Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23596
Total
1679
Critical
7415
High
7509
Medium
CVE ID Severity Score Description Published
CVE-2024-27890 CRITICAL 9.6 Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in … Jun 04, 2026
CVE-2023-5502 MEDIUM 5.9 On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a … Jun 04, 2026
CVE-2026-42547 MEDIUM 5.4 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for … Jun 04, 2026
CVE-2026-42543 MEDIUM 4.3 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request … Jun 04, 2026
CVE-2026-42540 MEDIUM 4.3 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values … Jun 04, 2026
CVE-2026-42539 MEDIUM 6.5 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user … Jun 04, 2026
CVE-2026-11322 MEDIUM 6.5 Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files … Jun 04, 2026
CVE-2026-10871 HIGH 7.2 A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such … Jun 04, 2026
CVE-2024-6858 UNKNOWN In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device … Jun 04, 2026
CVE-2026-5066 MEDIUM 6.3 A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_store() … Jun 04, 2026
CVE-2026-42538 MEDIUM 6.3 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. … Jun 04, 2026
CVE-2026-42329 MEDIUM 4.7 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker … Jun 04, 2026
CVE-2026-10870 HIGH 7.2 A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation … Jun 04, 2026
CVE-2026-5589 UNKNOWN An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the function parses solicitation … Jun 04, 2026
CVE-2026-41522 UNKNOWN Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint … Jun 04, 2026
CVE-2026-41518 HIGH 7.6 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through … Jun 04, 2026
CVE-2026-41249 HIGH 8.2 CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dangerously checks out … Jun 04, 2026
CVE-2026-21404 MEDIUM 6.3 NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can … Jun 04, 2026
CVE-2026-48480 UNKNOWN The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a … Jun 04, 2026
CVE-2026-41237 UNKNOWN Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to … Jun 04, 2026
CVE-2026-41236 HIGH 8.8 Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. … Jun 04, 2026
CVE-2026-41235 UNKNOWN Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. … Jun 04, 2026
CVE-2026-41234 HIGH 7.6 Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An … Jun 04, 2026
CVE-2026-40898 MEDIUM 5.3 quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client … Jun 04, 2026
CVE-2026-36499 MEDIUM 6.5 A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of … Jun 04, 2026