Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22332
Total
1596
Critical
6832
High
7160
Medium
CVE ID Severity Score Description Published
CVE-2026-46609 MEDIUM 4.6 Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is … Jun 10, 2026
CVE-2026-53698 MEDIUM 6.5 Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set. Jun 10, 2026
CVE-2026-53694 UNKNOWN Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2. Jun 10, 2026
CVE-2026-53693 UNKNOWN A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, … Jun 10, 2026
CVE-2026-49760 UNKNOWN Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term. The … Jun 10, 2026
CVE-2026-49759 UNKNOWN Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR … Jun 10, 2026
CVE-2026-48860 UNKNOWN Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/1 function, which enforces … Jun 10, 2026
CVE-2026-48859 UNKNOWN Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon … Jun 10, 2026
CVE-2026-48858 UNKNOWN Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 … Jun 10, 2026
CVE-2026-48856 UNKNOWN Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers … Jun 10, 2026
CVE-2026-48855 UNKNOWN Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_READLINK handler in ssh_sftpd sends the … Jun 10, 2026
CVE-2026-48096 MEDIUM 5.0 OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same … Jun 10, 2026
CVE-2026-46558 HIGH 8.3 Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, … Jun 10, 2026
CVE-2026-46497 UNKNOWN Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This … Jun 10, 2026
CVE-2026-45569 HIGH 8.1 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. … Jun 10, 2026
CVE-2026-45567 HIGH 8.3 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via … Jun 10, 2026
CVE-2026-45566 MEDIUM 6.1 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by … Jun 10, 2026
CVE-2026-45565 HIGH 8.1 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydantic validator … Jun 10, 2026
CVE-2026-25700 HIGH 7.2 Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after … Jun 10, 2026
CVE-2026-9045 HIGH 7.8 During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local … Jun 10, 2026
CVE-2026-8637 HIGH 7.8 A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code … Jun 10, 2026
CVE-2026-8335 UNKNOWN A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint … Jun 10, 2026
CVE-2026-7516 MEDIUM 4.3 A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the … Jun 10, 2026
CVE-2026-6090 HIGH 7.0 A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated … Jun 10, 2026
CVE-2026-53689 HIGH 7.1 libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This … Jun 10, 2026