Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35212 | UNKNOWN | — | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering … | Jun 02, 2026 |
| CVE-2026-10661 | MEDIUM | 4.3 | A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. The manipulation of the argument … | Jun 02, 2026 |
| CVE-2026-10650 | MEDIUM | 5.3 | A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH … | Jun 02, 2026 |
| CVE-2025-15653 | MEDIUM | 6.8 | Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to … | Jun 02, 2026 |
| CVE-2024-14036 | HIGH | 7.5 | Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by … | Jun 02, 2026 |
| CVE-2022-4992 | HIGH | 8.6 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling … | Jun 02, 2026 |
| CVE-2021-4481 | HIGH | 8.2 | Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute … | Jun 02, 2026 |
| CVE-2021-4480 | HIGH | 8.2 | Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute … | Jun 02, 2026 |
| CVE-2026-49448 | CRITICAL | 9.8 | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This … | Jun 02, 2026 |
| CVE-2026-49443 | HIGH | 8.8 | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an … | Jun 02, 2026 |
| CVE-2026-49144 | MEDIUM | 6.5 | BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. … | Jun 02, 2026 |
| CVE-2026-49143 | HIGH | 8.8 | BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by … | Jun 02, 2026 |
| CVE-2026-47201 | HIGH | 8.5 | authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when … | Jun 02, 2026 |
| CVE-2026-45289 | MEDIUM | 5.3 | CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens … | Jun 02, 2026 |
| CVE-2026-42849 | CRITICAL | 9.3 | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in … | Jun 02, 2026 |
| CVE-2026-41569 | UNKNOWN | — | authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather … | Jun 02, 2026 |
| CVE-2026-10624 | MEDIUM | 4.3 | A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the … | Jun 02, 2026 |
| CVE-2026-10620 | HIGH | 7.3 | A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument … | Jun 02, 2026 |
| CVE-2026-10619 | HIGH | 7.3 | A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be … | Jun 02, 2026 |
| CVE-2026-8036 | HIGH | 7.1 | Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL … | Jun 02, 2026 |
| CVE-2026-8035 | HIGH | 7.1 | Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due … | Jun 02, 2026 |
| CVE-2026-5385 | UNKNOWN | — | An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before … | Jun 02, 2026 |
| CVE-2026-5076 | CRITICAL | 9.8 | The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores … | Jun 02, 2026 |
| CVE-2026-5074 | MEDIUM | 6.5 | The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to, … | Jun 02, 2026 |
| CVE-2026-5073 | HIGH | 7.5 | The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, … | Jun 02, 2026 |