Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23329
Total
1657
Critical
7330
High
7410
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34356 | HIGH | 7.5 | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users … | Jun 08, 2026 |
| CVE-2026-34355 | HIGH | 7.5 | A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to … | Jun 08, 2026 |
| CVE-2026-34194 | HIGH | 7.1 | Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse … | Jun 08, 2026 |
| CVE-2026-29170 | MEDIUM | 6.1 | A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via … | Jun 08, 2026 |
| CVE-2026-29167 | UNKNOWN | — | Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are … | Jun 08, 2026 |
| CVE-2026-22164 | HIGH | 7.5 | Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types … | Jun 08, 2026 |
| CVE-2026-11529 | MEDIUM | 6.3 | A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql … | Jun 08, 2026 |
| CVE-2026-11528 | HIGH | 8.8 | A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. … | Jun 08, 2026 |
| CVE-2026-11524 | HIGH | 8.8 | A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The … | Jun 08, 2026 |
| CVE-2026-11523 | HIGH | 8.8 | A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. … | Jun 08, 2026 |
| CVE-2026-11522 | HIGH | 8.8 | A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts … | Jun 08, 2026 |
| CVE-2025-71315 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The … | Jun 08, 2026 |
| CVE-2020-37248 | MEDIUM | 6.5 | OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials … | Jun 08, 2026 |
| CVE-2026-49235 | UNKNOWN | — | When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. | Jun 08, 2026 |
| CVE-2026-49234 | UNKNOWN | — | When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access … | Jun 08, 2026 |
| CVE-2026-49233 | UNKNOWN | — | Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This … | Jun 08, 2026 |
| CVE-2026-49232 | UNKNOWN | — | Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. … | Jun 08, 2026 |
| CVE-2026-43974 | UNKNOWN | — | Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode … | Jun 08, 2026 |
| CVE-2026-43973 | UNKNOWN | — | Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gun_http:handle/5, three … | Jun 08, 2026 |
| CVE-2026-43972 | UNKNOWN | — | Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority. In gun_http2:push_promise_frame/7, the :authority pseudo-header from an … | Jun 08, 2026 |
| CVE-2026-36789 | HIGH | 7.5 | Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. … | Jun 08, 2026 |
| CVE-2026-25558 | MEDIUM | 4.8 | QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted … | Jun 08, 2026 |
| CVE-2026-11521 | MEDIUM | 6.3 | A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction … | Jun 08, 2026 |
| CVE-2026-11520 | LOW | 3.5 | A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes … | Jun 08, 2026 |
| CVE-2026-11519 | MEDIUM | 6.3 | A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the … | Jun 08, 2026 |