NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-57281 Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, all... 2026-06-24 7.5 NETWORK HIGH NVD
CVE-2026-57280 Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loo... 2026-06-24 8.8 NETWORK HIGH NVD
CVE-2026-35025 ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL r... 2026-06-24 8.1 NETWORK HIGH NVD
CVE-2026-12537 Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Acti... 2026-06-24 10.0 NETWORK CRITICAL NVD
CVE-2026-56761 hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using mal... 2026-06-24 4.3 NETWORK MEDIUM NVD
CVE-2026-56370 ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifact... 2026-06-24 3.3 LOCAL LOW NVD
CVE-2026-56368 ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly... 2026-06-24 3.7 NETWORK LOW NVD
CVE-2026-56358 n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the F... 2026-06-24 5.4 NETWORK MEDIUM NVD
CVE-2026-56351 n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to injec... 2026-06-24 8.2 NETWORK HIGH NVD
CVE-2026-56272 Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. A... 2026-06-24 4.1 LOCAL MEDIUM NVD
CVE-2026-56270 Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows una... 2026-06-24 7.5 NETWORK HIGH NVD
CVE-2026-56269 Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET enviro... 2026-06-24 4.6 LOCAL MEDIUM NVD
CVE-2026-56262 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access ... 2026-06-24 6.5 NETWORK MEDIUM NVD
CVE-2026-13140 Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge o... 2026-06-24 1.1 NETWORK LOW NVD
CVE-2025-71332 Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an a... 2026-06-24 6.5 NETWORK MEDIUM NVD