Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23657
Total
1684
Critical
7428
High
7547
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-20233 | MEDIUM | 6.1 | A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. … | Jun 03, 2026 |
| CVE-2026-20230 | HIGH | 8.6 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote … | Jun 03, 2026 |
| CVE-2026-20175 | MEDIUM | 6.1 | A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an … | Jun 03, 2026 |
| CVE-2025-71314 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches() failures We have seen a few cases where the whole memory … | Jun 03, 2026 |
| CVE-2025-71313 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation … | Jun 03, 2026 |
| CVE-2019-25720 | MEDIUM | 6.5 | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows … | Jun 03, 2026 |
| CVE-2026-6657 | MEDIUM | 6.1 | A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises … | Jun 03, 2026 |
| CVE-2026-44281 | UNKNOWN | — | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with … | Jun 03, 2026 |
| CVE-2026-42321 | UNKNOWN | — | GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS … | Jun 03, 2026 |
| CVE-2026-42320 | UNKNOWN | — | GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read … | Jun 03, 2026 |
| CVE-2026-42318 | UNKNOWN | — | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with … | Jun 03, 2026 |
| CVE-2026-42317 | UNKNOWN | — | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete … | Jun 03, 2026 |
| CVE-2026-3276 | UNKNOWN | — | unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This … | Jun 03, 2026 |
| CVE-2026-37462 | HIGH | 7.3 | An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP … | Jun 03, 2026 |
| CVE-2026-36748 | CRITICAL | 9.0 | RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | Jun 03, 2026 |
| CVE-2026-36576 | CRITICAL | 9.8 | An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted … | Jun 03, 2026 |
| CVE-2026-36574 | UNKNOWN | — | A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | Jun 03, 2026 |
| CVE-2022-31114 | UNKNOWN | — | backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior … | Jun 03, 2026 |
| CVE-2026-8404 | LOW | 3.1 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitively, which allows … | Jun 03, 2026 |
| CVE-2026-7666 | LOW | 3.1 | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after … | Jun 03, 2026 |
| CVE-2026-6873 | LOW | 3.1 | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name … | Jun 03, 2026 |
| CVE-2026-5241 | HIGH | 8.0 | A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The … | Jun 03, 2026 |
| CVE-2026-48587 | LOW | 3.1 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` … | Jun 03, 2026 |
| CVE-2026-47325 | UNKNOWN | — | ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The … | Jun 03, 2026 |
| CVE-2026-47324 | UNKNOWN | — | ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attacker (e.g., a teacher or administrator) … | Jun 03, 2026 |