Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21901
Total
1562
Critical
6653
High
6999
Medium
CVE ID Severity Score Description Published
CVE-2024-38487 HIGH 7.0 api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions. Jun 16, 2026
CVE-2024-30476 MEDIUM 5.4 PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead … Jun 16, 2026
CVE-2024-24909 HIGH 8.8 Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit … Jun 16, 2026
CVE-2024-22451 MEDIUM 6.7 Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious … Jun 16, 2026
CVE-2026-9307 UNKNOWN A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which … Jun 16, 2026
CVE-2026-48780 HIGH 8.2 Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist … Jun 16, 2026
CVE-2026-47684 HIGH 7.7 Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in … Jun 16, 2026
CVE-2026-12398 HIGH 7.5 A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) … Jun 16, 2026
CVE-2026-11317 UNKNOWN A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is … Jun 16, 2026
CVE-2026-10831 UNKNOWN A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a … Jun 16, 2026
CVE-2026-10640 MEDIUM 4.2 Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(pkt) after net_send_data(pkt) had already returned successfully. … Jun 16, 2026
CVE-2026-10639 MEDIUM 4.8 In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and then, on success, calls net_stats_update_icmp_sent(net_pkt_iface(reply)). net_try_send_data() transfers … Jun 16, 2026
CVE-2026-10638 MEDIUM 5.9 subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_request() and net_icmpv6_send_error(), the post-send statistics update calls … Jun 16, 2026
CVE-2026-10637 MEDIUM 5.9 subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the network stack's ownership contract (include/zephyr/net/net_core.h, and the explicit warning in subsys/net/ip/net_core.c:453-460 'do … Jun 16, 2026
CVE-2026-10636 LOW 3.7 In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) after the packet had been handed … Jun 16, 2026
CVE-2026-0647 UNKNOWN An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface … Jun 16, 2026
CVE-2026-0646 UNKNOWN A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter … Jun 16, 2026
CVE-2025-14272 UNKNOWN A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged … Jun 16, 2026
CVE-2025-13036 UNKNOWN An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid … Jun 16, 2026
CVE-2025-11694 UNKNOWN A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This … Jun 16, 2026
CVE-2024-22447 MEDIUM 6.7 Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., … Jun 16, 2026
CVE-2026-9507 UNKNOWN A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial … Jun 16, 2026
CVE-2026-53900 MEDIUM 4.3 Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies … Jun 16, 2026
CVE-2026-53899 MEDIUM 6.5 Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging … Jun 16, 2026
CVE-2026-12330 MEDIUM 5.4 Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12. Jun 16, 2026