Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21003
Total
1519
Critical
6392
High
6662
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-52946 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock … | Jun 24, 2026 |
| CVE-2026-52945 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. … | Jun 24, 2026 |
| CVE-2026-13164 | UNKNOWN | — | Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker to self-register a … | Jun 24, 2026 |
| CVE-2026-56121 | CRITICAL | 9.8 | Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request … | Jun 24, 2026 |
| CVE-2026-56119 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jun 24, 2026 |
| CVE-2026-56118 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jun 24, 2026 |
| CVE-2026-56111 | CRITICAL | 9.1 | Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows … | Jun 24, 2026 |
| CVE-2026-55488 | UNKNOWN | — | motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to … | Jun 24, 2026 |
| CVE-2026-50712 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component | Jun 24, 2026 |
| CVE-2026-50711 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component. | Jun 24, 2026 |
| CVE-2026-50710 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component. | Jun 24, 2026 |
| CVE-2026-50709 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel. | Jun 24, 2026 |
| CVE-2026-50708 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component. | Jun 24, 2026 |
| CVE-2026-50705 | UNKNOWN | — | A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer. | Jun 24, 2026 |
| CVE-2026-50704 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer. | Jun 24, 2026 |
| CVE-2026-50703 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer. | Jun 24, 2026 |
| CVE-2026-50701 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component. | Jun 24, 2026 |
| CVE-2026-50700 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function. | Jun 24, 2026 |
| CVE-2026-49269 | HIGH | 8.6 | Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader … | Jun 24, 2026 |
| CVE-2026-50699 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in … | Jun 24, 2026 |
| CVE-2026-50698 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the … | Jun 24, 2026 |
| CVE-2026-12986 | UNKNOWN | — | A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to … | Jun 24, 2026 |
| CVE-2026-11878 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from … | Jun 24, 2026 |
| CVE-2026-11877 | UNKNOWN | — | An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3. | Jun 24, 2026 |
| CVE-2026-57307 | MEDIUM | 4.2 | A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified … | Jun 24, 2026 |