Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23813
Total
1705
Critical
7468
High
7599
Medium
CVE ID Severity Score Description Published
CVE-2026-35212 UNKNOWN OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering … Jun 02, 2026
CVE-2026-10661 MEDIUM 4.3 A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. The manipulation of the argument … Jun 02, 2026
CVE-2026-10650 MEDIUM 5.3 A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH … Jun 02, 2026
CVE-2025-15653 MEDIUM 6.8 Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to … Jun 02, 2026
CVE-2024-14036 HIGH 7.5 Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by … Jun 02, 2026
CVE-2022-4992 HIGH 8.6 Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling … Jun 02, 2026
CVE-2021-4481 HIGH 8.2 Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute … Jun 02, 2026
CVE-2021-4480 HIGH 8.2 Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute … Jun 02, 2026
CVE-2026-49448 CRITICAL 9.8 authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This … Jun 02, 2026
CVE-2026-49443 HIGH 8.8 authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an … Jun 02, 2026
CVE-2026-49144 MEDIUM 6.5 BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. … Jun 02, 2026
CVE-2026-49143 HIGH 8.8 BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by … Jun 02, 2026
CVE-2026-47201 HIGH 8.5 authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when … Jun 02, 2026
CVE-2026-45289 MEDIUM 5.3 CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens … Jun 02, 2026
CVE-2026-42849 CRITICAL 9.3 authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in … Jun 02, 2026
CVE-2026-41569 UNKNOWN authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather … Jun 02, 2026
CVE-2026-10624 MEDIUM 4.3 A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the … Jun 02, 2026
CVE-2026-10620 HIGH 7.3 A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument … Jun 02, 2026
CVE-2026-10619 HIGH 7.3 A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be … Jun 02, 2026
CVE-2026-8036 HIGH 7.1 Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL … Jun 02, 2026
CVE-2026-8035 HIGH 7.1 Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due … Jun 02, 2026
CVE-2026-5385 UNKNOWN An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before … Jun 02, 2026
CVE-2026-5076 CRITICAL 9.8 The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores … Jun 02, 2026
CVE-2026-5074 MEDIUM 6.5 The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to, … Jun 02, 2026
CVE-2026-5073 HIGH 7.5 The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, … Jun 02, 2026