Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-0611 | CRITICAL | 9.8 | Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel … | Jun 02, 2026 |
| CVE-2024-42206 | LOW | 3.1 | HCL iReflection Third party vulnerable and outdated components issue was detected in the web application | Jun 02, 2026 |
| CVE-2026-9590 | MEDIUM | 5.3 | Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset … | Jun 02, 2026 |
| CVE-2026-9522 | MEDIUM | 5.4 | Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network … | Jun 02, 2026 |
| CVE-2026-7299 | MEDIUM | 6.3 | Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS … | Jun 02, 2026 |
| CVE-2026-49754 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood). … | Jun 02, 2026 |
| CVE-2026-49753 | UNKNOWN | — | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 … | Jun 02, 2026 |
| CVE-2026-48862 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH_PROMISE flooding. … | Jun 02, 2026 |
| CVE-2026-48861 | UNKNOWN | — | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encode_request_line/2 function splices … | Jun 02, 2026 |
| CVE-2026-47117 | CRITICAL | 9.8 | OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the … | Jun 02, 2026 |
| CVE-2026-45686 | HIGH | 7.5 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's … | Jun 02, 2026 |
| CVE-2026-45685 | HIGH | 7.5 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught … | Jun 02, 2026 |
| CVE-2026-45684 | MEDIUM | 4.9 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by … | Jun 02, 2026 |
| CVE-2026-45683 | LOW | 3.8 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with … | Jun 02, 2026 |
| CVE-2026-45682 | MEDIUM | 5.1 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never … | Jun 02, 2026 |
| CVE-2026-45681 | MEDIUM | 5.9 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer … | Jun 02, 2026 |
| CVE-2026-45680 | MEDIUM | 5.9 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping … | Jun 02, 2026 |
| CVE-2026-45679 | MEDIUM | 6.5 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status … | Jun 02, 2026 |
| CVE-2026-45678 | HIGH | 7.5 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a … | Jun 02, 2026 |
| CVE-2026-45676 | MEDIUM | 5.5 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string … | Jun 02, 2026 |
| CVE-2026-45554 | MEDIUM | 5.3 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that … | Jun 02, 2026 |
| CVE-2026-45553 | HIGH | 7.5 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application … | Jun 02, 2026 |
| CVE-2026-45080 | UNKNOWN | — | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been … | Jun 02, 2026 |
| CVE-2026-44367 | LOW | 2.7 | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to … | Jun 02, 2026 |
| CVE-2026-42654 | HIGH | 7.1 | Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System … | Jun 02, 2026 |