Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21910
Total
1562
Critical
6654
High
7007
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-54292 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12074. Reason: This candidate is a duplicate of CVE-2026-12074. Notes: All CVE users … | Jun 15, 2026 |
| CVE-2026-53705 | HIGH | 7.6 | A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size … | Jun 15, 2026 |
| CVE-2026-53704 | HIGH | 7.1 | A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the … | Jun 15, 2026 |
| CVE-2026-53703 | HIGH | 7.1 | A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure … | Jun 15, 2026 |
| CVE-2026-52722 | HIGH | 7.1 | A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, … | Jun 15, 2026 |
| CVE-2026-52721 | MEDIUM | 5.3 | Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element … | Jun 15, 2026 |
| CVE-2026-52720 | HIGH | 8.8 | A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a … | Jun 15, 2026 |
| CVE-2026-52719 | HIGH | 7.1 | An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream … | Jun 15, 2026 |
| CVE-2026-52718 | MEDIUM | 6.5 | A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API … | Jun 15, 2026 |
| CVE-2026-50892 | UNKNOWN | — | Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material … | Jun 15, 2026 |
| CVE-2026-50891 | UNKNOWN | — | Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request. | Jun 15, 2026 |
| CVE-2026-50890 | UNKNOWN | — | Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive … | Jun 15, 2026 |
| CVE-2026-50889 | UNKNOWN | — | An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a … | Jun 15, 2026 |
| CVE-2026-50888 | UNKNOWN | — | An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying … | Jun 15, 2026 |
| CVE-2026-50887 | CRITICAL | 9.1 | A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a … | Jun 15, 2026 |
| CVE-2026-50886 | CRITICAL | 9.1 | Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request. | Jun 15, 2026 |
| CVE-2026-50885 | HIGH | 7.5 | Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request. | Jun 15, 2026 |
| CVE-2026-50884 | UNKNOWN | — | Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components. | Jun 15, 2026 |
| CVE-2026-50883 | CRITICAL | 9.6 | An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload. | Jun 15, 2026 |
| CVE-2026-50882 | HIGH | 7.5 | An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | Jun 15, 2026 |
| CVE-2026-50881 | UNKNOWN | — | Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and … | Jun 15, 2026 |
| CVE-2026-50880 | CRITICAL | 9.8 | An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request. | Jun 15, 2026 |
| CVE-2026-50879 | HIGH | 7.5 | An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | Jun 15, 2026 |
| CVE-2026-50878 | HIGH | 7.5 | An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted request. | Jun 15, 2026 |
| CVE-2026-50877 | HIGH | 7.5 | An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters. | Jun 15, 2026 |