Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22332
Total
1596
Critical
6832
High
7160
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53438 | MEDIUM | 4.3 | A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue … | Jun 10, 2026 |
| CVE-2026-53437 | MEDIUM | 4.3 | Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab … | Jun 10, 2026 |
| CVE-2026-53436 | MEDIUM | 4.3 | Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative … | Jun 10, 2026 |
| CVE-2026-53435 | HIGH | 8.8 | In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or … | Jun 10, 2026 |
| CVE-2026-52759 | MEDIUM | 5.5 | Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can … | Jun 10, 2026 |
| CVE-2026-52758 | HIGH | 8.8 | Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote … | Jun 10, 2026 |
| CVE-2026-52757 | MEDIUM | 4.4 | Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a … | Jun 10, 2026 |
| CVE-2026-52756 | MEDIUM | 4.8 | Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations … | Jun 10, 2026 |
| CVE-2026-52755 | HIGH | 7.8 | Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers … | Jun 10, 2026 |
| CVE-2026-52754 | HIGH | 8.8 | Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting … | Jun 10, 2026 |
| CVE-2026-52753 | MEDIUM | 5.5 | Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol … | Jun 10, 2026 |
| CVE-2026-52752 | HIGH | 7.8 | Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious … | Jun 10, 2026 |
| CVE-2026-52751 | HIGH | 8.8 | Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious … | Jun 10, 2026 |
| CVE-2026-52750 | HIGH | 7.8 | Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary … | Jun 10, 2026 |
| CVE-2026-49498 | HIGH | 8.8 | Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into … | Jun 10, 2026 |
| CVE-2026-49497 | LOW | 3.3 | Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers … | Jun 10, 2026 |
| CVE-2026-49496 | MEDIUM | 6.1 | Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by … | Jun 10, 2026 |
| CVE-2026-49495 | MEDIUM | 5.5 | Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O … | Jun 10, 2026 |
| CVE-2026-49069 | HIGH | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through … | Jun 10, 2026 |
| CVE-2025-71330 | HIGH | 7.5 | image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted … | Jun 10, 2026 |
| CVE-2025-71329 | HIGH | 7.5 | image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted … | Jun 10, 2026 |
| CVE-2024-58350 | LOW | 2.9 | Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. … | Jun 10, 2026 |
| CVE-2026-24067 | HIGH | 8.4 | Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by … | Jun 10, 2026 |
| CVE-2026-24066 | HIGH | 8.4 | Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by … | Jun 10, 2026 |
| CVE-2026-11859 | UNKNOWN | — | An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that … | Jun 10, 2026 |