Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21901
Total
1562
Critical
6653
High
6999
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2024-38487 | HIGH | 7.0 | api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions. | Jun 16, 2026 |
| CVE-2024-30476 | MEDIUM | 5.4 | PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead … | Jun 16, 2026 |
| CVE-2024-24909 | HIGH | 8.8 | Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit … | Jun 16, 2026 |
| CVE-2024-22451 | MEDIUM | 6.7 | Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious … | Jun 16, 2026 |
| CVE-2026-9307 | UNKNOWN | — | A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which … | Jun 16, 2026 |
| CVE-2026-48780 | HIGH | 8.2 | Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist … | Jun 16, 2026 |
| CVE-2026-47684 | HIGH | 7.7 | Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in … | Jun 16, 2026 |
| CVE-2026-12398 | HIGH | 7.5 | A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) … | Jun 16, 2026 |
| CVE-2026-11317 | UNKNOWN | — | A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is … | Jun 16, 2026 |
| CVE-2026-10831 | UNKNOWN | — | A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a … | Jun 16, 2026 |
| CVE-2026-10640 | MEDIUM | 4.2 | Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(pkt) after net_send_data(pkt) had already returned successfully. … | Jun 16, 2026 |
| CVE-2026-10639 | MEDIUM | 4.8 | In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and then, on success, calls net_stats_update_icmp_sent(net_pkt_iface(reply)). net_try_send_data() transfers … | Jun 16, 2026 |
| CVE-2026-10638 | MEDIUM | 5.9 | subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_request() and net_icmpv6_send_error(), the post-send statistics update calls … | Jun 16, 2026 |
| CVE-2026-10637 | MEDIUM | 5.9 | subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the network stack's ownership contract (include/zephyr/net/net_core.h, and the explicit warning in subsys/net/ip/net_core.c:453-460 'do … | Jun 16, 2026 |
| CVE-2026-10636 | LOW | 3.7 | In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) after the packet had been handed … | Jun 16, 2026 |
| CVE-2026-0647 | UNKNOWN | — | An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface … | Jun 16, 2026 |
| CVE-2026-0646 | UNKNOWN | — | A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter … | Jun 16, 2026 |
| CVE-2025-14272 | UNKNOWN | — | A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged … | Jun 16, 2026 |
| CVE-2025-13036 | UNKNOWN | — | An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid … | Jun 16, 2026 |
| CVE-2025-11694 | UNKNOWN | — | A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This … | Jun 16, 2026 |
| CVE-2024-22447 | MEDIUM | 6.7 | Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., … | Jun 16, 2026 |
| CVE-2026-9507 | UNKNOWN | — | A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial … | Jun 16, 2026 |
| CVE-2026-53900 | MEDIUM | 4.3 | Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies … | Jun 16, 2026 |
| CVE-2026-53899 | MEDIUM | 6.5 | Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging … | Jun 16, 2026 |
| CVE-2026-12330 | MEDIUM | 5.4 | Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12. | Jun 16, 2026 |