Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23596
Total
1679
Critical
7415
High
7509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2024-27890 | CRITICAL | 9.6 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in … | Jun 04, 2026 |
| CVE-2023-5502 | MEDIUM | 5.9 | On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a … | Jun 04, 2026 |
| CVE-2026-42547 | MEDIUM | 5.4 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for … | Jun 04, 2026 |
| CVE-2026-42543 | MEDIUM | 4.3 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request … | Jun 04, 2026 |
| CVE-2026-42540 | MEDIUM | 4.3 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values … | Jun 04, 2026 |
| CVE-2026-42539 | MEDIUM | 6.5 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user … | Jun 04, 2026 |
| CVE-2026-11322 | MEDIUM | 6.5 | Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files … | Jun 04, 2026 |
| CVE-2026-10871 | HIGH | 7.2 | A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such … | Jun 04, 2026 |
| CVE-2024-6858 | UNKNOWN | — | In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device … | Jun 04, 2026 |
| CVE-2026-5066 | MEDIUM | 6.3 | A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_store() … | Jun 04, 2026 |
| CVE-2026-42538 | MEDIUM | 6.3 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. … | Jun 04, 2026 |
| CVE-2026-42329 | MEDIUM | 4.7 | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker … | Jun 04, 2026 |
| CVE-2026-10870 | HIGH | 7.2 | A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation … | Jun 04, 2026 |
| CVE-2026-5589 | UNKNOWN | — | An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the function parses solicitation … | Jun 04, 2026 |
| CVE-2026-41522 | UNKNOWN | — | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint … | Jun 04, 2026 |
| CVE-2026-41518 | HIGH | 7.6 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through … | Jun 04, 2026 |
| CVE-2026-41249 | HIGH | 8.2 | CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dangerously checks out … | Jun 04, 2026 |
| CVE-2026-21404 | MEDIUM | 6.3 | NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can … | Jun 04, 2026 |
| CVE-2026-48480 | UNKNOWN | — | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a … | Jun 04, 2026 |
| CVE-2026-41237 | UNKNOWN | — | Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to … | Jun 04, 2026 |
| CVE-2026-41236 | HIGH | 8.8 | Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. … | Jun 04, 2026 |
| CVE-2026-41235 | UNKNOWN | — | Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. … | Jun 04, 2026 |
| CVE-2026-41234 | HIGH | 7.6 | Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An … | Jun 04, 2026 |
| CVE-2026-40898 | MEDIUM | 5.3 | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client … | Jun 04, 2026 |
| CVE-2026-36499 | MEDIUM | 6.5 | A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of … | Jun 04, 2026 |