Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-46484 | HIGH | 8.1 | Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in … | Jun 08, 2026 |
| CVE-2026-40519 | HIGH | 7.5 | Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() … | Jun 08, 2026 |
| CVE-2026-35058 | UNKNOWN | — | Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal … | Jun 08, 2026 |
| CVE-2026-11584 | MEDIUM | 6.3 | A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument … | Jun 08, 2026 |
| CVE-2026-11583 | MEDIUM | 6.3 | A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the … | Jun 08, 2026 |
| CVE-2026-11582 | HIGH | 7.3 | A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a … | Jun 08, 2026 |
| CVE-2026-52778 | CRITICAL | 9.8 | YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of … | Jun 08, 2026 |
| CVE-2026-46490 | HIGH | 8.8 | samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text … | Jun 08, 2026 |
| CVE-2026-46486 | UNKNOWN | — | MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there … | Jun 08, 2026 |
| CVE-2026-11559 | MEDIUM | 6.3 | A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results … | Jun 08, 2026 |
| CVE-2026-11558 | MEDIUM | 6.3 | A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of … | Jun 08, 2026 |
| CVE-2026-11557 | HIGH | 8.8 | A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management … | Jun 08, 2026 |
| CVE-2026-11393 | CRITICAL | 9.0 | Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code … | Jun 08, 2026 |
| CVE-2026-10787 | MEDIUM | 4.3 | Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a … | Jun 08, 2026 |
| CVE-2026-10786 | MEDIUM | 6.5 | Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via … | Jun 08, 2026 |
| CVE-2026-10544 | MEDIUM | 6.5 | Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a … | Jun 08, 2026 |
| CVE-2026-8913 | UNKNOWN | — | A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management … | Jun 08, 2026 |
| CVE-2026-11556 | HIGH | 8.8 | A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. … | Jun 08, 2026 |
| CVE-2026-11555 | LOW | 3.7 | A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation … | Jun 08, 2026 |
| CVE-2026-11554 | MEDIUM | 4.3 | A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least … | Jun 08, 2026 |
| CVE-2026-11553 | HIGH | 8.8 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename … | Jun 08, 2026 |
| CVE-2026-11552 | MEDIUM | 5.3 | A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue … | Jun 08, 2026 |
| CVE-2026-48507 | HIGH | 7.1 | Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to … | Jun 08, 2026 |
| CVE-2026-46481 | HIGH | 8.3 | OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, … | Jun 08, 2026 |
| CVE-2026-46314 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3d_get_extensions() walks a userspace-provided singly-linked list … | Jun 08, 2026 |