Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21987
Total
1565
Critical
6684
High
7043
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12065 | LOW | 1.8 | A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView … | Jun 12, 2026 |
| CVE-2026-11967 | UNKNOWN | — | MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as … | Jun 12, 2026 |
| CVE-2026-11879 | UNKNOWN | — | MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable … | Jun 12, 2026 |
| CVE-2017-20240 | MEDIUM | 5.9 | Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to … | Jun 12, 2026 |
| CVE-2026-49347 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. … | Jun 12, 2026 |
| CVE-2026-48485 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but … | Jun 12, 2026 |
| CVE-2026-47197 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate … | Jun 12, 2026 |
| CVE-2026-47196 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. … | Jun 12, 2026 |
| CVE-2026-47195 | UNKNOWN | — | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They … | Jun 12, 2026 |
| CVE-2026-9266 | UNKNOWN | — | A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation … | Jun 12, 2026 |
| CVE-2026-11849 | CRITICAL | 9.8 | The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative … | Jun 12, 2026 |
| CVE-2026-11848 | MEDIUM | 5.3 | The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain … | Jun 12, 2026 |
| CVE-2026-50645 | HIGH | 7.5 | There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to … | Jun 12, 2026 |
| CVE-2026-50634 | MEDIUM | 6.5 | A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can … | Jun 12, 2026 |
| CVE-2026-50633 | HIGH | 8.1 | A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to … | Jun 12, 2026 |
| CVE-2026-50632 | HIGH | 8.1 | A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow … | Jun 12, 2026 |
| CVE-2026-50631 | HIGH | 7.4 | A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' … | Jun 12, 2026 |
| CVE-2026-50630 | MEDIUM | 6.5 | A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return … | Jun 12, 2026 |
| CVE-2026-50629 | MEDIUM | 5.3 | The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to … | Jun 12, 2026 |
| CVE-2026-50628 | UNKNOWN | — | A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this … | Jun 12, 2026 |
| CVE-2026-50627 | UNKNOWN | — | The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one … | Jun 12, 2026 |
| CVE-2026-50623 | MEDIUM | 6.5 | An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection … | Jun 12, 2026 |
| CVE-2026-49875 | UNKNOWN | — | Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to … | Jun 12, 2026 |
| CVE-2026-48914 | MEDIUM | 6.7 | A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing … | Jun 12, 2026 |
| CVE-2026-11847 | MEDIUM | 4.3 | The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create … | Jun 12, 2026 |