Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22296
Total
1591
Critical
6822
High
7139
Medium
CVE ID Severity Score Description Published
CVE-2026-42542 HIGH 7.5 TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the … Jun 10, 2026
CVE-2026-42462 HIGH 7.0 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can … Jun 10, 2026
CVE-2026-42326 MEDIUM 5.1 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file … Jun 10, 2026
CVE-2026-2049 HIGH 7.8 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. … Jun 10, 2026
CVE-2026-11604 UNKNOWN An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a … Jun 10, 2026
CVE-2026-10143 HIGH 7.5 kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop … Jun 10, 2026
CVE-2026-10142 HIGH 7.5 kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang … Jun 10, 2026
CVE-2026-0274 UNKNOWN An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected … Jun 10, 2026
CVE-2026-0273 UNKNOWN A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root … Jun 10, 2026
CVE-2026-0272 UNKNOWN A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions … Jun 10, 2026
CVE-2026-0271 UNKNOWN A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with … Jun 10, 2026
CVE-2026-0270 UNKNOWN A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the … Jun 10, 2026
CVE-2026-0269 UNKNOWN A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using … Jun 10, 2026
CVE-2026-0268 UNKNOWN A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does … Jun 10, 2026
CVE-2026-0267 UNKNOWN An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, … Jun 10, 2026
CVE-2026-0266 UNKNOWN A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. … Jun 10, 2026
CVE-2022-48575 LOW 3.5 A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue … Jun 10, 2026
CVE-2022-26758 HIGH 7.1 A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is … Jun 10, 2026
CVE-2026-6893 HIGH 8.8 A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration … Jun 10, 2026
CVE-2026-50127 MEDIUM 5.9 Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, … Jun 10, 2026
CVE-2026-46683 UNKNOWN Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a … Jun 10, 2026
CVE-2026-46643 UNKNOWN Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) … Jun 10, 2026
CVE-2026-46529 UNKNOWN Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to … Jun 10, 2026
CVE-2026-45106 MEDIUM 4.6 Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any … Jun 10, 2026
CVE-2026-1220 HIGH 7.5 Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security … Jun 10, 2026