Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21960
Total
1564
Critical
6679
High
7025
Medium
CVE ID Severity Score Description Published
CVE-2026-53724 UNKNOWN Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the … Jun 12, 2026
CVE-2026-53408 HIGH 8.1 Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated … Jun 12, 2026
CVE-2026-53407 HIGH 8.1 Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated … Jun 12, 2026
CVE-2026-50244 MEDIUM 5.3 The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership … Jun 12, 2026
CVE-2026-50108 HIGH 7.5 The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. … Jun 12, 2026
CVE-2026-50101 HIGH 8.1 Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid … Jun 12, 2026
CVE-2026-50099 MEDIUM 4.6 During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production … Jun 12, 2026
CVE-2026-50008 UNKNOWN Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.3, … Jun 12, 2026
CVE-2026-47248 UNKNOWN Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse … Jun 12, 2026
CVE-2026-47236 MEDIUM 4.3 Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members … Jun 12, 2026
CVE-2026-47138 UNKNOWN Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an … Jun 12, 2026
CVE-2026-42947 HIGH 8.8 A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because … Jun 12, 2026
CVE-2026-42932 MEDIUM 5.3 Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an … Jun 12, 2026
CVE-2026-42306 HIGH 7.2 Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to … Jun 12, 2026
CVE-2026-41568 MEDIUM 6.1 Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to … Jun 12, 2026
CVE-2026-28742 CRITICAL 9.8 Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any … Jun 12, 2026
CVE-2026-12143 HIGH 7.5 form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim … Jun 12, 2026
CVE-2026-12043 HIGH 8.8 Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to … Jun 12, 2026
CVE-2026-10715 UNKNOWN Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST … Jun 12, 2026
CVE-2026-53406 HIGH 7.8 Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an … Jun 12, 2026
CVE-2026-48558 CRITICAL 10.0 SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity … Jun 12, 2026
CVE-2026-48165 HIGH 8.0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 … Jun 12, 2026
CVE-2026-48163 HIGH 8.0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 … Jun 12, 2026
CVE-2026-47965 HIGH 7.8 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … Jun 12, 2026
CVE-2026-47225 UNKNOWN Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both … Jun 12, 2026