Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20714
Total
1493
Critical
6288
High
6559
Medium
CVE ID Severity Score Description Published
CVE-2026-50742 MEDIUM 4.4 A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without … Jun 26, 2026
CVE-2026-50741 HIGH 8.8 Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by … Jun 26, 2026
CVE-2026-50740 MEDIUM 6.1 A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh … Jun 26, 2026
CVE-2026-50739 MEDIUM 4.3 A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the … Jun 26, 2026
CVE-2026-48936 LOW 3.3 A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permission. This … Jun 26, 2026
CVE-2026-48935 LOW 3.3 A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. … Jun 26, 2026
CVE-2026-48934 MEDIUM 4.3 A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js … Jun 26, 2026
CVE-2026-48933 HIGH 7.5 A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported … Jun 26, 2026
CVE-2026-48930 CRITICAL 9.8 A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This … Jun 26, 2026
CVE-2026-48928 MEDIUM 5.4 A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js … Jun 26, 2026
CVE-2026-48619 HIGH 7.5 A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory … Jun 26, 2026
CVE-2026-48618 MEDIUM 6.5 A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and … Jun 26, 2026
CVE-2026-48615 HIGH 7.5 A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, … Jun 26, 2026
CVE-2026-13226 MEDIUM 6.5 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up … Jun 26, 2026
CVE-2026-9222 HIGH 8.1 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow … Jun 26, 2026
CVE-2026-9221 HIGH 7.5 The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and … Jun 26, 2026
CVE-2026-9220 HIGH 7.5 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. … Jun 26, 2026
CVE-2026-9219 MEDIUM 6.5 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. … Jun 26, 2026
CVE-2026-43920 UNKNOWN FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, … Jun 26, 2026
CVE-2026-13322 LOW 3.8 A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character … Jun 26, 2026
CVE-2026-13318 MEDIUM 6.4 A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the … Jun 26, 2026
CVE-2026-13218 MEDIUM 4.2 A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink … Jun 26, 2026
CVE-2026-13083 MEDIUM 6.9 A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with … Jun 26, 2026
CVE-2026-12993 MEDIUM 6.5 A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING. … Jun 26, 2026
CVE-2026-40941 UNKNOWN Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed … Jun 25, 2026