Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20528
Total
1468
Critical
6215
High
6518
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12388 | MEDIUM | 6.5 | A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is … | Jun 30, 2026 |
| CVE-2026-10817 | UNKNOWN | — | Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated … | Jun 30, 2026 |
| CVE-2026-10816 | UNKNOWN | — | Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled | Jun 30, 2026 |
| CVE-2026-8402 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows … | Jun 30, 2026 |
| CVE-2026-57082 | MEDIUM | 5.9 | Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE (Message Stream Encryption) handshake derives its 160-bit … | Jun 30, 2026 |
| CVE-2026-57081 | HIGH | 7.5 | Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with … | Jun 30, 2026 |
| CVE-2026-57080 | HIGH | 7.5 | Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in _process_messages trusts the 4-byte length … | Jun 30, 2026 |
| CVE-2026-57079 | MEDIUM | 5.3 | Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on … | Jun 30, 2026 |
| CVE-2026-53692 | UNKNOWN | — | Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, … | Jun 30, 2026 |
| CVE-2026-53691 | UNKNOWN | — | An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application … | Jun 30, 2026 |
| CVE-2026-53690 | UNKNOWN | — | An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize … | Jun 30, 2026 |
| CVE-2026-41053 | HIGH | 8.8 | Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, … | Jun 30, 2026 |
| CVE-2026-14162 | CRITICAL | 9.8 | Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation. | Jun 30, 2026 |
| CVE-2026-14161 | HIGH | 7.5 | Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation. | Jun 30, 2026 |
| CVE-2026-13766 | CRITICAL | 9.8 | DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor … | Jun 30, 2026 |
| CVE-2026-54475 | HIGH | 7.5 | Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection … | Jun 30, 2026 |
| CVE-2026-53917 | HIGH | 7.5 | Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a … | Jun 30, 2026 |
| CVE-2026-53916 | HIGH | 7.5 | Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection … | Jun 30, 2026 |
| CVE-2026-52760 | MEDIUM | 6.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console … | Jun 30, 2026 |
| CVE-2026-50750 | HIGH | 7.5 | Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker … | Jun 30, 2026 |
| CVE-2026-50734 | HIGH | 7.5 | Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS … | Jun 30, 2026 |
| CVE-2026-49877 | HIGH | 8.1 | Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/* paths in the Web Console. The default Jetty … | Jun 30, 2026 |
| CVE-2026-49434 | HIGH | 7.5 | Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP … | Jun 30, 2026 |
| CVE-2026-49432 | HIGH | 7.5 | Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can … | Jun 30, 2026 |
| CVE-2026-13316 | MEDIUM | 4.4 | A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal … | Jun 30, 2026 |