by the IPv6 receive path as struct inet6_skb_parm. icmp_send() passes IPCB(skb2) to __ip_optio
CVECVE-2026-43037
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 01 · 03:16 PM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Fri, Mar 20 · 11:16 PM CDTCVE-2026-33186
9.1/10 · Must read/watchNVDvuln
Summary
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g.,
CVECVE-2026-33186
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 20 · 11:16 PM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-39830
9.1/10 · Must read/watchNVDvuln
Summary
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
CVECVE-2026-39830
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-39832
9.1/10 · Must read/watchNVDvuln
Summary
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. A
CVECVE-2026-39832
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-42508
9.1/10 · Must read/watchNVDvuln
Summary
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
CVECVE-2026-42508
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Wed, Aug 07 · 05:15 PM CDTCVE-2019-14749
8.8/10 · Worth your timeNVDvuln
Summary
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary fi
CVECVE-2019-14749
SeverityHIGH
TypeUPDATED
PublishedWed, Aug 07 · 05:15 PM CDT
ModifiedFri, Jul 10 · 06:20 PM CDT
Tue, Mar 10 · 06:18 PM CDTCVE-2026-21262
8.8/10 · Worth your timeNVDvuln
Summary
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVECVE-2026-21262
SeverityHIGH
TypeUPDATED
PublishedTue, Mar 10 · 06:18 PM CDT
ModifiedFri, Jul 10 · 07:32 PM CDT
Fri, Mar 27 · 12:16 AM CDTCVE-2026-27893
8.8/10 · Worth your timeNVDvuln
Summary
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote
CVECVE-2026-27893
SeverityHIGH
TypeUPDATED
PublishedFri, Mar 27 · 12:16 AM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Fri, Apr 17 · 08:16 PM CDTCVE-2026-40066
8.8/10 · Worth your timeNVDvuln
Summary
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution.
CVECVE-2026-40066
SeverityHIGH
TypeUPDATED
PublishedFri, Apr 17 · 08:16 PM CDT
ModifiedFri, Jul 10 · 11:16 PM CDT
Fri, May 08 · 08:16 AM CDTCVE-2026-43284
8.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a
CVECVE-2026-43284
SeverityHIGH
TypeUPDATED
PublishedFri, May 08 · 08:16 AM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Wed, May 13 · 04:16 PM CDTCVE-2026-44293
8.8/10 · Worth your timeNVDvuln
Summary
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field
CVECVE-2026-44293
SeverityHIGH
TypeUPDATED
PublishedWed, May 13 · 04:16 PM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Wed, May 13 · 06:16 PM CDTCVE-2026-44578
8.6/10 · Worth your timeNVDvuln
Summary
Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to
CVECVE-2026-44578
SeverityHIGH
TypeUPDATED
PublishedWed, May 13 · 06:16 PM CDT
ModifiedFri, Jul 10 · 12:17 PM CDT
Tue, Mar 27 · 05:29 PM CDTCVE-2018-7195
8.1/10 · Worth your timeNVDvuln
Summary
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
CVECVE-2018-7195
SeverityHIGH
TypeUPDATED
PublishedTue, Mar 27 · 05:29 PM CDT
ModifiedFri, Jul 10 · 06:20 PM CDT
Tue, Feb 03 · 10:16 PM CSTCVE-2020-37094
8.1/10 · Worth your timeNVDvuln
Summary
EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token reuse vulnerability that allows authenticated attackers to bypass two-factor authentication by exploiting token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php. Attackers can obtain an authentication token for a controlled acc
CVECVE-2020-37094
SeverityHIGH
TypeUPDATED
PublishedTue, Feb 03 · 10:16 PM CST
ModifiedFri, Jul 10 · 03:16 PM CDT
Fri, Mar 20 · 11:16 PM CDTCVE-2026-33236
8.1/10 · Worth your timeNVDvuln
Summary
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can
CVECVE-2026-33236
SeverityHIGH
TypeUPDATED
PublishedFri, Mar 20 · 11:16 PM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Fri, Apr 24 · 03:16 AM CDTCVE-2026-41316
8.1/10 · Worth your timeNVDvuln
Summary
ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also
CVECVE-2026-41316
SeverityHIGH
TypeUPDATED
PublishedFri, Apr 24 · 03:16 AM CDT
ModifiedFri, Jul 10 · 12:16 PM CDT
Wed, May 13 · 05:16 PM CDTCVE-2026-44574
8.1/10 · Worth your timeNVDvuln
Summary
Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by
CVECVE-2026-44574
SeverityHIGH
TypeUPDATED
PublishedWed, May 13 · 05:16 PM CDT
ModifiedFri, Jul 10 · 12:17 PM CDT
Tue, Mar 31 · 08:16 PM CDTCVE-2026-4800
8.1/10 · Worth your timeNVDvuln
Summary
Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an application passes untrusted input as optio
CVECVE-2026-4800
SeverityHIGH
TypeUPDATED
PublishedTue, Mar 31 · 08:16 PM CDT
ModifiedFri, Jul 10 · 12:17 PM CDT