Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23596
Total
1679
Critical
7415
High
7509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-71316 | CRITICAL | 9.8 | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' … | Jun 04, 2026 |
| CVE-2025-65640 | MEDIUM | 6.3 | Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user … | Jun 04, 2026 |
| CVE-2026-50292 | HIGH | 7.4 | In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution | Jun 04, 2026 |
| CVE-2026-48040 | UNKNOWN | — | The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. … | Jun 04, 2026 |
| CVE-2026-41207 | UNKNOWN | — | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with … | Jun 04, 2026 |
| CVE-2026-25551 | HIGH | 7.8 | Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint … | Jun 04, 2026 |
| CVE-2026-25550 | CRITICAL | 9.8 | Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via … | Jun 04, 2026 |
| CVE-2026-10880 | CRITICAL | 9.8 | OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a … | Jun 04, 2026 |
| CVE-2026-10796 | HIGH | 7.5 | nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as `nvm install` read the … | Jun 04, 2026 |
| CVE-2025-69755 | HIGH | 8.2 | An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the … | Jun 04, 2026 |
| CVE-2025-67448 | HIGH | 7.1 | The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS … | Jun 04, 2026 |
| CVE-2025-67447 | CRITICAL | 9.8 | The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user … | Jun 04, 2026 |
| CVE-2026-50266 | LOW | 2.2 | In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner … | Jun 04, 2026 |
| CVE-2026-50076 | CRITICAL | 9.1 | Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to … | Jun 04, 2026 |
| CVE-2026-49942 | HIGH | 7.3 | Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the … | Jun 04, 2026 |
| CVE-2026-49941 | HIGH | 7.5 | Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did … | Jun 04, 2026 |
| CVE-2026-49940 | MEDIUM | 6.5 | Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly … | Jun 04, 2026 |
| CVE-2026-46741 | HIGH | 7.5 | Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from … | Jun 04, 2026 |
| CVE-2026-46739 | MEDIUM | 5.3 | Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources … | Jun 04, 2026 |
| CVE-2025-67446 | CRITICAL | 9.8 | Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie … | Jun 04, 2026 |
| CVE-2026-7774 | UNKNOWN | — | tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. … | Jun 04, 2026 |
| CVE-2026-5228 | HIGH | 8.8 | Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp … | Jun 04, 2026 |
| CVE-2026-45287 | UNKNOWN | — | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens … | Jun 04, 2026 |
| CVE-2026-44393 | HIGH | 7.4 | An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message … | Jun 04, 2026 |
| CVE-2026-43986 | CRITICAL | 9.9 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>` route that resolves attacker-controlled … | Jun 04, 2026 |