Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42599 | UNKNOWN | — | Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are … | Jun 09, 2026 |
| CVE-2026-42573 | UNKNOWN | — | Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially … | Jun 09, 2026 |
| CVE-2026-42570 | HIGH | 7.5 | Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, … | Jun 09, 2026 |
| CVE-2026-42567 | UNKNOWN | — | Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time … | Jun 09, 2026 |
| CVE-2026-41108 | HIGH | 7.0 | Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-41098 | HIGH | 8.4 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-41092 | HIGH | 7.8 | Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-40409 | HIGH | 7.8 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | Jun 09, 2026 |
| CVE-2026-40404 | HIGH | 7.8 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | Jun 09, 2026 |
| CVE-2026-40376 | HIGH | 7.5 | Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | Jun 09, 2026 |
| CVE-2026-40371 | HIGH | 8.8 | Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network. | Jun 09, 2026 |
| CVE-2026-3088 | UNKNOWN | — | Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests. | Jun 09, 2026 |
| CVE-2026-38615 | CRITICAL | 9.8 | DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. | Jun 09, 2026 |
| CVE-2026-35188 | UNKNOWN | — | Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's … | Jun 09, 2026 |
| CVE-2026-34692 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue … | Jun 09, 2026 |
| CVE-2026-34335 | HIGH | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-34183 | HIGH | 7.5 | Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A … | Jun 09, 2026 |
| CVE-2026-34182 | UNKNOWN | — | Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to … | Jun 09, 2026 |
| CVE-2026-34181 | UNKNOWN | — | Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing … | Jun 09, 2026 |
| CVE-2026-34180 | HIGH | 7.5 | Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read … | Jun 09, 2026 |
| CVE-2026-33828 | HIGH | 7.8 | Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally. | Jun 09, 2026 |
| CVE-2026-33113 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-32193 | HIGH | 8.8 | Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally. | Jun 09, 2026 |
| CVE-2026-28301 | MEDIUM | 4.8 | A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website. | Jun 09, 2026 |
| CVE-2026-26142 | CRITICAL | 9.8 | Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network. | Jun 09, 2026 |