Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21901
Total
1562
Critical
6653
High
6999
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-11941 | MEDIUM | 5.6 | Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_next” and “quiche_conn_retired_scid_next” functions would return a pointer to … | Jun 19, 2026 |
| CVE-2026-48777 | UNKNOWN | — | FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in … | Jun 16, 2026 |
| CVE-2026-47750 | HIGH | 7.8 | stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, … | Jun 16, 2026 |
| CVE-2026-47747 | HIGH | 7.8 | stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, … | Jun 16, 2026 |
| CVE-2026-46448 | MEDIUM | 5.4 | In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation. | Jun 16, 2026 |
| CVE-2026-22313 | CRITICAL | 9.1 | The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability … | Jun 16, 2026 |
| CVE-2026-22312 | HIGH | 8.6 | The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to … | Jun 16, 2026 |
| CVE-2026-12425 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects … | Jun 16, 2026 |
| CVE-2026-12117 | UNKNOWN | — | Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to … | Jun 16, 2026 |
| CVE-2026-12105 | UNKNOWN | — | Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions. | Jun 16, 2026 |
| CVE-2026-11890 | UNKNOWN | — | Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results. | Jun 16, 2026 |
| CVE-2026-10303 | HIGH | 7.4 | In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used … | Jun 16, 2026 |
| CVE-2026-0165 | UNKNOWN | — | In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote … | Jun 16, 2026 |
| CVE-2026-0164 | UNKNOWN | — | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no … | Jun 16, 2026 |
| CVE-2026-0162 | UNKNOWN | — | In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution … | Jun 16, 2026 |
| CVE-2026-0161 | UNKNOWN | — | In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege … | Jun 16, 2026 |
| CVE-2026-0160 | UNKNOWN | — | In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution … | Jun 16, 2026 |
| CVE-2026-0158 | UNKNOWN | — | In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with … | Jun 16, 2026 |
| CVE-2026-0157 | UNKNOWN | — | In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution … | Jun 16, 2026 |
| CVE-2026-0156 | UNKNOWN | — | In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service … | Jun 16, 2026 |
| CVE-2026-0155 | UNKNOWN | — | In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution … | Jun 16, 2026 |
| CVE-2026-0154 | UNKNOWN | — | In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to … | Jun 16, 2026 |
| CVE-2026-0153 | UNKNOWN | — | In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of … | Jun 16, 2026 |
| CVE-2026-0152 | UNKNOWN | — | In OSMMapPMRGeneric of pmr_os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds … | Jun 16, 2026 |
| CVE-2026-0151 | UNKNOWN | — | In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with … | Jun 16, 2026 |