Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21246
Total
1526
Critical
6466
High
6753
Medium
CVE ID Severity Score Description Published
CVE-2026-55653 MEDIUM 4.3 A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This … Jun 23, 2026
CVE-2026-11833 UNKNOWN Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This … Jun 23, 2026
CVE-2026-10658 HIGH 7.1 A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt_iso_recv() (subsys/bluetooth/host/iso.c), when processing … Jun 23, 2026
CVE-2026-10651 HIGH 7.1 A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, bt_sdp_parse_attribute() accepts an input buffer once it contains … Jun 23, 2026
CVE-2026-10645 MEDIUM 4.9 Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2_fetch_direntry() (subsys/fs/ext2/ext2_diskops.c), the … Jun 23, 2026
CVE-2026-54236 MEDIUM 5.3 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that … Jun 22, 2026
CVE-2026-54235 UNKNOWN vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which … Jun 22, 2026
CVE-2026-54233 MEDIUM 6.5 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded … Jun 22, 2026
CVE-2026-54232 HIGH 8.8 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack … Jun 22, 2026
CVE-2026-53923 UNKNOWN vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize … Jun 22, 2026
CVE-2026-48746 CRITICAL 9.1 vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust … Jun 22, 2026
CVE-2026-47155 MEDIUM 6.5 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all … Jun 22, 2026
CVE-2026-41523 HIGH 7.5 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows … Jun 22, 2026
CVE-2026-12863 UNKNOWN An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains. Jun 22, 2026
CVE-2026-12862 UNKNOWN Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the … Jun 22, 2026
CVE-2026-12581 HIGH 7.5 EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain … Jun 22, 2026
CVE-2026-12580 MEDIUM 5.4 EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon … Jun 22, 2026
CVE-2025-4994 UNKNOWN The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication … Jun 22, 2026
CVE-2023-45796 HIGH 8.1 A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged … Jun 22, 2026
CVE-2023-45795 HIGH 7.8 A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full … Jun 22, 2026
CVE-2026-54665 UNKNOWN Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header … Jun 22, 2026
CVE-2026-44914 UNKNOWN Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. … Jun 22, 2026
CVE-2026-44913 UNKNOWN Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. … Jun 22, 2026
CVE-2026-44911 UNKNOWN Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed … Jun 22, 2026
CVE-2025-66336 UNKNOWN Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, … Jun 22, 2026