Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23503
Total
1676
Critical
7379
High
7473
Medium
CVE ID Severity Score Description Published
CVE-2026-21369 MEDIUM 5.3 Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification. Jul 06, 2026
CVE-2026-21368 MEDIUM 5.3 Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks. Jul 06, 2026
CVE-2026-14471 HIGH 8.1 Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute … Jul 06, 2026
CVE-2026-14468 HIGH 7.7 HashiCorp Terraform Enterprise contained an issue in its version control system (VCS) ingestion of registry modules that did not correctly enforce the intended boundary on … Jul 06, 2026
CVE-2025-59617 MEDIUM 6.6 Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input. Jul 06, 2026
CVE-2025-59616 MEDIUM 6.6 Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory. Jul 06, 2026
CVE-2025-59615 MEDIUM 6.6 Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization. Jul 06, 2026
CVE-2026-59089 MEDIUM 5.5 A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table … Jul 06, 2026
CVE-2026-58404 UNKNOWN Hugo is a static site generator. From v0.162.0 through v0.163.0, the default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals, but the … Jul 06, 2026
CVE-2026-58403 UNKNOWN Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the … Jul 06, 2026
CVE-2026-58402 UNKNOWN Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" … Jul 06, 2026
CVE-2026-55646 MEDIUM 6.5 vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read() to fully materialize … Jul 06, 2026
CVE-2026-53763 LOW 3.8 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … Jul 06, 2026
CVE-2026-50134 UNKNOWN Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate … Jul 06, 2026
CVE-2026-50133 UNKNOWN Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type (typically … Jul 06, 2026
CVE-2026-44362 MEDIUM 5.5 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … Jul 06, 2026
CVE-2026-42546 LOW 3.8 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … Jul 06, 2026
CVE-2026-41516 LOW 2.5 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … Jul 06, 2026
CVE-2026-41515 LOW 2.5 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … Jul 06, 2026
CVE-2026-41514 LOW 2.5 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … Jul 06, 2026
CVE-2026-14898 MEDIUM 6.5 The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in … Jul 06, 2026
CVE-2026-14536 UNKNOWN Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy … Jul 06, 2026
CVE-2026-11405 UNKNOWN The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path … Jul 06, 2026
CVE-2026-9182 MEDIUM 5.3 ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful … Jul 06, 2026
CVE-2026-9181 CRITICAL 9.8 ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow access to … Jul 06, 2026