Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20714
Total
1493
Critical
6288
High
6559
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57522 | LOW | 3.5 | Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has … | Jun 25, 2026 |
| CVE-2026-57521 | MEDIUM | 4.3 | Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary … | Jun 25, 2026 |
| CVE-2026-57520 | HIGH | 7.1 | Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by … | Jun 25, 2026 |
| CVE-2026-55964 | UNKNOWN | — | Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage … | Jun 25, 2026 |
| CVE-2026-55960 | UNKNOWN | — | Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() … | Jun 25, 2026 |
| CVE-2026-55958 | UNKNOWN | — | Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code … | Jun 25, 2026 |
| CVE-2026-46602 | UNKNOWN | — | The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very … | Jun 25, 2026 |
| CVE-2026-46601 | UNKNOWN | — | The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. | Jun 25, 2026 |
| CVE-2026-37454 | HIGH | 7.5 | Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption | Jun 25, 2026 |
| CVE-2026-37453 | HIGH | 7.5 | Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe | Jun 25, 2026 |
| CVE-2026-37149 | HIGH | 7.7 | GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information … | Jun 25, 2026 |
| CVE-2026-2299 | MEDIUM | 4.2 | The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google … | Jun 25, 2026 |
| CVE-2026-12340 | UNKNOWN | — | Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 … | Jun 25, 2026 |
| CVE-2026-11310 | UNKNOWN | — | X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() … | Jun 25, 2026 |
| CVE-2026-10592 | UNKNOWN | — | Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing … | Jun 25, 2026 |
| CVE-2026-10512 | HIGH | 7.5 | The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully … | Jun 25, 2026 |
| CVE-2026-10097 | HIGH | 7.5 | ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. … | Jun 25, 2026 |
| CVE-2025-60465 | MEDIUM | 6.1 | A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … | Jun 25, 2026 |
| CVE-2025-60464 | HIGH | 7.8 | A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … | Jun 25, 2026 |
| CVE-2026-57700 | CRITICAL | 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6. | Jun 25, 2026 |
| CVE-2026-56790 | HIGH | 7.3 | CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash … | Jun 25, 2026 |
| CVE-2026-56789 | MEDIUM | 6.5 | RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to … | Jun 25, 2026 |
| CVE-2026-56788 | MEDIUM | 4.4 | RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted … | Jun 25, 2026 |
| CVE-2026-56787 | MEDIUM | 6.5 | RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow … | Jun 25, 2026 |
| CVE-2026-56786 | CRITICAL | 9.8 | RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte … | Jun 25, 2026 |