Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20679
Total
1492
Critical
6280
High
6554
Medium
CVE ID Severity Score Description Published
CVE-2026-57921 MEDIUM 4.3 In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint Jun 26, 2026
CVE-2026-53914 MEDIUM 6.7 In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata Jun 26, 2026
CVE-2026-13426 MEDIUM 5.4 The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API … Jun 26, 2026
CVE-2026-57920 HIGH 7.7 Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints. Jun 26, 2026
CVE-2026-57915 HIGH 7.3 It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended … Jun 26, 2026
CVE-2026-40711 HIGH 8.0 Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS … Jun 26, 2026
CVE-2025-64152 CRITICAL 9.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from … Jun 26, 2026
CVE-2025-55017 CRITICAL 9.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from … Jun 26, 2026
CVE-2026-57914 MEDIUM 6.5 By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to … Jun 26, 2026
CVE-2026-57620 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons … Jun 26, 2026
CVE-2026-57918 HIGH 7.1 libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when … Jun 26, 2026
CVE-2026-57913 HIGH 7.5 Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts. Jun 26, 2026
CVE-2026-57912 HIGH 7.5 Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers. Jun 26, 2026
CVE-2026-57473 UNKNOWN A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the … Jun 26, 2026
CVE-2026-13325 HIGH 8.5 A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain … Jun 26, 2026
CVE-2025-7958 UNKNOWN A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface … Jun 26, 2026
CVE-2026-6658 MEDIUM 5.4 A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders … Jun 26, 2026
CVE-2026-1869 MEDIUM 6.5 The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is … Jun 26, 2026
CVE-2026-11702 HIGH 7.5 Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the … Jun 26, 2026
CVE-2026-11625 HIGH 7.5 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is … Jun 26, 2026
CVE-2026-57881 CRITICAL 9.8 An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation … Jun 26, 2026
CVE-2026-57880 CRITICAL 9.8 An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … Jun 26, 2026
CVE-2026-57879 CRITICAL 9.8 An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … Jun 26, 2026
CVE-2026-57878 CRITICAL 9.8 An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … Jun 26, 2026
CVE-2026-57877 HIGH 8.6 An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally … Jun 26, 2026