Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23379
Total
1666
Critical
7346
High
7432
Medium
CVE ID Severity Score Description Published
CVE-2026-21826 MEDIUM 6.1 HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the … Jun 05, 2026
CVE-2026-21825 MEDIUM 6.1 HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the … Jun 05, 2026
CVE-2026-10732 MEDIUM 6.4 All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries … Jun 05, 2026
CVE-2026-50593 HIGH 7.3 Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the … Jun 05, 2026
CVE-2026-7763 CRITICAL 9.8 A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated … Jun 05, 2026
CVE-2026-7762 CRITICAL 9.8 A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated … Jun 05, 2026
CVE-2026-50592 MEDIUM 6.4 In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view). Jun 05, 2026
CVE-2026-50591 MEDIUM 5.4 In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. Jun 05, 2026
CVE-2026-50590 MEDIUM 4.5 In Mimecast Incydr before 2.6.0, arbitrary file access can occur. Jun 05, 2026
CVE-2026-41567 HIGH 7.2 Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded … Jun 05, 2026
CVE-2026-11326 UNKNOWN OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access … Jun 05, 2026
CVE-2026-11312 LOW 3.3 A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV … Jun 05, 2026
CVE-2026-50589 MEDIUM 5.3 In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service … Jun 05, 2026
CVE-2026-11309 MEDIUM 4.3 Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium … Jun 05, 2026
CVE-2026-11308 MEDIUM 6.3 Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege … Jun 05, 2026
CVE-2026-11307 HIGH 8.8 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … Jun 05, 2026
CVE-2026-11306 HIGH 8.8 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … Jun 05, 2026
CVE-2026-11305 HIGH 8.8 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … Jun 05, 2026
CVE-2026-11304 HIGH 8.8 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. … Jun 05, 2026
CVE-2026-11303 HIGH 8.8 Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … Jun 05, 2026
CVE-2026-11302 MEDIUM 4.3 Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via … Jun 05, 2026
CVE-2026-11301 HIGH 8.8 Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network … Jun 05, 2026
CVE-2026-11300 MEDIUM 4.3 Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security … Jun 05, 2026
CVE-2026-11299 MEDIUM 6.5 Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted … Jun 05, 2026
CVE-2026-11298 MEDIUM 4.3 Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a … Jun 05, 2026