The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-58373 - CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing check_obj... read CVE-2026-58373
Published: June 30, 2026; 1:16:25 PM -0400 -
CVE-2026-55590 - CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect() method contains a weakness to backslash bypasses that allows redirect targe... read CVE-2026-55590
Published: July 09, 2026; 3:17:06 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2026-42505 - Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
Published: July 08, 2026; 1:17:21 PM -0400 -
CVE-2026-59890 - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob... read CVE-2026-59890
Published: July 08, 2026; 1:17:27 PM -0400 -
CVE-2026-44512 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_... read CVE-2026-44512
Published: July 08, 2026; 4:16:49 PM -0400 -
CVE-2026-55404 - yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpage_url or filename met... read CVE-2026-55404
Published: July 08, 2026; 4:16:52 PM -0400V3.1: 8.8 HIGH
-
CVE-2026-58661 - n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directo... read CVE-2026-58661
Published: July 10, 2026; 11:16:47 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2026-56354 - n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Au... read CVE-2026-56354
Published: July 10, 2026; 11:16:43 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2026-13707 - Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from * through 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Published: July 01, 2026; 12:16:31 PM -0400V3.1: 7.6 HIGH
-
CVE-2026-58254 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving th... read CVE-2026-58254
Published: July 08, 2026; 4:16:55 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2026-59209 - n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an ... read CVE-2026-59209
Published: July 09, 2026; 1:17:01 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2026-59795 - In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
Published: July 10, 2026; 11:16:48 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2026-59796 - In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
Published: July 10, 2026; 11:16:48 AM -0400 -
CVE-2026-58253 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply ... read CVE-2026-58253
Published: July 08, 2026; 4:16:54 PM -0400 -
CVE-2026-58252 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a ... read CVE-2026-58252
Published: July 08, 2026; 4:16:54 PM -0400 -
CVE-2026-58251 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queu... read CVE-2026-58251
Published: July 08, 2026; 4:16:54 PM -0400 -
CVE-2026-59828 - Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSer... read CVE-2026-59828
Published: July 09, 2026; 6:17:09 PM -0400 -
CVE-2026-56261 - Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing ... read CVE-2026-56261
Published: July 10, 2026; 11:16:42 AM -0400V3.1: 7.5 HIGH
-
CVE-2026-58250 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server durin... read CVE-2026-58250
Published: July 08, 2026; 4:16:54 PM -0400 -
CVE-2026-58214 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured s... read CVE-2026-58214
Published: July 08, 2026; 4:16:54 PM -0400