Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23830
Total
1706
Critical
7474
High
7609
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-48570 | HIGH | 7.8 | In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead … | Jun 01, 2026 |
| CVE-2025-32348 | HIGH | 7.8 | In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with … | Jun 01, 2026 |
| CVE-2025-26418 | MEDIUM | 5.9 | In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a … | Jun 01, 2026 |
| CVE-2025-22426 | MEDIUM | 5.9 | In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could … | Jun 01, 2026 |
| CVE-2025-22424 | UNKNOWN | — | In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of … | Jun 01, 2026 |
| CVE-2019-25716 | MEDIUM | 6.5 | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending … | Jun 01, 2026 |
| CVE-2018-25435 | MEDIUM | 5.3 | ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can … | Jun 01, 2026 |
| CVE-2018-25434 | HIGH | 8.2 | WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. … | Jun 01, 2026 |
| CVE-2018-25433 | HIGH | 8.2 | Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through … | Jun 01, 2026 |
| CVE-2018-25432 | HIGH | 8.4 | Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft … | Jun 01, 2026 |
| CVE-2018-25431 | HIGH | 7.1 | No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers … | Jun 01, 2026 |
| CVE-2018-25430 | HIGH | 7.1 | Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers … | Jun 01, 2026 |
| CVE-2018-25429 | HIGH | 7.1 | Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers … | Jun 01, 2026 |
| CVE-2018-25428 | HIGH | 8.2 | Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers … | Jun 01, 2026 |
| CVE-2018-25427 | CRITICAL | 9.8 | Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address … | Jun 01, 2026 |
| CVE-2026-5419 | LOW | 3.7 | A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to … | Jun 01, 2026 |
| CVE-2026-49433 | MEDIUM | 5.0 | The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the … | Jun 01, 2026 |
| CVE-2026-49140 | MEDIUM | 4.3 | Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust … | Jun 01, 2026 |
| CVE-2026-49139 | UNKNOWN | — | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework … | Jun 01, 2026 |
| CVE-2026-49138 | MEDIUM | 5.0 | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network … | Jun 01, 2026 |
| CVE-2026-49136 | HIGH | 7.5 | Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated … | Jun 01, 2026 |
| CVE-2026-49135 | HIGH | 7.1 | CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by … | Jun 01, 2026 |
| CVE-2026-49134 | HIGH | 7.1 | CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting … | Jun 01, 2026 |
| CVE-2026-37234 | HIGH | 8.2 | FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned … | Jun 01, 2026 |
| CVE-2026-24751 | HIGH | 8.2 | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker … | Jun 01, 2026 |