Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20714
Total
1493
Critical
6288
High
6559
Medium
CVE ID Severity Score Description Published
CVE-2026-46611 MEDIUM 5.3 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP … Jun 25, 2026
CVE-2026-46608 HIGH 7.4 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version … Jun 25, 2026
CVE-2026-46607 HIGH 7.8 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible … Jun 25, 2026
CVE-2026-46606 HIGH 7.8 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh … Jun 25, 2026
CVE-2026-28898 MEDIUM 5.3 swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all … Jun 25, 2026
CVE-2026-12921 UNKNOWN In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can … Jun 25, 2026
CVE-2026-12897 UNKNOWN Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could … Jun 25, 2026
CVE-2026-6291 MEDIUM 6.5 Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether … Jun 25, 2026
CVE-2026-6094 CRITICAL 9.1 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS. Jun 25, 2026
CVE-2026-6091 MEDIUM 6.5 Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain … Jun 25, 2026
CVE-2026-55967 HIGH 7.5 AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and … Jun 25, 2026
CVE-2026-55961 HIGH 7.5 wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds … Jun 25, 2026
CVE-2026-55700 HIGH 7.1 pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and version fields. A crafted … Jun 25, 2026
CVE-2026-55699 MEDIUM 6.5 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When … Jun 25, 2026
CVE-2026-55698 HIGH 8.8 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the … Jun 25, 2026
CVE-2026-55697 HIGH 7.5 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository … Jun 25, 2026
CVE-2026-55487 HIGH 7.5 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other … Jun 25, 2026
CVE-2026-55180 MEDIUM 6.5 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations … Jun 25, 2026
CVE-2026-54679 UNKNOWN jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer … Jun 25, 2026
CVE-2026-50573 MEDIUM 6.8 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting that the … Jun 25, 2026
CVE-2026-50021 MEDIUM 6.8 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the … Jun 25, 2026
CVE-2026-50017 UNKNOWN pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local … Jun 25, 2026
CVE-2026-50016 HIGH 8.8 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. … Jun 25, 2026
CVE-2026-50015 HIGH 7.3 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file paths extracted from .patch … Jun 25, 2026
CVE-2026-50014 MEDIUM 6.4 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or … Jun 25, 2026