Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23657
Total
1684
Critical
7428
High
7547
Medium
CVE ID Severity Score Description Published
CVE-2026-49189 HIGH 7.8 Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations. Jun 04, 2026
CVE-2026-49188 CRITICAL 9.8 The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root … Jun 04, 2026
CVE-2026-49187 HIGH 7.5 The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse. Jun 04, 2026
CVE-2026-10805 MEDIUM 6.7 A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A … Jun 04, 2026
CVE-2026-49186 CRITICAL 9.8 The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to … Jun 04, 2026
CVE-2026-49185 CRITICAL 9.8 The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. Jun 04, 2026
CVE-2026-48681 MEDIUM 5.9 OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. Jun 04, 2026
CVE-2026-44917 MEDIUM 4.9 OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template. Jun 04, 2026
CVE-2026-41283 CRITICAL 9.9 OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to … Jun 04, 2026
CVE-2026-41010 HIGH 8.2 ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], a value taken verbatim from the jobs: array … Jun 04, 2026
CVE-2026-8829 HIGH 7.5 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV … Jun 04, 2026
CVE-2026-41860 HIGH 8.8 CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling an … Jun 04, 2026
CVE-2026-41859 HIGH 7.8 A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with … Jun 04, 2026
CVE-2026-41858 HIGH 7.5 Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a … Jun 04, 2026
CVE-2026-41011 HIGH 8.2 PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from release.MF inside the uploaded tarball. The … Jun 04, 2026
CVE-2026-10597 MEDIUM 5.3 OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email … Jun 04, 2026
CVE-2026-8653 MEDIUM 6.5 The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, … Jun 04, 2026
CVE-2026-7764 MEDIUM 6.8 An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker … Jun 04, 2026
CVE-2026-10737 HIGH 7.5 The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in … Jun 04, 2026
CVE-2026-8722 MEDIUM 6.5 Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources … Jun 04, 2026
CVE-2026-10783 LOW 2.5 A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation … Jun 04, 2026
CVE-2026-2596 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jun 03, 2026
CVE-2026-10777 HIGH 7.3 A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component … Jun 03, 2026
CVE-2026-10775 LOW 3.6 A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation … Jun 03, 2026
CVE-2026-46447 MEDIUM 5.8 OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. Jun 03, 2026