Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22332
Total
1596
Critical
6832
High
7160
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-46609 | MEDIUM | 4.6 | Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is … | Jun 10, 2026 |
| CVE-2026-53698 | MEDIUM | 6.5 | Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set. | Jun 10, 2026 |
| CVE-2026-53694 | UNKNOWN | — | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2. | Jun 10, 2026 |
| CVE-2026-53693 | UNKNOWN | — | A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, … | Jun 10, 2026 |
| CVE-2026-49760 | UNKNOWN | — | Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term. The … | Jun 10, 2026 |
| CVE-2026-49759 | UNKNOWN | — | Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR … | Jun 10, 2026 |
| CVE-2026-48860 | UNKNOWN | — | Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/1 function, which enforces … | Jun 10, 2026 |
| CVE-2026-48859 | UNKNOWN | — | Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon … | Jun 10, 2026 |
| CVE-2026-48858 | UNKNOWN | — | Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 … | Jun 10, 2026 |
| CVE-2026-48856 | UNKNOWN | — | Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers … | Jun 10, 2026 |
| CVE-2026-48855 | UNKNOWN | — | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_READLINK handler in ssh_sftpd sends the … | Jun 10, 2026 |
| CVE-2026-48096 | MEDIUM | 5.0 | OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same … | Jun 10, 2026 |
| CVE-2026-46558 | HIGH | 8.3 | Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, … | Jun 10, 2026 |
| CVE-2026-46497 | UNKNOWN | — | Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This … | Jun 10, 2026 |
| CVE-2026-45569 | HIGH | 8.1 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. … | Jun 10, 2026 |
| CVE-2026-45567 | HIGH | 8.3 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via … | Jun 10, 2026 |
| CVE-2026-45566 | MEDIUM | 6.1 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by … | Jun 10, 2026 |
| CVE-2026-45565 | HIGH | 8.1 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydantic validator … | Jun 10, 2026 |
| CVE-2026-25700 | HIGH | 7.2 | Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after … | Jun 10, 2026 |
| CVE-2026-9045 | HIGH | 7.8 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local … | Jun 10, 2026 |
| CVE-2026-8637 | HIGH | 7.8 | A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code … | Jun 10, 2026 |
| CVE-2026-8335 | UNKNOWN | — | A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint … | Jun 10, 2026 |
| CVE-2026-7516 | MEDIUM | 4.3 | A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the … | Jun 10, 2026 |
| CVE-2026-6090 | HIGH | 7.0 | A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated … | Jun 10, 2026 |
| CVE-2026-53689 | HIGH | 7.1 | libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This … | Jun 10, 2026 |