Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22874
Total
1630
Critical
7150
High
7293
Medium
CVE ID Severity Score Description Published
CVE-2026-42599 UNKNOWN Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are … Jun 09, 2026
CVE-2026-42573 UNKNOWN Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially … Jun 09, 2026
CVE-2026-42570 HIGH 7.5 Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, … Jun 09, 2026
CVE-2026-42567 UNKNOWN Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time … Jun 09, 2026
CVE-2026-41108 HIGH 7.0 Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-41098 HIGH 8.4 Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-41092 HIGH 7.8 Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-40409 HIGH 7.8 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Jun 09, 2026
CVE-2026-40404 HIGH 7.8 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Jun 09, 2026
CVE-2026-40376 HIGH 7.5 Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. Jun 09, 2026
CVE-2026-40371 HIGH 8.8 Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network. Jun 09, 2026
CVE-2026-3088 UNKNOWN Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests. Jun 09, 2026
CVE-2026-38615 CRITICAL 9.8 DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. Jun 09, 2026
CVE-2026-35188 UNKNOWN Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's … Jun 09, 2026
CVE-2026-34692 MEDIUM 5.4 Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue … Jun 09, 2026
CVE-2026-34335 HIGH 7.0 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-34183 HIGH 7.5 Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A … Jun 09, 2026
CVE-2026-34182 UNKNOWN Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to … Jun 09, 2026
CVE-2026-34181 UNKNOWN Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing … Jun 09, 2026
CVE-2026-34180 HIGH 7.5 Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read … Jun 09, 2026
CVE-2026-33828 HIGH 7.8 Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally. Jun 09, 2026
CVE-2026-33113 MEDIUM 5.4 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Jun 09, 2026
CVE-2026-32193 HIGH 8.8 Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally. Jun 09, 2026
CVE-2026-28301 MEDIUM 4.8 A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website. Jun 09, 2026
CVE-2026-26142 CRITICAL 9.8 Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network. Jun 09, 2026