Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23596
Total
1679
Critical
7415
High
7509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-43985 | HIGH | 8.8 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate` as a state-changing administrator endpoint, but … | Jun 04, 2026 |
| CVE-2026-43984 | HIGH | 8.9 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest … | Jun 04, 2026 |
| CVE-2026-41178 | MEDIUM | 5.3 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and … | Jun 04, 2026 |
| CVE-2026-40930 | MEDIUM | 5.4 | LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard … | Jun 04, 2026 |
| CVE-2026-38570 | UNKNOWN | — | bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service. | Jun 04, 2026 |
| CVE-2026-36182 | UNKNOWN | — | GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges … | Jun 04, 2026 |
| CVE-2026-10868 | UNKNOWN | — | A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the … | Jun 04, 2026 |
| CVE-2026-10815 | MEDIUM | 6.3 | A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard … | Jun 04, 2026 |
| CVE-2026-10814 | MEDIUM | 4.5 | A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID … | Jun 04, 2026 |
| CVE-2026-10813 | LOW | 3.6 | A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. … | Jun 04, 2026 |
| CVE-2026-47707 | MEDIUM | 5.3 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect … | Jun 04, 2026 |
| CVE-2026-47706 | MEDIUM | 5.3 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to … | Jun 04, 2026 |
| CVE-2026-45739 | LOW | 3.1 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor … | Jun 04, 2026 |
| CVE-2026-41065 | UNKNOWN | — | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the … | Jun 04, 2026 |
| CVE-2026-36180 | UNKNOWN | — | A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for … | Jun 04, 2026 |
| CVE-2026-36178 | MEDIUM | 4.6 | The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and … | Jun 04, 2026 |
| CVE-2026-36176 | HIGH | 7.1 | GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to … | Jun 04, 2026 |
| CVE-2026-36175 | MEDIUM | 6.8 | An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence … | Jun 04, 2026 |
| CVE-2026-36174 | UNKNOWN | — | GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers … | Jun 04, 2026 |
| CVE-2026-35906 | CRITICAL | 9.6 | An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via … | Jun 04, 2026 |
| CVE-2026-35905 | UNKNOWN | — | T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account. | Jun 04, 2026 |
| CVE-2026-35904 | UNKNOWN | — | Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable … | Jun 04, 2026 |
| CVE-2026-28318 | HIGH | 7.5 | SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure … | Jun 04, 2026 |
| CVE-2026-10864 | UNKNOWN | — | A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New … | Jun 04, 2026 |
| CVE-2026-10863 | UNKNOWN | — | A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an … | Jun 04, 2026 |