NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-12992 A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. Wh... 2026-06-25 7.4 NETWORK HIGH NVD
CVE-2026-12975 A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing featur... 2026-06-25 8.5 NETWORK HIGH NVD
CVE-2026-11800 A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client cred... 2026-06-25 8.1 NETWORK HIGH NVD
CVE-2026-11703 Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cach... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-10098 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target... 2026-06-25 5.3 NETWORK MEDIUM NVD
CVE-2025-71338 Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write a... 2026-06-25 10.0 NETWORK CRITICAL NVD
CVE-2025-71336 Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP featu... 2026-06-25 9.8 NETWORK CRITICAL NVD
CVE-2025-71335 Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session tokens after a user changes their passwo... 2026-06-25 8.1 NETWORK HIGH NVD
CVE-2025-71334 Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflow... 2026-06-25 9.8 NETWORK CRITICAL NVD
CVE-2025-71333 Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to l... 2026-06-25 9.3 NETWORK CRITICAL NVD
CVE-2025-71328 Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the accoun... 2026-06-25 8.3 NETWORK HIGH NVD
CVE-2025-71327 Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to ... 2026-06-25 9.1 NETWORK CRITICAL NVD
CVE-2025-71324 Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistant... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2021-47986 Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2020-37256 Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with... 2026-06-25 5.4 NETWORK MEDIUM NVD