Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23813
Total
1705
Critical
7468
High
7599
Medium
CVE ID Severity Score Description Published
CVE-2026-49194 HIGH 8.8 The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. Jun 04, 2026
CVE-2026-49193 HIGH 7.5 Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet. Jun 04, 2026
CVE-2026-49192 MEDIUM 5.4 The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping. Jun 04, 2026
CVE-2026-49191 CRITICAL 9.8 The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. Jun 04, 2026
CVE-2026-49190 HIGH 8.8 The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. Jun 04, 2026
CVE-2026-50219 MEDIUM 4.9 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy … Jun 04, 2026
CVE-2026-49189 HIGH 7.8 Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations. Jun 04, 2026
CVE-2026-49188 CRITICAL 9.8 The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root … Jun 04, 2026
CVE-2026-49187 HIGH 7.5 The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse. Jun 04, 2026
CVE-2026-10805 MEDIUM 6.7 A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A … Jun 04, 2026
CVE-2026-49186 CRITICAL 9.8 The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to … Jun 04, 2026
CVE-2026-49185 CRITICAL 9.8 The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. Jun 04, 2026
CVE-2026-48681 MEDIUM 5.9 OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. Jun 04, 2026
CVE-2026-44917 MEDIUM 4.9 OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template. Jun 04, 2026
CVE-2026-41283 CRITICAL 9.9 OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to … Jun 04, 2026
CVE-2026-41010 HIGH 8.2 ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], a value taken verbatim from the jobs: array … Jun 04, 2026
CVE-2026-8829 HIGH 7.5 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV … Jun 04, 2026
CVE-2026-41860 HIGH 8.8 CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling an … Jun 04, 2026
CVE-2026-41859 HIGH 7.8 A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with … Jun 04, 2026
CVE-2026-41858 HIGH 7.5 Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a … Jun 04, 2026
CVE-2026-41011 HIGH 8.2 PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from release.MF inside the uploaded tarball. The … Jun 04, 2026
CVE-2026-10597 MEDIUM 5.3 OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email … Jun 04, 2026
CVE-2026-8653 MEDIUM 6.5 The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, … Jun 04, 2026
CVE-2026-7764 MEDIUM 6.8 An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker … Jun 04, 2026
CVE-2026-10737 HIGH 7.5 The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in … Jun 04, 2026