Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20806
Total
1504
Critical
6313
High
6591
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-9155 | HIGH | 8.8 | OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to … | Jun 25, 2026 |
| CVE-2026-9154 | HIGH | 7.1 | Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression … | Jun 25, 2026 |
| CVE-2026-9153 | MEDIUM | 6.5 | Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient … | Jun 25, 2026 |
| CVE-2026-57589 | HIGH | 7.4 | sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget(). | Jun 25, 2026 |
| CVE-2026-9787 | HIGH | 8.8 | Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault … | Jun 25, 2026 |
| CVE-2026-9786 | HIGH | 8.8 | Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault … | Jun 25, 2026 |
| CVE-2026-9785 | HIGH | 8.8 | Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault … | Jun 25, 2026 |
| CVE-2026-9784 | HIGH | 8.8 | Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault … | Jun 25, 2026 |
| CVE-2026-9783 | HIGH | 8.8 | Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault … | Jun 25, 2026 |
| CVE-2026-9782 | HIGH | 8.8 | Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault … | Jun 25, 2026 |
| CVE-2026-9781 | HIGH | 8.8 | Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault … | Jun 25, 2026 |
| CVE-2026-9780 | HIGH | 8.8 | Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User … | Jun 25, 2026 |
| CVE-2026-8663 | MEDIUM | 6.0 | OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name … | Jun 25, 2026 |
| CVE-2026-8659 | MEDIUM | 6.0 | OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters … | Jun 25, 2026 |
| CVE-2026-7570 | HIGH | 8.8 | Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault … | Jun 25, 2026 |
| CVE-2026-7569 | HIGH | 8.8 | Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User … | Jun 25, 2026 |
| CVE-2026-40079 | CRITICAL | 9.8 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in … | Jun 25, 2026 |
| CVE-2026-39951 | HIGH | 7.6 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports … | Jun 25, 2026 |
| CVE-2025-60473 | MEDIUM | 5.5 | A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying … | Jun 25, 2026 |
| CVE-2025-60466 | MEDIUM | 5.0 | A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … | Jun 25, 2026 |
| CVE-2026-39955 | CRITICAL | 9.8 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue … | Jun 24, 2026 |
| CVE-2026-39948 | CRITICAL | 9.8 | Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor … | Jun 24, 2026 |
| CVE-2026-39938 | CRITICAL | 9.8 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This … | Jun 24, 2026 |
| CVE-2026-39900 | MEDIUM | 6.1 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php … | Jun 24, 2026 |
| CVE-2026-39899 | MEDIUM | 5.3 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This … | Jun 24, 2026 |