The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-41678 - rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The intended invarian... read CVE-2026-41678
Published: April 24, 2026; 2:16:29 PM -0400V3.1: 8.1 HIGH
-
CVE-2026-54433 - In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting (XSS) via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session simply by opening o... read CVE-2026-54433
Published: July 14, 2026; 1:17:05 PM -0400V3.1: 10.0 CRITICAL
-
CVE-2026-44595 - Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check in yamcs-core/src/main/java/org/yamcs/http/api... read CVE-2026-44595
Published: July 16, 2026; 1:16:55 PM -0400 -
CVE-2026-56456 - HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system ... read CVE-2026-56456
Published: July 16, 2026; 10:16:54 AM -0400 -
CVE-2026-56455 - HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service (DoS). The application fails to properly validate input sizes, allowing an attacker to pass an excessive amount of information into a memory conta... read CVE-2026-56455
Published: July 16, 2026; 10:16:54 AM -0400V3.1: 7.5 HIGH
-
CVE-2026-56454 - HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interception and decryption. To remediate this risk, ... read CVE-2026-56454
Published: July 16, 2026; 10:16:54 AM -0400V3.1: 7.5 HIGH
-
CVE-2026-56453 - HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulat... read CVE-2026-56453
Published: July 16, 2026; 10:16:54 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-35145 - HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security (HSTS) policy within its responses, which could allow a remote attacker to downgra... read CVE-2026-35145
Published: July 16, 2026; 10:16:51 AM -0400 -
CVE-2026-44596 - Yamcs is a mission control framework. Prior to 5.12.7, the authentication endpoint POST /auth/token in yamcs-core, handled by yamcs-core/src/main/java/org/yamcs/http/auth/AuthHandler.java, lacked any rate limiting, account lockout, or failed-attem... read CVE-2026-44596
Published: July 16, 2026; 1:16:55 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-44632 - Yamcs is a mission control framework. Prior to 5.12.7, a server-side code injection vulnerability existed in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory, which dynamically compiled and evaluated use... read CVE-2026-44632
Published: July 16, 2026; 1:16:56 PM -0400 -
CVE-2026-59950 - The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.28.1, the deprecated mcp.server.websocket.websocket_server transport accepted WebSocket handshakes without applying Host or Origin h... read CVE-2026-59950
Published: July 15, 2026; 5:16:55 PM -0400V3.1: 8.1 HIGH
-
CVE-2026-52870 - The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enable_tasks() for tasks/list, tasks/get, tasks/result, and tasks/c... read CVE-2026-52870
Published: July 15, 2026; 4:17:38 PM -0400 -
CVE-2026-52869 - The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamable_http_manager.Strea... read CVE-2026-52869
Published: July 15, 2026; 4:17:38 PM -0400 -
CVE-2026-49445 - Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing... read CVE-2026-49445
Published: July 15, 2026; 4:17:10 PM -0400V3.1: 8.8 HIGH
-
CVE-2026-56742 - Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in ... read CVE-2026-56742
Published: July 15, 2026; 4:17:51 PM -0400V3.1: 8.9 HIGH
-
CVE-2026-48252 - Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized wr... read CVE-2026-48252
Published: July 14, 2026; 4:17:06 PM -0400 -
CVE-2026-48253 - Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Expl... read CVE-2026-48253
Published: July 14, 2026; 4:17:06 PM -0400 -
CVE-2026-48254 - Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Expl... read CVE-2026-48254
Published: July 14, 2026; 4:17:06 PM -0400 -
CVE-2026-48255 - Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Expl... read CVE-2026-48255
Published: July 14, 2026; 4:17:06 PM -0400 -
CVE-2026-48259 - Adobe Experience Manager is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could leverage this vulnerability to issue unaut... read CVE-2026-48259
Published: July 14, 2026; 4:17:06 PM -0400