Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20714
Total
1493
Critical
6288
High
6559
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-46611 | MEDIUM | 5.3 | Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP … | Jun 25, 2026 |
| CVE-2026-46608 | HIGH | 7.4 | Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version … | Jun 25, 2026 |
| CVE-2026-46607 | HIGH | 7.8 | Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible … | Jun 25, 2026 |
| CVE-2026-46606 | HIGH | 7.8 | Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh … | Jun 25, 2026 |
| CVE-2026-28898 | MEDIUM | 5.3 | swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all … | Jun 25, 2026 |
| CVE-2026-12921 | UNKNOWN | — | In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can … | Jun 25, 2026 |
| CVE-2026-12897 | UNKNOWN | — | Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could … | Jun 25, 2026 |
| CVE-2026-6291 | MEDIUM | 6.5 | Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether … | Jun 25, 2026 |
| CVE-2026-6094 | CRITICAL | 9.1 | Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS. | Jun 25, 2026 |
| CVE-2026-6091 | MEDIUM | 6.5 | Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain … | Jun 25, 2026 |
| CVE-2026-55967 | HIGH | 7.5 | AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and … | Jun 25, 2026 |
| CVE-2026-55961 | HIGH | 7.5 | wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds … | Jun 25, 2026 |
| CVE-2026-55700 | HIGH | 7.1 | pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and version fields. A crafted … | Jun 25, 2026 |
| CVE-2026-55699 | MEDIUM | 6.5 | pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When … | Jun 25, 2026 |
| CVE-2026-55698 | HIGH | 8.8 | pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the … | Jun 25, 2026 |
| CVE-2026-55697 | HIGH | 7.5 | pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository … | Jun 25, 2026 |
| CVE-2026-55487 | HIGH | 7.5 | pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other … | Jun 25, 2026 |
| CVE-2026-55180 | MEDIUM | 6.5 | pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations … | Jun 25, 2026 |
| CVE-2026-54679 | UNKNOWN | — | jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer … | Jun 25, 2026 |
| CVE-2026-50573 | MEDIUM | 6.8 | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting that the … | Jun 25, 2026 |
| CVE-2026-50021 | MEDIUM | 6.8 | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the … | Jun 25, 2026 |
| CVE-2026-50017 | UNKNOWN | — | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local … | Jun 25, 2026 |
| CVE-2026-50016 | HIGH | 8.8 | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. … | Jun 25, 2026 |
| CVE-2026-50015 | HIGH | 7.3 | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file paths extracted from .patch … | Jun 25, 2026 |
| CVE-2026-50014 | MEDIUM | 6.4 | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or … | Jun 25, 2026 |