Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23379
Total
1666
Critical
7346
High
7432
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-21826 | MEDIUM | 6.1 | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the … | Jun 05, 2026 |
| CVE-2026-21825 | MEDIUM | 6.1 | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the … | Jun 05, 2026 |
| CVE-2026-10732 | MEDIUM | 6.4 | All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries … | Jun 05, 2026 |
| CVE-2026-50593 | HIGH | 7.3 | Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the … | Jun 05, 2026 |
| CVE-2026-7763 | CRITICAL | 9.8 | A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated … | Jun 05, 2026 |
| CVE-2026-7762 | CRITICAL | 9.8 | A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated … | Jun 05, 2026 |
| CVE-2026-50592 | MEDIUM | 6.4 | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view). | Jun 05, 2026 |
| CVE-2026-50591 | MEDIUM | 5.4 | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. | Jun 05, 2026 |
| CVE-2026-50590 | MEDIUM | 4.5 | In Mimecast Incydr before 2.6.0, arbitrary file access can occur. | Jun 05, 2026 |
| CVE-2026-41567 | HIGH | 7.2 | Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded … | Jun 05, 2026 |
| CVE-2026-11326 | UNKNOWN | — | OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access … | Jun 05, 2026 |
| CVE-2026-11312 | LOW | 3.3 | A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV … | Jun 05, 2026 |
| CVE-2026-50589 | MEDIUM | 5.3 | In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service … | Jun 05, 2026 |
| CVE-2026-11309 | MEDIUM | 4.3 | Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium … | Jun 05, 2026 |
| CVE-2026-11308 | MEDIUM | 6.3 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege … | Jun 05, 2026 |
| CVE-2026-11307 | HIGH | 8.8 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Jun 05, 2026 |
| CVE-2026-11306 | HIGH | 8.8 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Jun 05, 2026 |
| CVE-2026-11305 | HIGH | 8.8 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Jun 05, 2026 |
| CVE-2026-11304 | HIGH | 8.8 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. … | Jun 05, 2026 |
| CVE-2026-11303 | HIGH | 8.8 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Jun 05, 2026 |
| CVE-2026-11302 | MEDIUM | 4.3 | Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via … | Jun 05, 2026 |
| CVE-2026-11301 | HIGH | 8.8 | Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network … | Jun 05, 2026 |
| CVE-2026-11300 | MEDIUM | 4.3 | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security … | Jun 05, 2026 |
| CVE-2026-11299 | MEDIUM | 6.5 | Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted … | Jun 05, 2026 |
| CVE-2026-11298 | MEDIUM | 4.3 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a … | Jun 05, 2026 |