Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23596
Total
1679
Critical
7415
High
7509
Medium
CVE ID Severity Score Description Published
CVE-2026-43985 HIGH 8.8 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate` as a state-changing administrator endpoint, but … Jun 04, 2026
CVE-2026-43984 HIGH 8.9 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest … Jun 04, 2026
CVE-2026-41178 MEDIUM 5.3 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and … Jun 04, 2026
CVE-2026-40930 MEDIUM 5.4 LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard … Jun 04, 2026
CVE-2026-38570 UNKNOWN bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service. Jun 04, 2026
CVE-2026-36182 UNKNOWN GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges … Jun 04, 2026
CVE-2026-10868 UNKNOWN A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the … Jun 04, 2026
CVE-2026-10815 MEDIUM 6.3 A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard … Jun 04, 2026
CVE-2026-10814 MEDIUM 4.5 A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID … Jun 04, 2026
CVE-2026-10813 LOW 3.6 A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. … Jun 04, 2026
CVE-2026-47707 MEDIUM 5.3 Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect … Jun 04, 2026
CVE-2026-47706 MEDIUM 5.3 Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to … Jun 04, 2026
CVE-2026-45739 LOW 3.1 Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor … Jun 04, 2026
CVE-2026-41065 UNKNOWN Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the … Jun 04, 2026
CVE-2026-36180 UNKNOWN A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for … Jun 04, 2026
CVE-2026-36178 MEDIUM 4.6 The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and … Jun 04, 2026
CVE-2026-36176 HIGH 7.1 GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to … Jun 04, 2026
CVE-2026-36175 MEDIUM 6.8 An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence … Jun 04, 2026
CVE-2026-36174 UNKNOWN GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers … Jun 04, 2026
CVE-2026-35906 CRITICAL 9.6 An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via … Jun 04, 2026
CVE-2026-35905 UNKNOWN T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account. Jun 04, 2026
CVE-2026-35904 UNKNOWN Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable … Jun 04, 2026
CVE-2026-28318 HIGH 7.5 SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure … Jun 04, 2026
CVE-2026-10864 UNKNOWN A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New … Jun 04, 2026
CVE-2026-10863 UNKNOWN A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an … Jun 04, 2026