Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20679
Total
1492
Critical
6280
High
6554
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57921 | MEDIUM | 4.3 | In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint | Jun 26, 2026 |
| CVE-2026-53914 | MEDIUM | 6.7 | In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata | Jun 26, 2026 |
| CVE-2026-13426 | MEDIUM | 5.4 | The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API … | Jun 26, 2026 |
| CVE-2026-57920 | HIGH | 7.7 | Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints. | Jun 26, 2026 |
| CVE-2026-57915 | HIGH | 7.3 | It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended … | Jun 26, 2026 |
| CVE-2026-40711 | HIGH | 8.0 | Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS … | Jun 26, 2026 |
| CVE-2025-64152 | CRITICAL | 9.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from … | Jun 26, 2026 |
| CVE-2025-55017 | CRITICAL | 9.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from … | Jun 26, 2026 |
| CVE-2026-57914 | MEDIUM | 6.5 | By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to … | Jun 26, 2026 |
| CVE-2026-57620 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons … | Jun 26, 2026 |
| CVE-2026-57918 | HIGH | 7.1 | libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when … | Jun 26, 2026 |
| CVE-2026-57913 | HIGH | 7.5 | Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts. | Jun 26, 2026 |
| CVE-2026-57912 | HIGH | 7.5 | Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers. | Jun 26, 2026 |
| CVE-2026-57473 | UNKNOWN | — | A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the … | Jun 26, 2026 |
| CVE-2026-13325 | HIGH | 8.5 | A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain … | Jun 26, 2026 |
| CVE-2025-7958 | UNKNOWN | — | A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface … | Jun 26, 2026 |
| CVE-2026-6658 | MEDIUM | 5.4 | A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders … | Jun 26, 2026 |
| CVE-2026-1869 | MEDIUM | 6.5 | The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is … | Jun 26, 2026 |
| CVE-2026-11702 | HIGH | 7.5 | Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the … | Jun 26, 2026 |
| CVE-2026-11625 | HIGH | 7.5 | Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is … | Jun 26, 2026 |
| CVE-2026-57881 | CRITICAL | 9.8 | An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation … | Jun 26, 2026 |
| CVE-2026-57880 | CRITICAL | 9.8 | An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … | Jun 26, 2026 |
| CVE-2026-57879 | CRITICAL | 9.8 | An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … | Jun 26, 2026 |
| CVE-2026-57878 | CRITICAL | 9.8 | An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … | Jun 26, 2026 |
| CVE-2026-57877 | HIGH | 8.6 | An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally … | Jun 26, 2026 |