Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20470
Total
1466
Critical
6212
High
6509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6556 | CRITICAL | 9.1 | @fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths (arrays … | Jun 30, 2026 |
| CVE-2026-58374 | MEDIUM | 6.5 | In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within … | Jun 30, 2026 |
| CVE-2026-58116 | CRITICAL | 9.8 | LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model … | Jun 30, 2026 |
| CVE-2026-58016 | HIGH | 7.5 | A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with … | Jun 30, 2026 |
| CVE-2026-58015 | MEDIUM | 5.9 | A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the … | Jun 30, 2026 |
| CVE-2026-58014 | HIGH | 7.3 | A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with … | Jun 30, 2026 |
| CVE-2026-58013 | MEDIUM | 6.5 | A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length … | Jun 30, 2026 |
| CVE-2026-58012 | MEDIUM | 6.5 | A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement … | Jun 30, 2026 |
| CVE-2026-58011 | MEDIUM | 6.5 | A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an … | Jun 30, 2026 |
| CVE-2026-58010 | MEDIUM | 6.5 | A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check … | Jun 30, 2026 |
| CVE-2026-53433 | UNKNOWN | — | fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing … | Jun 30, 2026 |
| CVE-2026-53432 | UNKNOWN | — | fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 … | Jun 30, 2026 |
| CVE-2026-4629 | MEDIUM | 6.5 | A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any … | Jun 30, 2026 |
| CVE-2026-47105 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jun 30, 2026 |
| CVE-2026-44946 | UNKNOWN | — | A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the … | Jun 30, 2026 |
| CVE-2026-14209 | MEDIUM | 4.3 | A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, … | Jun 30, 2026 |
| CVE-2026-13474 | UNKNOWN | — | Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual … | Jun 30, 2026 |
| CVE-2026-12388 | MEDIUM | 6.5 | A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is … | Jun 30, 2026 |
| CVE-2026-10817 | UNKNOWN | — | Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated … | Jun 30, 2026 |
| CVE-2026-10816 | UNKNOWN | — | Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled | Jun 30, 2026 |
| CVE-2026-8402 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows … | Jun 30, 2026 |
| CVE-2026-57082 | MEDIUM | 5.9 | Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE (Message Stream Encryption) handshake derives its 160-bit … | Jun 30, 2026 |
| CVE-2026-57081 | HIGH | 7.5 | Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with … | Jun 30, 2026 |
| CVE-2026-57080 | HIGH | 7.5 | Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in _process_messages trusts the 4-byte length … | Jun 30, 2026 |
| CVE-2026-57079 | MEDIUM | 5.3 | Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on … | Jun 30, 2026 |