Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23657
Total
1684
Critical
7428
High
7547
Medium
CVE ID Severity Score Description Published
CVE-2026-44546 LOW 3.7 daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat … Jun 03, 2026
CVE-2026-44545 MEDIUM 5.3 daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote attacker could … Jun 03, 2026
CVE-2026-37460 UNKNOWN Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying … Jun 03, 2026
CVE-2026-35193 LOW 3.1 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header … Jun 03, 2026
CVE-2026-10729 UNKNOWN An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site … Jun 03, 2026
CVE-2025-70101 MEDIUM 6.5 An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a … Jun 03, 2026
CVE-2025-70100 MEDIUM 5.5 A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a … Jun 03, 2026
CVE-2025-60477 MEDIUM 5.0 A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying … Jun 03, 2026
CVE-2024-47273 MEDIUM 4.3 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote … Jun 03, 2026
CVE-2024-47263 MEDIUM 4.1 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote … Jun 03, 2026
CVE-2023-52951 MEDIUM 5.9 A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential. Jun 03, 2026
CVE-2022-49042 HIGH 7.8 An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute … Jun 03, 2026
CVE-2022-49036 HIGH 7.8 An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local … Jun 03, 2026
CVE-2026-35085 HIGH 8.8 A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. Jun 03, 2026
CVE-2026-35084 HIGH 8.8 A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. Jun 03, 2026
CVE-2026-35083 HIGH 8.8 A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. Jun 03, 2026
CVE-2026-35082 HIGH 8.8 The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. Jun 03, 2026
CVE-2026-35081 HIGH 8.1 The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. Jun 03, 2026
CVE-2026-35080 HIGH 8.1 The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Jun 03, 2026
CVE-2026-35079 HIGH 8.1 The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Jun 03, 2026
CVE-2026-35078 HIGH 8.1 The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Jun 03, 2026
CVE-2026-35077 HIGH 8.1 The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Jun 03, 2026
CVE-2026-35076 HIGH 8.1 The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Jun 03, 2026
CVE-2026-35075 CRITICAL 9.8 An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. Jun 03, 2026
CVE-2026-10722 LOW 3.3 A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such … Jun 03, 2026