Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21246
Total
1526
Critical
6466
High
6753
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12806 | HIGH | 8.8 | A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST … | Jun 21, 2026 |
| CVE-2026-12805 | MEDIUM | 6.3 | A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation … | Jun 21, 2026 |
| CVE-2026-12804 | MEDIUM | 4.3 | A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie … | Jun 21, 2026 |
| CVE-2026-56412 | MEDIUM | 4.9 | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of … | Jun 21, 2026 |
| CVE-2026-56411 | MEDIUM | 6.9 | xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. | Jun 21, 2026 |
| CVE-2026-56410 | MEDIUM | 6.9 | xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. | Jun 21, 2026 |
| CVE-2026-56409 | MEDIUM | 6.5 | xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | Jun 21, 2026 |
| CVE-2026-56408 | MEDIUM | 6.9 | libexpat before 2.8.2 has an integer overflow in copyString. | Jun 21, 2026 |
| CVE-2026-56407 | MEDIUM | 6.9 | libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | Jun 21, 2026 |
| CVE-2026-56406 | MEDIUM | 6.9 | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | Jun 21, 2026 |
| CVE-2026-56405 | MEDIUM | 6.9 | libexpat before 2.8.2 has an integer overflow in getAttributeId. | Jun 21, 2026 |
| CVE-2026-56404 | MEDIUM | 6.9 | libexpat before 2.8.2 has an integer overflow in addBinding. | Jun 21, 2026 |
| CVE-2026-56403 | MEDIUM | 6.9 | libexpat before 2.8.2 has an integer overflow in storeAtts. | Jun 21, 2026 |
| CVE-2026-56397 | CRITICAL | 9.6 | SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. … | Jun 21, 2026 |
| CVE-2026-56396 | HIGH | 8.8 | phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can … | Jun 21, 2026 |
| CVE-2026-56395 | CRITICAL | 9.6 | SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. … | Jun 21, 2026 |
| CVE-2026-56394 | MEDIUM | 6.5 | Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. … | Jun 21, 2026 |
| CVE-2026-56393 | MEDIUM | 4.8 | Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scripting vulnerabilities where settings names and field option … | Jun 21, 2026 |
| CVE-2026-56385 | MEDIUM | 4.3 | Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce … | Jun 21, 2026 |
| CVE-2026-56384 | MEDIUM | 4.3 | Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call … | Jun 21, 2026 |
| CVE-2026-56383 | MEDIUM | 4.8 | Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize … | Jun 21, 2026 |
| CVE-2026-56382 | HIGH | 7.2 | Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview() method, which passes the fieldLayoutConfig … | Jun 21, 2026 |
| CVE-2026-56381 | MEDIUM | 4.8 | Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML … | Jun 21, 2026 |
| CVE-2026-56378 | LOW | 3.7 | ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a … | Jun 21, 2026 |
| CVE-2026-56367 | LOW | 3.7 | ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a … | Jun 21, 2026 |