Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20648
Total
1489
Critical
6270
High
6549
Medium
CVE ID Severity Score Description Published
CVE-2026-53283 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in __rlookup_amd_iommu() iommu_device_register() walks every device on the PCI bus via bus_for_each_dev() … Jun 26, 2026
CVE-2026-53282 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped … Jun 26, 2026
CVE-2026-53281 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d ("iommu/vt-d: Avoid use of NULL … Jun 26, 2026
CVE-2026-53280 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done() Local sashiko review pointed it out that group->domain … Jun 26, 2026
CVE-2026-53279 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktrail_lvds: fix hang on init failure The LVDS init code looks up an I2C adapter … Jun 26, 2026
CVE-2026-53278 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the config array is allocated before destroying it __destroy_component_cfg() is called to … Jun 26, 2026
CVE-2026-52785 CRITICAL 9.9 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers … Jun 26, 2026
CVE-2026-52784 HIGH 8.8 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This … Jun 26, 2026
CVE-2026-52783 HIGH 8.2 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth access_token plaintext to Rails.cache under … Jun 26, 2026
CVE-2026-52782 CRITICAL 9.9 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access … Jun 26, 2026
CVE-2026-52781 MEDIUM 6.4 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants <macro> elements unrestricted data-* attributes via :data wildcard. An … Jun 26, 2026
CVE-2026-52780 CRITICAL 9.6 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed … Jun 26, 2026
CVE-2026-52779 MEDIUM 5.4 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner … Jun 26, 2026
CVE-2026-49991 HIGH 8.6 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a … Jun 26, 2026
CVE-2026-49355 MEDIUM 4.3 OpenProject is open-source, web-based project management software. Prior to 17.4.0, `GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id` discloses private work package data from a linked work package that belongs to … Jun 26, 2026
CVE-2026-47193 HIGH 7.5 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and … Jun 26, 2026
CVE-2026-46386 CRITICAL 9.9 OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERWRITE_ME as the default Rails master key. Combined … Jun 26, 2026
CVE-2026-44736 MEDIUM 6.5 OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject … Jun 26, 2026
CVE-2026-44735 MEDIUM 6.5 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a … Jun 26, 2026
CVE-2026-44734 MEDIUM 6.5 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and update actions … Jun 26, 2026
CVE-2026-44733 MEDIUM 5.9 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass … Jun 26, 2026
CVE-2026-44732 MEDIUM 4.3 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target … Jun 26, 2026
CVE-2026-44731 MEDIUM 4.3 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds … Jun 26, 2026
CVE-2026-44696 MEDIUM 5.7 OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text (markdown) rendering pipeline uses Sanitize::Config::RELAXED[:css] for inline style sanitization. This configuration permits … Jun 26, 2026
CVE-2026-32833 HIGH 8.8 Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting … Jun 26, 2026