Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23830
Total
1706
Critical
7474
High
7609
Medium
CVE ID Severity Score Description Published
CVE-2025-48570 HIGH 7.8 In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead … Jun 01, 2026
CVE-2025-32348 HIGH 7.8 In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with … Jun 01, 2026
CVE-2025-26418 MEDIUM 5.9 In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a … Jun 01, 2026
CVE-2025-22426 MEDIUM 5.9 In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could … Jun 01, 2026
CVE-2025-22424 UNKNOWN In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of … Jun 01, 2026
CVE-2019-25716 MEDIUM 6.5 Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending … Jun 01, 2026
CVE-2018-25435 MEDIUM 5.3 ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can … Jun 01, 2026
CVE-2018-25434 HIGH 8.2 WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. … Jun 01, 2026
CVE-2018-25433 HIGH 8.2 Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through … Jun 01, 2026
CVE-2018-25432 HIGH 8.4 Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft … Jun 01, 2026
CVE-2018-25431 HIGH 7.1 No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers … Jun 01, 2026
CVE-2018-25430 HIGH 7.1 Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers … Jun 01, 2026
CVE-2018-25429 HIGH 7.1 Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers … Jun 01, 2026
CVE-2018-25428 HIGH 8.2 Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers … Jun 01, 2026
CVE-2018-25427 CRITICAL 9.8 Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address … Jun 01, 2026
CVE-2026-5419 LOW 3.7 A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to … Jun 01, 2026
CVE-2026-49433 MEDIUM 5.0 The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the … Jun 01, 2026
CVE-2026-49140 MEDIUM 4.3 Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust … Jun 01, 2026
CVE-2026-49139 UNKNOWN Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework … Jun 01, 2026
CVE-2026-49138 MEDIUM 5.0 Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network … Jun 01, 2026
CVE-2026-49136 HIGH 7.5 Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated … Jun 01, 2026
CVE-2026-49135 HIGH 7.1 CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by … Jun 01, 2026
CVE-2026-49134 HIGH 7.1 CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting … Jun 01, 2026
CVE-2026-37234 HIGH 8.2 FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned … Jun 01, 2026
CVE-2026-24751 HIGH 8.2 Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker … Jun 01, 2026