Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23596
Total
1679
Critical
7415
High
7509
Medium
CVE ID Severity Score Description Published
CVE-2025-52609 LOW 3.7 HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern … Jun 04, 2026
CVE-2025-52608 LOW 3.1 HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. … Jun 04, 2026
CVE-2025-52606 MEDIUM 4.3 HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected … Jun 04, 2026
CVE-2025-12694 UNKNOWN A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN … Jun 04, 2026
CVE-2026-49077 MEDIUM 5.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue … Jun 04, 2026
CVE-2026-10801 LOW 3.6 A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL … Jun 04, 2026
CVE-2026-8916 MEDIUM 6.1 Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635. Jun 04, 2026
CVE-2026-50226 UNKNOWN Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items … Jun 04, 2026
CVE-2026-50225 UNKNOWN The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. Jun 04, 2026
CVE-2026-50224 UNKNOWN The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over … Jun 04, 2026
CVE-2026-50214 UNKNOWN The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. Jun 04, 2026
CVE-2026-4881 UNKNOWN In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a … Jun 04, 2026
CVE-2026-49771 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue … Jun 04, 2026
CVE-2026-49510 MEDIUM 6.1 Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f. Jun 04, 2026
CVE-2026-47320 MEDIUM 6.1 Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3. Jun 04, 2026
CVE-2026-47319 MEDIUM 6.1 Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd. Jun 04, 2026
CVE-2026-47318 MEDIUM 6.1 Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035. Jun 04, 2026
CVE-2026-47306 MEDIUM 6.1 Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945. Jun 04, 2026
CVE-2026-10800 LOW 3.6 A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the … Jun 04, 2026
CVE-2026-10305 MEDIUM 6.1 Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. Jun 04, 2026
CVE-2026-50213 HIGH 7.5 The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. Jun 04, 2026
CVE-2026-50212 MEDIUM 6.5 Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service. Jun 04, 2026
CVE-2026-50211 CRITICAL 9.8 Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. Jun 04, 2026
CVE-2026-50210 HIGH 7.5 The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption. Jun 04, 2026
CVE-2026-50209 HIGH 7.8 Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. Jun 04, 2026