Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20386
Total
1466
Critical
6177
High
6480
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6684 | MEDIUM | 4.6 | FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field … | Jul 01, 2026 |
| CVE-2026-6683 | MEDIUM | 4.6 | FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. … | Jul 01, 2026 |
| CVE-2026-6682 | HIGH | 7.6 | In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-controlled file-size metadata and … | Jul 01, 2026 |
| CVE-2026-6283 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from … | Jul 01, 2026 |
| CVE-2026-5220 | MEDIUM | 6.4 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from … | Jul 01, 2026 |
| CVE-2026-5142 | MEDIUM | 6.5 | A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from … | Jul 01, 2026 |
| CVE-2026-5138 | MEDIUM | 4.3 | A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope … | Jul 01, 2026 |
| CVE-2026-5135 | MEDIUM | 6.5 | A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override … | Jul 01, 2026 |
| CVE-2026-58399 | UNKNOWN | — | @acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken() through spoofable auth-user and … | Jul 01, 2026 |
| CVE-2026-58035 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue. | Jul 01, 2026 |
| CVE-2026-58034 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. … | Jul 01, 2026 |
| CVE-2026-58031 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. … | Jul 01, 2026 |
| CVE-2026-2891 | UNKNOWN | — | The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed … | Jul 01, 2026 |
| CVE-2026-23537 | CRITICAL | 9.1 | A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the … | Jul 01, 2026 |
| CVE-2026-14330 | MEDIUM | 5.5 | Multiple unbounded alloca() calls in the PulseAudio protocol server. | Jul 01, 2026 |
| CVE-2026-14324 | MEDIUM | 6.5 | RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return. | Jul 01, 2026 |
| CVE-2026-13602 | UNKNOWN | — | We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access … | Jul 01, 2026 |
| CVE-2026-12374 | UNKNOWN | — | Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local … | Jul 01, 2026 |
| CVE-2026-5136 | HIGH | 8.8 | A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an … | Jul 01, 2026 |
| CVE-2026-57692 | CRITICAL | 9.8 | Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2. | Jul 01, 2026 |
| CVE-2026-53356 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sg_page() returns struct page pointer not (void *) … | Jul 01, 2026 |
| CVE-2026-53355 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: rds: clear i_sends on setup unwind The RDS IB connection teardown path is written … | Jul 01, 2026 |
| CVE-2026-53354 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by … | Jul 01, 2026 |
| CVE-2026-53353 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: hsr: Remove WARN_ONCE() in hsr_addr_is_self(). syzbot reported the warning [0] in hsr_addr_is_self(), whose assumption is … | Jul 01, 2026 |
| CVE-2026-53352 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads() When a multi-threaded process receives a stop signal … | Jul 01, 2026 |