Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21148
Total
1520
Critical
6441
High
6722
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-71361 | HIGH | 8.1 | picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that … | Jun 24, 2026 |
| CVE-2025-71354 | HIGH | 8.1 | picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that … | Jun 24, 2026 |
| CVE-2025-71332 | MEDIUM | 6.5 | Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply … | Jun 24, 2026 |
| CVE-2026-13150 | UNKNOWN | — | Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the … | Jun 24, 2026 |
| CVE-2026-52944 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE FSCTL_SET_SPARSE in fsctl_set_sparse() … | Jun 24, 2026 |
| CVE-2026-52943 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: fix missing zerocopy reference in pskb_carve helpers pskb_carve_inside_header() and pskb_carve_inside_nonlinear() both copy the … | Jun 24, 2026 |
| CVE-2026-11968 | MEDIUM | 5.5 | Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit | Jun 24, 2026 |
| CVE-2026-10745 | UNKNOWN | — | Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: … | Jun 24, 2026 |
| CVE-2026-7761 | HIGH | 8.8 | The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This … | Jun 24, 2026 |
| CVE-2026-56052 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue … | Jun 24, 2026 |
| CVE-2026-52942 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_log: validate MAC header was set before dumping it The fallback path of dump_mac_header() … | Jun 24, 2026 |
| CVE-2026-52941 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint The smc_msg_event tracepoint class, shared by … | Jun 24, 2026 |
| CVE-2026-52940 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tun_put_user() tun_put_user() declares an on-stack struct virtio_net_hdr_v1_hash_tunnel without … | Jun 24, 2026 |
| CVE-2026-52939 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rds_ib_send_cqe_handler() on masked atomic completion rds_ib_xmit_atomic() always programs a masked … | Jun 24, 2026 |
| CVE-2026-52938 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpf_sk_storage_clone and diag paths bpf_selem_unlink_nofail() sets SDATA(selem)->smap to NULL … | Jun 24, 2026 |
| CVE-2026-52937 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR In the SIOCGIFHWADDR path, tap_ioctl() copies 16 … | Jun 24, 2026 |
| CVE-2026-52936 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jent_kcapi_random() serializes the shared jitterentropy state, but … | Jun 24, 2026 |
| CVE-2026-52935 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit … | Jun 24, 2026 |
| CVE-2026-52934 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadv_tvlv_container_ogm_append() builds a TVLV packet section from the tvlv.container_list. … | Jun 24, 2026 |
| CVE-2026-52933 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: fix signed comparison in io_poll_get_ownership() io_poll_get_ownership() uses a signed comparison to check whether poll_refs … | Jun 24, 2026 |
| CVE-2026-52932 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the out_free_req label up by a … | Jun 24, 2026 |
| CVE-2026-52931 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: batman-adv: tp_meter: avoid use of uninit sender vars batadv_tp_recv_ack() and batadv_tp_stop() are only valid for … | Jun 24, 2026 |
| CVE-2026-52930 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan cleanup with shm_nattch updates shm_destroy_orphaned() walks the shm idr under shm_ids(ns).rwsem, but … | Jun 24, 2026 |
| CVE-2026-52929 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADD_OUT_STREAMS is denied, SCTP only shrinks … | Jun 24, 2026 |
| CVE-2026-52928 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: af_unix: Reject SIOCATMARK on non-stream sockets SIOCATMARK reports whether the receive queue is at the … | Jun 24, 2026 |