Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20714
Total
1493
Critical
6288
High
6559
Medium
CVE ID Severity Score Description Published
CVE-2026-40084 MEDIUM 6.5 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report format_file Parameter, causing … Jun 25, 2026
CVE-2026-40083 HIGH 7.2 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 … Jun 25, 2026
CVE-2026-40082 MEDIUM 5.4 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing session_regenerate_id() after login, leading to Session Fixation. session_regenerate_id() is … Jun 25, 2026
CVE-2026-40080 MEDIUM 6.1 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than … Jun 25, 2026
CVE-2026-8720 UNKNOWN wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the … Jun 25, 2026
CVE-2026-7532 UNKNOWN iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an … Jun 25, 2026
CVE-2026-7511 UNKNOWN PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted. Jun 25, 2026
CVE-2026-6331 UNKNOWN HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the … Jun 25, 2026
CVE-2026-6330 UNKNOWN The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code … Jun 25, 2026
CVE-2026-6329 UNKNOWN PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 … Jun 25, 2026
CVE-2026-6325 UNKNOWN Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer. Jun 25, 2026
CVE-2026-6092 UNKNOWN When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC. Jun 25, 2026
CVE-2026-55962 UNKNOWN TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The … Jun 25, 2026
CVE-2026-54479 HIGH 7.3 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results … Jun 25, 2026
CVE-2026-50176 HIGH 7.5 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service … Jun 25, 2026
CVE-2026-44622 MEDIUM 6.5 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Jun 25, 2026
CVE-2026-40702 CRITICAL 9.4 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to … Jun 25, 2026
CVE-2026-22879 HIGH 8.1 vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability Jun 25, 2026
CVE-2026-13283 HIGH 7.5 Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific … Jun 25, 2026
CVE-2026-13282 MEDIUM 6.8 Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access … Jun 25, 2026
CVE-2026-13281 HIGH 8.3 Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox … Jun 25, 2026
CVE-2026-12992 HIGH 7.4 A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to … Jun 25, 2026
CVE-2026-12975 HIGH 8.5 A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker … Jun 25, 2026
CVE-2026-11800 HIGH 8.1 A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to … Jun 25, 2026
CVE-2026-11703 UNKNOWN Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a … Jun 25, 2026