Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23503
Total
1676
Critical
7379
High
7473
Medium
CVE ID Severity Score Description Published
CVE-2020-25900 MEDIUM 5.3 HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed … Jun 05, 2026
CVE-2026-50235 MEDIUM 6.1 Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in … Jun 05, 2026
CVE-2026-50234 HIGH 7.5 Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server … Jun 05, 2026
CVE-2026-50233 MEDIUM 5.3 Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the … Jun 05, 2026
CVE-2026-50232 HIGH 7.2 Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, … Jun 05, 2026
CVE-2026-50231 HIGH 7.2 Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped … Jun 05, 2026
CVE-2026-50230 MEDIUM 6.1 Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code … Jun 05, 2026
CVE-2026-38500 UNKNOWN Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not … Jun 05, 2026
CVE-2026-11369 UNKNOWN The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access … Jun 05, 2026
CVE-2026-11330 LOW 3.6 A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component … Jun 05, 2026
CVE-2026-11329 LOW 3.6 A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the … Jun 05, 2026
CVE-2026-50264 HIGH 7.8 An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft … Jun 05, 2026
CVE-2026-50263 MEDIUM 5.5 A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes … Jun 05, 2026
CVE-2026-50262 MEDIUM 5.5 An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number … Jun 05, 2026
CVE-2026-50261 HIGH 7.8 A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free … Jun 05, 2026
CVE-2026-50260 HIGH 7.8 A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those … Jun 05, 2026
CVE-2026-50259 HIGH 7.8 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type … Jun 05, 2026
CVE-2026-50258 HIGH 7.8 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups … Jun 05, 2026
CVE-2026-50257 HIGH 7.8 A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a … Jun 05, 2026
CVE-2026-50256 HIGH 7.8 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum … Jun 05, 2026
CVE-2026-25659 UNKNOWN Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially … Jun 05, 2026
CVE-2026-25658 UNKNOWN Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially … Jun 05, 2026
CVE-2026-25657 UNKNOWN Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a … Jun 05, 2026
CVE-2026-11346 UNKNOWN A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting … Jun 05, 2026
CVE-2026-11345 UNKNOWN An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access … Jun 05, 2026