Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22874
Total
1630
Critical
7150
High
7293
Medium
CVE ID Severity Score Description Published
CVE-2025-67862 MEDIUM 6.7 An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS … Jun 09, 2026
CVE-2026-9279 UNKNOWN Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), … Jun 09, 2026
CVE-2026-7486 CRITICAL 9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: … Jun 09, 2026
CVE-2026-52907 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= … Jun 09, 2026
CVE-2026-52906 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert … Jun 09, 2026
CVE-2026-52905 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced a … Jun 09, 2026
CVE-2026-52904 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, the error … Jun 09, 2026
CVE-2026-49762 UNKNOWN Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service … Jun 09, 2026
CVE-2026-47901 UNKNOWN Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their … Jun 09, 2026
CVE-2026-47900 UNKNOWN Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, … Jun 09, 2026
CVE-2026-47899 UNKNOWN The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker … Jun 09, 2026
CVE-2026-46332 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buffer … Jun 09, 2026
CVE-2026-46330 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, … Jun 09, 2026
CVE-2026-46329 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of … Jun 09, 2026
CVE-2026-46328 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu timers requires an additional step beyond … Jun 09, 2026
CVE-2026-46327 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended … Jun 09, 2026
CVE-2026-46326 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed … Jun 09, 2026
CVE-2026-46325 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles … Jun 09, 2026
CVE-2026-11793 MEDIUM 4.9 A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack … Jun 09, 2026
CVE-2026-11792 LOW 3.3 A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password … Jun 09, 2026
CVE-2026-11790 MEDIUM 4.9 A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from … Jun 09, 2026
CVE-2026-11789 MEDIUM 4.9 A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password … Jun 09, 2026
CVE-2026-11788 MEDIUM 5.9 A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an … Jun 09, 2026
CVE-2026-11787 MEDIUM 5.0 A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap … Jun 09, 2026
CVE-2026-11786 LOW 1.9 A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing … Jun 09, 2026