Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22796
Total
1628
Critical
7094
High
7273
Medium
CVE ID Severity Score Description Published
CVE-2026-45559 MEDIUM 4.9 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter … Jun 10, 2026
CVE-2026-45558 CRITICAL 9.9 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and … Jun 10, 2026
CVE-2026-45556 CRITICAL 9.9 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name form field … Jun 10, 2026
CVE-2026-45552 CRITICAL 9.9 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → … Jun 10, 2026
CVE-2026-45550 CRITICAL 9.1 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() … Jun 10, 2026
CVE-2026-45549 HIGH 8.5 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/agent/action/<action>') and @jwt_required() … Jun 10, 2026
CVE-2026-11884 MEDIUM 6.5 A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size … Jun 10, 2026
CVE-2025-10238 MEDIUM 6.7 During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user … Jun 10, 2026
CVE-2025-10237 MEDIUM 6.7 During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform … Jun 10, 2026
CVE-2026-9758 HIGH 7.3 Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted Jun 10, 2026
CVE-2026-53442 MEDIUM 5.3 Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job … Jun 10, 2026
CVE-2026-53441 UNKNOWN Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could … Jun 10, 2026
CVE-2026-53440 MEDIUM 4.3 Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe … Jun 10, 2026
CVE-2026-53439 MEDIUM 4.3 Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to … Jun 10, 2026
CVE-2026-53438 MEDIUM 4.3 A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue … Jun 10, 2026
CVE-2026-53437 MEDIUM 4.3 Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab … Jun 10, 2026
CVE-2026-53436 MEDIUM 4.3 Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative … Jun 10, 2026
CVE-2026-53435 HIGH 8.8 In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or … Jun 10, 2026
CVE-2026-52759 MEDIUM 5.5 Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can … Jun 10, 2026
CVE-2026-52758 HIGH 8.8 Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote … Jun 10, 2026
CVE-2026-52757 MEDIUM 4.4 Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a … Jun 10, 2026
CVE-2026-52756 MEDIUM 4.8 Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations … Jun 10, 2026
CVE-2026-52755 HIGH 7.8 Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers … Jun 10, 2026
CVE-2026-52754 HIGH 8.8 Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting … Jun 10, 2026
CVE-2026-52753 MEDIUM 5.5 Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol … Jun 10, 2026