Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23657
Total
1684
Critical
7428
High
7547
Medium
CVE ID Severity Score Description Published
CVE-2026-22055 UNKNOWN Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. Jun 03, 2026
CVE-2026-22054 UNKNOWN Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. Jun 03, 2026
CVE-2026-10771 HIGH 7.3 A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation … Jun 03, 2026
CVE-2026-50033 HIGH 7.3 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. Jun 03, 2026
CVE-2026-44682 HIGH 7.3 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. Jun 03, 2026
CVE-2026-44609 HIGH 7.3 Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. Jun 03, 2026
CVE-2026-43924 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured … Jun 03, 2026
CVE-2026-42061 HIGH 7.3 Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. Jun 03, 2026
CVE-2026-40495 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in … Jun 03, 2026
CVE-2026-37700 UNKNOWN Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by … Jun 03, 2026
CVE-2026-26825 UNKNOWN A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap … Jun 03, 2026
CVE-2026-26824 MEDIUM 6.5 libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) … Jun 03, 2026
CVE-2026-10766 LOW 3.6 A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. … Jun 03, 2026
CVE-2026-8889 UNKNOWN Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes). Jun 03, 2026
CVE-2026-8888 UNKNOWN Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. … Jun 03, 2026
CVE-2026-8881 UNKNOWN Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since … Jun 03, 2026
CVE-2026-8879 HIGH 7.5 Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json … Jun 03, 2026
CVE-2026-8878 HIGH 7.5 Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 … Jun 03, 2026
CVE-2026-8876 HIGH 7.3 Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data. Jun 03, 2026
CVE-2026-8874 HIGH 7.1 Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other … Jun 03, 2026
CVE-2026-7888 UNKNOWN Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes … Jun 03, 2026
CVE-2026-45702 MEDIUM 4.4 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … Jun 03, 2026
CVE-2026-45614 MEDIUM 4.7 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior … Jun 03, 2026
CVE-2026-42840 UNKNOWN An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of … Jun 03, 2026
CVE-2026-42839 UNKNOWN An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger … Jun 03, 2026