Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21910
Total
1562
Critical
6654
High
7007
Medium
CVE ID Severity Score Description Published
CVE-2026-38064 UNKNOWN Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter. Jun 15, 2026
CVE-2026-38063 UNKNOWN Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter. Jun 15, 2026
CVE-2026-38062 UNKNOWN Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter. Jun 15, 2026
CVE-2026-38061 UNKNOWN Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter. Jun 15, 2026
CVE-2026-38060 UNKNOWN Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter. Jun 15, 2026
CVE-2026-37216 UNKNOWN Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add. Jun 15, 2026
CVE-2026-36933 MEDIUM 6.8 An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature. Jun 15, 2026
CVE-2026-36670 HIGH 8.8 A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary … Jun 15, 2026
CVE-2026-36537 CRITICAL 9.8 ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter … Jun 15, 2026
CVE-2026-36521 UNKNOWN PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module. Jun 15, 2026
CVE-2026-36213 HIGH 7.8 An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component. Jun 15, 2026
CVE-2026-30121 CRITICAL 9.1 remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability. Jun 15, 2026
CVE-2026-30120 CRITICAL 9.8 remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability. Jun 15, 2026
CVE-2026-11931 MEDIUM 5.5 Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or … Jun 15, 2026
CVE-2025-70102 MEDIUM 6.3 A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a … Jun 15, 2026
CVE-2025-68713 HIGH 8.0 An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary … Jun 15, 2026
CVE-2025-56814 HIGH 7.8 A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters. Jun 15, 2026
CVE-2025-55663 MEDIUM 5.5 A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … Jun 15, 2026
CVE-2025-55661 MEDIUM 5.5 A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via … Jun 15, 2026
CVE-2025-55660 MEDIUM 5.5 A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … Jun 15, 2026
CVE-2025-55652 MEDIUM 5.5 A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a … Jun 15, 2026
CVE-2025-55650 MEDIUM 5.5 A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted … Jun 15, 2026
CVE-2025-55649 MEDIUM 5.5 A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a … Jun 15, 2026
CVE-2025-55648 MEDIUM 5.5 A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a … Jun 15, 2026
CVE-2025-55647 MEDIUM 5.5 An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 … Jun 15, 2026