Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23830
Total
1706
Critical
7474
High
7609
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45302 | HIGH | 8.2 | parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData … | Jun 01, 2026 |
| CVE-2026-45286 | MEDIUM | 4.3 | Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users … | Jun 01, 2026 |
| CVE-2026-45285 | MEDIUM | 6.4 | Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder … | Jun 01, 2026 |
| CVE-2026-45284 | MEDIUM | 4.6 | Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP … | Jun 01, 2026 |
| CVE-2026-45283 | MEDIUM | 6.3 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app … | Jun 01, 2026 |
| CVE-2026-45282 | MEDIUM | 6.5 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker … | Jun 01, 2026 |
| CVE-2026-45281 | HIGH | 8.1 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge … | Jun 01, 2026 |
| CVE-2026-45279 | MEDIUM | 4.4 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is … | Jun 01, 2026 |
| CVE-2026-45278 | LOW | 3.3 | Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to … | Jun 01, 2026 |
| CVE-2026-45277 | LOW | 3.3 | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows … | Jun 01, 2026 |
| CVE-2026-45275 | MEDIUM | 6.5 | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user … | Jun 01, 2026 |
| CVE-2026-43958 | HIGH | 7.8 | A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow … | Jun 01, 2026 |
| CVE-2026-43625 | MEDIUM | 5.9 | CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling … | Jun 01, 2026 |
| CVE-2026-43624 | HIGH | 8.2 | F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized … | Jun 01, 2026 |
| CVE-2026-43623 | HIGH | 8.8 | microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying … | Jun 01, 2026 |
| CVE-2026-41013 | HIGH | 8.1 | Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via … | Jun 01, 2026 |
| CVE-2026-40990 | MEDIUM | 5.7 | OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions … | Jun 01, 2026 |
| CVE-2026-40989 | MEDIUM | 5.7 | Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 … | Jun 01, 2026 |
| CVE-2026-37235 | UNKNOWN | — | FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that … | Jun 01, 2026 |
| CVE-2026-37233 | HIGH | 7.5 | FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m0->xapp_id) instead of … | Jun 01, 2026 |
| CVE-2026-37232 | HIGH | 8.6 | An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in openair2/E2AP/RAN_FUNCTION/O-RAN/ran_func_kpm_subs.c (lines … | Jun 01, 2026 |
| CVE-2026-37231 | HIGH | 7.5 | FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around … | Jun 01, 2026 |
| CVE-2026-37230 | HIGH | 7.5 | FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL, … | Jun 01, 2026 |
| CVE-2026-37229 | HIGH | 7.5 | FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., … | Jun 01, 2026 |
| CVE-2026-37228 | HIGH | 7.5 | FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc < len) on the sctp_recvmsg() … | Jun 01, 2026 |