Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20735
Total
1498
Critical
6296
High
6574
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-54822 | HIGH | 8.5 | Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. | Jun 25, 2026 |
| CVE-2026-54821 | HIGH | 7.4 | Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. | Jun 25, 2026 |
| CVE-2026-52690 | MEDIUM | 5.9 | Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server … | Jun 25, 2026 |
| CVE-2026-4526 | MEDIUM | 6.5 | In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come … | Jun 25, 2026 |
| CVE-2026-49506 | HIGH | 7.2 | Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A … | Jun 25, 2026 |
| CVE-2026-47154 | MEDIUM | 6.5 | In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come … | Jun 25, 2026 |
| CVE-2026-47153 | MEDIUM | 6.5 | In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a … | Jun 25, 2026 |
| CVE-2026-47152 | MEDIUM | 6.5 | In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a … | Jun 25, 2026 |
| CVE-2026-47151 | HIGH | 7.1 | In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is … | Jun 25, 2026 |
| CVE-2026-47150 | HIGH | 7.1 | In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of … | Jun 25, 2026 |
| CVE-2026-47149 | MEDIUM | 6.5 | In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come … | Jun 25, 2026 |
| CVE-2026-47148 | MEDIUM | 6.5 | In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages … | Jun 25, 2026 |
| CVE-2026-47147 | HIGH | 7.1 | In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is … | Jun 25, 2026 |
| CVE-2026-47146 | MEDIUM | 6.5 | In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that … | Jun 25, 2026 |
| CVE-2026-47145 | MEDIUM | 6.5 | In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that … | Jun 25, 2026 |
| CVE-2026-46734 | HIGH | 7.3 | Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could … | Jun 25, 2026 |
| CVE-2026-46733 | HIGH | 7.8 | Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could … | Jun 25, 2026 |
| CVE-2026-46732 | MEDIUM | 6.7 | Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A … | Jun 25, 2026 |
| CVE-2026-42390 | MEDIUM | 5.3 | An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation. | Jun 25, 2026 |
| CVE-2026-42389 | MEDIUM | 5.3 | This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers. | Jun 25, 2026 |
| CVE-2026-42388 | MEDIUM | 5.9 | Incomplete validation of the SOA record present in a catalog zone might lead to a crash. | Jun 25, 2026 |
| CVE-2026-42387 | MEDIUM | 5.9 | A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input … | Jun 25, 2026 |
| CVE-2026-41120 | CRITICAL | 9.8 | Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker … | Jun 25, 2026 |
| CVE-2026-40012 | MEDIUM | 5.3 | ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled; | Jun 25, 2026 |
| CVE-2026-2815 | UNKNOWN | — | Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys | Jun 25, 2026 |