Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21910
Total
1562
Critical
6654
High
7007
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-38064 | UNKNOWN | — | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter. | Jun 15, 2026 |
| CVE-2026-38063 | UNKNOWN | — | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter. | Jun 15, 2026 |
| CVE-2026-38062 | UNKNOWN | — | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter. | Jun 15, 2026 |
| CVE-2026-38061 | UNKNOWN | — | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter. | Jun 15, 2026 |
| CVE-2026-38060 | UNKNOWN | — | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter. | Jun 15, 2026 |
| CVE-2026-37216 | UNKNOWN | — | Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add. | Jun 15, 2026 |
| CVE-2026-36933 | MEDIUM | 6.8 | An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature. | Jun 15, 2026 |
| CVE-2026-36670 | HIGH | 8.8 | A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary … | Jun 15, 2026 |
| CVE-2026-36537 | CRITICAL | 9.8 | ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter … | Jun 15, 2026 |
| CVE-2026-36521 | UNKNOWN | — | PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module. | Jun 15, 2026 |
| CVE-2026-36213 | HIGH | 7.8 | An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component. | Jun 15, 2026 |
| CVE-2026-30121 | CRITICAL | 9.1 | remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability. | Jun 15, 2026 |
| CVE-2026-30120 | CRITICAL | 9.8 | remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability. | Jun 15, 2026 |
| CVE-2026-11931 | MEDIUM | 5.5 | Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or … | Jun 15, 2026 |
| CVE-2025-70102 | MEDIUM | 6.3 | A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a … | Jun 15, 2026 |
| CVE-2025-68713 | HIGH | 8.0 | An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary … | Jun 15, 2026 |
| CVE-2025-56814 | HIGH | 7.8 | A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters. | Jun 15, 2026 |
| CVE-2025-55663 | MEDIUM | 5.5 | A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … | Jun 15, 2026 |
| CVE-2025-55661 | MEDIUM | 5.5 | A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via … | Jun 15, 2026 |
| CVE-2025-55660 | MEDIUM | 5.5 | A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … | Jun 15, 2026 |
| CVE-2025-55652 | MEDIUM | 5.5 | A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a … | Jun 15, 2026 |
| CVE-2025-55650 | MEDIUM | 5.5 | A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … | Jun 15, 2026 |
| CVE-2025-55649 | MEDIUM | 5.5 | A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a … | Jun 15, 2026 |
| CVE-2025-55648 | MEDIUM | 5.5 | A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a … | Jun 15, 2026 |
| CVE-2025-55647 | MEDIUM | 5.5 | An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 … | Jun 15, 2026 |