Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20470
Total
1466
Critical
6212
High
6509
Medium
CVE ID Severity Score Description Published
CVE-2026-6556 CRITICAL 9.1 @fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths (arrays … Jun 30, 2026
CVE-2026-58374 MEDIUM 6.5 In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within … Jun 30, 2026
CVE-2026-58116 CRITICAL 9.8 LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model … Jun 30, 2026
CVE-2026-58016 HIGH 7.5 A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with … Jun 30, 2026
CVE-2026-58015 MEDIUM 5.9 A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the … Jun 30, 2026
CVE-2026-58014 HIGH 7.3 A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with … Jun 30, 2026
CVE-2026-58013 MEDIUM 6.5 A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length … Jun 30, 2026
CVE-2026-58012 MEDIUM 6.5 A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement … Jun 30, 2026
CVE-2026-58011 MEDIUM 6.5 A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an … Jun 30, 2026
CVE-2026-58010 MEDIUM 6.5 A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check … Jun 30, 2026
CVE-2026-53433 UNKNOWN fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing … Jun 30, 2026
CVE-2026-53432 UNKNOWN fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 … Jun 30, 2026
CVE-2026-4629 MEDIUM 6.5 A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any … Jun 30, 2026
CVE-2026-47105 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jun 30, 2026
CVE-2026-44946 UNKNOWN A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the … Jun 30, 2026
CVE-2026-14209 MEDIUM 4.3 A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, … Jun 30, 2026
CVE-2026-13474 UNKNOWN Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual … Jun 30, 2026
CVE-2026-12388 MEDIUM 6.5 A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is … Jun 30, 2026
CVE-2026-10817 UNKNOWN Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated … Jun 30, 2026
CVE-2026-10816 UNKNOWN Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled Jun 30, 2026
CVE-2026-8402 CRITICAL 9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows … Jun 30, 2026
CVE-2026-57082 MEDIUM 5.9 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE (Message Stream Encryption) handshake derives its 160-bit … Jun 30, 2026
CVE-2026-57081 HIGH 7.5 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with … Jun 30, 2026
CVE-2026-57080 HIGH 7.5 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in _process_messages trusts the 4-byte length … Jun 30, 2026
CVE-2026-57079 MEDIUM 5.3 Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on … Jun 30, 2026