Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23830
Total
1706
Critical
7474
High
7609
Medium
CVE ID Severity Score Description Published
CVE-2026-45302 HIGH 8.2 parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData … Jun 01, 2026
CVE-2026-45286 MEDIUM 4.3 Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users … Jun 01, 2026
CVE-2026-45285 MEDIUM 6.4 Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder … Jun 01, 2026
CVE-2026-45284 MEDIUM 4.6 Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP … Jun 01, 2026
CVE-2026-45283 MEDIUM 6.3 Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app … Jun 01, 2026
CVE-2026-45282 MEDIUM 6.5 Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker … Jun 01, 2026
CVE-2026-45281 HIGH 8.1 Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge … Jun 01, 2026
CVE-2026-45279 MEDIUM 4.4 Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is … Jun 01, 2026
CVE-2026-45278 LOW 3.3 Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to … Jun 01, 2026
CVE-2026-45277 LOW 3.3 Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows … Jun 01, 2026
CVE-2026-45275 MEDIUM 6.5 Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user … Jun 01, 2026
CVE-2026-43958 HIGH 7.8 A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow … Jun 01, 2026
CVE-2026-43625 MEDIUM 5.9 CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling … Jun 01, 2026
CVE-2026-43624 HIGH 8.2 F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized … Jun 01, 2026
CVE-2026-43623 HIGH 8.8 microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying … Jun 01, 2026
CVE-2026-41013 HIGH 8.1 Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via … Jun 01, 2026
CVE-2026-40990 MEDIUM 5.7 OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions … Jun 01, 2026
CVE-2026-40989 MEDIUM 5.7 Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 … Jun 01, 2026
CVE-2026-37235 UNKNOWN FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that … Jun 01, 2026
CVE-2026-37233 HIGH 7.5 FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m0->xapp_id) instead of … Jun 01, 2026
CVE-2026-37232 HIGH 8.6 An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in openair2/E2AP/RAN_FUNCTION/O-RAN/ran_func_kpm_subs.c (lines … Jun 01, 2026
CVE-2026-37231 HIGH 7.5 FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around … Jun 01, 2026
CVE-2026-37230 HIGH 7.5 FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL, … Jun 01, 2026
CVE-2026-37229 HIGH 7.5 FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., … Jun 01, 2026
CVE-2026-37228 HIGH 7.5 FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc < len) on the sctp_recvmsg() … Jun 01, 2026