| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-59879 | 0.00 | — | 0.00 | Jul 9, 2026 | Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 ** 31 in setListBounds in src/List.js,… | |||
| CVE-2026-59870 | 0.00 | — | 0.00 | Jul 9, 2026 | js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion, causing O(n^2) CPU consumption when yaml.load() parses… | |||
| CVE-2026-59869 | 0.00 | — | 0.00 | Jul 9, 2026 | js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This… | |||
| CVE-2026-59868 | 0.00 | — | 0.00 | Jul 9, 2026 | js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This… | |||
| CVE-2026-14480 | cri | 0.64 | 9.9 | 0.01 | Jul 9, 2026 | OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the… | ||
| CVE-2026-38076 | mod | 0.42 | 6.5 | 0.00 | Jul 9, 2026 | jbig2dec: jbig2dec: Denial of Service via crafted input | ||
| CVE-2026-15168 | low | 0.16 | 2.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Information disclosure in BLF file parser | ||
| CVE-2026-15079 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-15080 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-15081 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-15082 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-15083 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-15084 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-15085 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-15086 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-15087 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-15089 | 0.00 | — | 0.00 | Jul 8, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | |||
| CVE-2026-59818 | mod | 0.35 | 6.5 | 0.00 | Jul 8, 2026 | etcd: etcd: Authentication bypass due to improper Certificate Revocation List enforcement on gRPC listener | ||
| CVE-2026-15166 | mod | 0.37 | 5.7 | 0.00 | Jul 8, 2026 | Wireshark: Wireshark: Denial of Service via IEEE 802.11 protocol dissector crash | ||
| CVE-2026-15174 | mod | 0.36 | 5.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Denial of Service via Catapult DCT2000 protocol dissector crash | ||
| CVE-2026-15172 | mod | 0.36 | 5.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Denial of service via FMP/NOTIFY protocol dissector crash | ||
| CVE-2026-15173 | mod | 0.26 | — | 0.00 | Jul 8, 2026 | Wireshark: Wireshark: Denial of Service via pcapng file parser crash | ||
| CVE-2026-15171 | mod | 0.36 | 5.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Denial of service via SSH protocol dissector crash | ||
| CVE-2026-15169 | mod | 0.36 | 5.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Denial of Service via UMTS FP protocol dissector crash | ||
| CVE-2026-15167 | mod | 0.42 | 6.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Denial of Service via DBS Etherwatch file parser crash | ||
| CVE-2026-15170 | mod | 0.36 | 5.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Denial of service via Z39.50 protocol dissector crash | ||
| CVE-2026-15165 | mod | 0.42 | 6.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Denial of Service via TLS ECH decryptor crash | ||
| CVE-2026-15163 | mod | 0.36 | 5.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Denial of Service via multiple protocol dissector infinite loops | ||
| CVE-2026-15164 | mod | 0.36 | 5.5 | 0.00 | Jul 8, 2026 | wireshark: Wireshark: Denial of Service vulnerability in ciscodump | ||
| CVE-2026-6352 | low | 0.18 | 2.7 | 0.00 | Jul 8, 2026 | gitlab: GitLab EE: Auditor-level users can modify compliance records via improper authorization in GraphQL | ||
| CVE-2026-7492 | mod | 0.34 | 5.3 | 0.00 | Jul 8, 2026 | gitlab-ee: gitlab: GitLab: Information disclosure of private project existence via improper authorization | ||
| CVE-2026-11827 | mod | 0.32 | 4.9 | 0.00 | Jul 8, 2026 | gitlab-ee: GitLab EE: Information disclosure via improper authorization controls | ||
| CVE-2026-13320 | imp | 0.47 | 7.3 | 0.00 | Jul 8, 2026 | gitlab: GitLab: Arbitrary script execution via improper input sanitization | ||
| CVE-2026-54591 | imp | 0.46 | 8.1 | 0.00 | Jul 8, 2026 | asyncssh: AsyncSSH: Arbitrary file write via path traversal in SCP client | ||
| CVE-2026-58494 | mod | 0.35 | 6.5 | 0.00 | Jul 8, 2026 | wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi | ||
| CVE-2026-59936 | mod | 0.35 | 6.5 | 0.00 | Jul 8, 2026 | pypdf: pypdf: Denial of Service via crafted PDF inline image | ||
| CVE-2026-59819 | mod | 0.25 | 4.9 | 0.00 | Jul 8, 2026 | litellm: LiteLLM: Information disclosure via local file read in test connection endpoint | ||
| CVE-2026-59820 | imp | 0.46 | 8.1 | 0.00 | Jul 8, 2026 | litellm: LiteLLM: Directory traversal via crafted skill archive upload | ||
| CVE-2026-44512 | mod | 0.35 | 6.5 | 0.00 | Jul 8, 2026 | onnx: ONNX: Denial of Service via crafted untrusted models | ||
| CVE-2026-59821 | imp | 0.40 | 7.2 | 0.00 | Jul 8, 2026 | litellm: LiteLLM: Arbitrary code execution and information disclosure via custom code guardrails | ||
| CVE-2026-15154 | mod | 0.42 | 6.5 | 0.00 | Jul 8, 2026 | guardrails-detectors: guardrails-detectors: Unauthenticated Regular-Expression Denial of Service (ReDoS) via detector_params.regex | ||
| CVE-2026-14362 | imp | 0.42 | 7.5 | 0.00 | Jul 8, 2026 | github.com/hashicorp/memberlist: HashiCorp memberlist: Denial of Service via push/pull state handling | ||
| CVE-2025-3110 | mod | 0.34 | 5.3 | 0.00 | Jul 8, 2026 | OpenVPN Access Server: OpenVPN Access Server: HTTP request smuggling via bare line-feed sequences in HTTP headers | ||
| CVE-2026-59892 | imp | 0.42 | 7.5 | 0.00 | Jul 8, 2026 | @opentelemetry/propagator-jaeger: OpenTelemetry JavaScript: Denial of Service via malformed HTTP header decoding | ||
| CVE-2026-0276 | low | 0.07 | — | 0.00 | Jul 8, 2026 | Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0276 | ||
| CVE-2026-0277 | med | 0.26 | — | 0.00 | Jul 8, 2026 | Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0277 | ||
| CVE-2026-0278 | med | 0.26 | — | 0.00 | Jul 8, 2026 | Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0278 | ||
| CVE-2026-0279 | low | 0.07 | — | 0.01 | Jul 8, 2026 | Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0279 | ||
| CVE-2026-0280 | low | 0.07 | — | 0.00 | Jul 8, 2026 | Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0280 | ||
| CVE-2026-0281 | low | 0.07 | — | 0.00 | Jul 8, 2026 | Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0281 |
- CVE-2026-59879Jul 9, 2026risk 0.00cvss —epss 0.00
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 ** 31 in setListBounds in src/List.js,…
- CVE-2026-59870Jul 9, 2026risk 0.00cvss —epss 0.00
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion, causing O(n^2) CPU consumption when yaml.load() parses…
- CVE-2026-59869Jul 9, 2026risk 0.00cvss —epss 0.00
js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This…
- CVE-2026-59868Jul 9, 2026risk 0.00cvss —epss 0.00
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This…
- risk 0.64cvss 9.9epss 0.01
OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the…
- risk 0.42cvss 6.5epss 0.00
jbig2dec: jbig2dec: Denial of Service via crafted input
- risk 0.16cvss 2.5epss 0.00
wireshark: Wireshark: Information disclosure in BLF file parser
- CVE-2026-15079Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-15080Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-15081Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-15082Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-15083Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-15084Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-15085Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-15086Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-15087Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-15089Jul 8, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- risk 0.35cvss 6.5epss 0.00
etcd: etcd: Authentication bypass due to improper Certificate Revocation List enforcement on gRPC listener
- risk 0.37cvss 5.7epss 0.00
Wireshark: Wireshark: Denial of Service via IEEE 802.11 protocol dissector crash
- risk 0.36cvss 5.5epss 0.00
wireshark: Wireshark: Denial of Service via Catapult DCT2000 protocol dissector crash
- risk 0.36cvss 5.5epss 0.00
wireshark: Wireshark: Denial of service via FMP/NOTIFY protocol dissector crash
- risk 0.26cvss —epss 0.00
Wireshark: Wireshark: Denial of Service via pcapng file parser crash
- risk 0.36cvss 5.5epss 0.00
wireshark: Wireshark: Denial of service via SSH protocol dissector crash
- risk 0.36cvss 5.5epss 0.00
wireshark: Wireshark: Denial of Service via UMTS FP protocol dissector crash
- risk 0.42cvss 6.5epss 0.00
wireshark: Wireshark: Denial of Service via DBS Etherwatch file parser crash
- risk 0.36cvss 5.5epss 0.00
wireshark: Wireshark: Denial of service via Z39.50 protocol dissector crash
- risk 0.42cvss 6.5epss 0.00
wireshark: Wireshark: Denial of Service via TLS ECH decryptor crash
- risk 0.36cvss 5.5epss 0.00
wireshark: Wireshark: Denial of Service via multiple protocol dissector infinite loops
- risk 0.36cvss 5.5epss 0.00
wireshark: Wireshark: Denial of Service vulnerability in ciscodump
- risk 0.18cvss 2.7epss 0.00
gitlab: GitLab EE: Auditor-level users can modify compliance records via improper authorization in GraphQL
- risk 0.34cvss 5.3epss 0.00
gitlab-ee: gitlab: GitLab: Information disclosure of private project existence via improper authorization
- risk 0.32cvss 4.9epss 0.00
gitlab-ee: GitLab EE: Information disclosure via improper authorization controls
- risk 0.47cvss 7.3epss 0.00
gitlab: GitLab: Arbitrary script execution via improper input sanitization
- risk 0.46cvss 8.1epss 0.00
asyncssh: AsyncSSH: Arbitrary file write via path traversal in SCP client
- risk 0.35cvss 6.5epss 0.00
wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi
- risk 0.35cvss 6.5epss 0.00
pypdf: pypdf: Denial of Service via crafted PDF inline image
- risk 0.25cvss 4.9epss 0.00
litellm: LiteLLM: Information disclosure via local file read in test connection endpoint
- risk 0.46cvss 8.1epss 0.00
litellm: LiteLLM: Directory traversal via crafted skill archive upload
- risk 0.35cvss 6.5epss 0.00
onnx: ONNX: Denial of Service via crafted untrusted models
- risk 0.40cvss 7.2epss 0.00
litellm: LiteLLM: Arbitrary code execution and information disclosure via custom code guardrails
- risk 0.42cvss 6.5epss 0.00
guardrails-detectors: guardrails-detectors: Unauthenticated Regular-Expression Denial of Service (ReDoS) via detector_params.regex
- risk 0.42cvss 7.5epss 0.00
github.com/hashicorp/memberlist: HashiCorp memberlist: Denial of Service via push/pull state handling
- risk 0.34cvss 5.3epss 0.00
OpenVPN Access Server: OpenVPN Access Server: HTTP request smuggling via bare line-feed sequences in HTTP headers
- risk 0.42cvss 7.5epss 0.00
@opentelemetry/propagator-jaeger: OpenTelemetry JavaScript: Denial of Service via malformed HTTP header decoding
- risk 0.07cvss —epss 0.00
Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0276
- risk 0.26cvss —epss 0.00
Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0277
- risk 0.26cvss —epss 0.00
Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0278
- risk 0.07cvss —epss 0.01
Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0279
- risk 0.07cvss —epss 0.00
Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0280
- risk 0.07cvss —epss 0.00
Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0281