Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23830
Total
1706
Critical
7474
High
7609
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-37226 | HIGH | 7.5 | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in … | Jun 01, 2026 |
| CVE-2026-30963 | LOW | 3.9 | Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to … | Jun 01, 2026 |
| CVE-2026-23638 | MEDIUM | 6.5 | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an … | Jun 01, 2026 |
| CVE-2026-22872 | UNKNOWN | — | Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the … | Jun 01, 2026 |
| CVE-2026-10283 | MEDIUM | 6.3 | A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in … | Jun 01, 2026 |
| CVE-2026-10282 | MEDIUM | 4.3 | A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to … | Jun 01, 2026 |
| CVE-2026-10281 | HIGH | 7.3 | A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. … | Jun 01, 2026 |
| CVE-2026-10280 | HIGH | 7.3 | A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP … | Jun 01, 2026 |
| CVE-2026-10279 | MEDIUM | 6.3 | A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pane. The manipulation … | Jun 01, 2026 |
| CVE-2026-10278 | MEDIUM | 6.3 | A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a … | Jun 01, 2026 |
| CVE-2026-10277 | MEDIUM | 6.3 | A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail … | Jun 01, 2026 |
| CVE-2026-10276 | MEDIUM | 6.3 | A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_build. Such manipulation … | Jun 01, 2026 |
| CVE-2026-0072 | UNKNOWN | — | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User … | Jun 01, 2026 |
| CVE-2024-52011 | UNKNOWN | — | launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` … | Jun 01, 2026 |
| CVE-2026-8643 | UNKNOWN | — | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry … | Jun 01, 2026 |
| CVE-2026-8501 | HIGH | 7.8 | Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and … | Jun 01, 2026 |
| CVE-2026-46243 | HIGH | 7.8 | In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, … | Jun 01, 2026 |
| CVE-2026-45701 | UNKNOWN | — | Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key … | Jun 01, 2026 |
| CVE-2026-45267 | MEDIUM | 6.5 | Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other … | Jun 01, 2026 |
| CVE-2026-45266 | LOW | 3.5 | Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be … | Jun 01, 2026 |
| CVE-2026-45264 | MEDIUM | 4.3 | Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before … | Jun 01, 2026 |
| CVE-2026-45159 | LOW | 3.5 | Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to … | Jun 01, 2026 |
| CVE-2026-45157 | MEDIUM | 6.3 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious … | Jun 01, 2026 |
| CVE-2026-45156 | HIGH | 8.1 | Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing … | Jun 01, 2026 |
| CVE-2026-45155 | LOW | 2.6 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access … | Jun 01, 2026 |