NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-50766 A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an aut... 2026-06-26 5.4 NETWORK MEDIUM NVD
CVE-2026-50765 A stored cross-site scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11... 2026-06-26 6.1 NETWORK MEDIUM NVD
CVE-2026-49984 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied ... 2026-06-26 7.7 NETWORK HIGH NVD
CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().e... 2026-06-26 10.0 NETWORK CRITICAL NVD
CVE-2026-45807 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from th... 2026-06-26 7.7 NETWORK HIGH NVD
CVE-2026-54353 Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist th... 2026-06-26 8.5 NETWORK HIGH NVD
CVE-2026-54352 Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a bu... 2026-06-26 9.6 NETWORK CRITICAL NVD
CVE-2026-54351 Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTT... 2026-06-26 8.2 NETWORK HIGH NVD
CVE-2026-54350 Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the ... 2026-06-26 10.0 NETWORK CRITICAL NVD
CVE-2026-52885 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a... 2026-06-26 6.3 LOCAL MEDIUM NVD
CVE-2026-52884 Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses a ... 2026-06-26 7.8 LOCAL HIGH NVD
CVE-2026-50137 Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id (app_...) and an S3-sou... 2026-06-26 9.4 NETWORK CRITICAL NVD
CVE-2026-50136 Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject ... 2026-06-26 7.4 NETWORK HIGH NVD
CVE-2026-50132 Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth required) ... 2026-06-26 7.3 NETWORK HIGH NVD
CVE-2026-48800 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml... 2026-06-26 7.8 LOCAL HIGH NVD