Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23596
Total
1679
Critical
7415
High
7509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-52609 | LOW | 3.7 | HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern … | Jun 04, 2026 |
| CVE-2025-52608 | LOW | 3.1 | HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. … | Jun 04, 2026 |
| CVE-2025-52606 | MEDIUM | 4.3 | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected … | Jun 04, 2026 |
| CVE-2025-12694 | UNKNOWN | — | A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN … | Jun 04, 2026 |
| CVE-2026-49077 | MEDIUM | 5.3 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue … | Jun 04, 2026 |
| CVE-2026-10801 | LOW | 3.6 | A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL … | Jun 04, 2026 |
| CVE-2026-8916 | MEDIUM | 6.1 | Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635. | Jun 04, 2026 |
| CVE-2026-50226 | UNKNOWN | — | Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items … | Jun 04, 2026 |
| CVE-2026-50225 | UNKNOWN | — | The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. | Jun 04, 2026 |
| CVE-2026-50224 | UNKNOWN | — | The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over … | Jun 04, 2026 |
| CVE-2026-50214 | UNKNOWN | — | The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. | Jun 04, 2026 |
| CVE-2026-4881 | UNKNOWN | — | In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a … | Jun 04, 2026 |
| CVE-2026-49771 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue … | Jun 04, 2026 |
| CVE-2026-49510 | MEDIUM | 6.1 | Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f. | Jun 04, 2026 |
| CVE-2026-47320 | MEDIUM | 6.1 | Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3. | Jun 04, 2026 |
| CVE-2026-47319 | MEDIUM | 6.1 | Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd. | Jun 04, 2026 |
| CVE-2026-47318 | MEDIUM | 6.1 | Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035. | Jun 04, 2026 |
| CVE-2026-47306 | MEDIUM | 6.1 | Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945. | Jun 04, 2026 |
| CVE-2026-10800 | LOW | 3.6 | A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the … | Jun 04, 2026 |
| CVE-2026-10305 | MEDIUM | 6.1 | Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. | Jun 04, 2026 |
| CVE-2026-50213 | HIGH | 7.5 | The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. | Jun 04, 2026 |
| CVE-2026-50212 | MEDIUM | 6.5 | Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service. | Jun 04, 2026 |
| CVE-2026-50211 | CRITICAL | 9.8 | Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. | Jun 04, 2026 |
| CVE-2026-50210 | HIGH | 7.5 | The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption. | Jun 04, 2026 |
| CVE-2026-50209 | HIGH | 7.8 | Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. | Jun 04, 2026 |