Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23596
Total
1679
Critical
7415
High
7509
Medium
CVE ID Severity Score Description Published
CVE-2025-71316 CRITICAL 9.8 SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' … Jun 04, 2026
CVE-2025-65640 MEDIUM 6.3 Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user … Jun 04, 2026
CVE-2026-50292 HIGH 7.4 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution Jun 04, 2026
CVE-2026-48040 UNKNOWN The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. … Jun 04, 2026
CVE-2026-41207 UNKNOWN The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with … Jun 04, 2026
CVE-2026-25551 HIGH 7.8 Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint … Jun 04, 2026
CVE-2026-25550 CRITICAL 9.8 Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via … Jun 04, 2026
CVE-2026-10880 CRITICAL 9.8 OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a … Jun 04, 2026
CVE-2026-10796 HIGH 7.5 nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as `nvm install` read the … Jun 04, 2026
CVE-2025-69755 HIGH 8.2 An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the … Jun 04, 2026
CVE-2025-67448 HIGH 7.1 The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS … Jun 04, 2026
CVE-2025-67447 CRITICAL 9.8 The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user … Jun 04, 2026
CVE-2026-50266 LOW 2.2 In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner … Jun 04, 2026
CVE-2026-50076 CRITICAL 9.1 Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to … Jun 04, 2026
CVE-2026-49942 HIGH 7.3 Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the … Jun 04, 2026
CVE-2026-49941 HIGH 7.5 Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did … Jun 04, 2026
CVE-2026-49940 MEDIUM 6.5 Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly … Jun 04, 2026
CVE-2026-46741 HIGH 7.5 Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from … Jun 04, 2026
CVE-2026-46739 MEDIUM 5.3 Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources … Jun 04, 2026
CVE-2025-67446 CRITICAL 9.8 Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie … Jun 04, 2026
CVE-2026-7774 UNKNOWN tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. … Jun 04, 2026
CVE-2026-5228 HIGH 8.8 Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp … Jun 04, 2026
CVE-2026-45287 UNKNOWN OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens … Jun 04, 2026
CVE-2026-44393 HIGH 7.4 An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message … Jun 04, 2026
CVE-2026-43986 CRITICAL 9.9 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>` route that resolves attacker-controlled … Jun 04, 2026